Beyond the Usual: Key Takeaways from the Women in Cybersecurity Panel at ISC2 Congress

Women in cybersecurity panels have become a staple at industry events. In fact, they are now so common that some attendees might consider skipping them. However, the session at this year’s ISC2 Congress in Austin proved to be anything but predictable. Featuring a lineup of seasoned experts, the discussion offered fresh perspectives on persistent challenges. This article highlights the most compelling points from that conversation, focusing on the state of women in cybersecurity today.

Why This Panel on Women in Cybersecurity Stood Out

Moderated by freelance journalist Karen E. Hoffman, the panel included Jennifer Minella, VP Engineering and consulting CISO at Carolina Advanced Digital; Suzanne Hall, managing director at PwC; and Lynn Terwoerds, executive director of the Executive Women’s Forum. Each brought a unique viewpoint, making the session both engaging and insightful. Instead of rehashing the entire discussion, here are the standout moments that deserve attention.

Unconscious Bias and the Glass Ceiling

One of the most striking topics was the persistent underrepresentation of women in leadership roles. According to the latest ISC2 Workforce Study, men are four times more likely to hold C-level or executive management positions than women, and nine times more likely to be in manager roles. Suzanne Hall attributed this to unconscious bias. “When CFOs, CEOs, or CIOs think about security professionals, they think about a guy. Always,” she said, noting that media portrayals reinforce this stereotype.

Jennifer Minella offered a different angle. While she acknowledged the reality of bias, she pushed back against the term “glass ceiling.” “Instead of starting from a point of saying there should be no bias, we should accept that from a neuroscience perspective, there will always be bias,” she explained. “We need to acknowledge that there IS bias as a starting point, and then work from there.” She also pointed out that women may simply want different career paths. “Maybe women don’t always want to be that executive,” she said, citing her own preference for a vice-chair role over a chair position.

The Equifax Fallout and Unfair Scrutiny

The panel didn’t shy away from high-profile cases. Suzanne Hall referenced the aftermath of the Equifax breach, where the female CISO’s educational background was heavily criticized. “I’ve never seen news coverage, in the wake of a data breach, comment on a CISO’s educational background until Equifax’s female CISO,” she said, calling the scrutiny “horrifying.” Hall argued that the real lesson should have been about patching vulnerabilities, not about the CISO’s lack of a computer science degree. For a deeper dive, read The Washington Post’s coverage.

Mid-Career Dropout and Mentorship Gaps

Another critical issue raised was the high dropout rate among women mid-career. Lynn Terwoerds explained that the ISC2 Workforce Study, combined with her experience at the Executive Women’s Forum, shows this trend is “extremely problematic.” While caregiving responsibilities are often cited as a reason, the study found that almost as many men as women are in caregiving roles—yet men do not leave the industry at the same rate. This suggests deeper systemic factors at play.

Mentorship emerged as a key solution. Terwoerds credited her all-male mentors for her success, while Hall and Minella echoed similar positive experiences. However, the panel also called for more female mentors. “Women have to recognize the role they play in order to be proactive with mentoring,” Terwoerds said, emphasizing the need for mutual support.

Changing the Industry’s Mascot

Jennifer Minella closed the session with a powerful call to action: change how the industry markets itself. “We market with images of ninjas, pirates…at least we have unicorns now too,” she joked. “If our industry had a mascot or personality, it’s the grumpy, skeptical paranoid guy or the guy in a black hoodie in a basement…who wants to walk into that? Nobody!”

Her point resonated deeply. To attract and retain more women in cybersecurity, the industry must shed its outdated, intimidating image. As Minella put it, “Nobody wants to be the grumpy arseh*le with no life work balance.”

For more on building a diverse workforce, read our article on cybersecurity career paths and strategies for inclusive workplace culture.

In conclusion, this panel at ISC2 Congress offered more than just a checklist of problems. It provided actionable insights on bias, mentorship, and industry stereotypes. The conversation around women in cybersecurity is evolving, and events like this are crucial for driving real change.