Valerie Abend, Global Cyber Strategy Lead at Accenture and Lisa O’Connor, Global R&D Lead for Security at Accenture, offer advice for women aspiring to be CISOs, as well as for management and hiring teams on best practices to support women in achieving their goals.
In 2021, women only held 17% of Fortune 500 CISO positions. The fact that the senior ranks of the cybersecurity industry are very clearly dominated by men results in fewer women reaching for, or feel like they are welcome, at the very top – a vicious cycle. With expansive female talent within the sector, the issue of diversity does not lie in a lack of skill.
To find out why there is such disparity – and how to address it – Accenture developed the Rising to the Top research, engaging with senior cybersecurity executives to learn how they ascended to the CISO role. Thanks to these valuable insights and the surprising differences observed between men and women’s approaches, we were able to learn what it takes for women to get seats at the table with other C-level executives. We’ve compiled the top advice to help women seeking a promotion to the CISO role, as well as advice for management and hiring teams on best practices to support women, ensuring they are not being disadvantaged when seeking out top positions.
Top tips for women looking to land CISO positions
1. Be proactive and put your hat in the ring
Women are often reluctant to pursue the top job if they do not ‘tick all the boxes’. Although having the right experience and qualifications is essential, men are considerably less reserved by comparison and often apply for the role of CISO with less experience on their CV. This willingness to throw their hat in the ring, alongside female candidates not applying and self-selecting themselves out of the process ultimately improves male candidates’ chances of securing a role. Being proactive and putting yourself in the running – even if you think others may have more experience – will therefore better your chances of propelling you to the next level. Remember: if you don’t buy a ticket, you can’t win the raffle.
Imposter syndrome is a normal feeling many senior leaders get at some point in their career, but it is important to realise it is self-inflicted – you have only got to where you are now because of your talent. It is clear that when women decide to pursue the CISO role, the market responds positively. Pushing yourself and going for the role is a sure start to making cybersecurity a more equitable space.
2. Demonstrate confidence in being front and centre
A large part of the CISO role demands being highly visible, under very high-pressured situations. Taking responsibility for issues when they arise and responding effectively is key to the job. Being comfortable with the fact that you will be the leader that people turn to when there’s a security breach or compromise is essential.
According to our research, 43% of cybersecurity experts stated that professional risk was the top reason of declining the CISO position. Fear should not stop talented professionals from reaching the top; if you have the competence, you will be a great candidate by default and confidence will follow. Accenture’s research also showed that knowing your sponsors at C-level and getting their support in understanding the inherent risks at play and the requirements of your role will also give you the confidence to lead effectively.
3. Develop the right leadership skills
Great qualifications and experience are enough reasons to consider the leap to CISO, however, they are not enough to thrive in the position. As a leader, you will need a multi-faceted skillset beyond hard tech skills. You will need soft skills, like executive communication skills and business acumen, to manage multiple stakeholders and communicate cybersecurity through a business lens.
Strong relationship skills are also essential when rallying the business to see security as a shared responsibility. By understanding the company’s business strategy and seeing how other executives value security will also give you the tools to see the big picture and react accordingly. It is therefore essential to gain experience managing teams so that you’re prepared for the CISO role when a cyberattack occurs.
Top tips to ensure you are supporting the best talent to reach the top
1. Foster inclusive hiring and promotion policies
Cultures of equality help everyone advance to higher positions and are multipliers for innovation and growth. In fact, employees’ innovation mindset is five-times higher in the most equal cultures than in the least equal ones. Help others recognise that inclusion and diversity – including having female CISOs – helps foster the innovation and creative problem-solving skills that are needed for security. By implementing more inclusive hiring and promotion practices, women can feel supported to ascend to the top job. In fact, actively encourage talent to strive for that CISO role, framing it as an achievable goal.
Hiring managers must not solely rely on their existing network though and make the effort build up a pipeline of talent by outsourcing, too. This can be done by calling on recruiters to actively source gender diverse talent. This is enhanced by making inclusion and diversity intentional and an ongoing corporate and board priority. Finally, creating a company culture that is psychologically safe and welcoming ultimately enables women and men alike to thrive and fulfil their potential.
2. Provide mentorship so candidates can lean on a wide range of role models
In a male-dominated workforce, women in cybersecurity will benefit from mentors to bounce ideas off and to provide career development support. For high-potential female candidates, providing that all-important role model figure can be incredibly beneficial in helping them succeed to senior positions. This is of particular importance when cyber incidents occur, as having senior management support is critical to respond effectively. Establishing role models and mentors will teach skills that can only be taught through another peer and give you the confidence to respond with authority.
However, it is important that candidates do not tie their success to one leader; make sure the business is providing a group of senior role models with vast perspectives for mid-tier candidates to look up to. Having a wide range of people with varied experiences – including both male and female mentors – is extremely useful to enrich learning. Otherwise, when a sole mentor switches companies or retires, candidates may be left on the backfoot.
3. Teach the right leadership skills and business acumen before they’re CISOs
Strong leadership skills are essential during a cybersecurity event and weak leadership has the power to completely undermine incident response. Businesses therefore need to ensure that they are fostering leadership growth within their high-performing teams – even before such employees are leaders themselves. Include women in C-level cybersecurity exercises to give them hands-on experience and provide aspirants opportunities to develop the suite of skills required of leaders in cybersecurity. Most importantly, when they reach the CISO level, the wider business must actively support them during an incident, follow their lead and trust their expertise in order to make the business resilient.
Women CISOs bring unique skillsets and an innovation mindset to this incredibly challenging discipline. They prioritise relationships and communication. They encourage a stronger sense of belonging and well-being within their organisations, resulting in better retention, stronger security team performance and better company outcomes in a competitive talent market and challenging threat landscape. By combining these top-down and bottom-up practices, we can achieve this positive change and help more women rise to the top.
Click below to share this article
