Despite the continuous and shocking gender disparity in cybersecurity where 16% of Fortune 500 CISOs are women, women continue to contribute, develop, and lead amazing careers. As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of Forrester Women’s Leadership Program to celebrate the successes, and solve for the many challenges women face in this field. The theme? “To Propel You Career In Security & Risk, Choose Your Advisers And Nuggets Of Advice Wisely.” We asked the attendees to share some of the best and worst advice they had received over their careers. What resulted was an inspiring, interactive, and thought-provoking session that dissected the following:
-
- Careers are a winding road, both studded with obstacles and made smoother by mentors with sound advice. Laura Koetzle moderated a panel of three highly accomplished senior women: Judith Conklin, CIO at the US Library of Congress, Faye Dixon-Harris, Managing Director at the Federal Home Loan Bank San Francisco, and Tameika Turner, Senior Cybersecurity Program Manager at the National Nuclear Security Administration. Each woman shared that she didn’t set out to build her career in cybersecurity or technology but rather arrived in the field via the US military, an entry-level role at a financial advising firm, or an administrative job in government while studying. All three women also received pivotal advice and sponsorship from mentors to: “think bigger” when she expressed the ambition to be a Deputy (rather than the C-level executive); go back to school so that no-one would ever be able to use a lack of a degree as an excuse to deny a promotion; and move to a new organization with mentor take on a first technical role.
- You need to sift the advice that bombards you from all directions to separate the gold from the muck. At all stages in your career, people will come to you with well-intentioned advice. But, discerning between what is useful and what is not can be a challenge. Sift your advice by asking questions about the advice and who is giving it such as: who are you, and why are you telling me this? Do you have a vested interest in giving me this advice? Will what works for you work for me? Identify green flag advice from those who have your best interest at heart, listened to your perspective, and bring in a new perspective. Beige flag advice can be beneficial – these are pieces of advice that can be helpful, if applied in the right circumstances or context.
- Good and bad advice comes in abundance, and in themes. For over a decade, women have been told to Lean In, until we all discovered that if we leaned in any further we’d snap. This is not the only well-intended, yet bad advice we’ve received. Attendees shared the multitude of good, and bad advice they’ve received, and it turns out that there are universal themes that we have almost all experienced (see the figure below). We have been told that we’re not ready, to be normal, to be ‘less,’ and to talk things out when we clearly shouldn’t. And thankfully, many of us have also been the lucky recipients of advice about how to hold boundaries, to brag about our achievements, to not hold back, and to assume positive intent in others.
Well-intentioned advice especially on genAI, leadership, burnout, skills and certification, and networking.
As analysts, we spend a large chunk of our time debunking the status quo – the well-intentioned advice given to security leaders. Attendees joined analysts in debunking myths in the following subject matters:
-
- You cannot, and should not always meditate your way out of burnout in cybersecurity. Instead, address systemic issues that cause burnout, and be aware of the imbalance between expectations, resources, and perceptions that lead to burnout.
- You cannot continue to blindly experiment with genAI for genAI’s sake! Instead, focus on the benefits that genAI has delivered to you so far – and we mean you as an individual in your profession – to leverage the tech more strategically moving forward.
- Don’t hold yourself back from a desired next step in your career because you don’t quite feel ready. You’re never going to feel 100% ready. Instead, every year, identify your strong points and areas to improve, find people who excel in your areas of improvement and learn from them, and prioritize hiring people who are strong in those areas who you can rely on and learn from.
- You cannot expect specific degrees or certifications to magically get you hired or promoted. Instead – and in addition to these still widely required but flawed indicators of competence – pursue the experience and relationships that will propel your career forward. Seek meaningful mentors, get hands-on low-cost training or free cybersecurity skills and training platforms, and link your diverse experience and background to the value you bring to the role.
- You don’t have to learn to play golf to build a network. Instead look for opportunities within your organization such as community service days, affinity group, or virtual water cooler chats, to foster relationships. Attending industry events or conferences presents a chance to make new acquaintances. LinkedIn is a great way to maintain contact with your network, and request introductions to others from your existing connections.
Asking women and other minority groups to solve systemic bias problems that they did not create causes high stress levels, compounds feelings of difference, and leads to spending less time on career-related activities. Do not underestimate the power of taking the time to share and learn from others. If this year’s Security & Risk Summit Forrester Women’s Leadership Program reminded us of anything, it is of the power of community, vulnerability, and sharing can lift us all.
This blog, and the Forrester Women Leadership session, benefited from Research Associate, Chiara Bragato’s input.