Did you know that in 2021, only 25% of the cybersecurity industry were women? The percentage has been on the rise, and in 2031 women are expected to hold 35% of cybersecurity jobs. When looking at leadership, women only hold 17% of CISO roles. While these stats are still meager, it’s essential to acknowledge that the cybersecurity workforce has become more diverse. Cobalt Core member Goonjeta said that she has appreciated how companies have been trying to change.
“The cybersecurity field is indeed a male-dominated field, but many organizations are taking up efforts that support and uplift women, providing them with the means to develop a good skill-set,” she said. “Nowadays, there are many amazing, confident, and talented women in this field.”
We talked with Goonjeta and some other female Core members to hear and learn more about their experiences as women in cybersecurity.
STARTING OUT IN CYBERSECURITY
Do you want to build or break? That’s what someone asked Core member Apoorva Jois after she graduated. The word “break” is what caught her attention.
“We started talking about security and how we can make a difference,” she said. “I started researching information security and enrolled in my first course online, which helped me understand that hacking is not so simple and this field is a whole different ball game.”
Goonjeta’s journey started a little earlier; she was the youngest woman to pass the Offensive Security Certified Professional (OSCP) exam at 18.
“This was not just my win; this was a win for every woman and girl who kept following her passion,” she said. “That's how I started in pentesting, and after that, there was no turning back.”
“I've always had a passion for cybersecurity, so I followed the university + internship + certifications path,” Druga said. “The internship turned into a full-time job, which is how my journey continued.”
As Sam was finishing up her Master's Degree, penetration testing was what stood out the most to her.
“The various applications I test seem like puzzles waiting for me to solve, considering that every time I’m testing something new in terms of framework and platforms.”
BEING A FEMALE IN A MALE-DOMINATED FIELD
Going back even five years, there weren’t many women in cybersecurity. That was a challenge for women starting out as there weren’t many people they could reach out to for support.
“I often used to wish I knew more female hackers and pentesters early on,” Goonjeta said. “There weren't as many women in this field earlier, and it can be a very different experience when you don't have that circle and that community.”
Because of that challenge, Goonjeta found when she was first starting, she now tries to find any opportunity to be involved in the security community so that young women can see that it’s a welcoming place. She speaks at conferences, writes articles and blogs, etc., to do her part in paving the way for the future of women in cybersecurity.
Jois said people were surprised when she wanted to start in security, but she found everyone in the industry very encouraging.
“One thing that stood out in this field was that people are very welcoming, trying to help newcomers and always giving back to the community,” she said.
Even though the industry has supported Goonjeta and Jois, Sam has faced unconscious bias where she had to assert that she was just as good as everyone else in the room.
“I think there is no point in being under this constant pressure of proving yourself; let time and your work speak for itself,” she said. “But this hasn’t held for those small connections which we have with development teams who are quick at dismissing you – I stand my ground in such circumstances and approach confidently with my findings.”
Core member Abhineeti has also faced some challenges in this aspect, including:
- Being hesitant to join meetups when there were little to no other women
- Having to work harder to prove her capabilities to earn the trust as compared to her male colleagues
- Dealing with assumptions that she got an opportunity because she was a woman, not because of her skills
“I overcame such challenges by getting out of my shell and reaching out to people when I needed help,” Abhineeti said. “I never lost patience, always had trust in my skills, and let my work justify my existence in this field.”
THE FUTURE OF FEMALE PENTESTERS
Goonjeta returns to that 17% statistic from earlier when thinking about what she hopes to see in the future.
“I hope to see more women taking leadership positions, supporting other women, and encouraging those having a tough time.”
Jois agreed, saying, “this is an excellent field to work in, and the demand for it will increase as time progresses. I would like to see more women in this field become leaders.”
Sam hopes to see more women from the security industry represented in education, so young women start having them look up to and go for advice and help.
WORKING WITH COBALT
Cobalt’s Core reflects the same pattern of more male testers that the industry does. While our female pentesters acknowledge that, they all said that they have had support while working here and enjoy being able to talk and share experiences with other female Core members.
“They appreciate your performance and respect you for your work,” Goonjeta said. “It's a great environment overall, and it promotes collaboration. I do reach out to female core members and colleagues, we often have great discussions about vulnerabilities, and sometimes it's as simple as just sharing our experiences.”
Sam said having Selvie Feta as a lead for one of her tests was inspiring to her.
“It did not matter if I was an experienced tester, it felt nice to see her leading and creating this impression in my mind that I can be a lead someday, too,” she said.
After studying it in school, Feta entered the security industry and had a related internship. She is a Core lead, which means she leads a team on pentest engagements.
“I would like to see more women taking up positions in the security field,” Feta said. “Whether male or female, it shouldn’t be an issue in any career option.”
Druga was introduced to Cobalt at the OWASP AppSec conference and has been a Core member since 2018. She said she loved how Cobalt brought her together with other female pentesters and how they talk regularly and speak at conferences together.
ADVICE FOR THOSE TO COME
Goonjeta: My advice to all the women and girls in the security industry would be to follow their passion, have a thirst for knowledge, focus on their goals, and stay confident throughout. Women are so strong and amazing that they can achieve whatever they set their hearts to, and it's time that we all start believing in ourselves and each other. Stay passionate about your work and stay confident! Support other women and colleagues, uplift each other and grow together. Initially, it's always challenging to get started, but when you start enjoying what you do, that's when you know you're on the right path.
Andreea Cristina Druga: Follow your passion, always. Read as much as possible, and keep up with the latest news and hacks! Exciting things will come your way when working in the cybersecurity area.
Apoorva Jois: The advice would be to get better at googling. Cybersecurity is a vast field, so explore it to understand the different domains and embrace learning. Lastly, remember not to doubt yourself!
Honey Merrin Sam: No matter how cut-throat and competitive the security industry seems, grow at your own pace. As this is an ever-evolving field – nobody is perfect, so all you can do is keep learning and updating yourself.
Selvie Feta: My advice is to believe first in yourself because if you believe in yourself, whatever it is you set out to achieve, you can achieve it. Nothing is impossible! You can make the challenges enjoyable, and If someone else was successful in this area, you could do it too.
Abhineeti: Yes, it is a male-dominated field which most of the fields are but don’t be afraid to take that first step. The security community, in general, is very supportive; you will find many people out there willing to help you.