For the second year in a row, Forrester sponsored four women who are considering a career in cybersecurity to attend Forrester’s Security & Risk Forum. We work closely with the nonprofit Women in Security and Privacy (WISP) to find and vet candidates who are interested in cybersecurity and at the start of their careers or are looking to make a later-stage career transition. We provide these future cybersecurity pros with free admission to the event and an agenda that balances time for attending sessions and networking with security and risk (S&R) analysts.

This is near and dear to our hearts because we have written research that shows how daunting it is for women to break into cybersecurity and stay in it — far more than in any other technology area, unfortunately. Combine that with the fact that we have many incredible women in leadership at Forrester, especially in S&R, and we are driven to help solve this problem. From research and S&R leadership to our analysts (where five of the seven priorities in the Forrester Decisions for Security & Risk service are led by women analysts), we have a bench of brilliant, dedicated women at Forrester.

For me personally, one of the things that helped me early on in my career tremendously was the support and guidance of others in the field. Now, after two years of this program, we have learned a few key lessons that we want to share with you as you think about your efforts to recruit and retain women in cybersecurity.

Clarity In Career Paths Is Sorely Needed

In cybersecurity, very few career paths are linear — in part because few defined cybersecurity career paths exist. In fact, many don’t know what direction their career will take them until it’s over — or until they’ve reached the top and can look back and see the options they had. To better support women in this field — both to get them started and to keep them in — explain the options available to them for entry-level roles and help communicate how those roles largely don’t exist but that IT is often a good place to start. For those with some experience as a security operations center (SOC) analyst, build career paths for staff that make the most sense, from analyst to threat hunter, analyst to incident responder, or analyst to threat intelligence manager, for example. Guidance early on will define an early career professional’s future.

Introductions Make All The Difference

One of the areas where many people new to the industry struggle is finding different perspectives. For those of us steeped in the industry, it’s easy to think of people to talk to if you have questions about one domain or another. For newer folks, however, finding the right people to talk to and getting a meeting with them is not only daunting but also challenging to execute. Making introductions to people with the right experience, at the right time, will not only give them alternate perspectives, but it also helps open up their network.

The Most Effective Allies Stand Up Without Being Asked

For the allies reading this post: Don’t wait for someone to call on you. Part of being an effective ally is making choices that are cognizant of the challenges others face, without them needing to ask. We are lucky enough to have many allies on the Forrester team who are not only supportive of the work we do with WISP but also more than willing to raise their hands to volunteer and help out where they can. Allies have a valuable voice to add to the conversation — from your own perspectives, which are important to share with other men, to providing support to women in achieving a particular goal. Stand up and call out from your own point of view when women are facing discrimination or harassment.

We are thrilled to have had the opportunity to continue this program in 2023. Here’s to another year of supporting women entering and staying in the cybersecurity field!

If you’re a Forrester client looking to get direct advice on how to recruit and retain women in cybersecurity, schedule a guidance session or inquiry with me.