• United States




Cybersecurity needs a new gender playbook

Nov 03, 20164 mins
CareersIT Leadership

How to play a leading role in a male dominated industry, while also empowering women.

In a recent Wall Street Journal article exploring new research from, Dominic Barton of McKinsey & Co. discusses why corporate America needs a new gender playbook. Barton makes a number of points that reflect the experience of most women in the workplace.  

For example, although management and the media have given gender equality a lot of attention, corporate America promotes men at 30 percent higher rates than women during the early stages of their careers and entry-level women are significantly more likely than men to spend five or more years in the same role.

The problems women experience in the workplace are even more pronounced in technology and the specialized world of cybersecurity. Even if management says all the right things, nothing will change for women in security unless these ideas are translated into day-to-day action.

[ ALSO ON CSO: 10 tips to attract women to infosec jobs ]

I have certainly experienced the gender gap firsthand as a woman in technology and security. I’ve often been the “second choice.” At one point in my career, a job opened up that was exactly what I was already doing. At my manager’s request, I wrote a job description for the position, only to find out at a company all-hands meeting that I was not offered the job – a man was. Afterward, when I asked my boss what happened, he said simply, “women shouldn’t climb under desks to fix computers.” Instead of being discouraged, this made me even more determined to succeed – it really fired me up.

Although that was some time ago, things haven’t changed all that much for women. The data gathered by and McKinsey further highlight the problems. According to the study, fewer than half of all women feel their employers have a good handle on gender diversity and this percentage is even lower for women in entry-level positions. If your IT organization has said it’s committed to gender diversity, what specific actions are they taking to back up these words?

  • Does your organization have a mentor program for women interested in developing a career in security?

  • What specific actions is your organization taking to make sure that women in security have access to the opportunities they need to develop their careers?

If the answer to either of these questions is filled with vague, non-specific words about gender equality, then your organization has some work to do.

Over 90 percent of companies report using “clear, objective criteria” for hiring and promotions, yet only half of women believe they have equal opportunities for growth at their companies. Without bridging the gap between corporate intent and individual experience, no organization can break through the gender barriers that women face.

Finally, women are more comfortable when they have female role models. Women need more than gender equality statements from HR. They need to see, with their own eyes, that it is possible for women to be successful in the organization they are working for right now, today, and a mentor to show them how it’s done.

Think about your organization. Are there any female role models in senior management? Are there any in IT? In the security organization? How can you expect women to believe that your organization is serious about hiring and promoting women if they can’t see evidence of that in action around them?

This issue comes to life every day in security organizations because it’s very uncommon to see anyone address gender bias in day-to-day business. For example, it’s extremely rare to see front line security managers rewarded for making progress against gender diversity goals. It may even be that because of the lack of skilled cyber security personnel, organizations have thrown gender diversity goals out the window.

But, I would argue that the lack of skilled personnel is the reason that organizations need to get serious about gender diversity. Women bring different skills to the workplace. They are more collaborative and they see and solve problems differently than men. These strengths are worth the investments needed to make cyber security a viable career for women. We just need to take the practical steps necessary to make it possible.




As CIO and chief information security officer at Venafi, Tammy Moskites helps CIOs and CISOs fortify their strategies to defend against increasingly complex and damaging cyberattacks on the trust established by cryptographic keys and digital certificates. Tammy draws on her professional experience, leadership capabilities and domain expertise as a CISO at Global 250 companies to help fellow CISOs defend their organizations. There is often a gap that cybersecurity teams miss in securing keys and certificates that leaves the door open for cybercriminals. Tammy’s leadership and experience will help other CISOs close those doors.

Prior to joining Venafi, Tammy served as CISO at Time Warner Cable, where one of her many responsibilities was to re-engineer and centralize the information security and IT compliance organizations to support global operations. Tammy also held the CISO position at The Home Depot, where she provided strategic executive and collaborative business direction for several teams, including identity and access management, IT compliance and regulatory, e-discovery and forensics, encryption and more. Tammy's other relevant security experience includes stints at Huntington National Bank, Complete Information Technologies LLC, BankOne, Nationwide and Aetna.

Tammy is also a leader in several important IT security organizations, including ISSA, ISACA, InfraGard and the Information Risk Security Board. In 2013, she was recognized as one of the Top Women in Technology by CableFax magazine and as one of the 25 finalists for the Evanta Top 10 Breakaway Leader Awards. In 2010, she was the winner of the Information Security Executive North America People’s Choice award. Tammy is a member of the advisory boards of Box and Qualys, and she provides strategic guidance to other industry-leading security vendors.

The opinions expressed in this blog are those of Tammy Moskites and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.