Women Forge New Paths into Cybersecurity as Companies Rethink Hiring

Although many women enter cybersecurity through traditional IT routes, a significant portion—37%—have transitioned from non-IT or military positions, according to a survey released Friday by ISC2, the organization behind the Certified Information Systems Security Professional (CISSP) exam.

The report highlights that women are leveraging education, professional development, self-directed experience, and apprenticeships more frequently than men to advance their cybersecurity careers. More than half of women surveyed (56%) said their organizations are already adapting hiring requirements to attract candidates from non-cyber backgrounds.

“This reflects global efforts by employers to widen the cybersecurity talent pool without compromising standards,” the report stated.

Diverse Backgrounds, Transferable Skills

Žydrūnė Vitaitė, business unit manager at Monitum and co-founder of Women Go Tech, emphasized the advantages of women entering cybersecurity from other sectors. “Women with prior experience in different fields bring diverse perspectives, stronger problem-solving skills, and advanced pattern recognition,” she said. “Transferable skills like curiosity, creativity, and adaptability are highly valuable in dynamic tech environments.”

Vitaitė added that adult women in their 30s and 40s are increasingly shifting from non-tech to tech careers, often achieving remarkable success through re- and upskilling programs.

Thomas Vick, a technology hiring expert at Robert Half, noted that non-IT hires can enrich cybersecurity teams with unique problem-solving approaches. “Interpersonal, management, and project skills from other industries can enhance an IT team’s effectiveness, fostering creative solutions and a holistic understanding of work,” he said.

Barriers and Challenges Remain

Despite progress, entry into cybersecurity remains challenging, particularly for women. Alyson Laderman, CEO of Akylade, explained that shrinking entry-level IT opportunities make it harder for women to gain the experience needed to move into cybersecurity. “IT has traditionally been male-dominated, and fewer starter roles make the pathway to cyber less accessible,” she said.

Teresa Rothaar of Keeper Security echoed that the industry has improved but still faces significant hurdles. “Women remain underrepresented, with limited access to leadership roles, pay disparities, and workplace cultures that can be unwelcoming,” she noted.

Education and Credentials

The ISC2 report also underscored the role of formal education in career entry. Nearly a quarter (24%) of women surveyed held a cybersecurity-related undergraduate degree, compared to 18% of men, while 23% of women entered cybersecurity with a degree in a non-related field. Postgraduate degrees, including master’s and doctorates, were also more common among women (18%) than men (12%) in the field.

“Men get hired on potential, women on proven ability,” Laderman said. “Women often need higher education and more experience to demonstrate the same value that men may achieve with potential alone.”

Vitaitė added that women tend to apply for roles only after meeting most requirements, often 80–90%, whereas men frequently apply earlier and learn on the job.

Certifications as a Career Lever

Beyond education, certifications and professional development play a pivotal role. Eighteen percent of women surveyed held cybersecurity certifications before their first role, slightly higher than men at 16%. Julia Toothacre, chief career strategist at Resume Templates, noted that certifications are a practical pathway for mid-career professionals transitioning into cybersecurity.

Rethinking Hiring Practices

Rob Rashotte, VP at Fortinet, emphasized the importance of reexamining hiring requirements to address workforce shortages. “Organizations may overlook strong candidates by focusing too narrowly on degrees,” he said. “Soft skills combined with certifications can prepare employees for cybersecurity roles, and many leaders are willing to invest in their development.”

Fortinet’s 2024 Global Cybersecurity Skills Gap Report found that while 91% of respondents prefer candidates with technical certifications, 71% still require a four-year degree. Rashotte stressed, “Organizations should prioritize skills and support employees in gaining cybersecurity-specific knowledge through certifications.”

As more companies embrace diverse hiring strategies, women are increasingly breaking barriers and reshaping the cybersecurity workforce, proving that non-traditional pathways can lead to lasting success in tech.