Whilst the demand for cybersecurity expertise has never been so high amongst organisations, there remains a significant skills shortage within the industry.
Indeed, according to UK Government research, 50% of all UK businesses have a basic cybersecurity skills gap, and 33% have an advanced skills gap. It’s a situation that makes the relative rarity of women in cybersecurity all the more confusing.
Just 24% of all cybersecurity employees worldwide are women, a dramatic increase from the 11% in 2017, but still far from parity.
While progress is being made, we still have a long way to go regarding improving diversity in our sector.
In this blog, we’re chatting with female role models in the sector leading the way for a change. Let’s get started.
Meet the panelists
Melanie Oldham OBE, Founder and CEO of Bob’s Business
Melanie’s journey began back in 2007 when she was tasked with supporting the IT team at the Mid Yorkshire Chamber of Commerce to develop a method of translating cybersecurity into a format that staff would easily understand.
16 years later, Melanie has become a leading voice and respected force in the infosec sphere, dedicating herself to raising cybersecurity awareness within organisations and breaking down the barriers between IT teams and their staff. In the 2022 New Year’s Honours List Melanie was awarded an OBE for Services to Cybersecurity.
Carolyn McKenna, Head of Security Demand, Capability & Awareness at Smart DCC
Carolyn is the Head of Security Demand, Capability & Awareness at Smart DCC – the company that has designed, built, and now manages the technology infrastructure that underpins the smart meter roll-out for Great Britain.
With a background in Information Security compliance, as well as Business Continuity Management Systems, she worked in the telecoms sector for over 25 years, before moving over to Smart DCC and the energy sector in 2018.
Anya Bridges, Junior Project Manager, Bob’s Business
Anya joined Bob’s Business in September 2020, aged just 16, as a Cybersecurity Apprentice keen to discover a sector firmly on the rise.
Since then, she’s enjoyed her own remarkable rise through the ranks, receiving promotions to Cybersecurity Technician and, most recently, Project Manager. The latter is a role she’s also undertaken at the Yorkshire Cyber Security Cluster (YCSC), before graduating to the Steering Committee.
Along the way, she’s received awards and PRINCE 2 Qualifications.
Cathryn O’Shea, Online Security and Support Manager at Cornerstones Education
When Cathryn graduated from the University of Huddersfield in 2014 with a degree in music, she had no idea what she wanted to do with her career.
She took an office administration job at Cornerstones Education, which was just about to launch its first online platform for schools. Cathryn helped populate the platform with content and users and built an effective customer journey.
The big challenge came when schools started asking security-based questions about their system, especially with the introduction of the GDPR, so Cathryn and the team decided to go all out and implement ISO 27001 across the business.
Caroline Kaye, MD and Principal Consultant at CRK Consulting Limited
Caroline is a mum of two, running her own consultancy business, CRK Consulting Limited, delivering ISO 27001, ISO 9001 and GDPR to businesses across the UK.
Educated to a degree level in IT and working in numerous IT roles, cybersecurity seemed a natural way forward for Caroline. The first opportunity to implement an Information Security Management System came when she worked for an IT company, and ISO 27001 certification was required to secure a large contract.
Fast-forward to today, and 2024 marks the 10th anniversary of Caroline running her own business, in that time she has worked across multiple industries such as manufacturing, software development, education and training, market research and finance, and has never looked back.
We asked them a series of questions about their achievements, the state of the industry and what they think the future holds for women in cybersecurity.
What are your greatest achievements within the cybersecurity industry?
Melanie: “Helping IT & compliance teams break through the communication barriers that exist between them and end users. Getting everyone to understand the benefits of adopting good cybersecurity practices and how a subject that creates so much resistance can really be made simple.”
“Organically growing a project that was a passion into an award-winning, internationally recognised business that provides employment and stability to a diverse hugely talented team of individuals.”
Carolyn: “I think my greatest achievement to date is creating Smart DCC’s first intake of Degree Apprentices. We partner with Manchester Met University on their Digital & Technology Solutions Degree Apprenticeship, with four fantastic colleagues now in their final year of the course – following Cybersecurity or Data Analytics pathways. It’s such a privilege to be involved in shaping early careers.”
Anya: “As a young woman in tech, my achievements in cybersecurity include receiving the Special Recognition Award for Cyber Apprentice of the Year in 2023 and leading on impactful processes and projects for the business.”
Cathryn: “When Cornerstones planned to implement ISO 27001 in January 2018, I was promoted to Online Security and Support Manager, given the standard, and given four months until the certification audit to get things in place.”
“With the help of my fantastic team, Cornerstones are now fully certified, and is successfully monitoring and maintaining their Information Security Management System.”
Caroline: “When my clients have that light bulb moment when it all falls into place and makes sense, this gives me a warm fuzzy feeling inside knowing that I can walk away from the company and they no longer need my services. They have the skills and confidence to manage their own systems and risks. That’s a job well done.”
What advice would you give to women seeking a career in cybersecurity?
Melanie: “I think it’s essential to acknowledge bad things are going to happen, but what’s important is how quickly you dust yourself off and rise to the challenge. Accepting this has helped me develop a resilience that keeps me going when curve balls come bounding in and knock me off my feet!”
“It’s tough when your kids say ‘Mummy I hate your work, I want you to stay with me today!’ But it makes me smile when they say ‘My mum teaches people to stay safe and not be silly online’. Knowing that I am helping secure their future makes it all worth it and I have made it my personal mission to make the online world a safer place”.
Carolyn: “For girls still in school I would encourage them to step outside of what might be seen in their families or culture as traditional roles. My own daughter is 23, and works in Security Architecture at Fujitsu, having completed a Cyber Degree Apprenticeship herself.
Diversity in Security is paramount – if we all come from the same kind of background, we will all think in the same way. We need gender diversity, neurodiversity, cultural diversity and so much more in security to ensure we truly are ‘covering all bases’ regarding our ways of thinking, security controls and designs.”
“Get involved in initiatives such as Cyber First Girls Competition run by the National Cyber Security Centre, look for summer school events for cybersecurity run by companies and universities and don’t be afraid to step out of your comfort zone!”
Anya: “For women entering cybersecurity, my advice is to build a strong foundation of connections, engage in continuous learning, network actively, showcase your skills online, and most importantly have confidence in yourself.”
Cathryn: “It’s an exciting time to join the industry as the world of technology is evolving rapidly so it’s never straightforward! There’s a wealth of information, networks and support so you’re never alone.”
“I landed in this role completely out of my depth and I’m learning something new every day. Make friends, network, and don’t be afraid to challenge people and speak out.”
Caroline: “Go for it, find what area of cybersecurity best suits you, technical or governance for example, seek new challenges and opportunities, and accept that you will make mistakes, this is the best way to learn. Lean on other experts in the area, the people I have come across in this industry are so helpful and willing to share knowledge. Don’t be afraid to ask for help.”
“There are so many ways of learning, information and contacts are at your fingertips. Don’t be a know-it-all, sit back listen to people’s opinions, if you don’t agree, be constructive and work together – no one knows everything.”
What is it like to be a successful woman in an industry predominantly made up of men?
Melanie: “Initially, I found it quite awkward but now love the fact that I am able to inspire and energise an audience of IT professionals, that historically I was intimidated by. Knowing they really appreciate and respect my views and experiences is fantastic.”
Carolyn: “Whilst the industry is still predominantly male, I am definitely seeing more women these days, which is fantastic news. When I joined Smart DCC six years ago, I was the first and only female for over a year, with very few female applicants coming through – now 36% of our Senior & Wider Leadership Team is female!”
“I see many inspiring women at industry events now who have created their own successful cyber businesses, so the balance is slowly getting there. It is important to work in an environment where diversity and inclusion are evident so that you feel comfortable having your voice heard.”
Anya: “Being a woman in a male-dominated industry involves inspiring others, advocating for diversity, and navigating challenges with resilience. Despite occasional obstacles, the experience has been so fulfilling. I have been very fortunate to have a great team around me, and my male colleagues have consistently provided support and encouragement whenever I’ve needed it.”
Cathryn: “Rewarding! I’m in a unique position in that I work very closely alongside other successful women in the industry who have brought a wealth of experience to help us navigate the world of cybersecurity. Despite the challenges we’ve faced along the way, the rewards have definitely been worth the effort.”
“Outside of the workplace I conduct and play in both brass and concert bands, and I have come up against similar challenges because of my age and gender. It has given me the confidence to stand my ground as my career in the cybersecurity industry progresses.”
Caroline: “Liberating. One of my line managers (male) told me that I would never be a success after having children and choosing to work part-time, from that point he constantly ‘kept me in my place’ and told me that I wasn’t good enough. Looking back, I realise he was threatened by my skills and knowledge, eventually making me stronger and more determined. Since running my own business, I don’t see or have experienced any gender inequalities or even notice anymore that I’m the only female in the room, as my presence and input is valued, based on my experiences and knowledge gained over the years.”
“When I do take a step back and reflect, it makes me proud that I can run a successful business in a male-dominated environment, what a great message and role model for my daughter – my aim has been achieved.”