The first time ISC2 Candidate Yelena Sheikh explained cybersecurity to a group of students, she was standing in front of a classroom at the very school where she once studied, invited back to talk about careers in technology. Looking around the room, she noticed the young girls in particular: curious, attentive, but slightly uncertain – as though they weren’t quite sure this world was meant for them. It was the same look she wore not so long ago.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
I began my academic career with a Bachelor of Engineering in Mechatronics, a discipline that sits at the intersection of mechanical systems, electronics and computing. While studying software and network layers that controlled automated systems, I started asking uncomfortable questions. How secure are these systems, really? What happens when they fail, or worse, when someone deliberately attacks them? Those questions didn’t leave me, leading me to pursue a master’s degree in Information Systems with a specialization in cybersecurity, during which I explored those concerns seriously: from threat detection and vulnerability management through to governance, risk and compliance frameworks.
It was also at graduate school where I first encountered the financial reality of building a career in this field. Certifications, training and resources cost money that many early-career professionals simply don’t have. I was fortunate to receive two cybersecurity scholarships during my studies, which not only eased that pressure but sent a message I didn’t realize I needed to hear: the community believed I was worth investing in. I carried that with me.
Pursuing the CISSP Certification
The CISSP was a credential I had long admired but assumed was still years away. That changed when I was browsing the ISC2 website directly and came across their voucher scholarship program. I almost scrolled past it because it felt like something intended for someone more senior and more established. I read the eligibility criteria, realized I met it, applied and was awarded the voucher. Receiving that voucher was one of the most significant moments of my professional life so far. Not simply because of what the certification represents in terms of knowledge, but because the path to it came from a program I found by paying attention to what ISC2 was offering and having the nerve to put my name forward. That lesson stayed with me: the opportunities are often there, but you need to go looking for them and then you need to apply.
Formative Years in the SOC
My professional career began in security operations center (SOC) environments, where the pace is relentless and the learning curve is steep. I spent long hours analyzing logs, correlating alerts across SIEM platforms, investigating anomalies that turned out to be nothing and the occasional ones that turned out to be something serious. Those early SOC years were the most formative of my career, not because they were comfortable, but because they were not. Every shift taught me something I couldn’t have learned in a classroom. Over time, my work expanded across SIEM engineering, vulnerability management, cloud security monitoring and GRC initiatives a breadth that came not from a planned curriculum but from curiosity and a habit of saying yes to problems that felt slightly beyond my current ability.
That habit of hands-on experimentation has shaped how I think about skill development. I built home lab environments, studied real vulnerabilities by replicating them safely and participated in cybersecurity communities where practitioners shared techniques openly. In one project I’m particularly proud of, I developed a framework to bridge the gap between technical vulnerability scoring and business risk prioritization. Projects like this sitting at the intersection of technical depth and strategic thinking are where I find cybersecurity most rewarding.
Obstacles and a Path to Change
Like most women who have worked in this industry for any length of time, I’ve also navigated its less comfortable dimensions. Early in my career there were moments when technical insights I raised were questioned or quietly set aside – only to resurface later as someone else’s idea. There were environments where I had to work considerably harder than my peers simply to be taken seriously and where the assumption of competence wasn’t extended to me automatically. I won’t overstate those experiences, but I won’t minimize them either; they were real, requiring deliberate energy to move past.
What I’ve also seen, though, is genuine and measurable change in how the industry approaches inclusion. The shift that stands out most to me is in how mentorship has evolved. Early in my career, mentorship in cybersecurity was largely informal; you were lucky if a senior colleague happened to take an interest and most people were not that lucky. More recently I’ve seen mentorship becoming structured and accountable: organizations are building systems around mentorship and holding themselves to standards. There are programs with defined matching processes, clear goals, check-ins and outcomes that are tracked. Such changes are significant, because it means access to guidance is no longer purely a function of who I might happen to know or how well I network. It’s becoming something that can be deliberately sought and reliably found. That matters enormously for women entering the field, particularly those without existing connections to draw on.
Scholarships Support Progress
Part of that ecosystem of support is what led me to become a Scholarship Reviewer for ISC2, contributing to the evaluation of cybersecurity scholarship applications. Being part of a process that opens doors for others – particularly those who face the same barriers I once did – is something I take seriously. Giving back is my responsibility.
For women considering cybersecurity, or already in it and wondering whether to stay, here’s some advice – based on my own, personal experiences.
Apply for everything, even when you doubt yourself – the single most important thing. The CISSP voucher I received, the speaking invitation, the scholarship reviewer role… nearly all the opportunities that genuinely shaped my career involved moments of uncertainty that I chose to push through rather than retreat from. I’ve learned that self-doubt is not a reliable signal that you’re unqualified, it’s an extremely reliable signal that something matters to you. Learn to tell the difference and apply anyway. The worst answer you will ever receive is no, and no leaves you exactly where you already are.
Build things, not just knowledge. Read about security all you like, but the understanding that sticks (and that employers recognize) comes from ‘doing’. I set up a lab, broke things, fixed them, analyzed real logs, participated in CTF competitions and built a project I can talk about with genuine enthusiasm. Your version of ‘doing’ is waiting.
Find your community deliberately. ISC2, Women in CyberSecurity (WiCyS), local chapter events, connecting on LinkedIn with people whose career paths resemble the one you want… these are the access points to mentors, opportunities and honest conversations about what the industry is actually like. I’ve learned as much from peers and mentors as from any formal training program.
If you experience bias, name it precisely. Vague discomfort is difficult to act on; specific, documented observations are not. When something happens that doesn’t feel right, I write down what was said, by whom, in what context. That record is not about grievance; it is about clarity. And clarity is what allows me to address things constructively rather than absorbing them in silence.
For those of us already in the industry: our presence here is not incidental. The resilience required to navigate cybersecurity as a woman builds a professional profile that is genuinely uncommon: technically rigorous, contextually aware, and harder to rattle than most. That is worth owning.
Yelena Sheikh, ISC2 Candidate, has five years of experience in financial services, consulting, manufacturing and enterprise cybersecurity environments. She has held technical and security operations roles, with responsibility for threat detection, vulnerability management, cloud security monitoring and risk governance. Her cybersecurity work spans SIEM engineering, AI-driven security research, vulnerability intelligence modelling and community mentorship.
