A Journey to Gender Equity: Q&A with Kara Sprague on Breaking Through as a Woman in Cybersecurity

To truly advance the cybersecurity profession, we need a wider variety of voices and perspectives. And to achieve that, we need more women and people of underrepresented gender identities to rise through the ranks as leaders. That’s why I’m so excited to present my recent interview with Kara Sprague, Executive Vice President and Chief Product Officer at F5.

For this sixth blog post in the “A Journey to Gender Equity” series, I talked to Kara about how she ended up in cybersecurity, how she navigates microaggressions, and her advice for women and other underrepresented groups building cybersecurity careers.

From the very beginning, Kara has been a true leader. She earned not one but two master’s degrees from the Massachusetts Institute of Technology—one in electrical engineering and the other in technology and public policy. She spent 13 years at McKinsey & Company, where she held various leadership positions across the company’s technology practice. And she’s channeled her passion for advancing diversity and inclusion in technology roles by serving on the board of Girls Who Code.

Today, Kara oversees F5’s entire portfolio of multi-cloud application security and delivery solutions. And even with this demanding role, she’s a third-degree black belt in taekwondo who carves out time five to six days a week to unwind and exercise. Some of her go-to’s? High-intensity interval training, weightlifting, cardio, hiking, biking, skiing, and snowshoeing. She also enjoys traveling and experiencing new places, even if it’s just a small weekend adventure.

Rachael: For the longest time I wanted to be a gallery curator for an art museum. When I moved to Seattle I got my first taste of tech, though, and then found my way to cybersecurity. Did you always intend to work in cybersecurity?

Kara: No, not specifically. Before joining F5, I explored many facets in tech over the course of my career as an engineer and consultant—software engineering at application and middleware layers, hardware test engineering, firmware engineering, product strategy, go-to-market, business-building, mergers and acquisitions, cloud, data and analytics, cybersecurity, consumer tech, enterprise tech, media, telecoms, among others. 

F5 was already an aspiring cybersecurity player when I joined the exec team in 2017 after 13 years as a consultant at McKinsey. My reasons for joining F5 at the time were my conviction in the strategy I helped develop alongside the executive team as a consultant, the F5ers I got to meet through that process, and François’ human-first leadership.

Rachael: When I first got into cybersecurity, I didn’t realize just how fast-paced the industry really is. The threat landscape is constantly evolving in the blink of an eye. If you could go back to your first days in cybersecurity, what advice would you give yourself?

Kara: Nothing is ever simply secure or not secure. There’s a spectrum, and the trade-offs are real. Developing effective cybersecurity solutions requires that you take into account a broad set of factors, including the risk profile of the threats, end-user capabilities and time, and trade-offs with other design requirements, such as performance, sustainability, and cost.

Rachael: In the World Economic Forum’s Global Gender Gap Report 2023, it indicates an overall “drop to the top” for women. As women move up into senior leadership roles, representation takes a hit. For example, the report points out 46 percent of entry-level roles are women, but when it comes to C-suite positions, the percentage goes down to 25. As a Chief Product Officer, what advice do you have for other women and individuals from other underrepresented groups interested in leadership roles—particularly in the field of cybersecurity?

Kara: Cultivate a “white hat” mindset of study it, break it, fix it. I’ve found this mindset very helpful in raising the bar on our product and platform security at F5. It also applies well to a broad range of challenges outside of cybersecurity as a general approach to problem solving. Specifically with regard to the “drop to the top,” I’ve found that studying to gain a deep understanding of the dynamics at play throughout a woman’s career that result in that drop has helped me to navigate my own career with awareness and intention. That awareness and intention has empowered me to break through several of the barriers women face in their career progression. And I aspire to fix as many of the “broken rungs” as possible in the ladder to the top for other women.

Rachael: The 2023 Women in Workplace study published by LeanIn.Org and McKinsey mentions “the workplace is a mental minefield for many women.” As a woman in cybersecurity, have you ever experienced microaggressions or awkwardness at being the only woman in the room? 

Kara: Yes, I’ve experienced several occasions in rooms in which my voice was not heard or ideas not acknowledged as mine. My way of navigating these microaggressions is to mentally note them, but not let them get in the way of driving to a successful outcome from the meeting. If your contribution was ignored but you still feel strongly that it can help advance the agenda of the meeting, then say it louder. If your idea was acknowledged but misattributed, find a way to set the record straight without interrupting the progress of discussion—for example, by building further on the idea or following up with stakeholders after the meeting concludes.

Rachael: What powerful women do you admire and why?

Kara: Ruth Bader Ginsburg. Her life’s work was dedicated to the advancement of equity for women. Taylor Swift. She is an amazing force for women’s empowerment driving measurable economic impact, record-breaking success, and demonstrating incredible business acumen. Malala Yousafzai. She has sacrificed her youth, privacy, and safety to become a human rights advocate for the education of women and girls. 

Rachael: I appreciate those examples for many reasons, but especially because they reaffirm powerful women don’t fit into a box. How can the tech community better support underrepresented groups in cybersecurity?

Kara: There’s a lot the tech community should do. We can create a more diverse and inclusive environment by providing tech-related educational opportunities to potential recruits. We can offer mentorship and sponsorship programs for women and members of underrepresented groups to prepare them for advancement. We can partner with community groups to train individuals that want to take cybersecurity roles. And we can advocate for improved representation in the media. 

Rachael: Thanks so much for lending your voice to an important topic. There’s so much more we could unpeel, but for now any last words or parting wisdom?

Kara: Practice is the only path to mastery of anything. It takes approximately 10,000 hours to become a master at something. What is the way you are spending your time right now preparing you for?