Chasing the Dream: Women in Cybersecurity Across Asia-Pacific and Beyond

Mihoko Matsubara


Since I joined Palo Alto Networks nearly two years ago, a dozen women – from undergraduate students to mid-career professionals from different countries – have asked for my advice on how to get a job in cybersecurity. They are all passionate about learning a new skill set, be it coding, policymaking or a foreign language. Their passion makes me smile and feel galvanized to help them and keep learning new aspects of cybersecurity.

Interestingly, I do not have many female peers in this field and have not met many women at conferences or forums. I started to wonder why those aspiring cybersecurity professional candidates are not represented among the already low representation of women in this field. Women comprise only 11 percent of the global cybersecurity workforce. The representation is even lower in Asia-Pacific (10 percent), where almost 0 percent of C-level positions and 1 percent of executive management roles are held by women.

Questions I am repeatedly asked from aspiring candidates are, “I do not have a computer science degree. Can I get a job in cybersecurity?” and “I do not have any work experience in cybersecurity but I am very interested in it. Can I find a job?” My response to them is, “I studied Renaissance history in undergraduate school and I did not have ‘cybersecurity’ in my job title until five years ago. If you are passionate about cybersecurity, just go for it. You have identified some gaps you can bridge and new opportunities you can offer to the world.”

After completing my undergraduate degree in European History, I started my career in the Japanese Ministry of Defense, and later moved to the United States for a master’s degree in International Relations and Economics. I also worked at a think tank in the U.S., as well as a Japanese and American IT company before joining Palo Alto Networks in 2016.

I am not a typical cybersecurity professional. The beauty of the cybersecurity field is it allows people to connect the dots between disparate things. This could be between different cultures, organizations, sectors, and countries via technology, diplomacy, risk management, communications, policy, and cyberthreat intelligence. By connecting these disparate areas together, it enables us to prevent successful cyberattacks, protect our assets and values, and continue innovations. To tackle complex cyber risks, we need diversified skillsets such as communication skills to deal with difficult conversations. That is why it is crucial to have a diverse range of thought perspectives and skillsets at the table for stronger cybersecurity.

Even though more and more women seem to be interested in a career in cybersecurity, the talent pipeline creation faces some challenges: lack of knowledge of available opportunities and retention. The Computing Technology Industry Association, more commonly known as CompTIA, points out in a study that 69 percent of girls between the ages of 10 and 17 surveyed have never considered an IT job and attribute this to being unaware of the opportunities available to them. Furthermore, retention is another problem. More than half of women – 52 percent – drop out of the tech field between 35 and 40 years of age.

Palo Alto Networks hosted two Women in Cyber Roundtable series in Canberra and Sydney in October to identify ways to bring more women to cybersecurity and provide an inside look at what career roles are in the field. Australia has started a couple of cybersecurity diversity projects. First, the Australian government has spearheaded efforts to encourage more women to pursue a career in cybersecurity. This can be seen in Australia’s Cyber Security Strategy and the “Celebrating #WomeninCyber” video blog launched by Tobias Feakin, Australian Ambassador for Cyber Affairs on the website of the Department of Foreign Affairs and Trade in March 2017. Second, the government established the National Innovation and Science Agenda in 2015 to invest 13 million Australian dollars over five years to encourage young women to pursue STEM-related career.

We were privileged to have Chris Cubbage, executive editor at Australian Security Magazine, moderate the two roundtable sessions. Both events had over ten special guests, from an intern to C-level executives. While most of the attendees were women, it was great to see that we had some male participants as well. Topics we covered included flexibility, culture, courage, and mentorship.

Here are my findings:

  • When an organization has a solid representation of female talent in its workforce, its leadership team also successfully sends that corporate culture message to mid-management, which has direct impact on employees’ way of work. The leadership also clearly designates decision-makers for the working environment. Those organizations are able to implement a policy to allow working parents or caregivers to work flexibly, e.g. job sharing.
  • Mentoring needs to have support from both leadership and mid-management to create a more rounded culture and workforce. It is important to have mentoring across the entire workforce and people can receive guidance from other team members who may have a different background or career experience.
  • It is important for job applicants to learn about the wide range of career opportunities for them in cybersecurity, both technical and non-technical. Some candidates struggle with finding the “right” job because they try to check all the boxes for requirements listed on a job description before applying for the job rather than also seeking what kind of new values they can bring to the potential employer. They may not necessarily know that backgrounds in risk management or journalism are applicable for roles in cybersecurity consulting or marketing. It is necessary to make the information on mapping of soft and technical skillsets and range of open cybersecurity roles widely available to those who seek cybersecurity careers. The Security Job Profile Project and the Australian Women in Security Network offers this background on various cybersecurity roles, as well as an opportunity to network with or mentor peers.
  • In career transition and retention, a sense of confidence and recognition is important to both employees and employers. Given how rapidly the cyberthreat landscape and technologies are evolving, it is important to be flexible and invest in employees’ potential and provide guidance for skill stretching. Employees also need to be confident, courageous, and open to learning new skills or techniques.

Given how rapidly cybersecurity is evolving, there is no one way to get into cybersecurity today and the same is true for the future. You have to pave your own way, which will be bumpy but which will bring you to new peers, mentors, perspectives, and technologies you would have never imagined. One of the ladies, to whom I have been talking for a while, recently started to take a coding class. She has no technical background but decided to stretch her skills and knowledge base.

I shared one example to address the talent pipeline creation issue. In June 2017, Palo Alto Networks and Girl Scouts USA announced a collaboration to develop the first ever national cybersecurity badges for K-12 girls. The cybersecurity badge program will be available in the US and we are evaluating opportunities to roll out a global program at a later date. Engagements with K-12 girls means we will also talk to their parents, siblings, teachers, and community. We hope that they will be little cybersecurity ambassadors that will inspire their family and classmates.

After the two Women in Cyber events in Australia, one of the participants sent me a message saying the roundtable made her more determined to pursue a role in cybersecurity. Another already started to send emails about whom to engage with to draw more talent to their business.

These two roundtables are just the beginning of our new journey for thought diversity and women in cybersecurity in Asia-Pacific. I would welcome your stories and perspectives to share your journey, challenges, and successes and look forward to meeting you in our next events and hopefully as my colleagues in cybersecurity!

Want to learn more?
Listen to our new Women in Cyber podcast series

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42