Crashing the Boys Club: Women Entering Cybersecurity Through Non-Traditional PathsBy John P. Mello Jr.March 25, 2025 5:00 AM PT ADVERTISEMENTB2B Online Chicago Get in the GameGreat teams win with great plays. At B2B Online Chicago, youll get the strategies top eCommerce and digital marketing pros are using to drive growth. Dont sit on the sidelines - get in the game. Use code B2BCHI25PARTNER for 20% off. Although many women take the traditional IT route into cybersecurity, a large portion (37%) have entered cyber from non-IT or military positions, according to a survey released Friday by ISC2, the organization that maintains and administers the Certified Information Systems Security Professional (CISSP) certification exam.The organization reported that a significantly higher percentage of women than men who participated in the same study have leveraged education, professional development, self-initiated experience opportunities, and apprenticeships to pursue their careers.The report also noted that 56% of women respondents said their organizations are already changing their hiring requirements to bring in more people from non-cybersecurity backgrounds. This is illustrative of employer efforts globally to widen the potential cybersecurity talent pool without compromising standards, the report maintained.This is something that we currently observe not only in cybersecurity but in tech roles in general, said ydrn Vitait, business unit manager for Monitum, a software-as-a-service company specializing in smart security solutions with offices in Sweden and Lithuania, and a co-founder of Women Go Tech, an NGO that focuses on empowering women in the tech industry.First of all, women who had previously built careers in different sectors have more diverse backgrounds, stronger problem-solving skills, and advanced pattern recognition skills, she told TechNewsWorld.Another key advantage here is transferable skills, she continued. Such women can work in dynamic environments, where not only knowledge but traits such as curiosity, problem-solving, creativity, and other aspects matter.From our experience in re- and up-skilling programs, we have seen adult women in their thirties to forties deciding to shift from non-tech to tech, and they do it exceptionally successfully, she added.Non-IT Backgrounds Open Cybersecurity DoorsThomas Vick, a technology hiring and consulting expert at Robert Half, a global staffing and recruiting firm, explained that hiring individuals with non-IT backgrounds can often bring diverse perspectives and problem-solving approaches shaped by their unique experiences.For example, there is a growing demand for interpersonal and management skills in IT roles, underscoring the importance of understanding and integrating business methodologies into technological development, he told TechNewsWorld.Professionals with strong communication, critical thinking, and project management experience can often enhance an IT teams effectiveness, he added. Their varied experiences often lead to creative solutions and a more holistic understanding of the work being done.Alyson Laderman, CEO of Akylade, a provider of cybersecurity certifications with offices in Florida, pointed out that it can be difficult for women to gain IT experience because it, too, is a male-dominated field.The problem is worse now because of shrinking opportunities, she added. Theres not as many of those entry-level-type IT positions to get into to be able to start there and then move up to cyber, she told TechNewsWorld. So I think what youre seeing is a shift in the workforce in general, both in terms of gender, but also in terms of opportunity as to IT being a feeder into cybersecurity. Teresa Rothaar, a governance, risk, and compliance analyst with Keeper Security, a password management and online storage company in Chicago, noted that the climate for women in cybersecurity has been showing signs of improvement over the past few years. However, it still faces substantial challenges, she told TechNewsWorld. Significant work still needs to be done to ensure equal opportunities and a supportive environment for women in this industry.Ongoing challenges to womens advancement in cybersecurity include significant underrepresentation, as women remain notably outnumbered in cybersecurity roles despite efforts to close the gap, and men continue to dominate the field, particularly in leadership and technical positions, she said.The workplace culture in many cybersecurity environments can be unwelcoming to women, with issues such as gender bias, lack of recognition, and sometimes a hostile work environment hindering their progress and retention in the field, she continued.Gender pay gaps persist in cybersecurity, with women often earning less than their male counterparts for similar roles, a disparity that is particularly pronounced in tech fields, she added. Women in cybersecurity also face barriers to career advancement, including fewer opportunities for promotions and leadership roles, as well as a lack of support for continuing education and professional development.Education as Pathway Into CyberThe ISC2 report also noted that alongside the strong percentage of candidates leveraging IT experience to get into cybersecurity, advanced education was a significant pathway into these roles, although more so for women than men.Nearly a quarter (24%) of women respondents said they came in with a cybersecurity-related undergraduate degree (compared to 18% of men), and 23% of women (18% of men) entered a cybersecurity role with an undergraduate degree in a field not directly linked to cybersecurity.In addition, 18% of women respondents (12% of men) noted that they held an advanced degree a postgraduate qualification such as a masters or a doctorate in a cybersecurity-related subject before taking up a cybersecurity role. For non-cybersecurity advanced degrees, 16% of women respondents (11% of men) held these qualifications before entering the cybersecurity workforce. Men get hired on potential. Women get hired on proven ability, Laderman argued. Women are almost required to get that higher education, get more experience, to be able to show that they are of the same value of what typically men would be potentially capable of doing.Its clearly not a fair standard, but its something I myself have been through, she added.Vitait noted that women in her organizations programs also tend to have higher education levels and many certificates in various subjects. Unfortunately, this is a consequence of lower self-esteem and willingness to boost confidence and employability with hard knowledge, she said.Women also tend to apply later in the process of a career shift, she continued. They want to build a knowledge base and prove it via formal and informal education. Only later do they apply for the roles usually when they meet 80% to 90% of the requirements. Men tend to apply to the roles much earlier and learn on the go.Value of Cybersecurity CertificationsAnother finding by the ISC2 report was that beyond career and formal education, women place a significant emphasis on certifications and professional development to support their efforts when securing and furthering a cybersecurity career path. Holding a cybersecurity certification before entering their first job in cybersecurity was cited by 18% of women respondents and 16% of men.Because cybersecurity is a relatively new field, certifications are a great way for professionals to transition into it from another field, said Julia Toothacre, a career strategist, coach, and owner of Ride The Tide Collective, a career coaching company based in Claremont, Calif.Mid-career professionals who have experience in another area might benefit from various certifications to increase their chances of getting hired, she told TechNewsWorld. I dont think there is a gendered perspective when it comes to certifications. Its really based on a combination of experience and education, which will vary between everyone male or female. Rob Rashotte, vice president of global training and technical field enablement at Fortinet, a provider of firewalls, intrusion prevention systems, endpoint security, and antivirus programs in Sunnyvale, Calif., added that reexamining and revising education and training requirements for cybersecurity roles is a great place to start to address the existing workforce shortage in the domain.Many organizations are still likely overlooking solid candidates, he told TechNewsWorld. While many companies have diversity hiring goals, we arent seeing hiring numbers increase significantly among women, minorities, and veterans.According to Fortinets 2024 Global Cybersecurity Skills Gap Report, despite 91% of respondents saying they prefer to hire candidates with technical certifications, 71% of organizations require potential new hires to hold a four-year degree. Organizations should be identifying candidates who possess the right soft skills and then using certifications to help them gain cybersecurity-specific knowledge, Rashotte maintained.He added, According to the report, most leaders are open to this approach, with 89% of respondents saying they would pay for an employee to obtain a certification.John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.Leave a CommentClick here to cancel reply. Please sign in to post or reply to a comment. New users create a free account.Related StoriesMore by John P. Mello Jr.view allMore in Women In Tech