Ashini Surati, CISSP, CCSP, considers that while there has been meaningful progress in inclusion across cybersecurity, progress remains uneven.
Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.
One of the most misunderstood aspects of being a woman in cybersecurity is how credibility is often perceived. There remains an implicit image of what a “cybersecurity expert” looks and sounds like. If or when you fall outside that mold, your expertise can be questioned – sometimes subtly, sometimes persistently.
Earlier in my career, I often had to explain not only what the risk was, but why it mattered, before my technical assessment was fully accepted. While such experiences helped me sharpen my communication skills, it also highlights a broader challenge in the industry: expertise should not have to be repeatedly proven based on who is delivering it.
Yet while technical expertise is foundational, it is – of course – insufficient on its own. The skills that have most shaped my effectiveness include communication, risk translation and decision-making under pressure. My ability to clearly explain security risks to executives, clinicians, or board members and align them with business priorities has been essential. This is because cybersecurity leaders must often influence without authority, manage competing priorities and guide organizations through uncertainty.
Being Included
Over the years I’ve seen meaningful progress in inclusion across cybersecurity, with conversations around diversity, mentorship and psychological safety more visible than they were a decade ago. Women are increasingly present as speakers, leaders and decision-makers, influencing strategy rather than operating solely in execution roles.
Progress remains uneven, however: while entry-level representation has improved, women are still underrepresented at senior and executive levels. Inclusion cannot rely solely on intent; it requires accountability, transparency and sustained leadership commitment.
As careers progress, barriers often become less visible but more consequential. Access to high-visibility projects, leadership roles and executive sponsorship can quietly shape advancement. These barriers are most pronounced at senior levels, where perception and opportunity matter as much as performance. Clear promotion criteria, flexible work models, and diverse representation at leadership tables are not optional. They are essential for building adaptive, forward-looking security teams.
For me, sponsorship and people advocating for me in rooms where I was not even present made a meaningful difference. So did mentors who challenged me to think bigger and peers who valued collaboration over competition. The most meaningful change for other women advancing in cybersecurity will also come from intentional sponsorship and leadership development. Organizations must move beyond pipeline discussions and focus on retention, progression, and equitable access to decision-making roles.
It has been equally important to learn to balance professional ambition with personal responsibilities. Understanding that a request for flexibility did not signal – and would not be seen as – a lack of commitment was a critical turning point. Supportive environments allow us professionals to apply our full selves to the work, and to perform better because of it.
Visible and Recognized
What gives me optimism about the future of women in cybersecurity is our visibility now. More women are leading programs, shaping policy and redefining what expertise looks like. Younger professionals are entering the field with expectations of inclusion, balance and purpose, and are willing to challenge outdated norms.
Especially within the healthcare environments in which I’ve spent much of my career, security decisions directly affect patient safety, privacy and organizational resilience. That responsibility brings urgency and meaning to my work and it is what continues to motivate me. The future of cybersecurity will be stronger and more resilient because of diverse voices at the table. I’m proud to be part of that future and committed to helping build it.
Ashini Surati, Ph.D., CISSP, CCSP is a cybersecurity and risk executive with over 25 years of experience in healthcare and financial services. She has held multiple leadership roles in compliance, risk and security management, with responsibility for enterprise governance, regulatory compliance, risk strategy and security program oversight.
Global 50x50 Women’s SummitTaking place on March 18, 2026, the Global 50x50 Women’s Summit is a virtual event which will bring together women and allies from every corner of the cybersecurity ecosystem to explore how inclusive leadership, intentional sponsorship, and meaningful mentorship open doors to opportunity and reshape the talent pipeline. Supported by ISC2 and The Centre for Cyber Safety and Education, this event builds on the work of the Global 50x50 Initiative towards a future where women make up 50% of the cyber workforce by 2050. The Summit will highlight the actions needed to create a more resilient and sustainable cybersecurity workforce for all. By attending this live event, you are eligible to receive 3.5 CPE credits. Additional credits can also be earned with on-demand viewing. |
