Women in Cybersecurity: We Get What We Tolerate

Women in cybersecurity aren’t just battling digital threats—they’re also fighting outdated workplace norms, implicit biases, and the constant expectation of balancing leadership with caregiving. The cybersecurity industry remains male-dominated, and despite progress, many female professionals still find themselves burdened with additional challenges their male counterparts rarely face.

Cybersecurity expert and author Jane Frankland put it bluntly in a recent conversation on the Thales Security Sessions podcast The Cybersecurity Gender Gap: Hard Truths and Bold Solutions: “We get what we tolerate.” It’s a powerful statement that calls for action. If women in cybersecurity continue to accept inequitable workloads, biased leadership structures, and a lack of visibility in leadership, change will remain out of reach.

A Cybersecurity Crisis Beyond Threat Actors

The pressure of working in cybersecurity is immense, regardless of gender. Security teams operate in a relentless environment, including constant threats, evolving attack strategies, regulatory pressure, and, increasingly, job insecurity due to layoffs and burnout. Male cybersecurity professionals face these challenges as well, but for many women, the stress is compounded by workplace biases, unequal opportunities, and the expectation of juggling both career and family obligations.

The cybersecurity industry often embraces a culture of extreme accountability. If a breach happens, the CISO takes the blame. If an employee clicks on a phishing email, they’re at fault. An earlier guest on the Thales Security Sessions podcast, a professional red teamer named FC, voiced his frustration with this dynamic. He pointed out that organizations train employees to move fast and respond quickly—then blame them when they do that by clicking a well-disguised phishing link.

This “rugged individualism” mirrors broader workplace norms, especially in North America, where personal responsibility is often emphasized over collective support. The question is: How do we challenge a culture that places all the burden on individuals while ignoring systemic flaws?

Mindfulness versus Tolerance: Finding the Balance

Second podcast guest, Kate Barecchia, VP, Deputy General Counsel, and Global Data Privacy Officer at Thales, shared her perspective—one deeply influenced by Thích Nhất Hạnh, the Vietnamese Buddhist monk and teacher of mindfulness.

His philosophy emphasizes “repair rather than blame.” Instead of looking for someone to fault when things go wrong, he teaches that true leadership involves recognizing the problem, fostering understanding, and actively working toward a solution. This is also central to the concepts of Kaizen and Gemba, at the heart of proactive management. But does this philosophy contradict Jane Frankland’s assertion that we get what we tolerate? No. Instead, it offers a framework for deciding what must change and how to change it.

Lessons for Women in Cybersecurity

During the discussion, Jane and Kate explored the complex balance between challenging the status quo and fostering meaningful change. Here are three key takeaways:

1. Recognizing When to Challenge versus When to Heal

Mindfulness teaches us to pause and reflect: Are we tolerating something that must be challenged? Or is this a moment to listen and repair?

Women in cybersecurity—and tech in general—have long accepted toxic workplace cultures, often internalizing their struggles rather than demanding change. But awareness is the first step. If an environment is actively harmful, leaders and employees must push for structural change rather than adapting to dysfunction.

2. Setting Boundaries and Changing Workplace Norms

The expectation that women must balance career success with primary caregiving roles leads to burnout, stalled promotions, and unnecessary self-sacrifice. While mindfulness can help individuals manage stress, it is not a substitute for systemic change.

Women in cyber, and their allies, must push back against inequitable workloads, exclusionary leadership cultures, and outdated expectations. As Jane Frankland stated: “We cannot tolerate toxic behaviour. We have to be smart about how we deal with it.”

3. Leading with Strength and Empathy

The most effective cybersecurity leaders understand that true leadership is not about toughness versus compassion—it’s about both.

Psychological safety in the workplace empowers employees to contribute without fear, voice concerns, and innovate freely. Women who demand better workplace conditions while also practicing mindful leadership help set a precedent for the next generation.

This is a leadership philosophy that extends beyond cybersecurity. Satya Nadella, CEO of Microsoft, has transformed the company’s culture by emphasizing empathy, psychological safety, and a growth mindset—principles that have strengthened Microsoft’s ability to navigate the evolving tech landscape. Similarly, Faryl Robin Gilston, CEO of Faryl Robin Footwear, has made headlines for prioritizing flexibility and well-being, proving that corporate success does not require sacrificing employee health.

Yet, as Jane Frankland and Kate Barecchia discussed in the podcast, many industries—including cybersecurity—still struggle with the outdated notion that leadership must be rigid, aggressive, or hierarchical to be effective. The reality is that leadership grounded in empathy, inclusion, and psychological safety creates stronger, more resilient teams.

Kate’s reflections on Thích Nhất Hạnh’s teachings reinforce this point: great leaders repair rather than blame. But as Jane warns, “We cannot tolerate toxic behaviour. We have to be smart about how we deal with it.”

The future of cybersecurity leadership isn’t about choosing between strength and empathy—it’s about blending the two to create workplaces where everyone can thrive.

Moving Forward: Rejecting Tolerance Without Losing Empathy

This is not just a women’s issue—it’s a workplace evolution that impacts everyone. The biases and pressures shaping workplace culture have existed for centuries, and cybersecurity professionals of all backgrounds must work together to break the cycle.

The core lesson from this podcast episode is simple:

We can be both mindful and firm.

We can listen deeply while still holding others accountable.

We can refuse to tolerate what no longer serves us while still striving to repair what can be saved.

Steve is a specialist in organizational psychology, focusing on the interaction of people, technology, and change. He works as a speaker, author, broadcaster, and writer with clients in IT, cybersecurity, government, healthcare, and law, dealing with cybersecurity, AI, blockchain, and the future of work.