• United States




Half the world is female, so why do women only make up 1% of security leaders?

Apr 06, 20185 mins
Data and Information SecurityIT LeadershipStaff Management

Collectively championing the business value of diversity – we can broaden the conversation and truly make a difference in both the cybersecurity industry – and the world.

One is indeed a lonely number, particularly in my industry – cybersecurity. While gender diversity is slowly inching up in many industries, diversity is severely lagging in cybersecurity, where women make up only one percent of executives.

Diversity in cybersecurity is not a female-only issue. It should matter to everyone because cybersecurity is an immense global challenge that is gender agnostic. And to be effective, we need solutions to be as diverse as possible. Diversity drives adaptation and innovation, allowing companies to develop industry-leading technologies and solutions to face cyber terrorists, ransomware threats and every day hacks that are all part of the cybersecurity challenges the world faces today and the evolving attacks of tomorrow. 

To explore this issue more in-depth, my company recently hosted a dinner for 15 CIOs and security professionals, who differ in age, experiences, ethnicities and industry sectors. And while we all came to the table representing varied points of view, we could all agree commitment to diversity and inclusion is both the right thing to do – and it makes business sense. In McKinsey’s 2017 “Delivering through Diversity” report companies with high gender diversity were 21 percent more likely to have above-average profitability. However, tech firms were found to have the biggest decline in diversity since McKinsey’s 2015 report.   

It was clear to all of us that there are still challenges to increasing diversity and as a group we wanted to end the evening with actionable steps to help create change. We landed on three primary areas of focus that could help increase and retain female executives within the industry today. These include the need for more female role models in both cybersecurity and STEM; broader adoption of flexible work policies; and finally, change in how we hire and identify talent. 

Back to school

We need role models, not just in cybersecurity but also in all science, technology, engineering and mathematics (STEM) subjects. One woman at the dinner described her journey from primary education to cybersecurity professional, seeing fewer and fewer female role models in leadership roles along the way. She said, “At primary school, women tend to be in charge. But by the time I got to university and had the opportunity to hear industry speakers, all the leaders were men.”

There are many opportunities to speak publically – returning to a school, presenting at work and presenting at industry events. We should all take some responsibility in either putting ourselves forward for such opportunities, or if we are in leadership positions, encouraging and driving more women to inspire others to join the industry. 

Flexibility from the top

While flexible working has increased and is acceptable at most companies, there are still lingering misconceptions about part-time or adapted hours. Many women at our dinner told similar anecdotes of taking career breaks to raise a family or to care for aging parents – and had experienced negative comments or actions because of this. 

It seems inconceivable that we are still having this conversation in 2018, but the group reported multiple stories of challenges faced. Flexible work policies need to be the norm, and with modern and remote working practices there is no reason why it should not be embraced by leaders. According to BCG’s 2017 US Gender Diversity Survey, flexible work policies is also the number one priority for male and female employees under 30 and to retain talent companies are finding they have to accommodate these employees. 

Ultimately, it is everyone’s responsibility to encourage flexible working for all genders, and each of us can do our part to challenge any reluctance or bias in the workplace. 

Bring hiring processes up to date

One change I’ve personally want to see in the cybersecurity industry is change to traditional hiring processes. It occurred to me during the dinner just how stuck we are with a recruitment model developed by civil servants in the 1950s, and it is holding diversity back. This legacy model is based on people we know or by recommendations. It adds filters and screening methods such as the location of the job, previous experience and academic qualifications.

Why, for example, are we asking for submissions and samples in writing when the roles we’re recruiting for touch much broader skillsets? There are so many ways recruitment could be improved to increase diversity in the cybersecurity workforce. And, while having a candidate recommended to you by someone you know can be ideal: question yourself. Are you always choosing people like you, people from a company or university you know?

IT hiring managers should challenge themselves and their HR team to provide alternative methods for people to apply for roles: verbal, video, or practical demonstrations are just three, which spring to mind. Take a page out of Silicon Valley’s book and run hackathons: allow people to demonstrate in a near real-world situation how they would handle the challenges they face every day.

Much has been said about the readiness of the cyber workforce in the face of growing security threats and attacks. Diversity in cybersecurity talent is a big part of an organization’s ability to protect its most important assets—its critical data and people. And, it requires everyone to the defense. 

Collectively championing the business value of diversity – we can broaden the conversation and truly make a difference in both the cybersecurity industry – and the world.


Meerah Rajavel is the chief information officer (CIO) for Forcepoint. She leads internal cybersecurity, information technology and customer cloud operations teams that support Forcepoint’s global employees as well as its human-centric cybersecurity strategy, product portfolio and services.

Rajavel brings more than 25 years of experience in information technology to Forcepoint. Most recently, she was the CIO at Qlik, a visual analytics company, where she led efforts to build an IT infrastructure and operational excellence strategy to support rapid growth on a global scale. Before joining Qlik, Rajavel led IT cloud services for all McAfee products at Intel Security. Earlier in her career, she held IT leadership, research & development and product development roles at Cisco Systems, Infosys, Nortel, Cybersource and Solix.

Rajavel holds a Bachelor in Computer Science & Engineering from the Thiagarajar College of Engineering at Anna University in Chennai, India. She also holds a Master of Business Administration from the Leavey School of Business at Santa Clara University in Santa Clara, California.

The opinions expressed in this blog are those of Meerah Rajavel and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.