������Ƶ

In the last two years, we’ve seen some of the largest data breaches to date, resulting in millions of people with credit card and other personal information stolen. The bad guys continue to grow more sophisticated — turning their skills into big business. This means threats are not going away, they are getting “scarier.” We aren’t doing enough to protect ourselves, resulting in a lot of work to be done in security and a growing need for smart people to do it.

Infosec is suffering from a critical talent gap. According to the , we’ll have a shortfall of 1.5 million workers in five years — and women comprise only 10 percent of the current workforce. With such an imbalance in the supply and demand equation, we do ourselves a disservice if we don’t focus on how to recruit more women.

This is one of the many reasons I, along with Hewlett Packard Enterprise, are invested in providing solutions to recruit and retain women in technology. But so is everyone else. How am I different?

Let’s take my journey as an example. I don’t come from a traditional engineering background and I did not pursue an education in STEM-related careers.

One thing I have noticed that I think is crucial: we don’t speak enough about what a career in cybersecurity actually looks like. If you don’t know what a career looks like, it’s so much harder to recognize it as a path that could work for you.

Let’s take my journey as an example. I don’t come from a traditional engineering background and I did not pursue an education in STEM-related careers. I grew up before cell phones were publicly available; when personal computers were just coming on the scene — Commodore 64, TRS-80, Apple Macintosh, Osborne 1, and the IBM PC. I went to college to study accounting and business, ultimately obtaining a Bachelor of Science in Business Management. I worked nearly 10 years before I had my first job with a computer. That introduction came at a little company called Microsoft. Working in a business operations capacity (budget, procurement, metrics) I increased my computing knowledge rapidly. Over the course of the next 15 years I moved in and out of the IT industry, returning to Microsoft when I was hired into the Microsoft Malware Protection Center (MMPC).

The MMPC was my first introduction to infosec. Yes, I was aware of the and the launch of the , but those were for developers and not for us operations people. In the MMPC my initial focus was on deploying our security services — the components that made up Microsoft’s antivirus endpoint solution (OneCare, Security Essentials and Windows Defender) — into a production data center. I learned about secure and scalable infrastructure design, and utilized my skills in redundancy and business continuity daily.

As I learned more skills, more opportunities opened up. I worked with security researchers to understand their processes, tools and workflows in order to improve their environment. I used my growing knowledge of security research as a business (which can be described as a niche within the infosec niche) to define metrics, translating what they do into “business-speak” to ensure growing investments year over year. Eventually, all of this led me to the executive leadership team as the business manager/chief of staff. The opportunities at Microsoft eventually took me to HP (now HPE) and ultimately to owning the threat research strategy for HPE Security Research.

I have an amazing career and work with some of the most incredible people in the industry. A career that I never knew was available to non-engineers. It’s the same for a lot of women who don’t realize many of the skills they have now — skills seemingly unrelated to infosec — can translate into this field.

In other words, you don’t have to be a hacker or a coder to succeed in the industry. There are a wide variety of skills needed, and a career in cybersecurity can be as broad as you can imagine. For instance, cybersecurity calls for talents including engineering, public policy, law, awareness of compliance standards, privacy, application development, communications, project management, analytics, and the list goes on and on. We need smart people to bring their passion and go do *that* thing if we want the hard problems solved. This is never truer than it is of cybersecurity. While women currently represent only 10 percent of the cybersecurity workforce, it’s not always an episode of Mad Men.

To anyone thinking of cybersecurity as a career — male or female, no matter what your race, cultural background, or what you majored in in college — I would say: find what you’re passionate about, make it yours, and bring it here.

We all know innovation is intrinsically gender-neutral, but in this era of mounting challenges, humanity will need to do a better job of tapping the full potential of all people — for their brainpower, their creativity, and their sense of possibility. The talent gap isn’t an easy challenge to address, nor is there an overnight fix. It will take years — perhaps more than we even imagine — to close it. This is a commitment that we must make — if we hope to thrive over the long term.

To anyone thinking of cybersecurity as a career — male or female, no matter what your race, cultural background, or what you majored in in college — I would say: find what you’re passionate about, make it yours, and bring it here. We need it all to combat the bad guys.

Jewel Timpe is Senior Manager, Research Communications at Hewlett Packard Enterprise Security. She will share her story at ������Ƶ’s conference in Washington, DC on March 9.

This post is part of Humans of Cybersecurity, a dedicated section on Context that celebrates stories of the people and ideas that are are changing our digital lives. It is part of ������Ƶ’s Women in Cybersecurity Project, which seeks to dramatically increase the representation of women in the cybersecurity/information security field by fostering strategic partnerships with industry leaders, producing cutting-edge workforce research, and championing women’s voices in media. This is a project of ������Ƶ’s broader Cybersecurity Initiative, which aims to clarify and connect the often disjointed debates and policies that surround the security of our networks.