LAS VEGAS—It’s no secret or surprise that sexism is as pervasive in cybersecurity as it is in any other industry. At the Black Hat security conference, I attended a discussion intended to provide a safe space for participants to discuss gender-specific challenges in the workplace. Beyond being personally cathartic, the panelists also offered solutions to the issues that women face in male-dominated fields, like dealing with imposter syndrome, fending off sexist remarks and microaggressions, or just managing their expectations for their own career path.
The panel, called “Hacking the Status Quo: Tales from Leading Women in Cybersecurity,” included Ashley Shen, a security engineer at Cisco, Natalie Silvanovich, a team lead and security engineer at Google’s Project Zero, Valentina Palmiotti, who is the head of X-Force offensive research at IBM, and Kymberlee Price, CEO at Zatik Security. The presentation was moderated by Vandana Verma, a Black Hat USA review board member. This group of cybersecurity professionals offered solid advice for anyone of anyone seeking a fulfilling cybersecurity career, and I’m here to share some of the key takeaways.
Try New Things: There’s Always Time for a Career Change
I entered the cybersecurity field in 2021, but it wasn’t my first or even second career. Before I arrived at PCMag, I was a freelance tech reporter for several publications, and before that, I was a TV news and sports producer, working for CNN International. My career path seemed unusual to me, but, to my surprise, half of the panelists also made career switches from non-technical fields to cybersecurity jobs.
For example, after falling out of love with her first job, Valentina Palmiotti said she found the notion of being a hacker quite romantic, so she signed up for a city-funded cyber boot camp and followed that up with a period of rigorous self-study. After six months, she was hired to do offensive research, and now she is thriving in that field, leading her own research team at IBM. Palmiotti recommended studying public research online and reaching out to people who are doing the work you want to do to find out what the jobs entail.
It’s not 2003, so I can walk around Black Hat and not be taken for a marketing person or someone’s girlfriend.
The other mid-career switcher was Price, who left a career in public health for cybersecurity. She said that dealing with early-career imposter syndrome was tough. “I kept waiting for my boss to come in and say, ‘I’ve made a terrible mistake [hiring you],'” she remarked. Despite these worries, Price said that over the past 20 years, she’s sought out cybersecurity jobs that pushed her out of her comfort zone, which helps maintain her curiosity and enthusiasm for the field.
These experiences offer a couple of takeaways. First, if you have a genuine interest in cybersecurity, take advantage of online resources, such as publicly available research and the ability to contact and link up with potential mentors on forums or social media platforms like LinkedIn.
Second, it pays to stay curious about the field you’ve chosen for your career. Don’t be afraid to try new things, keep your skills sharp, and be flexible about the jobs you take.
“Sexism in the workplace exists,” said Kymberlee Price, though she noted there have been some improvements over time. “It’s not 2003, so I can walk around Black Hat and not be taken for a marketing person or someone’s girlfriend.”
While the days of booth babes at Black Hat are behind us, uncomfortable situations can still arise at work. The panelists encouraged audience members to proactively create or join communities where they can share their work experiences, or maybe just get the occasional sanity check.
In my workplace, I’m lucky. There are women in leadership roles all over PCMag, including at the very top, with editor in chief Wendy Sheehan Donnell. Despite being the only woman on PCMag’s cybersecurity coverage team, I’ve always felt like my voice and experiences are valued in the newsroom. That said, I recognize that’s not the case for everyone in the workplace. Sometimes your coworkers just won’t “get” you, and when that happens, loneliness and imposter syndrome can take over.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
One thing the panelists encouraged everyone to do (and that I agree with) is to seek out other people in your field to talk to regularly. Find or form support groups of like-minded colleagues who can support you when you run into sexism at work, professional groups where you can share stories and leads for great places to work, or people to work with. The panelists suggested connecting with people at conventions, following up afterward on LinkedIn, or presenting research at professional conventions of all sizes.
There’s No Typical Path to a Security Career
The women on the panel all said they felt pressured to be extraordinary at their jobs in order to be taken seriously. For example, Ashley Shen is a self-taught security engineer at Cisco, who began her career after participating in online hacking forums in her home country of Taiwan.
Remember, you have the job, which means you’re qualified to do it, and your bosses trust you to succeed.
Shen said she not only felt pressure to prove her worth on the job but also to tone down her femininity to fit in with the all-male security teams she worked with. After some time, she realized she wasn’t being true to herself and her desires, and she made it her mission to inspire other women to join the cybersecurity workforce so everyone has the opportunity to show their value in the industry.
Recommended by Our Editors
Palmiotti expressed frustration with not being given the benefit of the doubt by coworkers or managers while being a visible minority in the workplace. She said it’s especially hard in cybersecurity, which requires some emotional work in addition to analytical and technical tasks. It’s easy to get overwhelmed when there are millions of exploits and vulnerabilities out there that need attention. You also have to be understanding and patient with people who don’t understand the nuances or the importance of cybersecurity.
Natalie Silvanovich echoed this sentiment, noting that it’s often hard to know what a “typical” security path will look like. Anyone getting into the field should try to stay curious, because new problems will always come along to test you.
You can’t control what other people think about you, so it’s best to deliver your work in full and on time whenever possible—that’s the bare minimum. It’s also wise to give yourself grace in the face of work-related challenges to avoid burnout or bouts of imposter syndrome. Second, it’s helpful for everyone when you are visibly capable at work. Your success can inspire others to work hard while celebrating their unique selves. But resist the urge to “prove” your worth to suit other people’s opinions. Remember, you have the job, which means you’re qualified to do it, and your bosses trust you to succeed.
Be Yourself, You Don’t Need to Impress Anyone
Price described feeling the need to cosplay as a different version of herself at work in order to be taken seriously as a cybersecurity professional. She recommended not sharing all of your hobbies, interests, or life experiences with your coworkers. Everyone’s life path is different, so their perceptions will differ, too. It’s wise not to overshare and invite unearned judgments from the people who work with you.
One way to show your work as a cybersecurity professional while also being your authentic self is to participate in conferences and meetups outside of work. The panelists all recommended joining panels at conferences like Black Hat or pitching research presentations at other, smaller events throughout the year. It’s a good way to meet new people in your field, and you also get a chance to shine on a literal stage, which can sometimes result in new and surprising career opportunities.
Ashley Shen is a Black Hat presentation veteran, and she told the crowd she prefers presenting at conferences over being an attendee. Shen even said that she got an interview at Google after one of her Black Hat presentations, so consider that a sign that you should pitch your panel idea or briefing idea for next year’s convention.
About Kim Key
Senior Writer, Security
