Cybersecurity has become an indispensable part of every organization. As threats become more complex and digital resilience increasingly requires collaboration between people and technology, the need for diversity in the field is also growing. Yet women remain significantly underrepresented in cybersecurity. Their analytical skills, communication abilities, and eye for nuance are particularly valuable in recognizing risks and preventing incidents. In a recent roundtable discussion organized in collaboration with Visma, experts discussed the importance of female talent in this field and how organizations can better leverage it.
Cybersecurity is broader today than ever before. In addition to configuring firewalls and encryption, issues such as behavior, awareness, and risk management are essential in a complex digital society. This presents opportunities for women to play a key role. There will be plenty of suitable candidates as security leaders, analysts, advisors, and policymakers who can bridge the gap between technology and organization.
Read our first story in our series on women in tech.
The human factor
Despite the broadening of cybersecurity as a field in recent years, many discussions still emphasize technology. Think of securing systems, patching vulnerabilities, and monitoring networks. These are indispensable challenges, but perhaps less complex than understanding people’s behavior within an organization. Employees play a decisive role in preventing incidents. This is precisely where a people-oriented approach can make a difference. Women often bring qualities relevant to this: communication skills, empathy, and the ability to build support within teams. This combination of soft skills and strategic insight proves essential for designing security policies that are actually implemented and effective.
Cindy Wubben, CISO at Visma, sees this in practice every day. “The CISO role I now fulfill didn’t exist at first. I was the pilot,” Wubben recalls of her start at Visma. She was involved in designing the security program, which was conceived from a technical perspective and built from the ground up. The company mapped out everything that was needed for application security.
“In my role, I can see how each employee is doing with the product and what level they are at. And then I saw that some employees weren’t doing anything with it, which surprised them. Then I had to chase people down and explain how it works. The figures quickly went up after that. That makes sense: you can’t just put something in place and think it will work by itself. It’s a culture within the organization,” Wubben explains. This is exactly where women can play a valuable role. They often have an eye for the human side of security and can ensure that policy and technology work effectively together.
Bridge between policy and practice
When technology and policy intersect, significant vulnerabilities often arise. The security rules organizations devise must ultimately align with employees’ daily reality; otherwise, they lose effectiveness. Many organizations struggle with this tension. Policy is correct in theory, but in practice, it is circumvented. Ideally, you understand such behavior so you can act on it.
Ethical Hacker Heleen van de Groep (Head of Training & Development at Brooklyn Partners) explains that psychological insight is a particular strength of women. “What we as women can contribute very well is integrating a bit of psychology into the processes,” says Van de Groep. Policy or security processes are often developed from a factual and theoretical perspective, but the translation into practice is forgotten. “As a result, processes are not always workable, they are not followed, and risks arise. People follow the path of least resistance.”
“If we think from the outset about how that ‘path of least resistance’ can also be the safest route, people will automatically follow that route. It helps that women in security are often better able to make this translation, make processes understandable, and influence people through sympathy and communication skills,” says Van de Groep.
From reactive to integrated
Many organizations only discover the importance of cybersecurity when something goes wrong. Incidents often lead to quick measures, but rarely to structural changes. However, security should not be an emergency measure, but an integral part of every process. Diversity in perspectives can contribute to this. Teams composed of people with diverse backgrounds and ways of thinking are more likely to identify risks and develop more practical solutions.
Shannon Bolink, Head of Product at Hix, sees the benefits of this shift every day. “Cybersecurity used to be very reactive. Something would happen, and then immediate action had to be taken. We now try to integrate this into our processes from the outset. We store a lot of personal data and file tax returns, so we have to think about what data we store and how we encrypt it from the start. That is ingrained in our processes.”
Bolink emphasizes that diversity in teams helps enormously in this regard. “Different perspectives often lead to insights that you wouldn’t immediately think of yourself. This allows you to embed security properly from the outset, so that it doesn’t have to be added afterwards, which saves a lot of time and frustration.” Women, for example, can bring a combination of risk awareness and pragmatic thinking to the table, making security part of innovation rather than a hindrance.
No more brakes on innovation
Product development and security must therefore go hand in hand from the outset. If security is only considered when a product is almost ready, this leads to inefficiencies, frustration among teams, and unnecessary risks. Anne-Jet van Halm, Partnership Manager at Onguard by Visma, emphasizes the effect of early collaboration. “When developing AI applications and products, the sooner you incorporate cybersecurity, the sooner you can identify risks and seize opportunities,” says Van Halm.
Based on her experience with credit management and credit insurance, in which Onguard by Visma specializes, she sees that security is often used reactively. But if you collaborate with the product and development teams from the outset, you create future-proof products with risks mitigated by design. “What’s more, you can use that collaboration to show teams how security doesn’t block, but actually offers opportunities. Involving security at an early stage ensures that your decisions are better, development processes are more efficient, and your team remains motivated because frustration due to refactoring or blockages afterwards is prevented.”
Van Halm thus outlines how integrating security into the design and development process reduces risks and stimulates innovation. Women can play a key role by designing processes so that security becomes a natural part of the workflow rather than a burden added later.
Call to action
The examples of Wubben, Van de Groep, Bolink, and Van Halm show that women can add value to cybersecurity. Their ability to combine technical knowledge with human insight, communication skills, and strategic thinking ensures that security policies are truly workable and effective. By actively involving women across the many facets of security, organizations build teams that are better able to recognize threats, mitigate risks, and stimulate innovation. In that respect, diversity is an advantage that increases digital resilience.
Creating space for women at all levels of cybersecurity —from analysts to leadership —can certainly do no harm in this regard. However, this requires a culture that fully appreciates their perspectives and skills. This creates an opportunity to make cybersecurity future-proof, resilient, and people-oriented.
This was our second story in a series about women in technology. In a future article, we will discuss the role of women in AI.