In the rapidly changing industrial cybersecurity sphere, advocating for women and gender diversity to empower women, is perhaps one of the most important things needed for building strong cybersecurity teams. The advancing digitization of industrial systems highlights the need for integrating diverse and holistic approaches to solve multifaceted cybersecurity problems.
The OT/ICS (operational technology/industrial control system) space still struggles to cope with the lack of diversity. Women who attempt to join the workforce in this industry encounter biases, stereotypes, and absent role models. Organizations striving for ‘multicultural’ or ‘diverse’ teams need to address these problems and focus on inclusion, where all participants, especially women, are appreciated for their opinions and decisions.
To keep women in the industry, the need for mentorship is high. With the right guidance, women can thrive in this field. Mentorship programs provide a more nuanced understanding of the ICS world for those unfamiliar with it and promote a friendlier atmosphere.
Taking action is key. Businesses need to better prepare and actively remove barriers by creating policies for training that support diverse career paths, as well as dedicate resources to women already leading in industrial cybersecurity. Fostering inclusion improves innovation and strengthens resilience in the ICS industry. Preparing a future where women can develop is not only a fair decision, but a calculated action in preserving tomorrow’s industrial frameworks.
Women empowering diversity, strengthening ICS cybersecurity resilience
Industrial Cyber engaged with women in the industrial cybersecurity sector to explore how gender and cultural diversity within teams can strengthen the security and resilience of ICS environments.
Alison King, vice president of government affairs at Forescout Technologies, said that her experience at her company and in the federal civil service has shown her that teammates with different backgrounds often identify issues others may overlook. “This is especially valuable in critical infrastructure, where the stakes are high. A team that thinks creatively and acts decisively under pressure strengthens our national resilience and security posture.”
“Security is a people problem,” Josie Houghton, cyber and ICS security lead for Rolls-Royce SMR, told Industrial Cyber. “Every attack starts with someone taking the decision to act maliciously because they feel that it’s the ‘right,’ ‘just,’ or ‘only’ thing that they can do. Attackers are diverse – they come from all over the world, have different races, religions, genders, politics… If a security team is not also diverse, how can we understand their motivations? Diverse security teams provide diversity of thought, which enables the creative problem-solving needed to deliver best-in-class security.”
Shari Gribbin, CEO and managing partner of CNK Solutions, told Industrial Cyber that good security requires the ability to identify, assess, and effectively mitigate or respond to risks.
“The more you can predict potential risks, the better your program,” according to Gribbin. “Building teams who have diverse life experiences will ensure a security program that has integrated risk considerations from a broader pool of perspectives. That requires diversity in a traditional sense because the way that people of different ethnicities, cultures, and genders move through the world matters to how we experience it and understand and assess potential risks. All of which benefits programs that understand this advantage.”
“The best example on why diversity is needed in Industrial Cybersecurity is Asia Pacific which has been left behind the rest of the world, with no products able to solve for the bespoke needs and millions of users breached everyday with billions of dollars lost,” Aanchal Gupta, founder at Agentsstack, told Industrial Cyber. “Cybersecurity companies have been concentrated in a few countries, missing the diversity of thought it needs to solve the complexity that the attacks entail.”
She added that diverse teams offer a deeper understanding of different user needs and operational contexts, ensuring that security measures and new technologies like AI are effective and user-friendly for everyone. Furthermore, they help anticipate a broader range of potential security risks and usability issues, as they consider different cultural approaches to technology and data privacy.
Overcoming diversity challenges, building inclusive teams
The executives highlight their challenges in building inclusive industrial cybersecurity teams and discuss strategies to overcome them.
King told Industrial Cyber that one of the main challenges is a limited pipeline of skilled professionals who are aware of various industrial cybersecurity opportunities.” Addressing this requires government, industry, and academia partnerships to build awareness and provide the necessary resources to ensure we capture the full range of American talent.”
“Nuclear security is dominated by white, ex-military men. As a female engineer, I often feel out of place at industry events – my peers have had a very different life experience that, while I deeply respect, I cannot relate to,” Houghton detailed. “With that said, Rolls-Royce SMR has built a refreshingly diverse security team – my teammates are a delight to work with because we have such broad experiences and backgrounds. What are we doing right? When recruiting, we use a competency framework – rather than just listing responsibilities on the job description, it describes what experiences and skills the ideal job candidate should have. We offer flexible working with no strict office hours, and the culture is inclusive,” she added.
Gribbin noted that the pipeline of talent has a broad range of causes. “This is changing, but many of the resources are still very junior. Barriers to entry, some unique, others common to everyone (like unrealistic experience requirements for starting roles), exacerbate the talent pipeline challenge.”
She presented two ideas for addressing it: first, a substantive commitment by senior teams to diversity, which requires a belief and investment in the idea that it truly improves risk management and security capabilities. “Second, where that access continues to be limited, many leaders are starting their own companies, which allows us to build to this vision on our own. We are the next generation of ‘incubators’ for how to successfully design a diverse organization where everyone can thrive,” she added.
“Cybersecurity and industrial both are fields that do not attract candidates naturally. It needs STEM focus and also a culture within the teams to attract the candidates,” Gupta said. “Having spent half my life in industrial and half in cybersecurity, I have seen the challenges in hiring. The applicant pool is small, and within that, the hiring managers have unconscious biases.”
She added that the best way to address this is to start nurturing the talent as early as possible, preferably in secondary schools.
Empowering women in industrial cybersecurity by driving gender equality
The executives examine whether there are initiatives in industrial cybersecurity that foster gender diversity and identify the factors contributing to their success.
“I’m proud to support The Cyber Guild’s United Women in Cyber (UWIC), the premier event for cybersecurity professionals and aspiring practitioners in the D.C. metropolitan area,” King said. “Women represent a critical talent pool to address the severe national cyber workforce shortages. Additionally, S4x25’s Women in ICS Security (WICSS) Scholarship Program is doing great work that needs to be scaled up.”
She added that organizations must invest in leadership training, mentorship, and career development to create meaningful change. These efforts build upon technical skills, instilling the confidence required for long-term success.
Houghton said that in the U.K., the NCSC runs a scheme called Cyber First, which includes various activities to engage young people in cybersecurity. “These include summer workshops, bursaries, and a competition for 12-13-year-old girls. I’ve met alumni of this scheme who have taken on careers in cybersecurity. These activities break down the perception that cybersecurity is all about hackers wearing hoodies. Security is a job for everyone, and we need more schemes that help young people see that,” she added.
“Yes, I see a number of women’s initiatives in ICS, and those leading them are inspiring us all,” Gribbin said. “I would like to see some of these focus equally on ensuring women of color are supported for development, which is still lacking. I believe these groups are really successful at recruiting, driving interest, and helping to develop the talent pipeline, as well as at increasing access to public forums and other critical ‘door-opening’ spaces.”
However, she added that she does not see enough intentional focus on building paths to access resources, funding for businesses, projects, and sourcing work. “That support mostly occurs at the individual member level. This is an area for improvement. Without capital and resource access, the other successes are diminished, and interest at all levels is suppressed or ends with an exit from the sector, which is not good for our collective security future.”
“Yes, initiatives in industrial cybersecurity likely exist to promote gender diversity, and core principles often drive their success,” Gupta identified. “A ‘People-First Approach,’ where valuing and empowering individuals is central to the company culture, creates a natural environment for diversity and inclusion. Additionally, focusing on overall well-being and safety in the workplace can attract a broader range of candidates, including women.”
Finally, she added that forming ‘collaborative partnerships’ with organizations specifically supporting women in technology or STEM fields allows companies to leverage external expertise and implement more effective diversity programs. Therefore, combining a people-centric culture, a focus on well-being, and strategic partnerships is key to successful gender diversity initiatives in this field.
Mentorship matters for women in ICS cybersecurity space
The executives discuss the significance of mentorship for women in ICS and explore strategies for organizations to establish effective mentorship programs.
“Mentorship is crucial in ICS, where the technical landscape continues to evolve,” King observed. “Women new to the field benefit from guidance on technical skills and career development. Effective programs like the Cyber Guild’s RISE mentorship program match mentors and mentees based on experience and mission alignment and instill the knowledge-sharing necessary to build confidence and technical competency to thrive professionally.”
Houghton said that she had personally struggled with finding good mentoring schemes. “If a scheme doesn’t have a specific, defined outcome, then it’s just networking. That has value, but it’s not necessarily mentoring. A good mentoring scheme should have a clear purpose and a defined beginning, middle, and end. Finding the right mentor can be pivotal to someone’s career – I’ve certainly been supported by some excellent people over the years and wouldn’t be where I am without them. I’m currently mentoring a female apprentice.”
She added that apprenticeships are a wonderful way to bring people into industrial cybersecurity. “There are no degree courses in the U.K. that specialise in industrial cybersecurity, so she’s doing a degree in infosec, while I mentor her on how industrial cybersecurity differs. Meanwhile, I’m working with my infosec colleagues to ensure that she gets work experience from both fields. It’s a win-win scenario for her and the business.”
Gribbin also mentioned that mentoring is important, while sponsorship is critical. “They go together. This is another area that is one for all of us to improve upon for both our peers and those coming up the talent lane.”
“Mentorship is highly needed for women in the workplace where gender diversity is not by design and needs to be improved,” Gupta said. “There are great external coaches who can help on navigating the unconscious biases in the workplace, we are engaging them early on since day one. People in leadership can take the initiative on 1:1 mentorship and coaching.”
She added that it has been tough to challenge the biases and thoughts of being in a minority in leadership roles, but the mentors always helped to think through and navigate the corporate culture.
Strategies to keep female talent in ICS
The executives examine the strategies employers can implement to retain female talent in ICS roles.
King noted that retention improves when employees see clear paths for growth, are given challenging assignments and constructive feedback, and know that their contributions are valuable and recognized. “In ICS, that means offering continued education, leadership opportunities, and a workplace culture focused on mission success. By creating environments where all professionals can thrive, we strengthen and grow the capabilities necessary to protect the dual-use ICS that support our modern life.”
“Employers need to acknowledge there are benefits to being more diverse before moving on to ensure equity of opportunity,” according to Houghton. “A previous employer promised me functional safety training. I prepared for it, had experience and certification would have boosted my career, then, with no explanation, they sent a male colleague who hadn’t prepared. Was it sexism? Did they realise the benefits of creating a more diverse team? I don’t know, but it felt deeply unfair.”
She added that employers need to set clear expectations and career pathways to enable women in ICS to develop and grow, and then they can realise the many benefits of retaining that pool of motivated people.
Gribbin pointed to the countless studies and discussions about recruiting and retaining women that came out just after the COVID-19 era, where we were better able to see just how big the gender gap impact is with workplace policies.
“Employers should leverage that great work, which includes a wealth of information about initiatives that can be implemented, focused specifically on creating the change needed to support continued upward mobility for women in the workforce,” she added. “Many of these recommendations are overdue to modernize the workplace anyway and have the added advantage of improving retention of young people, disabled team members, and even working parents.”
Gupta said to retain women in ICS, employers must prioritize building inclusive, diverse teams and a ‘people-first’ culture. “Addressing unconscious biases in hiring and promotions through diverse leadership and bias training is crucial. By empowering employees through project ownership and creativity, offering growth via 360-degree feedback, investing in early talent partnerships, and implementing mentorship, we can build a future pipeline while implementing crucial support,” she concluded.
