Women are thriving and growing in cybersecurity careers, a reality that we should acknowledge and celebrate, says Sarba Roy, CISSP.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
I didn’t start my career expecting to work in cybersecurity. But, as a teenager, I read the book Digital Fortress by Dan Brown. I was fascinated by the concepts of cryptography. Then, while studying for my bachelor's degree in computer science, my love and curiosity for information security led me to an internship project based on RSA encryption.
After graduating in 2012, I took a role as a systems engineer at a leading consulting firm in India. Initially working in quality assurance and web development, I was then offered a fortuitous opportunity to join a center of excellence in cybersecurity that worked with various clients across the world, helping them secure their assets, processes and technology landscape. Here I am still: enjoying the constant evolution with no two years looking the same, all while protecting people, systems, and society at large. Cybersecurity is a field where the work genuinely matters, and the challenge is deeply rewarding.
Unseen Factors
There are plenty of things that people don’t see about being a woman in cybersecurity. One of the most surprising to me is how often people assume women must prove their technical credibility before their ideas carry weight. Cybersecurity isn’t just firewalls, infrastructure and code; it’s policy, psychology, risk management, communication and, most importantly, people. The most misunderstood truth is that, actually, this field thrives on multidisciplinary talent.
Another perception is that women remain rare in cybersecurity, which is also not my experience. I conducted a workshop a couple of years ago and the audience of 80+ professionals included outstanding women from across cloud security, privacy engineering, GRC, forensics and threat analysis. It also included women in senior leadership roles, including at Chief Information Security Officer (CISO) level. My experience is that women are thriving and growing in cybersecurity careers, a reality that we should acknowledge and celebrate.
How Things Have Progress
True, it wasn’t always so: early in my career, I was frequently one of the only women in the room. Like many women in cybersecurity, there have been moments in which I felt I needed to prove myself twice before being taken seriously. Sometimes this shows up in subtle ways: interruptions, overlooked credit, or assumptions about technical proficiency.
Cybersecurity culture has shifted noticeably and, today, more organizations are recognizing that diverse teams improve creativity, decision making and risk mitigation. Inclusion is becoming a business imperative, not just a moral one. Employee resource groups, sponsorship programs and leadership pathways designed for underrepresented talent are all reshaping workplace culture – and they’re working.
The Value of Mentorship
Despite this culture shift, the most meaningful support I’ve had didn’t come from structured programs. It came from sponsors and mentors who advocated for me when I wasn’t in the room, leaders who trusted me with ‘stretch’ opportunities and colleagues who amplified my contributions. Such mentorship and sponsorship have been essential, especially from leaders who understood the subtle challenges women can face in traditionally male dominated technical fields. I’ve also been fortunate to work in organizations that support continuous learning – from AI governance and cloud security training to leadership development.
For all cyber professionals, technical depth is valuable but not the whole story. The skills that have propelled my career include risk-based thinking, clear and assertive communication, the ability to collaborate with representatives from legal, product, engineering teams, strategic problem solving and adaptability in a fast-changing environment. Ultimately, I’ve learned that credibility isn’t about perfection but about delivering consistently, being clear about your value, and trusting your expertise.
Barriers Remain
Some barriers to female progression are visible, like lack of representation or limited access to stretch roles. Others are harder to spot, but they still include informal networks where key decisions are made, leadership expectations modeled around traditionally masculine styles, roles that reward constant availability and higher scrutiny of women’s performance and communication styles.
To retain more women in cybersecurity and especially in their mid-career phase, a strong support system is needed to constantly help them navigate through these unspoken barriers. The industry can meaningfully support women’s advancement by focusing on real sponsorship, transparent career paths, mandatory equal access to high visibility projects, flexible/ sustainable work models and inclusive leadership standards. And, of course, by increasing the number of women in senior decision-making roles. Seeing more women leading cybersecurity teams, shaping AI governance, influencing global policy, and driving innovation gives me hope.
Five Things You Need to Consider
Every year, more women enter this field. Every new voice makes cybersecurity smarter, stronger, and more resilient. There is room for every kind of talent in cybersecurity. For anyone considering a cybersecurity career, here’s a list of five things I wish I’d known earlier:
- You don’t need to know everything to start — nobody does
- Your perspective is your superpower; bring it boldly
- Relationships are as important as technical skills
- Apply for roles even if you don’t meet 100% of the requirements
- Say yes to opportunities that stretch you
The future of cybersecurity will require creativity, empathy, and interdisciplinary thinking — strengths women consistently bring. The momentum is only growing.
Sarba Roy, CISSP, has 13 years of experience in cybersecurity and AI governance, risk and compliance. She has held technical program management and risk specialist roles, with responsibility for GRC, data privacy and AI governance. Her cybersecurity work across India, Europe and the U.S. has been in the technology consulting, financial services and semiconductor sectors.
