Mid-career leadership tracks can favor those comfortable with self-promotion or who fit an existing leadership stereotype. Without clear criteria, evaluation becomes subjective. The fix is transparency: define what “senior” and “lead” mean, measure outcomes, and ensure opportunities for high-impact assignments are distributed fairly, says Bityana Yishak, SSCP.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
My path into cybersecurity has been shaped by both people-facing work and analytical work: my experience in retail taught me how much day to-day operations depend on systems and processes that people can trust, while my GIS analysis work with the United Nations reinforced the importance of data integrity and responsible access when decisions depend on accurate information.
Cybersecurity work is never static, either: threats evolve, tools change and organizations grow, meaning there’s always something new to learn. Whether I’m protecting accounts, data, or critical operations, my goal is to make sure people can trust and rely on the systems they use. That responsibility is motivating and pushes me to keep building both technical skills and good judgment.
More Than a Technical Career
It’s widely misunderstood that cybersecurity is purely technical and that the only valuable contributors are the people who can write code the fastest. In reality, good cybersecurity depends just as much on communication, empathy and the ability to influence decisions. My ability to translate risk into business language, listen to user needs and collaborate across teams often determines whether security improvements actually happen.
I think an unspoken barrier to career progression is that advancement often depends on visibility, not only results. Women are sometimes steered toward work that is essential but less recognized (documentation, coordination… “glue” work), while high-visibility projects go to others. That can slow promotions even when performance is strong. Subtle bias can show up in quiet ways: it’s who gets invited into the most visible projects, whose opinions are treated as “extra validation” instead of expertise, and how often women are expected to be the “nice” communicator while still proving technical credibility. But when those dynamics are recognized and addressed, teams become stronger and outcomes improve.
Mid-career leadership tracks can favor people who are comfortable self-promoting or who fit an existing leadership stereotype. Without clear criteria, evaluation becomes subjective. The fix is transparency: define what “senior” and “lead” mean, measure outcomes, and ensure opportunities for high-impact assignments are distributed fairly.
Know Where You Are Going
A combination of clear pathways and real sponsorship would really help. By clear pathways I mean transparent promotion criteria, structured feedback and a development plan that includes both technical growth and leadership skills. By sponsorship, I mean leaders actively advocating for women to lead projects, present to stakeholders and take on roles with decision-making authority. Flexibility matters, too: many talented people leave or stall not because they cannot do the work, but because the environment is not sustainable. Policies that support work-life balance, fair workload distribution, and respect for boundaries keep talent in the field.
It helps when organizations treat inclusion as part of security excellence: diverse teams catch different failure modes, design better controls and communicate risk more effectively. I’ve noticed that inclusion conversations are more common now than they used to be. Many teams are more intentional about recruiting and supporting diverse talent. Mentorship programs, community groups and visible role models have also grown, which makes it easier for women to picture themselves belonging in the field.
At the same time, inclusion is not “solved” by awareness alone. Culture changes only when organizations back it up with actions: fair hiring and promotion processes, clear expectations for respectful collaboration and leaders who hold teams accountable for how people are treated. The progress I feel most strongly is when teams value different perspectives as a performance advantage, not as a checkbox.
Sponsors and Mentors
Personally, I’ve benefited most from two kinds of support: sponsors who opened doors and mentors who helped me grow through honest feedback. Sponsors have recommended me for opportunities, invited me into important conversations and trusted me with responsibility. Mentors helped me sharpen my skills, navigate workplace dynamics and build confidence without pretending the challenges do not exist.
Practical support has mattered too: time and budget for learning, access to hands-on labs or projects and managers who protect ‘focus time’, so security work is not always “after hours” work.
My Advice to You
To anyone reading this and thinking about cybersecurity as a career, here’s my advice. Start where you are and build momentum. Cybersecurity is very broad; pick one area that matches your interests and take small, consistent steps. Find community early: local meetups, ISC2 chapters and online groups. Community can provide mentorship, job leads and encouragement.
Learn the basics, do hands-on practice and document what you build or analyze. Don’t wait to feel “ready” before applying for opportunities: if you meet many of the requirements, apply and learn in the role. When interviewing for any role, ask about culture and growth: how feedback works, how promotions happen and whether leaders support development. Remember that your perspective is valuable: cybersecurity needs diverse problem-solvers who can communicate and collaborate, not just technical specialists.
Cybersecurity is recognizing that it is a team sport; organizations are learning that security outcomes improve when teams include different backgrounds, experiences and ways of thinking; more women are visible as practitioners, leaders and educators, which changes what newcomers believe is possible. All these things are positive.
I’m also encouraged by the growth of learning resources and communities. Women can access training, labs and mentorship in ways that were harder to find in the past. The future will still require intentional work, but I believe progress will continue as more leaders connect inclusion to performance, resilience and innovation. When women are supported to lead, the entire security community benefits.
Bityana Yishak, SSCP, is an IT Systems and Security Engineer with experience spanning retail operations, GIS analysis and United Nations support work. She has held analytical and technical roles, with responsibility for data integrity, secure access and day-to-day system reliability.
