Women With Resilience Succeed in Male-Dominated Cyber Industry - Dark Reading

CYBERSECURITY OPERATIONS CYBERSECURITY CAREERS REMOTE WORKFORCE CYBER RISK NEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Male-Dominated Cyber Industry Still Holds Space for Women With Resilience When trying to crack your way into a cyber career, true passion and a bold love of the industry is a must to set yourself apart from hundreds of other job applicants, according to Weave CISO Jessica Sica, in this latest "Career Conversations With a CISO" video. Kristina Beek,Tara Seals August 1, 2025 DARK READING At a Glance Finance, highly regulated industries provide better entry points for cybersecurity beginners due to structured security reqs. Women in cyber face challenges, but confidence and finding mentors who have diverse industry experience is key to success. Demonstrating genuine passion for security is pivotal to landing a role and succeeding in the field. Welcome to Dark Reading's "Career Conversations With a CISO" video series, showcasing advice on breaking into and advancing within the cybersecurity field from those who have been there. In our latest installment, Dark Reading associate editor Kristina Beek interviews Jessica Sica, CISO at Weave Communications, about what she has learned about practicing cybersecurity in a variety of fields. Although her career has spanned more than 20 years, Sica first started working as a receptionist in a call center. Eventually, her inclination toward technology led her to providing technical assistance to support Windows 95, before working her way up the ladder and into security. In reflecting on her years in the field, Sica talks about what qualities she looks for in potential candidates, how women interested in going into the field will need to be resilient in such a male-dominated field, and what industries might serve entry-level professionals best when first starting their security careers.  Related:Software Development Practices Help Enterprises Tackle Real-Life Risks Also, check out the first interview in this series: "Cyber Career Opportunities: Weighing Certifications vs. Degrees" with longtime CISO Melina Scotto. Jessica Sica: Full Video Transcript This transcript has been edited for clarity. Kristina Beek: Hi, I'm Kristina Beek. I'm an associate editor with Dark Reading, and I'm here today with another episode of "Heard It From a CISO," accompanied by our CISO, Jessica Sica. We're here largely to talk about what it means to be starting your career in cybersecurity today. Please introduce yourself and tell us about your background and the work you do today as a CISO. Jessica Sica: I currently work at Weave Communications, a communications and billing platform for small and medium medical practices, and dental offices, as a SaaS company.   I've been in security for many years, over 20 years, and I've worked in a lot of different industries. I've worked in various positions because obviously working your way up to the CISO level, you don't generally start there. KB: Let's start with that. How did you first get involved in cybersecurity? And  looking back, what has it been like over the years working in this field? JS: How I got in was not too atypical, but I came in through the technical side, through the help desk side of IT. Many years ago I was working for a call center, and I was actually a receptionist there and they needed somebody who was technical to support Windows 95 (certainly dating myself now). I'd always just been kind of that techie. I played with computers before I got into my career and I always had that background and that curiosity. So I started at a help desk and worked my way up there.  Related:How to Stay on Top of Future Threats With a Cutting-Edge SOC From the help desk, I went into network engineering. From being a network engineer, it was a natural progression over into security because there's overlap; you work with firewall rules and configurations and intrusion detection, and some of the technologies that you work with as a network engineer really translate into security. Of course, there are many ways to get into the field, and we can certainly talk about that more. KB: What are the best parts of working in this field for you? JS: Some of the best parts about working in security through the years is that it's always interesting. It's always changing. When I first got into security, the concerns that we had were different than the concerns we have now. Ransomware wasn't even talked about back then. I think it's one of those professions where you can get into it and it keeps you intrigued, and you have to keep studying. You have to keep on top of your game and it's not boring. I get bored easily, and you don't want to get bored with your profession. And security is not a boring profession because it's always changing and always evolving. Related:Cyber Success Trifecta: Education, Certifications & Experience KB: What would you say is different today about entering cyber than when you first started out? JS: I think it's fascinating to me because everybody says the security industry is growing rapidly, but it's getting harder and harder to get in. Gaining the entry level jobs I think is getting more difficult.  Companies are getting more demanding and saying, "oh, you need to have security experience to work in security" — but that's putting the chicken before the egg. How do you get there? That's always been a problem, but I think it's even more of the problem now. I think people are getting really particular about what they want, maybe because there's a larger talent pool.  Some of the jobs I'm seeing, for instance, say we want you to have this very specific password management tool, or we're not even going to hire you. They get 500 applications, and if that tool's not on your resume, they're just going to ignore it. I don't think that was necessarily the case when I first got into it. It was still difficult, but I think it's getting more difficult, and people are looking for more niche skills.  The reality is, you can be familiar with other password managers and learn if you have that aptitude and apply it to the new tool. So, it's unfortunate that companies are going that route, but I think it's one way to filter out the mass amount of resumes that they're getting and that makes it more difficult today to get in for sure.  The rise of AI is going to make it even more difficult in the future to get started because especially in those entry level jobs, I think some of those tasks are going to be replaced with AI. Not sure that we're there yet, but when that happens, it will be an interesting challenge. KB: You mentioned that job requirements are getting more niche. What would you recommend to people interested in these kinds of jobs? Is it best to pursue a formal education in cybersecurity or pursue a different route? JS: My recommendation if security is really the path that you want to go down, is that the four-year degree is probably not going to help you a whole lot. You can be book smart, but then you don't necessarily have the skills needed. Maybe down the road if you want to get into management or get into a higher level position, maybe you go get that degree then.  I agree with the certification route, however I've seen people who have certifications, but they don't really understand security. So, if all you're going to do is go out and say I want to take this exam and study for it and pass it, then that may not be enough. You need to be passionate about security. You need to understand security. You need to dig into security. If you really want the edge over those 500 people that are applying for the same job, you need to live and breathe it. And it needs to not just be something that you want to get into because it sounds cool. You can see the people who are just security-certified and don't have the passion for it, you can tell. And I'm not necessarily going to hire one of those people because I want to see somebody who has the passion for it. KB: That leads me to my next question: what are cybersecurity companies really looking for when they're hiring, not just education wise, but also in terms of personal qualities? JS: Yeah, I can speak to myself personally, and I think some others that I've talked to about this is, is the aptitude and the passion matter more than maybe the technical skill. Technical skill is important, maybe their people skills and their passion are a three versus somebody who people skills and a passion are a 10. I think those soft skills are more important, as long as you have that aptitude and as long as you have that ability to learn and grow and become smarter and become a better security person and you have that desire for that. Also, it's not just the CISOs and the VPs and the directors that need to understand the business; the engineers and the analysts need to understand the business as well and be able to work in that world. KB: At Dark Reading, my managing editor and our editor in chief, they're women. So it's cool to be surrounded by women in tech. But I feel when I'm exposed to the greater community, it's a lot of men, which is fine, but what advice would you give to women who are trying to break into this field? JS: Yeah, that's a great topic. Having thick skin I think is important because sometimes you're going to hear things as a female in an all-male security world. I've been fortunate in a lot of my jobs where I've had female co-workers and female bosses, but it's certainly not common. And at conferences, it's not common. You just have to be strong with who you are, be confident with who you are and realize you're going to be around a lot of men. That's just the reality of it. You might hear some things you don't want to hear, not that you should hear or put up with sexist remarks or other things. But men and women work a little bit differently sometimes, and you're just going to have to live with that and understand that that's the world that you're in. I've been in the gaming industry, I've been in different types of companies. Some environments are a boy’s club, and maybe that's not the right place in the long run because you might not get promoted. But it's certainly a good place to learn and grow and get pushed I think because you have to try almost even harder to get noticed if they're just promoting their buddies. And at the conferences — I'm going to Black Hat next week. Most of the sessions you go into are 80% to 90% men. You just have to be confident in who you are and strong in who you are and realize that that's just the world you're going into. KB: Earlier you said that you've had different roles in cybersecurity in different industries. What is an industry that you feel is really good for people who are starting out in terms of cybersecurity. What would you recommend? JS:  I think finance and banking, or maybe any very highly regulated industry because security is a little bit more cut and dry in some of those industries. You just can't do certain things, period. Some organizations, SaaS companies, video game companies, companies that are less regulated might be a little bit more nuanced. I've been at video game companies and it's not that cut and dry. You have to consider, well, what is the business need? What's the trade off of security? What's the risk here? KB: My last question for you is how can someone find a mentor in this field? What should they look for? What qualities should stand out to them? JS: You have to look at where you want to go and what you want to do and what you want to be. There are a lot of different areas in security. There's governance, risk and compliance, audit. There's the more technical side. If you're not sure what you want to do, then perhaps who you look for in a mentor is somebody who's done all of those things because they might be able to help steer you into the direction you want to go.  Mentors aren't going to approach you. You may need to approach them. You may contact them on LinkedIn, maybe you're at a security conference and you're just having a conversation with somebody. You've got to be bold in security and you've got to be brave. And sometimes you just have to approach people and say, would you be interested in mentoring me?  Personally, I look for somebody who's been around a little bit and not just been at one company for 30 years. I think there's a lot to be said for company loyalty. But if you're new and you're just getting into security, look for somebody who's done a few different things, who's worked a few different jobs, and maybe somebody who's even struggled a little bit, or had a hard time breaking in because those are all reality things. And if somebody's done that personally and experienced that personally, they're more likely to be able to help you out along the way. KB: Thanks, Jessica. Before I let you go, do you have any last remarks? JS: Security is a broad space. If you're trying to get into security, it could be beneficial to narrow it down a little bit on where you want to go. You might have better luck that way. I've certainly had employees who haven't had that direction, and it's hard to coach them and it's hard to mentor them if they don't know what they want to do or where they want to be. So, spend some time reflecting and thinking about that and what you want to do in security and why you want to be in security. If it's just for the money or the career opportunities, it's probably not the right place for you, and you're probably going to have a harder time finding people to hire you because they'll know the passion's not there. Read more about: Heard It From a CISOCISO Corner About the Authors Kristina Beek Associate Editor, Dark Reading Kristina Beek is an associate editor at Dark Reading, where she covers a wide range of cybersecurity topics and spearheads video-related content. She is the creator and host of the Heard It From a CISO video series, where she interviews CISOs, directors, and other industry strategists to provide insights into the ever-evolving cybersecurity landscape. In addition to her editorial work, Kristina manages Dark Reading's social media channels and contributes to the platform's video coverage. Kristina graduated from North Carolina State University in 2021 with a degree in Political Science, concentrating in law and justice, and a minor in English. During her time at NC State, she honed her writing skills by contributing opinion pieces to the university's newspaper. After graduation, she began her career as a content editor before joining Dark Reading. Currently based in Washington, DC, you can find Kristina reading, taking walks in Georgetown, and wandering the museums surrounding the National Mall. Tara Seals Managing Editor, News, Dark Reading Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY OPERATIONS County Pays $600K to Wrongfully Jailed Pen Testers by Nate Nelson, Contributing Writer FEB 02, 2026 CYBERSECURITY OPERATIONS Embracing the Next Generation of Cybersecurity Talent by Bruce Johnson SEP 05, 2025 CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge THREAT INTELLIGENCE Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 MAR 16, 2026 THREAT INTELLIGENCE The Data Gap: Why Nonprofit Cyber Incidents Go Underreported MAR 13, 2026 CYBER RISK Cyberattackers Don't Care About Good Causes MAR 13, 2026 CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans MAR 12, 2026 Read More The Edge Want more Dark Reading stories in your Google search results?