$11.5 trillion - the Gross Domestic Product (GDP) of the world's third-largest economy after the United States and China. However, this is not a country. It's the estimated cost of cybercrime to the world in 2023. This figure is estimated to reach $23.84 trillion by 2027 and shows no signs of slowing down. As the global volume of cyberattacks breaks records every year, the World Economic Forum estimates the worldwide cybersecurity workforce shortage to be about 3.5 million workers. Starkly, only 25% of the current cybersecurity workforce comprises women. These are alarming figures. Addressing the gender gap in cybersecurity is a matter of equity and social responsibility and a strategic business imperative that industry and global leaders must address.
Boston Consulting Group's worldwide survey of 2000 women studying STEM subjects in 2022 highlighted several hurdles to expanding the cybersecurity workforce to women. Amongst them, one that resonated with me the most is the lack of women mentors and sponsors and few visible and accessible women role models in the field. While we have undoubtedly come a long way since I began my cybersecurity career more than twelve years ago, seeing certainly is believing when it comes to having role models in your field. Much like other spaces that remain elusive to women and other underrepresented groups, representation matters in cybersecurity.
The following list aims to highlight ten women who are experts in their spaces and are leading the charge in shaping the future of the cybersecurity landscape. This list is certainly not exhaustive and numerous other pioneering women are paving the way for those who come after them in technology and cybersecurity. I hope hearing these names and their accomplishments inspires the reader as much as it did me while curating the list.
- Jen Easterly, Director of Cyber and Infrastructure Security Agency (CISA)
A retired US Army lieutenant colonel, Jen Easterly has several feathers in her cap, such as helping establish US Cyber Command, serving as the cyber advisor for the NSA, and special assistant to President Barack Obama on matters related to national security. As a distinguished cybersecurity expert and leader in the space, Jen has played a crucial role in shaping US cybersecurity policy, especially during her time at CISA. As a vocal advocate for bringing more women into cybersecurity, she has set a goal to have 50% of CISA's workforce be women by 2030.
- Jadee Hanson, CISO at Vanta (formerly CISO & CIO at Code42)
Previously leading global risk and compliance, security operations, incident response, and the insider threat program at Code42, in addition to holding senior leadership roles in security at Target Corporation and Deloitte, Jadee was recently appointed CISO at Vanta. A recognized leader with over 20 years of experience, she was named one of 2021's Top 25 Women in Cybersecurity by The Software Report and one of 2020's Top 100 Women in Cybersecurity by Cyber Defense Magazine.
- Mary Ann Davidson, Chief Security Officer at Oracle
Best known for her long and distinguished career at Oracle Corporation, Mary was appointed CSO in 2007 and is responsible for overseeing Oracle's global security strategy and ensuring the security of the company's products and services. A vocal advocate for secure software development, she has served as a member of the Center for Strategic and International Studies Commission on Cybersecurity for the Obama administration, and on the board of directors for the Information Technology Information Sharing and Analysis Center (IT-ISAC) and the Center for Internet Security (CIS), where she worked to develop cybersecurity standards and guidelines for organizations across various industries.
- Nasrin Rezai, SVP and CISO at Verizon
With over 25 years of experience, Nasrin is a global technology risk and cybersecurity executive and board member, and co-chair for the Federal advisory committee that makes recommendations to the FCC "to Improve communications, security, reliability and interoperability." Her previous roles include Global CISO for GE Capital and Head of Corporate Governance, Technology Risk and M&A security, for the industrial GE businesses. Before GE, she served as SVP, Chief Technology Risk Officer in the Enterprise Risk Management Organization at State Street, and CTO of Security at Cisco Systems.
- Poornima DeBolle, Cofounder and Chief Product Officer at Menlo Security
A Forbes 50 over 50 Entrepreneur, listed in Inc. Female Founders and Official Member of the Forbes Technology Council, Poornima's areas of expertise include network and security architecture, and browser security. In 2020, Menlo Security announced it raised $100 million in Series E funding, with a company valuation of $800 million.
- Deneen DeFiore, VP and CISO at United Airlines
Deneen believes that storytelling that connects risk management with business outcomes creates more value for an organization than solely operating at the technical level without connecting the dots with business outcomes. She is a CSO Magazine Hall of Fame Inductee and is listed in the Top 100 Women in Technology by Technology Magazine. Before joining United, she served as the CISO for General Electric Aviation and continues to champion commercial aviation cyber safety risk initiatives and improve cyber resilience across the aviation ecosystem. She is passionate about diversity in tech and promoting STEM education.
- Wendy Nather, Head of Advisory CISOs at Cisco
With over 40 years of technical experience in IT operations and security, Wendy started leading the Advisory CISOs team at Cisco after Duo Security, where she was the CISO, was acquired by Cisco in 2018. Amongst other accolades in her long and stellar career, she was inducted into the Infosecurity Europe Hall of Fame in 2021. Additionally, she serves on the advisory board for Sightline Security and is a Senior Fellow at the Atlantic Council's Cyber Statecraft Initiative.
- Dr. Alissa Abdullah, Senior VP and Deputy Chief Security Officer at Mastercard
Former Deputy Chief Information Officer of the Executive Office of the President and CISO at Xerox Corporation and Stryker Corporation, Dr. Abdullah emphasizes that there is something in cybersecurity for everyone and encourages women to challenge the idea that only a certain kind of person can work in the field. She also believes that her creativity makes her better at her job and encourages her to think outside the box when solving problems.
- Sarah Armstrong-Smith, Chief Security Advisor - EMEA at Microsoft
A leading authority within the cybersecurity industry, Sarah has secured high-profile roles throughout her illustrious career in addition to authoring multiple books. In recent years, SC Media named her one of the Top 30 Female Cybersecurity Leaders and The National Cyber Awards named her a finalist for Cyber Citizen of the Year. She has worked on major cybersecurity incidents and helped her organizations overcome these challenges.
- Kirsten Davies, CISO at Unilever
Having served in several leadership positions including SVP and CISO at Estee Lauder, CSO at Barclays Africa Group Limited, VP and Deputy CSO at Hewlett-Packard and Siemens, Kirsten also established Barclays’ Converged Security Academy, which guided applicants through a 14-week immersion course to re-skill them for entry-level cybersecurity positions – with training spanning cybersecurity, information security, fraud defense, physical and executive security, and forensics/investigations.
During Women's History Month and on International Women's Day, these remarkable women serve as a powerful reminder of women's contributions throughout history and those that we continue to make to our societies. They are breaking barriers and challenging norms while leading their organizations and the cybersecurity industry into the future, and there is no stopping them! By highlighting the contributions and accomplishments of these trailblazers, we not only celebrate their successes but also pave the way for a more diverse and inclusive cybersecurity workforce that we are so much in need of. These are the giants whose shoulders future generations of cybersecurity professionals will stand on.