Female Cybersecurity Leaders (CISOs): Who Wants Them? 

 October 13, 2021

By  Jane Frankland

Last year, the world witnessed one of the greatest industrial changes in living memory with the pandemic igniting rapid, exponential growth. Caught off guard, and now in our post-pandemic reflective reality, one thing has become crystal clear. The world seeks a new kind of leader – one who must not only embrace change but become an instigator of it and renown for it.

The era of the fast follower – a company that quickly imitates the innovations of its competitors – is over. Thanks to technology, continual rapid change is here to stay. For years we’ve known it was coming, what Industry 4.0 on the horizon. And that’s why effective leaders must become experts of change. The first mover advantage is back!

The world we live in now calls for a very different approach to business. Increasingly, you’ll find yourself being judged for your thought leadership, story, agility, ability to problem solve and innovate. Every opportunity you’ll be approached about will involve a search of your name and require evidence of your worth, rather than because of your resume. Every team you’ll lead will be based on your ability to communicate your story, mission, vision and the team culture you’re known for creating. Every job you’ll take will be based on the reputation of the leader you’ll be working with, not the organisation’s brand lure. And every promotion you’ll gain or project you’ll be picked for will be based on your ability to visibly demonstrate your value especially as a stakeholder influencer.

In the very near future, if not now, you won’t be known for the organisations you work at. Rather, you’ll be known for the leaders you worked with, the relationships you’ve built with the people you’re connected to, your network and engagement reach, the ideas you’re immersed in and what you care deeply about.

That’s why you must see yourself as being an “entity” that others need to know about, work on raising your visibility and evidencing your work.

This is so important for women. But why?

Well, there are numerous reasons. I went through some of them this week at the Cyber Security Virtual Conference: Celebrating Women in Cyber, and with PWC Canada when they engaged me to open their one day event – SheProtects: Future CISO Program.

Here are some of the things I shared….

Cybersecurity has always been a pressurised environment, but in the last year with so much change going on, it’s become even more so.  As per the World Economic Forum’s Global Risks Report 2021, cyber risks continue to rank right at the top among global risks. 

With many different roles for cybersecurity leaders in our ecosystem, if we examine just one of them – the role of a Chief Information Security Officer’s (CISO) and her challenges – chances are you’ll recognse this type of environment….

  • She sees risk everywhere, is accountable for it, and is mostly at odds with the business.
  • She’s often under-resourced with small teams and budgets.
  • She usually sits within the IT function and often there isn’t a clear separation between security and IT budgets, which causes a conflict of interest.
  • Her department is viewed as a cost rather than an enabler to the business and this can be reflected in budgets which create a ceiling in salary bands for roles, less loyalty, and “churn.”

A good CISO is someone who can lead well and understands cybersecurity to a reasonable level. They don’t always have to be highly technical, though. It really does depend on the organisation and how the security department functions. A CISO can work in an operational and or advisory capacity. Either way, she’ll have to be measured, strategic and a courageous leader – someone who can effectively communicate with a multitude of different stakeholders and get buy in. She’ll need executive presence, to be able to influence, handle pressure and build teams and cultures of psychological safety.

So how do you get there? Here are 8 tips

Tip 1 – Get clear on what you want and up-level

Wherever you are, what got you there isn’t going to get you to where you want to be. You have to up-level and that means investing in yourself. It means taking time to self-discover – to recognise what you love, excel at, what you want to be known for, what you value, what your mission is, what your vision is, what your personal brand style is, who exactly you want to serve, how hard you want to work, how you want your work-life integration to be, and so on. It means looking at the skills and qualifications you need to learn, as well as unlearning others.

Unlearning is important and it’s often missed but just as Alvin Toffler said, “The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn.” I wrote about this last week.

Tip 2 – Believe you can do it

To become a CISO, you must believe you can do it because you can’t expect anyone to believe in you and take a chance on you unless you believe in yourself. So, understand exactly what’s needed to get you there. Prioritise your personal development as well as your emotional, spiritual, and physical health and don’t let excuses – typically time – get in the way. Don’t wait for someone else to make this happen or give you permission, either. This makes you dependent, trapped and controllable. No one wants that!

If you’re nervous or not sure what you need, ask for advice from another CISO you admire. Then, take a first step, then another, and another. Know that small, consistent steps (incremental gains) lead to quantum leaps and massive transformations. Additionally, that when you work on strengthening your inner belief, which is your core, you signal to yourself and others that you’re worth investing in and that’s a total game changer. Not only will you up-level but your energy will change, and everyone will feel it, even when through a camera lens!  This is important because a lot of the time, you’re be using language to communicate your value and whilst change begins in language it has its limits. But it’s your energy that attracts all things to you.

Tip 3 – Have patience

Don’t expect results overnight. They take time and despite working in a tech field, you are not a machine. So, be patient and kind to yourself rather than being your worst critic. Acknowledge how well you’re doing by giving yourself a high five in the mirror every morning. American lawyer, television host, author, and motivational speaker, Mel Robbins has just written about this technique and it’s so good! Promise yourself, too, that you’ll give 100%, so you can look yourself in the same mirror and say, “I tried my best” and know that your best will be good enough when it matters. 

Tip 4 – Lean back

Recently, thanks to Sherly Sandberg, many women have been conditioned to lean in, but the thing is you actually need to lean back at certain times too. When planning, if you lean forward to your dreams, you’ll only get stressed, will repel what you desire, and life or work will become an uphill struggle. You see, attracting what you want doesn’t come from attachment to it. It comes from letting go, allowing and expanding. If you’re not sure on this, think what happens when you’re being chased. You run, don’t you? Hopefully, you get my point.

You see, when you dare to dream and set an intention, you must let go of how it comes to fruition. Letting go of your attachment is letting go of control and needing to control comes from not trusting the process. Attachment creates resistance, dependence and friction. But by letting go, you allow everything to happen in a way that the ego can’t even dream of. You free yourself and any burden or pressure.

Tip 5 – Learn by doing

Growth is messy and rarely does anyone feel ready for their next promotion. Often it requires courage for it’s like jumping from a height and knowing that your wings will appear in time. Just recently I interviewed Rethi Sinki, the CISO of Twitter, on her career. She agreed and spoke about multiple times she had to learn by doing when she didn’t feel fully ready. She said sometimes she made the move herself and other times she was gently nudged forward and encouraged by her lead.

Tip 6 – Get visible and de-commoditise yourself

Unfortunately, the workforce is not a meritocracy. The rules in business are not the same for women as they are for men. Women, and especially mothers,  are expected to prove their worth in ways that men are not, and women are still being judged on their competence rather than their potential, like men. This is not men’s fault. It’s a problem that’s been caused by a system that’s outdated – the patriarchy.

In cybersecurity, (ISC)2’s latest research (released on 18 October 2021), ’In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity, reveals more on the division women and people of colour in cybersecurity are still facing.

In the meantime, let’s look at some research by the non-profit leadership group Catalyst. When they studied MBA graduates, they found that women lagged behind their male peers in leadership roles and compensation. Time and time again they discovered women to be taking on extra projects, negotiating salaries in the hiring process, and taking training courses – all things that women are told to do if they want to advance in the workplace and become leaders. Yet, their research found the male study participants to be earning more than their female counterparts by more than $31,000!

Although Catalyst acknowledged that the issue could be because of a number of underlying and unaddressed factors like unconscious bias, persistent stereotypes, unrealistic expectations on work boundaries, and insufficient childcare support, they discovered that for women it was making their achievements known and gaining access to powerful others that had the greatest impact on a woman’s career advancement.

“When women were most proactive in making their achievements visible, they advanced further, were more satisfied with their careers, and had greater compensation growth than women who were less focused on calling attention to their successes.”

Visibility is the single most important thing a woman can do to advance herself in her career. It’s not about gaining more qualifications, experience, or working twice as hard as a man. Qualifications and experience may get you an interview, but they won’t guarantee you your dream job, timely promotion, or fair pay. Competition is fiercer than ever as a leader, despite the desire (and or targets) for more women in leadership roles.

To impress hiring managers internally and externally, you must de-commoditise yourself — in person, on paper and online. To succeed as a CISO (or leader), you must become known for serving to a high standard and creating a memorable experience in the minds of those you interact with. One way to do this and reach many people is by using social media. For example, by blogging on LinkedIn, the world’s leading professional networking and career development platform, you can share your thought leadership pieces and other resources that may be of help to those you’re serving.

This builds trust and influence. Both go hand-in-hand and are useful because success today hinges on your ability to get your stakeholders to achieve common goals and purposes. Influence is personal power, too, and is built on personal effectiveness. It’s the new power of competence and as a CISO, it’s more important a skill for you to evidence than being technically competent or having a string of qualifications after your name.

You see, no longer are we reliant on how personal power was set in the past, which was based on position, job role and hierarchy plus a command-and-control type of approach. Nowadays, with millennials comprising over half of the workforce or more, they want different ways to engage and be managed. They want to be pulled and attracted; to work for leaders who are mission led, and who’ll provide them with an environment where they can be both challenged and supported in equal measures. Increasingly, millennials are not tolerating shoddy leadership and they’re pushing back against toxic models that place productivity and classically defined success above all else. They want fulfillment, health and work-life balance – to have it all, and why not!

Tip 7 – Build your network

Success is a team sport, and you need a strong team of people around you to keep you strong. Sometimes you’ll need an introduction, a referral or recommendation. Other times you’ll need a nudge, a push, a kind word or just to offload and be heard.

As different networks bring you different things, choose them carefully and know that effective networking is not about the numbers of people you know. Unless you’re in marketing or a paid influencer that’s vanity. Rather, it’s all to do with who those people are, so always seek quality over quantity. Adopt a strategy where you identify and connect with people who are connected to multiple networks, too as this enables you to benefit from weak ties. Finally, make sure you include a strong inner circle network of women, too. Research says that women are two and a half times more likely to be promoted when they have a strong circle of female friends at work. So, instead of competing, form a circle of women around you and cheer for each other.

Tip 8 – Create diversity in your teams

Although speed is the currency of business, it creates risk, so as a cybersecurity leader you have to strike a balance. Creating diversity in your team enables you to do this. They challenge narrow perspectives and with other viewpoints they help you not to be so blindsided, make better decisions and innovate, which improves your output – a safer, happier and more prosperous world.

To end on a sobering thought. There are only 3% of women cybersecurity leaders (in the UK) right now. If you are one of them, want to become one, or develop more of them, please take some time out to think about what I’ve shared and ask yourself these questions…

  • How clear are you on exactly what leadership position you want?
  • What skills are you missing?
  • What do you need to unlearn?
  • What are you feeding your mind with each day (reading, listening to or watching)?
  • How does this benefit you or your work?
  • How much of this do you implement pr share?
  • How balanced are other areas of your life, e.g., personal development, spiritual, emotional and health?
  • What behaviours do you notice which reveal a lack of self-investment?
  • What do you need to let go of to become the person you want to be?
  • What is standing in your way of you making progress? Is this yourself (a limiting belief or habit) or an external factor/s?
  • What do you value, stand for and against? Are you communicating this?
  • Can you articulate an “introduction” or pitch that inspires or moves others?
  • How visible are you in your organisation as well as online and in print? What action/s do you need to take to improve this?
  • Have you mapped out your stakeholders – internally and externally?
  • How well do you know your stakeholders i.e., what their challenges and aspirations are, and how much are you known, liked and trusted by them? What evidence do you have for this?
  • How much time do you devote to networking online and in person?
  • Do you have an inner circle of women you seek advice from regularly?
  • Do you have mentors, sponsors and or coaches?
  • How well is your team performing?
  • Are you creating psychological safety in your teams?
  • How well is your team performing? How often are your team members off sick?
  • How easy is it for you to attract and retain a diverse team? Do you have a waitlist?
  • How often do they recommend their peers to you?

If you want help with this or want a conversation about working with your team to create more female cybersecurity leaders, get on the waitlist for The Source, my brand new women in security platform, or contact me for a discovery call to discuss.

Now I want to hear from you…

  • What other questions should future and existing female CISOs (or other women leaders in the cybersecurity ecosystem) ask? Please share them in the comments below.

PS. If you’re a woman in cybersecurity and are ready to learn, network and be supported in a way that’s fun, inspiring and uplifting, join us at The Source. You can get on our waitlist now and then be the first to hear when we open our doors again next year for new members, partners and corporate sponsors. If you’re a business that values women in cyber, and want help attracting and or retaining them, get in contact with me for a discovery call.

PPS. Photo credit is @christina #WOCinTechChat unsplash


Did you enjoy this blog? Search for more blogs that you want to read!

Jane frankland


Jane Frankland is a cybersecurity market influencer, award-winning entrepreneur, consultant and speaker. She is the Founder of KnewStart and the IN Security Movement. Having held executive positions within her own companies and several large PLCs, she now provides agile, forward thinking organisations with strategic business solutions. Jane works with leaders of all levels and supports women in male dominated industries like cybersecurity and tech. Her book, IN Security: Why a failure to attract and retain women in cybersecurity is making us all less safe' is a best-seller.


Follow me

related posts:

Leave a Reply:

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch