I’m continually amazed by the many women and other people of underrepresented gender identities who work in cybersecurity—at both the successes they’ve achieved and the barriers they’ve overcome navigating this industry. And one of the women who inspires me is Jenn Gile, head of product marketing for NGINX, F5’s product line focused on modern application technologies for Developer and Platform Ops teams.
For this fourth blog post in the “A Journey to Gender Equity” series, I caught up with Jenn to discuss what drew her into cybersecurity, the obstacles she’s experienced along her career, and advice for those just starting out.
Jenn is a seasoned marketer and thought leader in the cybersecurity field who focuses on open source and distributed app security. She’s a trusted authority in promoting the adoption of open source software (OSS), while maintaining robust security measures. Jenn's strategic insights and ability to articulate complex concepts have solidified her reputation as a valuable asset in raising awareness and driving cybersecurity advancements.
Rachael: Walk me through how you got to where you are today. Did you always intend to work in cybersecurity?
Jenn: Absolutely not! The 23-year-old me never would have thought I’d end up being a marketer or in the cybersecurity field. I studied culture, literature, and languages in college with aspirations of a career in the diplomatic service. While I never made it to an embassy, I did spend the first 13 years of my professional career working for the U.S. Department of State’s passport division. Security is a core part of issuing passports—after all, a U.S. passport is something of an all-access pass to the world—but my primary focus at that time was on training passport employees on citizenship law and leadership skills.
The government career got me through times of economic instability and the birth of my son, but I craved a more dynamic industry, so I pivoted to tech in 2018. I gradually worked my way into cybersecurity and eventually got into product marketing for NGINX.
Rachael: It’s refreshing to be reminded there isn’t a one-size-fits-most path to get started in the cybersecurity industry. I studied Spanish and Communications and then worked in legal and advertising before jumping over to tech and then narrowing in on cybersecurity.
If you could go back in time to your first days in cybersecurity, what advice would you give yourself?
Jenn: I got some bad advice a few years ago, and I didn’t have the experience to know it was bad, so I let it eliminate a potential job path. Luckily, I’m pretty stubborn and driven, so I didn’t fully let it discourage me. But today I’d tell myself, “It’s okay you don’t have a technical background; don't let people tell you it’s required to thrive in this industry.”
Rachael: You’re right. It’s not an if/or situation. Technical or not you can be successful in cybersecurity—and the same goes with whatever your gender is. There’s a lot of opportunities for individuals from all backgrounds in cybersecurity. In fact, I saw the National Institute of Standards and Technology lists there’s a 3.4 million global shortage of cybersecurity professionals, and by 2025 lack of talent or human failure will be responsible for over half of significant cyber incidents.
The cybersecurity sector needs to fill that skill gap and at the same time focus on balancing out how male-dominated it is. What are some tips you have for people whose gender identity is underrepresented in tech fields who are looking to break into or just starting out in cybersecurity?
Jenn: First, find your community. Even if they’re in different parts of your business or at other companies altogether, surround yourself with other underrepresented people who understand what you’re going through and allies who are ready to jump in to help. My community includes gender-diverse people and allies from marketing, sales, HR, developer relations, and more.
Second, find a mentor. Identify someone—or more than one person—in your field who’s amazing at the job and will share their knowledge and experiences. I've found mentors at work, in my friend circle, and on social media.
Finally, get a sponsor. As you gain experience, look for people to sponsor you and vouch for you as you progress in your career and take on more responsibilities. I know of at least three people I can count on at F5 to talk me up when there’s an opportunity.
Rachael: Agreed. Carving out a support system helps in so many ways. It’s important to surround yourself with good people that you can trust. While navigating your career, have you ever experienced barriers because of being part of an underrepresented gender group?
Jenn: I haven’t found cybersecurity to be any more difficult to navigate than the broader technology field. But let me be clear: Neither is easy. I’ve been fortunate to work with a lot of wonderful men who were raised or educated to treat women as equals, and they’re often the first to speak out when someone discriminates against women. But I also think that’s something of a double-edged sword because it can produce a blind spot. I’ve encountered many men in tech who think that because they can identify blatant sexism or misogyny, they can’t possibly exhibit that kind of behavior. Having personally been held to higher standards than male counterparts by men who tout themselves as feminists, I know this isn’t true.
Rachael: I appreciate you bringing that up, especially because when things like that happen it can be challenging to call out in real time. Developing and maintaining self-awareness is important. How can the community better support underrepresented genders and other minority groups in cybersecurity?
Jenn: First, help us build diverse communities and connect underrepresented groups with mentors and sponsors. Second, when important decisions are being made, make sure to include underrepresented groups. Third, make sure words are supported by actions.
Leaders, in particular, have an obligation and an opportunity to improve diversity in cybersecurity. This can seem daunting, but it doesn’t have to be. For example, each time my team has a vacancy, I ensure our interview panel is at least 50% women. This does two important things: For the interview panel, underrepresented genders have a direct impact on our hiring process and can help the panel make better decisions. For the candidates, a diverse interview panel communicates the importance of women in our workplace and sets the tone for what they should expect from F5.
Rachael: Once I interviewed with a panel that looked and acted like a carbon copy of one another, and it definitely was a red flag for me. I think diversity is important to every industry, but why do you think it’s important to the cybersecurity industry in particular?
Jenn: Perhaps this is an oversimplification: Attackers and vulnerabilities are diverse. They come from all over the world, and whether malicious or accidental, they can be caused by a diverse array of people. The cybersecurity industry needs a diverse workforce to match the diversity we see in the world.
Rachael: A lot of times people get caught up complicating the uncomplicated, and I think you summed that up so well. Before I let you go, will you sum up one more thing for me? Earlier you mentioned getting into tech because it’s a dynamic industry. The cybersecurity world is constantly evolving. What cybersecurity trend is currently on your radar?
Jenn: The concept of a software bill of materials or SBOM is a growing trend spurred by government regulations and mandates, and it will be especially impactful in the OSS industry. I think this is a smart trend because it seeks to mitigate supply chain risks that can lead to vulnerabilities and breaches. But there isn’t much consensus on how to use an SBOM to improve security. I think we’ll see that get clearer over the next year as organizations across numerous industries try to put SBOMs into practice.
We at F5 are working to help organizations comply with SBOM requirements through the Open Source Subscription. This helps NGINX Open Source shops ensure common software supply chain vulnerabilities are addressed via an enterprise support contract, specifically covering topic issues of common vulnerabilities and exposures or CVEs, patching, regulatory compliance, and confidentiality.
Other Q&A in this Blog Series