It’s no secret there’s a massive gender disparity in the field of cybersecurity—even after the efforts of the last decade to increase gender diversity, the cybersecurity workforce remains starkly male-dominated. One way to start chipping away at the issue is to gain a more complete understanding of how women and individuals from other underrepresented gender identities in the field got here, what barriers they’ve experienced, and the advice they have for career seekers from underrepresented groups. That’s why I interviewed Rachel Zabawa, a rising talent in cybersecurity here at F5.
Rachel began her cybersecurity career at F5 in sales and transitioned to product marketing, where she currently focuses on full-proxy network security designed to protect networks and data centers against incoming threats, as well as channel partnerships. Outside of work, you’re most likely to find Rachel spending time on creative endeavors such as reading, writing, illustrating, and painting.
Rachael: If someone asked me 10 years ago if I thought I’d be in cybersecurity today, I would’ve said no. For a while I was on a totally different career path. How’d you become interested in cybersecurity?
Rachel Z.: Like you and many other cybersecurity experts I know, I wasn’t actively trying to get into the cybersecurity field. My previous job was in the financial industry, which is greatly impacted by cyberattacks such as volumetric DDoS attacks, brute force attacks, phishing, smishing, and social engineering.
I was naturally drawn to the field because I was interested in how these types of attacks were being executed and how to defend against them.
So, when I switched jobs, I ended up switching my career overall from finance to cybersecurity. It seemed like a natural fit—I’m definitely someone who takes their own personal account security and privacy very seriously. And being part of the solutions that enable others to really take control of their security is fulfilling.
Rachael: The other day I was reading Take Back Control of Your Personal Data, and it reports some interesting stats from a survey on how comfortably equipped people feel in managing their privacy. For example, only 16% felt very in control of their personal data, while nearly 90% expressed concern over their data being shared with third parties. Does stuff like that keep you up at night?
Rachel Z.: I’m very anxious about a lack of governmental controls around personal security and privacy. The large policy gap means that apps are allowed to track and sell your personal data for profit, and they’re only required to do the bare minimum to keep your identity safe from cyberattacks. Regular and increasing reports of publicly disclosed data breaches and scaling attacks such as DDoS are a result of this policy gap.
Every organization is constantly battling advancing attacks like these, and part of my job is to keep the public informed of security solutions like F5 BIG-IP Advanced Firewall Manager (AFM). At F5, we adapt our solutions to advance with the evolving cybersecurity threat landscape, so people and companies can rest easy knowing their data is being protected.
Rachael: Tell me about your experience as a woman in cybersecurity. What’s it like to be part of an underrepresented gender group in the field?
Rachel Z.: Being a woman in any industry that has been, or continues to be, male-dominated is taxing. Common issues are easily identified on paper or in hindsight, but they’re immensely difficult to call out and course correct when experienced in small doses on a daily basis. One example is gatekeeping information. Particularly in specialized industries, people sometimes withhold information, especially from women who are new to the field. It’s like there’s an unspoken trial period for outsiders, where you have to prove yourself to others to get the necessary information to complete your work.
Another example is tone policing, where you risk being perceived negatively unless you end every sentence with a vocal uptick or harmless question and end every email with an emoji, so the actual content of what you’re saying is more palatable to those around you. I haven’t had this experience at F5, but I had many instances of this in my previous jobs.
There’s always a delicate balance between being taken seriously as a woman or member of another underrepresented group and not coming off in a way that society perceives as arrogant, rude, or angry. It adds significant anxiety and stress to daily tasks, while also potentially diminishing authority you have on a subject. Plus, it’s mentally taxing and burdensome to continuously explain and cite examples in order to justify your feelings on the subject.
Rachael: In one of my past careers someone told me I needed to smile more, so I’d come off warmer. I remember being caught really off guard. Smiling wasn’t impacting my performance, and the person didn’t even know me well. For a while that micro-interaction made me pretty insecure. How can organizations better deal with these issues?
Rachel Z.: I think F5 handles this really well, actually. Not only are there clear expectations for working together as a community, but F5 also hires a plethora of intelligent and talented people who are forward-thinking and take communication and inclusion seriously. I believe F5 is a role model in the tech industry in this matter. I feel respected and appreciated in my role by people on my immediate team and those I work with outside of it—even in simple everyday interactions. I can’t speak for all women or for everyone in an underrepresented group, but for me, moving to F5 gave me the opportunity to learn more about a field I was interested in. And I get to learn from experts and have my questions and quest for knowledge and self-betterment taken seriously in all facets of my job.
Rachael: How important is diversity to the cybersecurity industry?
Rachel Z.: Diversity is indisputably important. Without diversity, you lack the ability to understand another person’s lived experiences, and you miss out on their unique perspective and intelligence. Cybercriminals are continuously evolving. They don’t limit themselves to a specific culture, religion, gender, or other characteristic, so why would we?
By confining yourself to a narrow view, you risk repeating potentially inefficient procedures or processes that don’t evolve because you don’t have the benefit of different perspectives. Growing and maintaining diversity in the industry keeps people more open to new ideas and creative processes. And my personal experience is that when you have the opportunity to meet and participate in a discussion with a diverse group of people, you can gain a whole new perspective on something that you wouldn’t be able to reach on your own. So, the question really becomes, why limit your industry, or yourself, to being closed off and becoming stagnant when you have the chance to grow?
Rachel's book collection
Rachael: Cybercrime Magazine has a rolling list of cybercriminal arrests and convictions, and the diversity is eye opening. How can the community better support underrepresented genders—and other underrepresented groups—in cybersecurity?
Rachel Z.: I can only speak for myself here—there are so many nuances that each underrepresented group experiences. Coming from a place of privilege, I know that I need to do more research, educate myself, and own up to my own ignorance when it comes to biases or actions that affect a community that I’m not a member of. Ideally, the cybersecurity community can listen and acknowledge that there are so many underrepresented groups that are affected by things that others may be socially blind to. So, after gaining awareness and acknowledging the tribulations that are socially forced upon underrepresented groups, the community needs to step back and work with these groups, elevate their perspectives, and ensure their seats at the table are permanent and equally reinforced.
Rachael: I agree and especially think listening is a crucial element that you call out. What advice do you have for people thinking of entering cybersecurity whose gender group is underrepresented in tech fields?
Rachel Z.: Continually drive towards your goal and be your own advocate. I was adamant about finding a career that I liked and felt supported in. While I had to take on jobs to stay afloat that didn’t really fall into the career field I wanted, I was able to pivot the skills I learned in each role to be successful in my current career. But it takes time and rejection to actually get to the place you want to be. Perseverance is key.
Other Q&A in this Four-Part Blog Series
A Journey to Gender Parity: Q&A with Navpreet Gill on Empowering Women in Cybersecurity
A Journey to Gender Parity: Q&A with Erin Verna on the Importance of Diversity in Cybersecurity
A Journey to Gender Equity: Q&A with Jenn Gile on Navigating a Successful Career in Cybersecurity
Dive Into Cybersecurity Awareness Month with a Candid Q&A on Gender Equity with Angel Grant
A Journey to Gender Equity: Q&A with Kara Sprague on Breaking Through as a Woman in Cybersecurity