InSecurity Podcast: Cheryl Biswas on Diversifying Cybersecurity


“You better watch out
Oh, what you wish for
It better be worth it
So much to die for
Hey, so glad you could make it
Yeah, now you've really made it
Hey, there's only us left now”

~Hole – 1997, Celebrity Skin

What if I told you that compared to men, higher percentages of women in the cybersecurity profession are in some of the most sought-after positions?

Within the security workforce, the population of women in key spots is surging:

  • Chief Technology Officer: 7% of women vs. 2% of men
  • Vice President of IT: 9% vs. 5%
  • IT Director: 18% vs. 14%
  • C-level / Executive: 28% vs. 19%

Women in cybersecurity are generally more educated and younger than their male colleagues - 44% of men in cybersecurity hold a post-graduate degree compared to 52% of women. Also, nearly half of women cybersecurity professionals surveyed are millennials – 45% compared to 33% of men. By contrast, Generation X men make up a bigger percentage of the workforce (44%) than women (25%).

Now, what if I told you that the gender pay-gap hasn't moved at all? Women still make less than men - according to the 2018 (ISC)2 report, women in security management positions make on average $5,000 less than men do.

It is this environment that spurred a group of women to create The Diana Initiative.

In this week’s episode of the InSecurity Podcast, Matt Stephenson chats with Cheryl Biswas about why the time was right to co-create The Diana Initiative, and why four years later, it has a new home and is a key part of that stretch of August where the cybersecurity world convenes in Las Vegas to figure out how to save the world.

The organization’s mission is to encourage diversity and support women who want to pursue careers in information security, to promote diverse and supportive workplaces, and to help change workplace cultures.



About The Diana Initiative

It was the summer of 2015. Hackers from around the world had gathered in Las Vegas for DEFCON 23. In a cafeteria tucked away in the basement of Bally’s and Paris, nine women found themselves sharing their experience in the field of Information Security.

They were all passionate about their challenging roles in the male-dominated field, and began exchanging strategies for success in this challenging environment. It was then and there that they accepted their new mission: to create a conference for all those who identify as women/non binaries, and to help them meet challenges in the field with resilience, strength and determination.

The first event in 2016 began with a morning speaking track, an afternoon of lockpicking, and badge soldering in a small suite at Bally’s, bringing attendees together in a collaborative, comfortable setting. Interest and attendance showed that demand for a woman-focused infosec conference existed.

During the summer of 2018, The Diana Initiative conference soared in popularity. But with this incredible growth and popularity, the space still couldn’t meet the demand, as attendees were continuously turned away due to over capacity of all the suites, so they continued to expand.

For more information, make sure to follow them at @DianaInitiative and keep up with them on LinkedIn and Facebook.

About Cheryl Biswas

Cheryl Biswas’s (@3ncr1pt3d) fascination with computers started with those blinking machines on the original Star Trek, and the realization that if she could learn to work those things then she could boldly go anywhere!  

But Cheryl didn’t learn math like most everyone else, and found herself struggling. She was even discouraged by a few key people who convinced her that she couldn’t learn computers, so she didn’t take programming or Comp Science. They were wrong, though - curiosity and passion led Cheryl to technology through the a different route, and she taught herself.

Currently, Cheryl is a Threat Intel analyst, researching, analysing, and communicating her discoveries to the her team and to clients to keep them safe. GRC, privacy, APTs, best practices, evolving threats – Cheryl never stops learning. Cheryl is an active writer and speaker about threats to less-known but critical systems like ICS/SCADA and mainframes, shadow IT and Big Data. 

You may have seen her present at some of the most important security conferences, including Security BSides in Las Vegas and Toronto, DEFCON, ShmooCon and SecTor.

About Matt Stephenson

Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity Podcast and host of CylanceTV.

Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Matt to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before.

Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.