To succeed in cybersecurity, it is important to understand yourself and the level of engagement you want to have and can give. It requires an expansive mindset that goes beyond understanding and accepting the status quo. It also requires being able to evolve quickly and to think slowly at times, argues Belkis Herrera, CISSP.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
I did not follow a “traditional” pathway into cybersecurity. Back in 2019, as an IT compliance specialist, my role was to coordinate SOC 2 Type II audits, manage information security assurance questionnaires, as well as perform physical security audits. While I learned to deeply understand both IT and cybersecurity, and to “speak the language” of both technology and business – from infrastructure teams to legal counsel - the manager who opened the door to a cybersecurity career for me showed considerable faith, because I had not worked specifically in cybersecurity before.
This opportunity – for me, a woman without a degree in IT – shows me that change in our sector is happening. In fact, when I moved into cybersecurity in 2019, both the CISO and CIO were accomplished females. I was struck by how supportive of newcomers to the field they were. Likewise, at a different company two years later, I again found myself under the leadership of a highly knowledgeable woman. Their mentorship and encouragement have been important to me.
Obstacles to Advancement
I have noticed some unnecessary and unspoken barriers to progression. Many organizations have an impossible list of requirements for cybersecurity roles – often disconnected from one another and misaligned with the position title. I get the impression that the people preparing those job descriptions are being neither critical nor realistic enough. In reality, cybersecurity is a broad field. Not all organizations have the same architecture, context and needs. I feel this may be the product of a generalized panic about hiring someone who cannot cope with the fast pace and noise in the environment.
For women aiming to progress, something I think would make the biggest difference is being more exposed to what cybersecurity is and is not. There’s a lot of misunderstanding about the scope of the field. It’s vast but not confined to a single function within an organization; instead, it cascades from top to bottom and moves laterally and horizontally. The same applies to the implications: overmanaging versus not managing it at all. There is also its applicability—because in cybersecurity, one size does not fit all. One must look at the specific context, industry, organizational stage and so on to properly address cybersecurity risks and formulate effective strategies and controls.
For anyone considering a career in cybersecurity – especially women – I’d suggest it’s important to understand yourself, the level of engagement you want to have and are able to give. Working in cybersecurity requires an expansive mindset that goes beyond understanding and accepting the status quo. It requires being able to evolve quickly and to think slowly at times.
Understanding the field is also essential. I would suggest selecting an area where you can make a real difference based on authentic values and the environment. Read and do your research; the field is agile and dynamic. Always address risks and implications strategically, don’t overcomplicate what could be a matter of common sense.
A Positive Outlook
Overall, I’m optimistic for women in cybersecurity. The biggest changes will come with shifts in societal attitudes toward women. Pan-sector, pro-women initiatives also help. Young women in general are no longer buying stereotypes; they will pursue their dreams relentlessly, aided by the many resources available to them through the digital economy. Nowadays, adult women in all age categories are learning and adopting technology at an unprecedented pace. This brings them closer to technology with less discomfort than previous generations.
Belkis Herrera, CISSP, has 15 years of experience across mining, consulting and IT infrastructure. She has held leadership, senior and technical roles with responsibility for audit, IT governance, cybersecurity due diligence and risk management. Her work spans the strategic and enterprise-wide implications of cybersecurity and IT risk.
Global 50x50 Women’s SummitTaking place on March 18, 2026, the Global 50x50 Women’s Summit is a virtual event which will bring together women and allies from every corner of the cybersecurity ecosystem to explore how inclusive leadership, intentional sponsorship, and meaningful mentorship open doors to opportunity and reshape the talent pipeline. Supported by ISC2 and The Centre for Cyber Safety and Education, this event builds on the work of the Global 50x50 Initiative towards a future where women make up 50% of the cyber workforce by 2050. The Summit will highlight the actions needed to create a more resilient and sustainable cybersecurity workforce for all. By attending this live event, you are eligible to receive 3.5 CPE credits. Additional credits can also be earned with on-demand viewing. |
