The Changing Female Face of Cybersecurity

Siemens AG’s Natalia Oropeza is seeking to change attitudes toward cybersecurity—a male-dominated industry facing a skills shortage.

Copy Link

The cybersecurity industry is currently facing an employment crisis, as the rapidly changing digital environment creates an ever-greater need for experts in the field. The shortfall of cybersecurity experts will jump to 1.8m by 2022, according to certification consortium (ISC).

In this ultra-competitive environment, Oropeza, hired by Siemens as its chief cybersecurity officer in January, is reorganizing the company’s cybersecurity set-up, and seeks to make the company a magnet for top talent.

“The skills shortage is due to the requirement for cybersecurity to grow very quickly, because digitalization is increasing very fast,” says Oropeza. “I think universities are not yet aware or prepared to develop the type of professionals we need in cybersecurity.”

As a consequence, Siemens will be working with universities in Germany, the U.S. and India to develop courses that will produce the next generation of cybersecurity experts.

Oropeza also believes there needs to be a reassessment of some long-held attitudes about cybersecurity, namely the lack of women in the cybersecurity industry. A frequently cited 2013 statistic from Frost and Sullivan showing that only 11 percent of cybersecurity professionals are female remained unchanged even just last year, according to the research firm’s 2017 Global Information Security Workforce Study: Women in Cybersecurity white paper.

As this imbalance has not appreciably improved in recent years, Cybersecurity Ventures predicts that women will only represent 20 percent of the global cybersecurity workforce by the end of this year.

This is a situation Oropeza is working to rectify, having experienced a lack of gender diversity herself. The situation became clear early on, when she was the only woman in her electronic engineering course at Mexico’s Universidad de las Américas Puebla.

It was a sign of things to come. “I have often been the only woman on the board, or in meetings,” says Oropeza. “I think we need the female perspective in technology.”

Oropeza believes many women may have been put off by a career in technology because of the perceived disconnect between technology and society. “My theory is that, in general, women want to contribute directly to society, and therefore they mainly stay in careers that are close to society such as HR, communications and marketing; in those cases you are really very close to human beings,” says Oropeza. “Traditionally, you are not close to society when you work in technology.”

Oropeza thinks this is changing and she is one of the people working hard to drive that change. Her belief is supported by Siemens’ top management who are convinced that companies have a responsibility for society, a stance that goes back to its founder Werner von Siemens.

Cybersecurity is seen as a purpose-led sector that has the ability to attract people who want to become experts and contribute to creating solutions that will help better secure the future digital world. This enticing remit encompasses all businesses on a global scale—be it hospitals, autonomous driving, robotics or smart and critical infrastructures.

In an attempt to attract more women, Oropeza has taken some practical steps that include acting as a mentor to other women who are either choosing what to study or at the early stages of their careers.

“I’m always the one explaining how wonderful it is to work with technology,” says Oropeza. It is this passion for technology that first led Oropeza, now with over 25 years experience as an IT expert, to study electronic engineering.

Oropeza’s first job was working in telecom for Volkswagen in Mexico, and over the years she rose through the ranks of the automotive company and its former IT subsidiary, Gedas, to become the chief information security officer for the entire Volkswagen Group.

Her various roles have taken her around the world and she has spent much of her time in Germany, where she has always felt very welcome—even when Mexico beat Germany at this year’s World Cup.

“I’m in love with Germany because of the understanding of quality that they have,” says Oropeza. “I come from a culture that is very colorful and flexible," she adds. "I’ve found a lot of warm people here that are always willing to help, and always take me seriously as a professional.”

Oropeza’s understanding of other cultures is aided by her language skills; she speaks Spanish, English, German, some French and some Portuguese. “That helps you to understand the mindset of people,” says Oropeza. “For instance, some countries are more open to risk, whereas others will try and go to ‘risk zero’ if possible.”

So-called soft skills are becoming ever more important in cybersecurity, which is most often viewed through a technical rather than human lens.

“We need complete professionals, meaning people who can communicate and work in teams, and are able to influence and lead others,” says Oropeza. “These are the kind of cybersecurity professionals we need.”

Siemens is currently in the midst of reorganizing its 1,100 cybersecurity experts into a global ecosystem under the leadership of Oropeza. The company aims to foster a global network of cybersecurity experts that will enable Siemens to nurture and promote the best talent.

Oropeza reports directly to Chief Technology Officer and Chief Operating Officer Roland Busch, a member of the managing board. “The board is getting regular reports from me on the status of cybersecurity globally, and this is what other companies need to copy,” says Oropeza. “When you see the structure of a lot of companies, they do not include cybersecurity in the top positions, which means they do not have the proper priority on this topic.”

Oropeza is a strong advocate of educating senior leadership about the latest technology developments, and she herself does at least a week’s professional training every year. This has included the executive program at California’s Singularity University, which deals with so-called “exponential technologies” like artificial intelligence and blockchain.

“Cybersecurity is not only a matter for experts,” says Oropeza. “You need people that understand both cybersecurity and the strategy and objectives of the company very well.” She emphasizes that the key to effective cybersecurity is cooperation, both inside and outside the company.

Oropeza highlights the Charter of Trust as proof that Siemens takes the issue of cybersecurity cooperation seriously. Siemens has rallied a number of other multinational organizations to sign the voluntary cybersecurity agreement—unveiled at the Munich Security Conference in February—that features 10 core principles developed by Siemens and the charter’s eight founding members in an attempt to create a level playing field for cybersecurity.

“We have to cooperate to move forward, because if the hackers win, then no one will win in the digital world,” concludes Oropeza, who is set to be one of the key protagonists in the revolution to make the cybersecurity sector fit for purpose.

Written by Matthew Chapman, for Bloomberg Media Studios