Skip to Main Content
The Review

Tackling the cybersecurity gender gap: Empowering women to lead the way in tech


Hear from RBC leader, May Sarout, on how we can close the gender gap and encourage more young women to get involved in cybersecurity


Don’t miss Women in Cyber, an exclusive panel event hosted by CanHack & Hackergal, coming up on November 18. Keep reading for more details.

The gender gap we see in tech isn’t exactly a novel issue. In the cybersecurity field, women only represent about 20 percent of the workforce. The gap has indeed narrowed in recent years, however, the industry still has quite a long way to go to achieve equitable gender representation.

May Sarout headshotThankfully, organizations like RBC have several initiatives in place to ensure we are closing this gap – from educating young women and launching partnerships like CanHack with the DMZ, to looking inwards at the organization’s hiring practices to ensure there are diverse individuals represented in tech and leadership roles.

As the Senior Director of Cyber Security Strategic Partnerships and Innovation, May Sarout is working hard to increase the representation of women in Canada’s ever-evolving tech sector. May’s passion for advancing gender diversity and empowering young women in tech is clear; her involvement in initiatives like CanHack, participation in tech events and speaking panels and efforts to raise awareness for more women-identified leaders in cybersecurity are collectively making an impact to tackle the diversity gap.

RBC CanHack DMZ event

May shared her insights on the barriers for women in cybersecurity and how young women can get a head start on a successful career in the field. We also asked May what advice she would give tech companies on building diverse teams, and how they can be more intentional about implementing inclusive hiring practices.

Here’s what May had to say.


Why does the cybersecurity gender gap exist?


In my opinion, there are three major reasons why there are fewer women in cybersecurity than there should be. First, there is a huge misunderstanding and misconception about the cybersecurity field, and this leads women to shy away from it. Second, there is a lack of understanding of the variety of roles within cyber, which I will speak to a little later. Lastly, when reviewing job roles, women are generally less likely than men to apply for jobs where they don’t meet every single qualification on a job description – making the number of women in an applicant pool even smaller.


How do we address this gap? What can we do to fix it?


I have a few suggestions, and RBC is already working to address all of them. The first thing we can do to address this issue is create programs that are specifically catered to women.

Another thing we can do to address the gap is to invite more successful women role models to share their journeys on speaking panels and events. This allows younger women in the audience to envision themselves in a similar leadership position and reassures them that they too can be successful in the field. Further to that, it’s important the outreach to young women is there so that they are aware of these events and opportunities in the first place.

We need to be sharing more information about the variety of roles in Cybersecurity. The more that women know about available roles, the more likely they may see themselves in a role.

For the young women-identifying innovators who might be interested in exploring a career in cybersecurity but aren’t sure what their options are, what could a career path in this field look like?


There are so many different paths to take!

On one hand, some career paths may take a more technical route. But on the other hand, some Cyber roles require no technical skills. Effective cybersecurity is about more than the technology alone. We need people in cybersecurity that have a thorough understanding of human behaviour and can take a psychological approach to reducing cyber risk.

There are also roles that are involved in the marketing, education and awareness around cyber, and these roles may require little to no technical skills. These roles might require some domain knowledge, but it’s more important the individual has a marketing or communications background than cyber.

Finally, many roles fall in the middle of this spectrum, including project management, business analysis, quality assurance – every cyber organization needs these roles, and these skills can be transferable from other fields in tech. As long as you have the passion for cybersecurity space, you will likely find a role that’s right for you!


How can young women get involved in cybersecurity early?


There are plenty of initiatives that allow youth to have fun as they learn about cybersecurity. CanHack, the initiative we host in partnership with the DMZ, is a great way for young women to get involved early. It’s a fun challenge that helps participants think critically and use problem-solving skills. Hackergal is another great organization that has opportunities designed especially for girls.

There are also lots of business associations catered to women in cyber that you can get involved with, such as Women in Cybersecurity. Leading Cyber Ladies is another one to check out. Take a look at LinkedIn, there are always events going on related to the industry.

The good thing about the days we’re living in now with virtual events is that you’re not restricted to attending events just in your local area. The world has become much more global, and in a way, it’s opened up more doors!

What advice do you have for tech companies that want to adopt more inclusive practices?


Study after study shows that diverse and inclusive teams are more successful. When it comes to diversity, we shouldn’t focus solely on gender diversity. We should look at all diverse talent, whether it’s gender-based, culture-based, age-based, or experience-based.

The advice I would give to companies would be to set certain goals related to diversity and inclusion. Be mindful of what you want to achieve. Declare diversity and inclusion in your performance targets and make sure you track it and measure it on a consistent basis. Diversity and inclusion have to be prioritized.

It’s important to have diversity and inclusion measures within your hiring process. For example, at RBC we ensure that there is diversity in all teams and across all levels of the organization. Hiring managers must report on how many diverse candidates they interview and whether their chosen candidate was a diverse hire.

Beyond setting targets, it’s also important to make sure you have a culture that fosters diverse hiring. If you want to hire more Black, Indigenous, or People of Colour, you must include members of those communities in the recruitment process. This will allow job candidates to see that they have a place in your organization and feel more passionate and confident about the selection process.

How does your team at RBC take measures to address the gender gap issue that exists in the cybersecurity field?

The purpose of the Cybersecurity Strategic Partnerships and Innovation team is to be a major catalyst in growing and lifting cybersecurity talent, thought leadership and innovation in Canada. We do this by growing the cybersecurity talent pipeline, training programs, advocating for diversity and increasing diversity of available talent, increasing interest of future generations in cyber.

First, we’re addressing the cybersecurity gender gap through RBC’s internal recruitment processes. This is prioritized for all areas of the organization at the Executive Committee level. Our Senior Vice President of Cyber Security is a woman – Laurie Pezzente (who has won Canada’s Most Powerful Women – Top 100 award, among several other awards). Additionally, two of the four Executives reporting to our SVP are also women.

RBC is constantly being recognized for its diversity and inclusion initiatives. It’s not just cybersecurity, either – RBC is focused on promoting diversity in all fields.

We partner with organizations like Ryerson and the DMZ on initiatives such as the Cybersecure Policy exchange and CanHack. We’ve also built the RBC Women in Cyber stream within the Rogers Cybersecure Catalyst.

This year, for CanHack 2021, we set specific targets to increase women’s representation.

Not only will CanHack be offered to Canadian students coast-to-coast, but CanHack 2021 will also be special in that DMZ will run women-only workshops on a number of cybersecurity topics to support women in STEM, and work with organizations like Hackergal to inspire and recruit more female participants to the challenge.

Calling all Canadian high school teachers and community supervisors! Would you like to learn more about CanHack and other cybersecurity opportunities for women?  

Register here to learn more about the 2021 CanHack Challenge.

Join us for the Women in Cyber panel, hosted by CanHack & Hackergal on Wednesday, November 18 at 5:00pm. Register here.

 The panellists will share their experiences as women who are making an impact in the field and address how to collectively create better pathways for women in cybersecurity in Canada.  

Questions related to CanHack? Reach out to Naveed Tagari at