Hacking the Glass Ceiling

In an increasingly digital world where data breaches, ransomware attacks, and other cybercrimes are pervasive, a skilled cybersecurity workforce is more important than ever. Yet the industry grapples with a significant worker shortage. Globally, there are an estimated 3.5 million unfilled cybersecurity jobs, including nearly 500,000 vacancies in the United States, according to research firm Cybersecurity Ventures. 

At the same time, a large talent pool is being underutilized: female professionals. Women represent only 20–25% of the cybersecurity workforce, according to reports from Cybersecurity Ventures and the International Information System Security Certification Consortium (ISC2), a cybersecurity member organization.

Cultivating a diverse workforce with an equitable number of men and women is crucial to safeguarding our digital infrastructure. Organizations put in thousands of controls to protect their data, but hackers only need one vulnerability to infiltrate, noted Karen Cole, CEO of Assura, a Henrico County-based cybersecurity managed services and advisory firm.

The best protections come from “a layered approach of different people and different perspectives,” Cole said. Diversity of thought, experiences, and backgrounds spurs innovations and bolsters resilience.

Attracting and retaining a diverse range of cybersecurity talent in Virginia is particularly critical, given the Commonwealth’s outsized place in the industry. Virginia is home to government agencies, critical assets, defense and aerospace firms, technology firms, manufacturing companies, and other organizations that need failproof protection. 

Adding more women to Virginia’s cybersecurity workforce can also strengthen local economies. Employers reap the benefits of a larger number of qualified professionals, while workers have access to in-demand, well-paying cybersecurity jobs that often include flexible work schedules.

Promoting the Possibilities

Organizations across Virginia and beyond are creating pathways for women to enter and explore the cybersecurity field through educational programs, specialized training, internship and mentorship opportunities, and other initiatives.

Many of those endeavors introduce girls to STEM-related subjects (science, technology, engineering, and mathematics) during their primary and secondary school years. One effective model comes from CodeRVA Regional High School in Richmond. It uses a lottery-based admissions system to ensure girls and boys in partnering school divisions have equitable access to a rigorous computer science-focused education.

“There’s no minimum GPA requirement, no essays or tests, or any admission criteria other than to be in the right grade level,” said CodeRVA Executive Director Kume Goranson. “We want to increase the number of underrepresented groups in computer science, which we know are girls and all students of color. Our mission is to diversify the workplace.”

Also on the education front, Virginia colleges offer some of the nation’s top cybersecurity programs, with 23 colleges and universities in the Commonwealth earning the National Center of Academic Excellence in Cybersecurity designation.

CodeRVA Regional High School in Richmond uses a lottery-based admissions system to ensure equitable access to its computer science-focused curriculum.

Hands-On Training and Community Support 

Outside traditional academic settings, girls and women are discovering what’s possible in cybersecurity and gaining valuable skills through certification courses, coding boot camps, cyber sports competitions, technology workshops, mentorship programs, and more.

National organizations like Girls Who Code, Black Girls Code, Black Girls Hack, and Techbridge Girls provide hands-on training and support. Some offer Virginia-based events for girls, such as the summer camp Black Girls Code held in Arlington last year.

Other valuable resources at the national and state levels include Women Who Tech, Latinas in Tech, AnitaB.org, the Women’s Society of Cyberjutsu, and the Commonwealth Cyber Initiative. In addition, Virginia has local technology councils and chapters of national industry organizations such as ISACA, also known as the Information Systems Audit and Control Association, and ISC2.

Many of Virginia’s most advanced female cybersecurity professionals began their careers before many of those resources were available, coming to the field later after epiphanies that it presented a viable career. Jessica Gulick, founder of Loudoun County cybersecurity consulting firm Katzcy had that epiphany overseas when working in Germany for Fairfax County-based SAIC, a Fortune 500 technology company.

Gulick has taken that philosophy even further by founding US Cyber Games, an organization that emphasizes the value of e-games in developing a strong, diverse cybersecurity workforce. The organization’s competitions, which simulate cybersecurity challenges, help players develop technical skills while learning about teamwork, communication, and resilience under pressure.

Highlighting Career Options 

Introducing girls to a varied range of skills and career paths can help them understand that cybersecurity is about more than just coding, said Amanda Satterwhite, managing director of Accenture Federal Services’ Cyber Mission and Enablement.

And while many highly credentialed cybersecurity programs are available at colleges, a computer science degree isn’t always necessary to succeed.

“There’s no one path or cookie-cutter program that someone has to follow to get into a cyber career,” Satterwhite said, noting that some of the best cybersecurity experts she works with have degrees in nonrelated fields. Satterwhite herself majored in management science with a concentration in decision support systems at Virginia Tech’s Pamplin College of Business before embarking on a career in federal contracting.

“I was hooked,” she said. “It let me explore all my interests at once.”

Desiree Driver, a program manager at Leidos in Richmond, followed a similar path. She began her career at Leidos as a mechanical engineer after earning her bachelor’s degree at the University of Virginia and her master’s at Old Dominion University.

It was a company-run leadership program that changed the course of her career. Leidos gives employees the opportunity to explore different fields within the company, and Driver’s first rotation had her supporting a program manager on its Cyber Accelerator team.

“I never left that first rotation,” she said. “The project manager went on to a different opportunity, and I was able to get that role.”

The true credentials for success are curiosity about how things work, the willingness to put in the effort, and the desire to stay up to date, Driver said.

“It’s not about executing perfectly the first time out. It’s about persevering and learning as you go,” Gulick said. “You try new things and see what works and doesn’t work. As you learn, you become more flexible and can adapt and overcome whatever comes next.”

‘See It to Realize You Can Be It’

Creating a more inclusive cybersecurity industry requires a nuanced approach, said Debbie Sallis, executive director of The Cyber Guild, a Fairfax County-based nonprofit that fosters diverse, nontraditional thinking and talent at all levels of cybersecurity.

Change can’t be solely the human resource department’s domain, she stressed. It takes conscious, collaborative effort on behalf of top management in all areas. To make a meaningful difference, organizations must understand and address deeper cultural and systemic issues. In addition, efforts to build innovative, inclusive workspaces and teams must align fully with a business’s core values and goals.

Sallis and other cybersecurity professionals stress the importance of mentorship and sponsorship. Among the many initiatives in this area are The Cyber Guild’s annual conference, Uniting Women in Cyber, scheduled for Oct. 9 at Amazon’s HQ2, and the recently launched RISE program. RISE is an 11-month mentoring program designed to “recruit, inspire, support, and empower” women who want to advance their careers, transition into the cybersecurity field, or return to the workforce after a break.

Driver credits her mentors and sponsors with helping her navigate career growth, from securing new opportunities to achieving well-earned advancements.

“Their support was instrumental in helping me step into new roles,” she said.

Seeing other professional women in the industry also expanded her idea of what was possible.

That’s the power of visible female role models, Satterwhite said. They help others realize what’s possible. “Sometimes you just need to see it to realize you can be it.”