Why Women Could Be Cybersecurity’s Missing Defence Layer - ITP.net

Cybersecurity is not a technical problem, but a human one. Hadi Anwar described a familiar scenario. Two cybersecurity professionals are placed in a room and told: you were attacked. Here is how it happened. What went wrong? “One will immediately focus on the technology gap,” he says. “The other may ask whether the people involved were trained properly. That is the human element.” That difference in instinct is exactly why he believes diversity in cybersecurity is no longer optional. This International Women’s Day, we decided to discuss the talent problem in cybersecurity. Anwar is the CEO of CPX, the cybersecurity company under G42. He oversees a 600 strong team based in Abu Dhabi, a workforce that has almost doubled in the past year. Hadi Anwar, CEO, CPX – a G42 company The pressure is real. CPX secures some of the UAE’s most sensitive national infrastructure, including nuclear power facilities, the Central Bank, Abu Dhabi Airport, major ports and financial institutions. “All strategic national projects are delivered by CPX,” he says. The stakes could not be higher. Yet the issue he keeps returning to is not technology. “Most incidents today are because of human error, not always because of technology.” That shift in framing matters. If cybersecurity is about behaviour, awareness and decision making, then the composition of the workforce protecting national systems becomes critical. Globally, women represent only about 25 percent of the cybersecurity workforce, according to ISC2. At the same time, the global talent gap stands at nearly 4 million professionals. The profession is under strain. Budgets are tightening. Threat actors are becoming more sophisticated. AI is expanding attack surfaces. Cloud environments are scaling faster than many organisations can secure them. And yet, half the population remains structurally underrepresented in defending these systems. “Men alone cannot fill that gap,” Anwar says plainly. Beyond representation, there is also the business case. The industry is not simply short of people. It is short of skills. AI adoption is increasing demand for hybrid expertise across cloud, machine learning and security operations. Exclusion, in this context, is not just inequitable. It is inefficient. Thinking Like the Attacker Requires Diversity Cybersecurity professionals often say they must think like a hacker. Hackers are diverse. They operate across geographies, genders and backgrounds. Their motivations range from financial gain to ideology to state-backed disruption. So why, Anwar asks, would defenders be homogenous? “If I put two technical people on the table, one male and one female, and I say we were attacked and here is how it happened, the male will directly focus on technology. The female might say we need to provide training. That is the human element,” he explains. It is not a stereotype. It is an observation about perspective. Cybersecurity frameworks are often built around the triad of people, process and technology. Technology tends to dominate the conversation. But in practice, the people element sits at the core. “The people element is number one,” he says. Diverse thinking reduces blind spots. It challenges assumptions. It introduces behavioural awareness into incident response and system design. And in an AI native society, where decisions are increasingly automated, human oversight becomes even more critical. Conversation to Structure For years, the technology industry has talked about encouraging women into STEM. Talk is not structure. CPX, in partnership with Microsoft and backed by the UAE Cyber Security Council, has launched “She Protects”, a six-month national pathway programme running from December 2025 to June 2026. The goal is not just awareness, but job readiness. The programme embeds industry recognised certifications, hands on cyber labs, exposure to real world incidents and structured mentorship. Participants do not simply attend webinars. They sit alongside practitioners. They are assessed. They are certified. “There will be objective evaluation towards the end,” Anwar explains. More importantly, there are direct employment pathways into security roles. “We do not want them to graduate and not be job ready,” he says. That distinction is important. The cybersecurity industry often struggles with what analysts call the “experience paradox”. Employers demand experience. Graduates lack it. Programmes that bridge that gap structurally are rare. Representation Inside the Room Internally, CPX currently has around 26 percent women across its workforce. Anwar has set a target of reaching 30 percent in the coming year. Within his own leadership team of ten direct reports, three are women. These numbers are not parity. But they signal intention. Retention, he argues, matters as much as recruitment. Career progression, promotions and mentorship must be visible if younger women are to see cybersecurity as a long-term path rather than a technical detour. Globally, the cybersecurity skills shortage continues to widen. Recent global surveys indicate that most professionals are experiencing significant strain, brought about by economic pressure on budgets and staffing levels. Jobs and recruitment continue to be impacted, but it’s the shortage of skills rather than just people that is the most pressing issue for a profession experiencing multiple disruptive factors. Moreover, AI adoption is adding further demand for hybrid expertise across cloud, machine learning and security. From a business standpoint alone, exclusion is unsustainable. Continuous Learning is Non-Negotiable Cybersecurity is not static. Neither are threats. Anwar reflects on his own career, noting that for nearly two decades he sat two certification exams every year to stay relevant. Continuous upgrading is part of the profession. That culture should now be embedded within new entrants’ mindsets. It must also be accessible. The UAE has positioned itself at the forefront of AI deployment and digital transformation. That ambition requires parallel investment in protection. “If we are deploying AI capabilities, we also have to be at the forefront of protecting those capabilities,” he says. Protection cannot be built by a narrow segment of society. The Bigger Argument Diversity in cybersecurity is not a branding exercise. It is about strengthening national resilience. It is about understanding behavioural risk. It is about building teams capable of anticipating complex, multi layered threats. Most importantly, it is about acknowledging that defending digital infrastructure is now a shared responsibility. If cybersecurity safeguards financial systems, airports, power grids and digital government, then the people shaping those defences matter. Leaving women on the sidelines is not only inequitable. It is strategically unsound. And in an era where national security is increasingly digital, that is a risk no country can afford. Pavneet Kaur Pavneet is the Editor of ITP.NET, where she leads content strategy and writes across its five brands. A technology writer by choice and passion, she breaks down complex trends in AI, cybersecurity, cloud,... More by Pavneet Kaur