International Women’s Day (IWD) is March 8. While it’s a global day dedicated to celebrating the many achievements of women, it’s also a day for accelerating gender equity. With this year’s theme #EmbraceEquity, it’s a sobering reminder the cybersecurity landscape continues to be heavily skewed—75% of cybersecurity workers are men.
Progress is being made to improve the current state. But projections show it could take more than 130 years to close the gender gap if the world keeps its current pace.
To help inspire more change now and offer unique perspectives around the importance of bridging the gender gap, I sat down with Navpreet Gill to kick off a blog series with individuals from underrepresented gender identities in cybersecurity at F5 and got her take on the value of continuing to empower women to be a part of cybersecurity—not just on IWD, but every day.
Navpreet has been with F5 for over three years. Her role centers on product marketing for web application firewall (WAF) solutions, including F5 BIG-IP Advanced WAF and threat intelligence services. Previously, Navpreet helped drive product marketing and business development for security startups in Silicon Valley. Her experience with security startups inspired her passion for positioning and messaging products and solutions that best address customer use cases and drive business. In her off time, Navpreet enjoys rock climbing, skiing, and hiking with her dog, Henry.
Rachael: I had a non-linear career path before landing in cybersecurity. How’d you break into the industry?
Navpreet: Shortly after my time at UCLA, I received a letter from my healthcare provider notifying me that I was one of the few million impacted by a recent breach. I had just moved from Los Angeles to Silicon Valley and was looking for a job, so I started networking in the tech space. My mentors pushed me further and encouraged me to seek cybersecurity roles.
At its core, cybersecurity’s about protecting people from being victimized—and in my career I’ve enjoyed being on the defense side, protecting people from harm, pursuing bad actors, and continuously learning. I love seeing the impact of my work. The fast-paced environment keeps me focused and keeps my career enjoyable.
Rachael: Many have emerged as proponents of diversity and inclusion in tech, yet cybersecurity continues to struggle with closing the gender gap. What opportunities are there to bridging the divide?
Navpreet: Having more women in the workplace is good for business, bringing diversity in perspectives, leadership, and experience. While this can apply to any role at a company, it’s crucial in the cybersecurity space. We need people with different backgrounds because we’re pursuing cyber adversaries and hackers who also have various backgrounds and experiences. The wider variety of people and expertise we have to defend our digital world, the better our chances of success.
Rachael: Couldn’t agree more. A few years back, the University of Maryland reported a cyberattack happens every 39 seconds, and it keeps getting easier with evolving tactics like ransomware-as-a-service. How can we guide more women toward cybersecurity? What needs to change?
Navpreet: I think it’s a perception problem—at home and in school, young girls are often steered into more traditional roles. A lack of role models also lends significant influence, among other factors like male dominance and peer pressure that inserts the idea of STEM as geeky.
We can flip the narrative with a cultural shift. Teachers and guidance counselors should encourage young girls to seek STEM careers and highlight role models within the educational system. In the workspace, employers should make programmatic efforts to hire and retain women in IT, providing pay equity and equal paths to promotion, along with a gender-inclusive work environment.
Rachael: I’m excited to see actions that challenge the status quo. And I’m energized by everything going on in cybersecurity today. What kind of trends right now make you sit up a little taller?
Navpreet: I’m most excited about Artificial Intelligence (AI) in cybersecurity.
Cyberattacks aren’t going away—they’ll continue to escalate in frequency and sophistication. It’s become rather tricky for cybersecurity experts to react to them all. Hackers and cybercriminals have been using AI. In many cases, AI algorithms are used to detect weak security systems that contain valuable information. AI can also create several personalized phishing emails to trick recipients into giving up sensitive information. AI-driven attacks can also be more tailored and more effective; their growing ability to understand context means they will be even harder to detect.
Rachael: Like using ChatGPT for malicious attacks. All hope isn’t lost for good-intentioned AI, right?
Navpreet: Totally. Machine learning algorithms can more effectively examine the vast amount of data moving across networks in real time and learn to recognize patterns that indicate a threat. Investment in new technology will play a critical role in the emerging reality and evolving ecosystem. It’s crucial to incorporate technology into the ecosystem to combat the malicious use of AI with AI itself.
As an example, behavioral analytics are a requirement for detecting blended attacks. Many layer 7 distributed denial-of-service (DDoS) attacks are stealthy and may go undetected. BIG-IP Advanced WAF uses machine learning and data monitoring to analyze traffic behavior to automatically defend against DoS and DDoS attacks.
AI in cybersecurity is evolving exponentially, and I’m excited to see where it goes.
Other Q&A in this Blog Series
A Journey to Gender Equity: Q&A with Erin Verna on the Importance of Diversity in Cybersecurity
A Journey to Gender Equity: Q&A with Rachel Zabawa on Broadening Inclusion in Cybersecurity
A Journey to Gender Equity: Q&A with Jenn Gile on Navigating a Successful Career in Cybersecurity
Dive Into Cybersecurity Awareness Month with a Candid Q&A on Gender Equity with Angel Grant
A Journey to Gender Equity: Q&A with Kara Sprague on Breaking Through as a Woman in Cybersecurity
Learn More
See what sets BIG-IP Advanced WAF apart
Check out the most recent F5 D&I report
Explore cybersecurity careers at F5
Chad: Why is it so challenging for security architects and engineers to choose the right web application and API protection?
Gary: Choosing the right web application and API protection (WAAP) can indeed be daunting for security and risk teams. The myriad options available complicate the decision-making process—CDN vendors, cloud-native tools, pure-play security products, and WAAP platforms, to name a few.
Each solution comes with varying features, capabilities, and architectures, making it difficult to evaluate and compare effectively. This often results in time-consuming research, a potential for oversight, and the risk of selecting an inadequate solution that might expose the organization to security threats. Plus, the practical versus the theoretical: how will it perform?
Chad: Can you introduce the new "Best API & Web Application Security Solutions Comparison" and explain its purpose?
Gary: Absolutely. This new guide is designed to address the very challenges faced by architects and SecOps professionals that I mentioned previously. It provides a clear, organized side-by-side evaluation of leading solutions, highlighting key components such as architectural flexibility, policy portability, adaptability to threats, lifecycle integration, and security effectiveness. Its purpose is to simplify the decision-making process by presenting a comprehensive overview that helps professionals decide the best approach for implementing application security.
Chad: How does the comparison guide streamline the decision-making process?
Gary: The comparison guide significantly streamlines the decision-making process by saving time and reducing complexity. It provides a concise and organized overview of various solution categories, clearly comparing the strengths and weaknesses of each option. This allows professionals to quickly identify which solutions meet their specific needs, minimizing the potential for oversight and ensuring that they choose the most effective protection for their unique digital environments.
Chad: What are some of the key criteria that the comparison guide focuses on, and can you give specific examples of why they are important?
Gary: Certainly. The guide focuses on several key criteria. For instance, when we talk about architectural flexibility, F5 WAAP solutions stand out because they secure applications and APIs wherever they reside, without requiring redesign, refactoring, or migration. This flexibility is crucial for organizations with distributed environments, including on-premises data centers and multiple cloud platforms, which are becoming increasingly common due to the rise of API-based architectures and AI ecosystems. It ensures that security policy can be applied consistently across all environments and remediation can happen quickly and universally with human-assisted AI defenses. On the other hand, CDN offerings typically require content to be served through their network, which may not suit modern multicloud architectures. These platforms are self-contained and do not provide a single security stack that can be applied consistently across your data centers, public cloud environments, and edge locations. This limitation can hinder agile deployment and scalability, create opportunities for misconfiguration, and burden precious security team resources with policy tuning, incident response, and remediation—making it less ideal for organizations with a complex digital footprint.
Chad: Any other key criteria that the guide focuses on?
Gary: Yes, there's policy portability. Because F5 WAAP solutions offer the advantage of deploying security policies consistently across clouds and on-premises environments, you can execute on your digital strategy without compromising security. The same robust, single security stack follows your apps and APIs wherever they are and wherever they need to be. This uniformity reduces the risk of policy inconsistencies and misconfiguration across different environments, simplifying security management. In contrast, cloud-native solutions are often siloed within their environment, resulting in operational complexity from managing multiple security stacks. This lack of single-stack portability can lead to fragmented security policies and increased management overhead.
Adaptability to threats is another critical criterion. F5 WAAP solutions use AI-driven deception and machine learning to maintain efficacy as attackers evolve their tactics. This adaptability is essential for staying ahead of sophisticated threats and ensuring that security measures can evolve in real time. Pure-play security solutions, however, tend to focus on specific risks and threats—often the most common ones—and cannot adapt to evolving attacker strategies, with tactics, techniques, and procedures now turbocharged by AI. This static approach can leave organizations vulnerable to new and emerging threats.
Chad: Why are comparison guides such as these important?
Gary: In summary, the "Best API & Web Application Security Solutions Comparison" is an invaluable resource for security and risk teams. By focusing on key criteria such as architectural flexibility, policy portability, and adaptability to threats, the guide simplifies the decision-making process and helps organizations choose the most effective web applications and API solutions for their unique environments. Leveraging comprehensive guides and resources is crucial for making informed security decisions, ultimately enhancing an organization's security posture in a complex and ever-evolving threat landscape.
View the detailed comparison chart: Best API & Web Application Security Solutions Comparison guide
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...