As part of ISC2’s Women in Cybersecurity month, ISC2 Candidate Shwetha Babu Prasad shares her non-linear journey into cybersecurity, what continues to motivate her and the lessons she’s learned along the way.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
My entry into cybersecurity was not linear. My academic journey began with mechanical engineering but, during my master’s degree, I found myself increasingly drawn to conversations around cybersecurity – often sparked through discussions with friends who were studying the subject. As I explored coursework related to security and technology, my curiosity grew into a genuine interest.
Prior to pursuing my master’s degree, I also had a few years of professional experience in cybersecurity, which gave me early exposure to real-world security challenges and strengthened my commitment to the field.
Shifting Career Path
That curiosity eventually led me to transition into cybersecurity professionally, starting my career as a cybersecurity engineer. While I was initially attracted by understanding how systems fail and how thoughtful security design can prevent real-world harm, what keeps me motivated now is the opportunity to provide practical insights, help organizations reduce the risk of data exposure and contribute incrementally to building safer digital communities.
This is because, over time, my work has naturally gravitated toward data protection, privacy engineering and data loss prevention (DLP) within global, enterprise environments. These areas sit at the intersection of technology, risk and trust. I find they require not only technical expertise, but also the ability to translate security concepts into actionable controls.
As my responsibilities have grown, I’ve learned that effective data protection is less about isolated tools and more about operationalizing security across people, processes, and platforms. That realization has shaped how I approach my work today as a Senior Information Security Engineer, focused on scalable, defensible security practices.
Credibility
Like many women in cybersecurity, there have been occasions when I felt the need to prove my technical credibility. Especially early in my career, there were meetings where my input was questioned until supported by documentation, data or validation from others. Rather than becoming discouraged, I responded by leaning into what I could control.
From a technical perspective, I’ve come to realize that certifications would have helped establish baseline credibility, as well as being important to my future. So I’m currently an ISC2 Candidate, studying for the CISSP certification.
But so far it has been my sustained technical rigor – including my strong foundations in data protection controls and privacy-by-design principles – and clarity of communication over time that has ultimately earned trust. I built my expertise, documented my decisions clearly and consistently spoke up even when it felt uncomfortable. I learned to articulate security concepts in ways that resonate beyond security teams.
Support From My Peers
Community involvement has been one of the most impactful elements of my professional growth. Several organizations, including ISC2, have played significant roles in strengthening my understanding of security beyond the confines of my day-to-day role. Through participation in working groups and special interest communities, I’ve been able to engage with practitioners who openly share knowledge and challenge assumptions.
More recently, I’ve contributed to standards-related efforts through the ISSA SIG Resilience group, supporting work aligned with NIST. It is an experience that reinforced the importance of practitioner voices in shaping guidance that affects organizations nationwide. On top of this, authoring books and sharing insights publicly has both helped others learn and sharpened my own understanding.
Have No Fear
My sense is that one of the most common barriers to there being more women in cybersecurity roles is fear: fear of not knowing enough, fear of starting late, or fear of choosing the “wrong” path. The reality, though, is that cybersecurity is a broad field. No-one starts with all the answers. Progress in cybersecurity comes from curiosity, consistency and a willingness to learn in public.
For anyone considering a cybersecurity career, I have three simple, practical pieces of advice. In no particular order:
- Start with beginner certifications to build confidence and structure
- Join local security communities early – don’t wait to feel “ready”
- Work on open-source projects or set up a home lab to gain hands-on experience
As cybersecurity continues to expand beyond traditional technical silos, there is increasing room for diverse perspectives, interdisciplinary thinking and leadership grounded in real-world practice. This shift creates meaningful opportunities not just for women, but for anyone committed to advancing trust and security in our digital systems.
Shwetha Babu Prasad, ISC2 Candidate, has over nine years of experience in data protection, privacy, DLP and risk management. She has held senior technical and security engineering roles, with responsibility for designing secure system architectures and implementing data protection controls. Her cybersecurity work has involved AI-enabled systems, privacy engineering and enterprise risk mitigation.
Global 50x50 Women’s SummitTaking place on March 18, 2026, the Global 50x50 Women’s Summit is a virtual event which will bring together women and allies from every corner of the cybersecurity ecosystem to explore how inclusive leadership, intentional sponsorship, and meaningful mentorship open doors to opportunity and reshape the talent pipeline. Supported by ISC2 and The Centre for Cyber Safety and Education, this event builds on the work of the Global 50x50 Initiative towards a future where women make up 50% of the cyber workforce by 2050. The Summit will highlight the actions needed to create a more resilient and sustainable cybersecurity workforce for all. By attending this live event, you are eligible to receive 3.5 CPE credits. Additional credits can also be earned with on-demand viewing. |
