When Cybersecurity Meets 'Her Power': Unlocking the Potential of Women in Cybersecurity

Release Date: 7 Mar 2025 620 Views

Industry Status and Insights

The cybersecurity industry is currently facing a severe talent shortage. Statistics show that there is a global shortage of nearly 4 million cybersecurity professionals[1]. Although the number of cybersecurity practitioners is growing at an annual rate of 8.7%, the supply-demand gap continues to widen[2].

 

It is noteworthy that diversity in the profession is crucial to solving the labor shortage problem. Increasing the proportion of women in the cybersecurity industry can help fill this gap. According to statistics, women account for only about 25% of the global cybersecurity workforce. Although it is expected to increase to 30% by 2025[3], it still cannot meet the huge demand for cybersecurity talent.

 

Research by the International Monetary Fund suggests that increasing the female labor force participation rate by 5.9% could boost gross domestic product (GDP) growth by about 8%[4]. This means that bringing more female tech talent into the industry could not only alleviate the talent shortage but also bring potential economic benefits.

 

Unique Advantages of Women in Cybersecurity

Women bring unique perspectives and advantages to the cybersecurity field, stemming not only from their professional capabilities but also from their unique experiences and cognitive approaches in the digital world. These traits enable female practitioners to introduce innovative thinking and more inclusive solutions to cybersecurity.

 

Women often face more severe challenges in the digital world. Studies have found that women are 27 times more likely than men to experience online harassment[5]. The increase in false information, cyber harassment, and cybercrime particularly affects women[6]. These experiences provide women with unique insights, transforming them into powerful motivators to safeguard the digital world.

 

Women are adept at thinking from different group perspectives, identifying potential vulnerabilities, and translating complex technical solutions into simple, actionable security guidelines, bridging the gap between technology and practical application[7]. For instance, when designing anti-cyberstalking solutions, female engineers may be more sensitive to privacy protection gaps, developing security products that balance technical rigor and user experience. Women also play a key role in building trust and raising public security awareness[8]. They can transform complex cybersecurity knowledge into forms that are easily accepted by the public, thereby enhancing public cybersecurity awareness.

 

The cybersecurity field is inherently filled with uncertainty and risk, and women excel in risk sensitivity. The Harvard Business Review points out that women generally score higher than men across most leadership skills dimensions, indicating that women have great potential to become top cybersecurity professionals. As CyCognito's Chief Information Security Officer and National Security Institute Fellow Anne Marie Zettlemoyer said, "Women are natural risk modelers and managers."[3]


Therefore, fully leveraging the unique advantages of women in cybersecurity is beneficial for building a safer digital world.

 

“Her Power” in Cybersecurity

The cybersecurity field lacks diversity and female talent, with the gender gap most evident in high-level cybersecurity positions. According to statistics, women hold only 17% of Chief Information Security Officer (CISO) positions in Fortune 500 companies[9].

 

HKCERT is honoured to invite three female practitioners at different stages of their careers to share their experiences and insights. We hope to inspire more women to join the cybersecurity industry by showcasing female representatives in the field.

 

Eve: Senior Female Leader in Cybersecurity

Ms. Eve graduated from the Department of Information Engineering at the Chinese University of Hong Kong and has been deeply involved in the cybersecurity field for nearly three decades. Her career reflects the history of digital security development in Hong Kong. Early in her career, Eve participated in the development of Hong Kong's first electronic banking service system and focused on e-commerce information security and project management from 2000 onwards. Since 2011, Eve has served as the Senior Vice President of Digi-Sign Certification Services Limited, promoting mutual recognition of electronic signature certificates between Guangdong and Hong Kong, providing consulting services and solutions to industry and government clients. As a member of the Professional Information Security Association (PISA) and a Certified Information Systems Security Professional (CISSP), Eve has been at the forefront of building the industry by actively promoting information security in various fields.

 

Meanwhile, Eve is also committed to nurturing new STEM (Science, Technology, Engineering, and Mathematics) talent. She states, "Working in the IT field for many years has made me realize the importance of cultivating local talent, and creating opportunities for the next generation to engage with STEM is a key first step." Eve practices this philosophy in various ways, such as sponsoring overseas competitions for STEM groups, giving cybersecurity talks at schools, and sharing industry insights with alumni and students. Eve also sponsors the CNECCC Alumni Scholarship - Han Yao STEM Award to encourage students to develop in STEM.

Reflecting on the challenges faced in her career, Eve shared, "Early on, we faced a crisis where the system collapsed completely eight hours before going live. The team worked overnight to recover 80% of the core data, ensuring the system launched safely on time. From this crisis, I learned that Murphy's Law always applies, and one must always be prepared with contingency plans." She emphasizes that in the ever-changing and challenging world of cybersecurity, practitioners need to have a dynamic mindset—staying vigilant, questioning, and continuously learning.

Discussing the unique advantages of women, Eve notes, "In high-pressure crisis situations, women are better at coordinating team conflicts and focusing attention on the essence of the problem." She validates this with her own experience, highlighting women's strengths in team collaboration and stakeholder communication.

Regarding the technological revolution brought by generative AI, Eve believes that for the new generation of cybersecurity experts, soft skills in analysis and problem-solving will become as important as hard skills. The language ability to interpret technical issues or solutions will become increasingly crucial. Therefore, women's communication and coordination advantages will better help integrate the humanities and technology fields. She is also pleased to note that since she entered the industry, the proportion of women has evolved from "rare" to "visible."

At the end, Eve offers some advice for the new generation of female practitioners:

  • Continuously improve through education and training, and obtain certifications from authoritative organizations.
  • Network with other professionals in the industry.
  • Don't hesitate, be brave to ask questions and share!
  • Girls, be confident in yourselves!

 

Becca: Expert in Technology Risk and Compliance Assessment

Ms. Becca has been in the IT and cybersecurity industry for twelve years and currently works in technology risk and compliance assessment at one of the Big Four accounting firms. Becca's career began in system development management before transitioning to cybersecurity, continuously expanding her professional boundaries. Discussing the key challenges during her career transition, Becca believes it was the anxiety and uncertainty caused by gaps in professional knowledge. She shared, "The only solution is to study harder, read cybersecurity news or articles, obtain relevant certifications, and seek advice from seniors to fill the knowledge gaps."

Regarding the differentiated advantages of female practitioners, Becca mentioned, "Women are usually more meticulous and patient in understanding events comprehensively, and they excel in communication." For example, when explaining risk assessment results, she can articulate the issues and the pros and cons of remediation more clearly and logically than her technical colleagues. She also noted that these traits might stem from individual differences rather than inherent gender advantages.

Reflecting on her career, Becca has observed significant changes in the cybersecurity industry. Early in her cybersecurity career, she experienced biases against women's abilities. She had to provide cybersecurity advice over the phone, but as soon as the other party heard a female voice, they immediately requested to transfer the case to a male colleague or a higher-level practitioner. Although it was an isolated incident, she still felt disrespected.

Over time, she is proud to see many female juniors emerging, including technical talents (e.g., working on penetration testing, incident response). Industry conferences now feature special sessions for women, inviting senior female practitioners to share their experiences. This signifies the industry's recognition of female practitioners and substantial progress in gender equality awareness.

Looking ahead to the industry's future development, Becca stated, "With the rapid development of new AI technologies and their integration into various industries, cyber attacks are becoming more frequent, making cybersecurity a critical part of enterprises. Simultaneously, countries and regions are increasingly emphasizing cybersecurity and data security compliance requirements. For example, the Hong Kong Monetary Authority continuously monitors the latest technological developments and threat trends, issuing relevant guidelines and regulations; the Hong Kong Insurance Authority also released the latest cybersecurity guidelines (GL20) last year. Internationally, China, the United States and other places have formulated guidelines and regulations on information security and cross-border data security in recent years, to cope with the ever-changing global security challenges." She believes that facing the dual challenges of technology and compliance, enterprises must invest more manpower and resources to effectively reduce cybersecurity and compliance risks.

 

Madeline: Rising Star in Cybersecurity from Generation Z

Ms. Madeline graduated from the Hong Kong University of Science and Technology in 2024, majoring in Computer Science and Physics. She currently works in proactive cybersecurity analysis at one of the Big Four accounting firms, providing penetration testing, vulnerability assessments, and source code reviews for leading institutions in finance, education, and charity sectors.

Her career choice stems from a passion for fundamental technology research and a persistent pursuit of problem-solving. Notably, this passion can be traced back to the 2022 HKCERT Cybersecurity Capture the Flag (CTF) competition. Since then, Madeline has actively participated in the HKCERT CTF competition every year. She said, "HKCERT CTF was the first cybersecurity capture the flag competition I participated in. This excellent platform allowed me to hone my cybersecurity skills in a challenging environment and meet like-minded cybersecurity enthusiasts."

As a newcomer to the industry, Madeline admits that the current biggest challenge is the ability to translate technical skills into business value: "Lacking a business background, I need to learn how to connect technical analysis with business value to build better communication bridges with clients." Regarding the industry's hot topic of gender issues, Madeline holds a unique perspective, believing that individual passion, skills, knowledge, experience, and learning attitude far outweigh the impact of gender dimensions.

To promote the development of female practitioners in the industry, Madeline suggests enhancing the visibility of female representatives in cybersecurity, such as hosting dedicated women's summits, competitions, or social events to encourage more women to enter the profession. Madeline's personal career vision is clearly directed towards the red team field, and she is working hard to accumulate experience and knowledge. We hope that this rising star, who has stepped into the real world of cybersecurity from the HKCERT CTF arena, can achieve her goals and write a new chapter in digital security for this era.

 

HKCERT sincerely thanks Eve, Becca, and Madeline for sharing their experiences. Their stories showcase the charm of practitioners at different stages in the cybersecurity industry and highlight the unique value and unlimited potential of women in this field. Whether experienced veterans or newcomers, they are all contributing to the development of the cybersecurity field.

 

How to Attract and Retain Female Talent

Attracting and retaining female talent is key to driving the development of the cybersecurity industry. As Eve mentioned, developing cybersecurity requires nurturing young people's interest and knowledge in STEM and cybersecurity.

 

At the foundational education stage, such as primary and secondary school, STEM education can be promoted, and introductory cybersecurity courses can be offered to cultivate digital security awareness through gamified teaching.

 

At the higher education stage, institutions can provide students with relevant competitions, internship opportunities, career talks, and particular scholarships to help them enhance technical skills and gain practical experience, laying a solid foundation for entering the cybersecurity industry.

In terms of career development, enterprises and the entire industry also bear significant responsibilities. On one hand, they can provide female practitioners with more training resources and skill enhancement opportunities, helping them stay at the forefront of the industry, continuously updating their knowledge systems, and refining professional skills.

 

On the other hand, creating an inclusive and diverse corporate culture, and building a work environment that is friendly and supportive to all genders, allows female practitioners to fully showcase their talents, thereby attracting more women to the cybersecurity industry.

 

Cybersecurity is not just a career choice; it is an indispensable presence in safeguarding the digital world, especially in today's increasingly digital era. By narrowing the talent gap and tapping into the immense potential of female talent, the cybersecurity industry can inject continuous vitality, drive the industry's development, and better protect the digital world.

 

 

[1]https://www3.weforum.org/docs/WEF_Strategic_Cybersecurity_Talent_Framework_2024.pdf

[2]https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study

[3]Women To Hold 30 Percent Of Cybersecurity Jobs Globally By 2025

[4]Countries That Close Gender Gaps See Substantial Growth Returns

[5]https://www.unwomen.org/en/news-stories/explainer/2023/11/creating-safe-digital-spaces-free-of-trolls-doxing-and-hate-speech

[6]The Untapped Potential Of Women In Cybersecurity

[7]6 Reasons Why Cybersecurity Needs More Women | Women in Tech Network

[8]https://securitybrief.com.au/story/the-case-for-more-women-in-cybersecurity-strengthening-the-industry-with-diverse-talent

[9]https://cybersecurityventures.com/women-in-cybersecurity-report-2022/

Share with

Previous

Enhancing Digital Signage Security: Security Findings and Recommendations from the Latest Study

20 Jan 2025 4264 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY