Turning expertise into opportunity for women in cybersecurity
Speaker diversity in cybersecurity has been a talking point for over a decade, with panels, pledges, and dedicated conference tracks failing to produce change. Stages still skew heavily male, even as women represent millions of qualified professionals in the field.
SheSpeaksCyber, a free and open directory launched by the Women4Cyber Foundation, aims to close that gap by making female experts discoverable to event organizers worldwide. With a target of 50 percent female representation at cybersecurity events by 2030, the platform is as much a community movement as a search tool. We spoke with founder Erlend Andreas Gjære about how it works and why now.
The cybersecurity conference circuit has been talking about the speaker diversity problem for well over a decade. There are panels, pledges, and diversity tracks. What makes a searchable directory the intervention that moves the needle when public commitment alone has not?
While I do believe the needle is moving already, I think it should be moving much faster. There are simply so many expert women in cybersecurity today, I am always surprised and disappointed when events fail to feature these in their programs.
When asking such event organizers about this, I often hear something like: “We tried to find a female speaker for topic X, but we couldn’t!”. With experts readily available through SheSpeaksCyber, such excuses should be irrelevant for the future.
Our co-founders at Women4Cyber Foundation have previously been receiving weekly requests from event organizers, asking them to recommend female speakers. Considering their manual effort with this, SheSpeaksCyber now allows time to be freed up for other activities.
With estimates of women in cybersecurity maybe just a little bit ahead of the 20% in IT altogether, there is much work left to do. Still, the actual number of female specialists are in the millions. And this number of people itself simply means that there are more than enough experts to go around for speakers at every event, regardless of percentage share, right?
SheSpeaksCyber is a directory, but you and Women4Cyber are calling it a movement. At what concrete point does a speaker directory stop being a UX convenience and start being something that shifts conference culture?
I believe the community here makes all the difference. Having the speaker directory available, free and open is just a tool. Then, the people who show up to actually use it – as speakers and event organizers, will be part of making the impact real.
There have been so many people reaching out these weeks since launch. Even those who are neither speakers (yet) nor organizers, including men, of course –stating their support and offering assistance, whatever that may be – from all over the world. I think the convenience of this directory is very efficient to progress in the conversations and, in turn, the culture.
Expertise is not always 1:1 with visibility, and many experts are way too careful to raise their hand and speak up. This could of course apply to men, too. However, to bridge an apparent gap here, making the community in general more visible and peers approachable to each other, can be the spark needed to dive into speaking. I have been part of an agency catalog for paid speakers myself (not specifically for cybersecurity), and picked up quite a few things from fellow speakers there. And I have connected with other “colleagues” in the catalog who I may never have connected with otherwise.
I think we can easily agree on the positive aspects of visibility for experts on stages. Both for their own personal career development, as inspiration for others, and for defining the agenda. Seeing the women and their expertise on stages makes all the change, the directory can only hopefully help them get there more often.
The stated goal is 50 percent female representation at cybersecurity events by 2030. That is a specific, measurable target. What metric are you tracking today, and how far off is the current baseline from that number?
As we launched the speaker directory in January this year, we set a target of 1,000 speaker profiles published before 2027 – and we’re already in the hundreds of speaker sign-ups so far. Not all are published yet, but simply the step of starting to draft a speaker CV can be something of value for the individuals, too.
While it’s still early days, speakers will be adding entries for their previous talks on their profile pages. From these data, it will be possible to survey progress according to linked event programs. The infrastructure is ready, we’re adding the speakers and content, and hopefully the network effect will continue to take it from here.
The website also includes a feed for events which are offering open calls for speakers/presentations (CfPs). While various other sources for these data exist, we’re looking to directly suggest relevant events for the speakers in the directory, as they appear. Hopefully event organizers will also want to publish their CfPs on the platform, and at the same time receive suggestions for relevant speakers. We haven’t set any target metrics for these things yet, it is rather about just solving some really basic stuff to unlock the community potential here even more.
If SheSpeaksCyber hits its 2030 target, what does that change about who gets to define what cybersecurity problems matter most at the industry level?
I love this question, because it highlights the importance of which voices are being heard. And voices who are put on stages are naturally heard by more people. This is really basic common sense, and that’s also why it matters.
My personal experience is that also among fellow speakers and panelists, opportunities present themselves for exclusive networking, including the typical speaker’s dinner. And this also extends to validating each other’s credentials, through the mutual experience of being accepted and invited onto stage together.
Peers tend to build connections for mutual respect and even future benefit over these occasions. If we’re no longer missing out on thousands of experts, also in the more closed circles because they’re now also present on stages, I think security improves for everyone.
Your background is in making cybersecurity feel approachable and human-centered for non-experts. SheSpeaksCyber is aimed at getting more women onto stages in front of experts. Is the confidence gap you are trying to close with this platform a discovery problem, a credentialing problem, or something more structural that a directory cannot fix on its own?
The overall lack of IT and cybersecurity skills is declared a gap and challenge towards safety and quality of life for each and everyone of us. The workforce skills gap can by no means be filled without the women.
Women are certainly needed in our industry for all the things which make them naturally different to men, too. Only then can we serve society as a whole, both men and women equally well, through the digital solutions we build and protect. Even equal pay is at stake with cybersecurity being a higher-paid industry, if the women aren’t equally represented.
SheSpeaksCyber is meant to solve the discovery part of the challenge, but I hope and believe it can also serve to help beyond this. We need efforts all the way from upbringing and education, through visibility, confidence and opportunity for expertise. Women are statistically not the first to raise their hand if someone invites the room in our industry, yet their expertise I think we can safely assume. If they are visible on SheSpeaksCyber, they should definitely be worth paying attention to.
Learn more: How to give better cybersecurity presentations