Women in tech: Two prominent female security experts speak out (CxOTalk interview)

The importance of cybersecurity has elevated the crucial role of Chief Information Security Officers. But, how can we get more women into the profession? Two top leaders share the answers.
Written by Michael Krigsman, Contributor

The Chief Information Security Officer role has become increasingly important in recent years. But, what are the opportunities for women in this male-dominated field?


IT security and governance

Adversarial AI: Cybersecurity battles are coming

AI impact: Rethinking education and job training

Defense contractor: IT must embrace radical transparency and culture change

As part of the CxOTalk series of conversations with innovators, I spoke with two female CISOs to learn about the unique challenges women face in the security field:

  • Jo Stewart-Rattray is Director of Information Security & IT Assurance for BRM Holdich in Australia. She serves as a virtual CISO for a range of different organizations. Jo is chair of the Women's Leadership Advisory Council for ISACA.
  • Tammy Moskites works for Accenture as a Managing Director and a security executive. She has held CISO roles companies like Time Warner Cable, Home Depot, and others.

These seasoned experts share advice for women who want to advance in enterprise security. They also explain how the corporate can create a level playing field, regardless of gender or age.

Watch the short video embedded above and check out their edited comments below. You can see the entire conversation at the CxOTalk site.

SEE: Transgender employees in tech: Why this "progressive" industry has more work to do to achieve true gender inclusivity (TechRepublic cover story)

Among your peers, how many are women?

Tammy Moskites: Not many. Right now, I think the latest survey that was done by ISACA was, like, at 13% of the global Fortune 500 were women, and that's not just CISOs. That's CISOs, CIOs, and senior executives such as a VP in the technology arena. It's still a very, very small amount that equates to about 65 companies out of the 500.

Jo Stewart-Rattray: Yeah, I'd have to agree with that. I know that it's getting better. I remember when I first went to a security executive forum 15 years ago that there were two women. One was me, obviously, and the other one was a speaker, so it was very small.

I know that I'm really grateful for ISACA, as well, who put on a conference here recently where we had a panel of female CISOs, which I was lucky enough to moderate. So, we are seeing more, and they're actually really quite active in this space, which is great, and actively promoting the role of the CISO.

Tammy Moskites: Yeah, the other piece is that ISACA also has a thing called She Leads Tech. I've been really fortunate of being able to get involved with that program. Really, what we've been doing is working with women and getting them more involved, not just in technology, but technology leadership roles and how they get into the technology workforce, really focusing on the younger individual all the way up to people that are willing to make changes in their career. So, it's really exciting, just as Jo was saying, being able to moderate and focus on some of these women leadership panels have been very worth-while.

Jo Stewart-Rattray: Yeah, Tammy. I'm not sure that even you're aware of this, but I'm actually the global lead for She Leads Tech. On the volunteer side, I'm the chair of the Women's Leadership Advisory Council for ISACA, and it has had great success. What we didn't realize when we begin this journey was what it was going to mean to women in different parts of the world as well.

In some cases, in Africa, I was stunned to realize that we were not only providing a place for women to meet other professionals in the space, but we were also providing a safe space for them to tell some of their stories in pretty harrowing circumstances. The program has gone beyond what we had imagined. Yeah, like you, I love it. I think it's something great that we can both be a part of and that we can both promote what we do to other women to try and bring as many as we can into the profession.

How can we bring women into the CISO profession?

Jo Stewart-Rattray: It is a huge question. One of the things that we hear from women, and I've been hearing this for the last few years, is that they feel that there's a lack of mentors, a lack of role models, a lack of showcasing of women's careers. We need to be able to see women, other women, doing what we're doing. I think that's a really important piece of it is to ensure that we can show that people like Tammy and I have been doing this for a long while, we've survived and, in fact, it's a great career option.

Tammy Moskites: It's not an easy career. That's for sure, right? But I think that you have a great point about mentorship. We really do have a lack of women mentors in the community. In light of that is that as the individual contributors or the folks that are looking to move ahead in their career are really trying to focus on, "How do I get that mentor? How do I get that right person to help me get to the next level in my career?" because a lot of what we do every day is high networking. That's how we get to the next level.

The other challenge is that a lot of women say, "Well, I don't get paid equally as the men do," and that's also very common but it's getting better. I really do believe it's getting better, but we still have a long way to go. People think that if they get into a cybersecurity type of role, they're going to be working 24 hours a day, 7 days a week, 365 days a year. As a CISO, yeah, pretty much that's been my life for a long time, but some of the other roles are more flexible for those that need more flexible work schedule.

Jo Stewart-Rattray: That's right, and I think that's an important point is that flexibility of work schedule. I know that in my world, like yours, Tammy, it's been pretty much like that. I came from the electricity sector originally, so that is 24/7, 365 days a year. But you can also choose industry sectors which will allow far more flexibility too. I think that's the other thing.

Are there CISO roles for women and girls?

Tammy Moskites: Well, I know that Accenture offers a lot of internship opportunities, and they focus on not just women and not just young girls, but a very diverse work panel of trying to get folks involved and interested in the cyber security industry. Most universities don't even have cybersecurity offerings, and so I recently just had somebody reach out and said that they were going into information technology but their university didn't offer anything on cyber or anything on security offerings and where would they get that learning so they can actually start doing things. What I encouraged them to do is look for internships into organizations that'll help balance out your skillset in addition to volunteering to balance out.

Things are changing rapidly. The cyber landscape is becoming more and more aggressive.

Jo Stewart-Rattray: I think, also, it's about image. It's the image of our profession as well.

I met a fabulous young woman in Ireland the year before last, in fact. She was saying that she came from a family of six boys and herself, and so she was used to that sort of testosterone driven environment. But there was only one other young woman in the tutorial group of 30 people. She came from a family of all girls and so, for her, the testosterone-fueled environment, the hoodies, and perhaps less showered young men amongst the group really put her off.

I think we really need to do something about the image as well to say it's not all like that. That's just university. That's not what our profession is actually like when you get into the hardcore work of it all. I think we have an image program and we need to attract young women.

Young women need to see another person in their own image, so they need to see another woman. If they see another young woman, then they'll be in, so I think we need to create opportunities for young women and I love the idea of internships. I think that's brilliant. And we need to, as I say, ratchet up our image.

What about age discrimination?

Jo Stewart-Rattray: Yes, absolutely. I am an anti-ageist. As far as I'm concerned, it should have nothing to do with age. It's about your capability in the space, whether that be from the technology space or whether it be from the business space. It's about your capability and your vision. I don't think it should be about age.

Tammy Moskites: No, I agree about that. I've hired many executives over the years and the last thing I look at is age. I think that if you're just starting to get into the cyber role in your 40s, 50s, or whatever, the big thing is to focus on where you want to go and what your goals are, if it's a CISO, if you have the skillset. If you don't, get a mentor. Find somebody, a trusted advisor, to help you get there because all of us, I mean I mentor people. I know Jo mentors people. We all do, and we help folks get to that next level, so don't let age get to you. Just go for it.

Jo Stewart-Rattray: Yeah. No, I couldn't agree with you more. I think it's a really important thing. Certainly, if you don't ask, you don't get, so ask somebody. If you really would like someone to mentor you, ask them. The worst thing they can say is no, and you go to the next person. Absolutely, I think that's a really important thing is to have a sponsor. Sometimes it can be in your organization, somebody who is prepared to sponsor you to the next step as well.

Clearly, you're prepared to do the next step, do the hard work. So, yeah, look for that actively.

As I said, I don't believe age should be an issue whether you are at the young end of the scale or the more mature end. It should not make a difference. Besides which, when I hire, I'm so terrible at guessing age. 

Advice for corporate leaders?

Tammy Moskites: I encourage corporate leaders to make sure that they actually have programs and diversity programs within their organization. As I stated earlier, diversity is more than just bringing more women in. It's really bringing that diverse talent in, bringing the right people in for the job.

The way that you can bring more women is, I know at Accenture I'm involved in the diversity program and my focus is bringing more women into Accenture. They have a program that, by 2025, they want 50% of the workforce women, and they're well on their way to there. It's really just making sure your company is focused on it, but also volunteer. Go to HR. Volunteer your time.

Jo Stewart-Rattray: Employees, my piece of advice is to take the bias out. Take the bias out of the way you recruit.

Tammy Moskites: Yep.

Jo Stewart-Rattray: Make it so working arrangements can be flexible to allow people to pick up primary care, to pick up and drop off kids at school for instance. That's really important. That actually is good for men as well who are in that position.

Absolutely, take the bias out. Try and interview as many women as men for these roles and, certainly, do it on merit. I'm with Tammy on that. You always have to recruit on merit. Just take the bias out of your approach.

Tammy Moskites: Make sure you're paying fairly. That's a big thing that human resources and the comp teams need to really understand. It's very important to make sure that women's salaries are catching up to the men's.

Jo Stewart-Rattray: My advice to women on that is, if you're asked what your current salary is, make sure you go in armed with what the salary in the market for that role is. We sometimes do ourselves a disservice by being incredibly honest and saying, "Oh, I'm making $50,000," where in fact the job is worth $80,000. You have to make sure that you go in well-armed as well, ladies.

CXOTalk offers in-depth conversations and learning with the world's top business and technology executives. Check out our extensive and free video library.  

Editorial standards