Skip to main content

Attracting & Retaining Women in Security – Part Four

In my last post, I talked about some of the reasons that women are leaving the security profession at a much higher rate than men and what needs to change in order to stop the cybersecurity pipeline from “leaking” women. In my past post in this series, I’m going to continue the retention theme and talk about how a strong mentoring program can significantly improve the retention of women in security.  And, I’ll offer some suggestions on how women in security can increase their engagement and become more visible within their organization and within the profession, thereby reducing the likelihood of becoming a “leaver” statistic.

I’ve always believed that having a mentor and positive role model is one of the keys to keeping people engaged in the workplace. My own development as a security professional was heavily influenced by mentors that I had, especially early in my career.  My mentors cared about me and my career. They took the time to get to know me…my goals, my aspirations, and what made me “tick.” They gave me candid feedback about my strengths and weaknesses.  They suggested training and development opportunities that I should consider. And, they put me in situations and gave me tasks and assignments where I could practice what I had learned. In short, I would not have enjoyed the successful career that I’ve experienced had it not been for outstanding mentors.  I treasure them all.

I think most of us would agree that the under-representation of women in security creates some unique career and personal challenges for them in the workplace. I believe that one of the ways to help women successfully navigate these challenges is for them to be part of a strong mentoring relationship.  That’s not to say that men can’t benefit from having a strong mentor, too.  Of course, they can. But, in today’s security profession, I think that it’s even more important, if not critical, for a woman to have a strong mentor.

This begs the question of what being a good mentor is, or should be, all about.  To many, a mentoring relationship involves pairing an older, more experienced professional with a young, less experienced one.   They meet regularly, perhaps over lunch or an after work libation, to talk about how things are going for the mentee.  The mentee may recount her recent challenges and/or accomplishments, while the mentor reacts and offers feedback.  There is nothing wrong with this.  But, if the conversation is mostly about the mentee’s successes and accomplishments, her mentor’s role becomes little more than being a “cheerleader.”

We all like to feel good about ourselves and benefit from having a “cheerleader” from time-to-time who encourages us and helps build our self-esteem.  But, a good mentor is much more than a cheerleader.  A good mentor is more like a coach.  If you’ve ever been involved in sports and been lucky enough to have a great coach, you understand the difference. A great coach helps you assess your skills and your skill “gaps.” She facilitates closing those gaps via practice, and puts you in performance situations where you can use your new or improved skills.  Finally, she evaluates your performance results and gives you constructive feedback that will help you improve your performance the next time.

In other words, effective mentoring should be thoughtful and planned. It should involve a structured set of activities with objectives & measurements. And, most importantly, it requires time, effort, open-mindedness & honesty.  In short, a good mentor practices what is sometimes referred to as “tough love.”  Tough love is telling someone what they need to hear, rather than what they want to hear.

While I’m at it, I’d like to dispel a myth about mentoring. Contrary to what some believe, young professionals aren’t the only ones who can benefit from having a strong mentor. We don’t stop growing and learning once we reach a certain age or level in an organization.  People of every age and at every level of the organization can benefit from a strong mentoring relationship.  True, it may be less critical to retention the further along a person is in her career, but a good mentoring relationship can still add value at any point in a person’s career.

And, what about the often asked question of whether a man can be an effective mentor for a woman?  I believe that they can.  I have both seen, and been a part of, successful male-female mentoring relationships.  That said, I also think that because of the dynamics of the security profession today, it is preferable that a rising female security professional have an experienced female professional as a mentor. Let’s be honest, there are certain potentially career-impacting experiences that a woman has in her lifetime to which a man will never be able to relate, no matter how hard he may try.

I firmly believe that strong mentoring relationships are very important for retaining women in the security profession. I also think that there are other things that a woman can do to increase her engagement within her organization and within the profession and, thereby, reduce the likelihood that she will become a “leaver.”

First, I think that it’s important that all professionals have both a short-term and long-term career development plan. Whether your organization has a process for this, or not, it’s not difficult to do.  It involves sitting down with your boss (who could also be your mentor) and discussing your professional goals and aspirations within the context of your current skills and skill “gaps.” After completing that exercise, you work together to develop a plan to hone those skills and close those skill gaps in a way that will facilitate and increase the likelihood of meeting your goals and aspirations. This could include participating in formal education and training programs, pursuing a professional certification, or volunteering for specific work assignments that will “stretch” you and help you grow. Your reach should always exceed your grasp.          

 Next, I’m a firm believer that there is power in numbers.  So, I often encourage women I know to become involved in one or more of the “women only” empowerment groups that have developed within both the cybersecurity and broader technology sectors.  These groups can be a great source of peer support and encouragement, as well as effective vehicles to recruit more women to the profession. And, don’t forget other “co-ed” professional organizations, many of which include men who are committed to making security a more attractive profession for women and eliminating the cultural norms, biases, and behaviors that work against that goal.  It’s important for women to participate and take leadership positions in these organizations, too.  

In summary, the more engaged a woman is in her organization and in her own professional development, the less likely she is to leave the profession.  Stated differently, women in security need to be part of the change that they want to see.  Being a bystander, not getting involved, and hoping that someone else will do the work isn’t going to result in meaningful change.  As we continue the journey and evolve to become a security profession where women are equitably represented at all levels of an organization, equitably compensated, respected, and valued for what they bring to the workplace…everyone matters and has a role to play.  It’s not going to be easy and there will undoubtedly be frustrations along the way.  But, as my wise mother always told me….nothing in life that’s worthwhile is ever easy.  Let’s get busy.                                 


Dave Stacy, CISSP, ( is a semi-retired cybersecurity professional with over 35 years of experience in the field.  He is currently an independent consultant and adviser.