The Current State of Diversity in Cybersecurity
The cybersecurity workforce has a representation problem that the industry has been discussing for years. Women make up just 22% of the cybersecurity workforce, according to ISC2 research. That number has moved slowly, and the conversation around it has matured — but the environment in which that conversation is happening has shifted sharply.
As corporate diversity, equity, and inclusion commitments come under renewed public scrutiny, many of the programs built to broaden participation are being questioned, slowed, or eliminated. To understand what that shift means on the ground, four women leading in cybersecurity sat down to compare notes on what has changed, what has not, and what leaders should do about it.
What emerged was not a debate about policy labels. It was a clear-eyed discussion about how people experience their work — and why that experience is inseparable from how resilient a security organization actually is.
The panel: Juliet Okafor, Founder & CEO of RevolutionCyber; Amy Bogac, Chief Information Security Officer at Baker Tilly US; Stacey Champagne, Founder & CEO of Hacker in Heels; and Deidre Diamond, Founder & CEO of CyberSN. You can watch the full webinar recording for the complete conversation.
Impact of Corporate Policy Changes on Workplace Culture
When organizations pull back on inclusion commitments, the effects are not abstract. They show up in how individuals feel about their day-to-day environment — and whether they believe they have a future where they are.
In a LinkedIn poll run by Deidre Diamond, 57% of respondents believed the elimination of DEI programs will negatively affect their careers. That is not a sentiment about a corporate initiative. It is a signal about workforce stability.
The panelists described how quickly the tone of the industry can change.
"It feels like we're back in the days of being told to wait our turn."
— Juliet Okafor, Founder & CEO, RevolutionCyber
Structural changes outside of formal policy compound the effect. A broad return to in-office work, several panelists noted, has reintroduced friction that remote arrangements had quietly reduced.
"A return to the office has amplified microaggressions and isolation for many."
— Amy Bogac, Chief Information Security Officer, Baker Tilly US
The data reflects what the panelists described. ISC2 research found that 36% of women feel they cannot be authentic at work, compared with 29% of men, and 29% of women report workplace discrimination versus 19% of men. These are not edge cases. They describe the working conditions of a meaningful share of the cybersecurity workforce — conditions that directly shape whether experienced professionals stay, contribute fully, and grow.
Empowering Women in Cybersecurity Leadership
Representation challenges do not resolve themselves with entry-level hiring. They concentrate at the point where careers either accelerate or stall. The WiCyS 2024 Annual Report found that women hit a glass ceiling at the 6-to-10-year mark in their careers — precisely the window in which deep technical and leadership capability matures.
That timing matters operationally. The 6-to-10-year mark is when a professional has accumulated the institutional knowledge, judgment, and cross-functional fluency that no job posting can replace. When organizations lose people at this stage, they are not losing headcount. They are losing capability coverage — and most leaders cannot see it happening until it has already happened.
The panelists were direct about the need to change the structure, not just the messaging.
"We need to disrupt the pipeline and build it differently."
— Stacey Champagne, Founder & CEO, Hacker in Heels
Building it differently means giving leaders visibility into where capability actually concentrates, where it is fragile, and where talented people are disengaging before they leave.
Integrating DEI into Cybersecurity Strategies
The most important reframe from the conversation was the connection the panelists drew between inclusion and security outcomes. Inclusion is not a parallel HR track running alongside the security program. It is a property of the workforce that delivers the security program.
"DEI and cybersecurity are connected. Team well-being impacts risk posture."
— Deidre Diamond, Founder & CEO, CyberSN
This is the core of the matter. A team operating under isolation, burnout, or the quiet expectation to "wait their turn" is a team carrying hidden workforce risk. Disengaged and underutilized people create coverage gaps, slow incident response, and concentrate critical knowledge in fewer and fewer hands. When leaders cannot see how their people are experiencing the work, they cannot see where that risk is forming.
The leadership response, the panelists agreed, starts with how leaders show up.
"When leaders show up with empathy and curiosity, that's when we see people feel safe."
— Deidre Diamond, Founder & CEO, CyberSN
Actionable Strategies for Upholding DEI Commitments
The panelists' guidance converged on a practical theme: move inclusion from intention to operational visibility. A few principles stood out.
Lead with empathy and curiosity
Psychological safety is not a perk. When people feel safe to be authentic, they contribute fully — and leaders gain honest signal about how the team is actually functioning.
Watch the 6-to-10-year window
This is where capability matures and where it is most often lost. Gain visibility into who is stalling, why, and what coverage walks out the door if they leave.
Rebuild the pipeline structurally
Surface-level programs do not change outcomes. Examine how advancement, sponsorship, and workload are distributed across the workforce ecosystem.
Treat well-being as risk data
Burnout, isolation, and disengagement are leading indicators of workforce risk. Track them with the same seriousness as any other signal in your security program.
Leaders looking to act can start with curated resources for women in cybersecurity and resources for military veterans entering cybersecurity.
The Path Forward for DEI in Cybersecurity
The conversation made one thing clear: the pressures facing inclusion in cybersecurity are both new and old. The microaggressions, the glass ceiling, the quiet message to wait — those are old. The renewed willingness to question whether inclusion matters at all is what feels new.
The path forward does not depend on the fate of any single program label. It depends on whether leaders can see their workforce ecosystem clearly enough to understand how their people experience the work, where capability is concentrating or eroding, and where workforce risk is forming out of view.
That is the through-line connecting everything the panelists discussed. Inclusion strengthens the workforce. A strong, fully engaged workforce strengthens security posture. And the leaders who can see how their teams actually function are the ones positioned to build organizations that are both resilient and worth staying in.
When team well-being is treated as the operational signal it is, inclusion stops being a debate and becomes what it always should have been — a measure of how well an organization understands and manages its own workforce.
Inclusion Is a Workforce Intelligence Problem
CyberSN gives security leaders Workforce Intelligence — operational visibility into how their workforce ecosystem actually functions, where capability coverage concentrates, and where workforce risk hides. When you can see how your people experience the work, you can build the inclusive, resilient teams that strong cybersecurity strategy depends on.
Explore Workforce Intelligence