Heather M. Case-Hall, CISSP is a Senior Security Solutions Architect at Myriad360. She shares her experiences – including her non-traditional entrance to the cybersecurity field – with ISC2 Insights as we continue to celebrate the stories of Women in Cybersecurity this March.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
I didn’t enter cybersecurity through a traditional path, but my roots were in traditional IT. Early in my career, I was a builder—designing and standing up data centers, creating IT environments and running the programs and applications that kept organizations functioning. I became the person people sought out when something broke, didn’t behave as expected, or simply needed to be reimagined. That hands-on experience gave me a deep operational foundation and a realistic understanding of how systems behave outside of textbooks and idealized diagrams.
My entry into security was abrupt. While serving in the military, I was told, on just three days’ notice, that I would be attending a two-week Certified Information Systems Security Professional (CISSP) course. It was intense, high-pressure and unforgiving. But I passed. That certification became a turning point I hadn’t anticipated.
In the U.S. Army at the time, I was often the only person with a CISSP. That credential led to my first formal role in the field as an Information Assurance Manager. Later, through a mix of timing, trust and a willingness to take on unfamiliar responsibilities, I was selected to become a cybersecurity warrant officer. I ultimately became one of the first 100 cybersecurity warrant officers overall, as well as the first woman in the National Guard to pass all required certifications on the first attempt.
That was the moment cybersecurity stopped being something I had stumbled into. It became something I had earned—through effort, investment and the pressure-cooker environment of military cyber operations. From there, walking away never felt like an option. My roles have shifted since then from hands-on operational work to sales engineering and advisory roles. I’m interested in returning to formal management someday, but throughout all the evolution, cybersecurity has remained my professional constant.
The Only Woman in the Room
Even with progress, I don’t think the world is fully ready for women in certain technical spaces. I still find myself as the only technical woman in rooms with hundreds—or thousands—of people. There’s never a line for the bathroom, but the isolation can be palpable.
Today, there’s far more awareness around diversity and inclusion than when I started. Yet the paradox remains: the higher up you advance, the fewer women you see. Leadership tables get smaller and less diverse the higher you climb.
Real progress depends on leadership and culture. Some teams foster genuine inclusivity and curiosity about different perspectives. Others assume that diversity will simply “happen naturally,” without intentional effort. The result is uneven progress—fast in some pockets, slow in others and nonexistent in a few.
Skills That Have Carried Me Forward
Continuous learning has been a cornerstone of my success. Early on, that meant building deep technical knowledge. As I’ve grown in my career, that foundation remains essential, but it’s no longer the center of my work. Guiding people, mentoring, advising and communicating clearly under pressure have become just as important.
Critical thinking and calmness under stress have proved indispensable. In fact, I’ve started joking that some days I’m a “cybersecurity therapist.” The value I bring isn’t only technical. It’s the empathy and levelheadedness that come from years of being a security first responder during high-pressure moments when everything feels urgent and the stakes are high.
Organizations that invest in continuous learning—whether through training, stretch assignments, or real-world experience—are the ones that help their people grow. That support has been fundamental to my own development.
The Invisible Barriers
One of the unspoken barriers many women face is perfectionism. The commitment to accuracy and thoroughness is a strength, but in cybersecurity – a field where confidence, visibility and decisiveness often influence how expertise is perceived – it can unintentionally slow momentum.
Another challenge is the mental load that accumulates over time. Cybersecurity requires constant focus, vigilance and problem solving. For many women balancing family or caregiving responsibilities, that cognitive burden becomes even heavier. Sustained career progression is much harder without strong support systems.
I’ve been fortunate to have a partner who truly supported my growth, steadied me during stressful moments and stepped in when the pressure felt overwhelming. That kind of support is often invisible, but it’s critical.
The most significant barriers tend to appear at the mid-to-senior levels. At those stages, advancement relies more on sponsorship and networks than on technical skill or mentorship alone. Access to those relationships is uneven—and that inequity shapes who gets opportunities and who doesn’t.
Looking Ahead
Cybersecurity is an industry defined by rapid change, constant threats and continuous learning. My path into it wasn’t traditional, but it was intentional. It was earned through resilience, curiosity and a willingness to step into roles I wasn’t yet comfortable with.
Today, I remain committed to the work, to the people entering the field behind me and to the fight for broader inclusion. The industry is evolving. Progress is happening. But there is still much work to do.
I’m grateful to be part of that work.
