As the first series of Women In Cyber wraps up, we’re reflecting on the lessons learned from our panelists across the nine episodes.
During this podcast series, we brought together 23 cybersecurity trailblazers—women who every day are challenging the traditional assumptions of who belongs in cybersecurity. Women who each have a story to tell.
We wanted to create an open platform for in-depth discussions about cybersecurity trends and technologies, as well as sharing stories that inspire, challenge, and celebrate what it means to be a woman in cyber.
Listen to the final episode now: https://podcasts.expertinsights.com/p/the-ciso-survival-guide
And read on for the key takeaways from these candid conversations.
1. 🧠 You’re Never Going To Stop Learning
The cybersecurity industry moves incredibly quickly and, because of this, you’re never going to know everything; there will always be something new to learn.
With that in mind, we can draw two clear conclusions:
- It’s important for those working in cybersecurity to have an innate curiosity and willingness to learn. You have to proactively look for new threats, and new ways to combat them.
- To work in cyber, you also need a growth mindset. You need to be able to accept mistakes or drawbacks for what they are, learn from them, and move forward better equipped to deal with that issue in the future.
“You’re never going to know everything. You always have to be learning if you want to even remotely be able to sleep at night.” – Nicole Carignan, SVP of Security and AI Strategy at Darktrace, Women In Cyber Episode 6: The Truth About AI
2. 🎓 You Don’t Need To Be A Cybersecurity Expert To Start A Career In Cyber
Anyone can start a career in cybersecurity, no matter their background or training. Technical knowledge is something that can be taught, but it’s more difficult to teach the ability to think outside the box.
It was really encouraging to see this not only spoken about across the series, but also reflected in the experiences of our panelists. As well as speaking with women that look a more linear path into cybersecurity, e.g., via IT, software development, or cybersecurity itself, we spoke with those from marketing, teaching, journalism, military, and even musical theater backgrounds.
The fact that all of these women have gone on to have successful careers in cyber just goes to show that you really don’t need to be a cybersecurity expert to start a career in cyber; you just need to have the drive to take that initial leap.
“Over the past 10 years or so, I’ve worked with analysts with such different backgrounds… And honestly, some of the strongest investigators that I work with didn’t come from cyber at all.” – Olga Polishchuk, VP of Investigations at Zerofox, Women In Cyber Episode 2: Breaking Into Cybersecurity
3. 👥 Embrace All Perspectives, And All Backgrounds
Leading on from that is the reason why it’s not important to have a technical background to have a successful career in cybersecurity.
There is always going to be something that you can take from one role and apply to a role in cyber, whether it’s hard skills, curiosity, a passion for learning, the ability to ask questions, the ability to keep calm under pressure, or something completely different.
So, when you hire people that haven’t come from a traditional cybersecurity background, you benefit from all of the different perspectives that those people can bring to your team. This can help you avoid a “groupthink” scenario, and it can be a real accelerant for innovation and problem-solving.
“Diversity of thought is an accelerant, right? You could hire someone that is ‘traditionally trained’ to do the work, but there’s a standardized approach to teaching someone cybersecurity, technology, how to code, application security, and all those things. If you bring someone in with a wildly different background, they will absorb those things, but they will process them very differently.” – Tia Hopkins, Chief Cyber Resilience Officer and Field CTO at eSentire, Women In Cyber Episode 9: The CISO Survival Guide
4. 💥 Burnout Is Very Real, And We Need To Address It
Whether you’re a CISO trying to protect your organization from cyberthreats whilst juggling the pressure of potential legal responsibility, a ransomware negotiator dealing with cybercriminals and their victims first-hand, or a product developer trying to make sure your customers don’t get compromised due to a flaw in your code, there’s no doubt that cybersecurity is a high-stakes industry. And unfortunately, for a lot of security professionals, that can ultimately lead to burnout and mental health struggles.
So, if you’re working in cyber, it’s important that you find ways to manage that pressure. That may involve finding a community that can understand the emotional weight of your work, learning how to say “no,” of focusing on self-care.
However, the onus of finding that healthy work-life balance isn’t all on the individual. When organizations recognize burnout amongst their employees, they need to take proactive steps to address its cause, which can typically be attributed to excessively high expectations (often set by the organization or team), combined with a lack of resources (e.g., not enough team members or budget).
“If you don’t figure out how to create a balance within your life, you will never be happy, first of all, and you will never be successful.”– Janine Seebeck, CEO at BeyondTrust, Women In Cyber Episode 8: Secrets From The Cyber C-Suite
5. 🤝 We’re All On The Same Team, And Collaboration Is Key
There’s a lot of competition in the cybersecurity industry. You see it on the expo floor at conferences, you see it in product releases, and you’ll certainly see it later this month as vendors start promoting their “Black Friday” deals.
But it’s important to look past that competition and remember that, at the end of the day, we’re all on the same team, fighting the same fight. As such, it’s important for vendors to share threat research and intelligence, and work together to find ways to combat new attacks.
However, it isn’t just important for different vendors to work together; it’s also important for different teams within the same organization. IT, security, and business operations teams need open lines of communication to ensure that cybersecurity isn’t seen as a roadblock, but actually something that will help the business advance in the long term.
“Without collaboration, threat actors are going to have a much easier time accomplishing their goals.”– Kristina Balaam, Senior Staff Threat Intelligence Researcher at Lookout, Women In Cyber Episode 3: From Intel To Action – The Human Side Of Cyber Threat Intelligence
6. 🤖 AI Isn’t “One Size Fits All”
We know of the huge productivity benefits that AI can bring to a security team but, in order to reap those benefits, it’s important to consider why you actually need AI before you invest in a solution.
Don’t integrate a tool into your tech stack simply because everyone else seems to be using it. Instead, take time to identify what the problem is that you’re facing or what you’re trying to achieve, then find a tool that will help you address that.
You can’t put a square peg in a round hole, Cinderella’s slipper didn’t fit on everyone’s foot, and one AI tool isn’t going to solve all of your problems.
“Start out by setting some business goals: what is it you’re looking to achieve with AI? What are some areas that you think might be really applicable? What are some off-limit areas for your business? Then go to your system goals.” – Laura Ellis, VP of Data & AI Software Engineering at Rapid7, Women In Cyber Episode 6: The Truth About AI
7. ✅ Compliance Is A Springboard To Security Success
A lot of security professionals see compliance as a blocker of progress or innovation when, actually, we should be thinking about it as a springboard to building scalable, agile, security programs.
Compliance frameworks don’t exist to stop us from doing what we want to do; they exist to help us do those things in a secure, future-proof way from the very outset.
“There is this false trade-off that organizations feel they have to make: we can either move fast and check the compliance boxes, or slow down and build real security. That’s outdated thinking; the smartest organizations today are doing both.” – Khush Kashyap, Senior Director of GRC at Vanta, Women In Cyber Episode 7: Creating A Culture Of Security
8. 🎯 Failing To Prepare Is Preparing To Fail
Cyberattacks happen. As a security professional, you need to be prepared for one to happen within your organization—without that preparation, it’ll be much harder for you to recover from the attack.
So, what does that preparation look like?
- Implementing behavior-based security tools that will enable you to detect cyberthreats within your environment.
- Establishing processes that will enable you to continue running operationally if you do experience an outage or period of downtime. Will you be able to work simply using pen and paper? If not, what’s the workaround?
- Creating an incident response plan. If you don’t already have one, we recommend using NIST’s Computer Security Incident Handling Guide as a framework to make sure you’re covering all elements of your cybersecurity architecture and processes.
- Testing your incident response plan!
“It all comes down to being proactive rather than reactive. Do you have a comprehensive incident response plan, and has that incident response plan actually been tested?” – Courtney Maugé, SVP and Cyber Practice Leader at NFP Insurance, Women In Cyber Episode 5: Navigating The Cyber Policy Maze
9. 💪 A Strong Security Culture Includes Everyone
Cybersecurity isn’t just the responsibility of the CISO, the security team, or the IT team. It’s everyone’s responsibility.
Unfortunately, it isn’t always easy to get everyone on board, especially if end users perceive security as being a productivity blocker. But having open, honest communication can really help with that. Make sure your users know why you’re implementing different controls, and get their feedback so that, if the tool you’re using is hindering productivity, you can find one that has less of an impact (or, dare I say it, a positive impact) on the end user experience.
This not only helps prevent users from finding unsecure workarounds, but it can also foster a feeling of ownership amongst end users when it comes to the company’s security.
“A strategy on paper doesn’t mean anything unless people across the organization are on board. When people start understanding the why, they’re much more likely to change their behaviour.” – Khush Kashyap, Senior Director of GRC at Vanta, Women In Cyber Episode 7: Creating A Culture Of Security
10. 🚀 There Is Power In Community
We’ve touched on the importance of communication and collaboration, and the importance of community in the sense of tackling burnout.
But while making Women In Cyber, it’s also become clear how valuable it is for the cybersecurity community to keep creating platforms such as this, where we can share stories and experiences, and learn from one another.
So, thank you for becoming part of the Women In Cyber community. Whether you’re a panelist or a listener, whether you’ve helped us create the series or you’ve shared an episode with someone who you think might enjoy it—let’s keep the conversation going.
Join The Conversation: Subscribe on our Substack, Apple Podcasts, or Spotify to help us build a stronger, more inclusive cybersecurity community—together.
