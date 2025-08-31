The first of September marks Women in Cyber Day, a perfect time to get the inside scoop from several women working in cybersecurity – highlighting the gains, the challenges, and what still needs to be done to break through the proverbial cyber ceiling.

International Women in Cyber Day (IWCD) is celebrated every year on September 1st to celebrate women's vital contributions in cybersecurity.

Founded by the Women CyberSecurity Society (WCS2) in 2019 and now officially recognized by the United Nations, the IWCD initiative was created to highlight female achievements in cybersecurity, promote diversity, and inspire future leaders.

According to the British Columbia-based non-profit, the cybersecurity industry continues to struggle with both a severe talent and gender gap.

It believes that increasing gender diversity in cybersecurity is critical – not only for equity and representation – but also for bringing innovation, skills, and approaches to the field, thus creating stronger and more resilient security solutions.

Image by Cybernews.

“In my career leading teams through tough security and compliance programs, I’ve seen how often women are underestimated or overlooked in cybersecurity,” said Ruth Okofu, InfoSec Operations Engineer, Lastwall.

Okofu pointed out that “early on, there were very few women in the room when critical risk decisions were made."

"That lack of visibility can hold us back, even when the expertise is there.”

"Cybersecurity could be gamified in an inclusive way for both girls and boys. Animation can portray geeky, techy heroines who are celebrated for their determination, resilience, diligence, and tech-savviness.” – Isabel Castillo, Lead Information Security Engineer at Lastwall

But, Okofu also said she’s seen the difference when women are trusted to lead.

“They [women] deliver results and bring new perspectives that strengthen how teams approach problems. Progress is happening as more women step into leadership roles and mentor others, but we need to go further."

So how will women fare in 2025?

Women comprise roughly 51 percent of the population. Yet, the number of women employed in cybersecurity represents about half that, according to the industry organization Women in Cybersecurity, a US-based initiative with similar goals.

“Organizations must take real action such as creating fair promotion paths, sponsoring women into decision-making roles, and ensuring their voices are visible at conferences, in research, and within leadership seats,” said Okofu, adding that “cybersecurity is about resilience, and resilience comes from diversity.”

“Empowering women isn’t just inclusion – it’s a strategy for a stronger, more secure industry,” Okofu said.

In 2024, women reportedly made up 24% of the cybersecurity workforce, with 22% of security teams reporting having at least one female counterpart, the 2024 ISC2 Cybersecurity Workforce Study showed.

2024 ISC2 Cybersecurity Workforce Study. Image by ISC2.

Still, not far off percentage-wise, the study showed 16% of security teams had no female members.

To break the numbers down worldwide, of 14 countries surveyed, the percentage of women working in cybersecurity ranged from a high of 26.7% in Italy to a low of 14.6% in Germany, the ISC2 said, citing comparable data compiled by LinkedIn.

In the US, women made up 18.3% of the cybersecurity workforce, 21.2% in Canada, and just 17.9% in the United Kingdom.

2024 Global Demand for Cybersecurity Talent Continues to Cool. Image by LinkedIn.

Progress is slow but steady

“Listening to the countless real-life experiences and often heartbreaking stories from other women in the field became a powerful motivator,” cybersecurity veteran and IWCD/WCS2 founder Lisa Kearney said in a blog post commemorating Women in Cyber Day.

“I realized that I needed to raise awareness on a global scale about the obstacles driving women out of the industry, the misconceptions keeping others from entering, and the lack of recognition that women in cybersecurity rightfully deserve,” Kearney said.

And while cybersecurity continues to be a male-dominated field, progress, albeit slow, is still being made.

Back in 2013, women only made up 10% of the global cybersecurity workforce, but in 2019, those numbers had doubled to 20%,” reported Meg Roddy, Social Media & Content Lead at Cobalt, a Pentest as a Service (PtaaS) firm.

What’s more, women are predicted to move that needle up to 30% by 2025 and 35% by 2031, the report noted.

Also significant, Roddy said that younger generations are beginning to tip the scales. Women under the age of 30 made up 26% of cybersecurity professionals in 2024 – a 4% jump from the overall tally – “highlighting a positive trend for the future,” she said.

Roddy lays out several ways organizations and individuals can help continue the upward trend, from encouraging mentorship and sponsorship to highlighting success stories and supporting educational initiatives.

Whether women are just beginning or trying to advance their careers, Roddy also pinpoints the need for industry leaders to address the wage gap by promoting pay equity and supporting inclusive hiring practices.

So what more can be done?

Isabel Castillo, Lead Information Security Engineer at Lastwall and veteran of US Army Cyber Operations, believes that changing societal stereotypes will help bring about industry change.

“A study performed by the University of Illinois, NYU, and Princeton University showed that by age 6, girls are more likely to think boys can be ‘brilliant’ and are ‘really, really smart’ – a stereotype that continues to be fueled by media, compliments, and marketing,” Castillo explains.

Castillo says when it comes to the cybersecurity workforce, “unless we change that message from a young age, we will continue to see a gender discrepancy in talent pipelines, during meetings, in leadership positions, and at the board level.”

Image by Cybernews.

To see meaningful change, we must begin sending the message to girls early on that “they’re incredibly intelligent, smart, and equally capable of performing complex tasks,” Castillo suggests.

Additionally, Castillo says the education system can benefit from highlighting women’s accomplishments in all fields and introducing kid-friendly engineering toys from a young age.

"Cybersecurity could be gamified in an inclusive way for both girls and boys. Animation can portray geeky, techy heroines who are celebrated for their determination, resilience, diligence, and tech-savviness,” she said.

Lastwall is an Identity as a Service (IDaaS) provider partnered with the US Department of Defense Innovation Unit to help strengthen the cybersecurity posture of the nation’s defense, government, and critical infrastructure partners.