Beneath the progress on gender inclusion in industrial cybersecurity lies a more complex and unresolved terrain. Intersectional inequities, rooted in the confluence of gender, age, cultural norms, and socioeconomic origin, continue to define who participates in, advances through, or quietly exits the OT (operational technology) workforce. The industrial sector’s longstanding allegiance to hierarchical systems and operational orthodoxy has created an ecosystem where diversity efforts often default to superficial compliance, failing to interrogate the deeper scaffolding of exclusion.
Across ICS (industrial control system) and OT domains, these overlapping biases tend to be structurally encoded in access to sponsorship, informal knowledge networks, and the unwritten rules of advancement.
Data has shown that women represent 51% of the population, and 60% of those attending college today. However, only about 12% of the ICS security community are women. It often is difficult for women to enter and thrive in the male-dominated and often intentionally and unintentionally discriminatory ICS security field.
Initiatives aimed at recruiting more women frequently overlook retention, particularly of those whose experiences fall outside dominant social paradigms. Thus, resulting in not just an underrepresentation of women, but a systematic attrition of difference.
Yet, in some quarters, change is emerging, with organizations beginning to treat inclusion beyond a moral obligation and more as an operational imperative by designing interventions that are equity-centered, data-informed, and structurally embedded. These measures can include re-engineered mentorship models, distributed leadership development, and peer networks that reflect power and redistribute it.
True resilience in OT cybersecurity demands more than securing systems. It requires deconstructing the social architecture that governs who secures them and on whose terms.
Overlapping biases in OT security roles
Industrial Cyber reached out to women in the industrial cybersecurity field to explore the overlapping challenges they face, including gender bias, racial discrimination, ageism, and socioeconomic barriers, when entering or advancing in the sector.
Danielle Jablanski, cybersecurity consulting program lead for OT (operational technology) cybersecurity at infrastructure-focused professional services firm STV, said that many people have experienced interactions where skills, education, and experiences may be overlooked or dismissed for several reasons.
“I think it’s particularly challenging when these biases manifest as ‘weaponized incompetence’ or repeated patterns of ineptitude,” according to Jablanski. “You can only use experiences as teaching moments when people are willing to learn. I’ve found an incredibly receptive crowd of friends and colleagues willing to learn from these moments, and I hope that each workplace can explore ways to navigate these challenges as well.”
“We love to pretend industrial cybersecurity is a meritocracy. It isn’t,” Kristin Demoranville, founder of AnzenSage and co-founder of AnzenOT, told Industrial Cyber. “Women are often hired to check a box and then expected to ‘prove’ they belong, repeatedly. The assumption is still that you either came from IT or engineering, and if you didn’t, you’re automatically questioned. Add in age, race, or coming from a non-traditional background? The gatekeeping intensifies.”
She said that she has seen brilliant women overlooked because their resume didn’t look the part, not because they lacked capability.
“We have made progress; however, challenges remain for women in OT cybersecurity,” Michelle Govender, director at Octarity, told Industrial Cyber. “The industrial sector’s historically male-dominated culture creates barriers that compound for women. Gender bias shows up in assumptions about technical competence and exclusion from informal networks where critical knowledge and opportunities are shared, especially if meetings occur out of work hours.”
Govender added that the current global skills shortage presents an opportunity. “Organisations are realising that diverse teams are required for comprehensive cybersecurity strategies, offering and enabling women’s participation. Women have the opportunity to overcome these challenges by volunteering and taking part in projects related to industrial cybersecurity.”
OT cyber still isn’t built for all
The executives focus on how these challenges uniquely affect women from underrepresented and marginalized communities pursuing careers in ICS and OT security.
Jablanski noted that it’s common to assume being less qualified for roles and responsibilities one is fully capable of handling. “While there’s a balance between ego-management and ambition, there’s room for everyone to be successful if they are putting in the work.”
She added that pursuing a career in OT security is the same as the broader security world – “you must be continuously learning, and you will never be an expert on all the categories of systems, controls, sectors, etc. in the world (and nobody else is, either).”
“When you’re the ‘only one’ in a room, every misstep feels amplified. For women from underrepresented communities, there’s often pressure to speak for their entire group while simultaneously being dismissed when they do,” Demoranville said. “I, like many women, have hidden my accent, softened my tone of voice, dressed more androgynously, or dialed down my personality to make others more comfortable. That’s not inclusion, that’s survival.”
Govender observed that women from underrepresented communities face compounded challenges; however, this creates an opportunity for targeted support.
“Organizations can implement specific learning and mentorship pathways, like technical bootcamps, industry exposure programs, and structured transition support from engineering to cybersecurity,” Govender added. “By acknowledging these unique challenges upfront, we can design interventions that contribute to career transitions rather than leaving women to navigate barriers alone.”
Rethinking inclusion in OT security
The executives examine how diversity and inclusion programs can more effectively support women from varied cultural, racial, and socioeconomic backgrounds in industrial cybersecurity.
“As a baseline, your identity should never exclude you from anything. I think diversity and inclusion programs tend to focus on differences, where most people have more things in common than not,” Jablanski noted. “I would like to see more conversations or experiences that can bring together all perspectives. Conversations about things we all experience, like work/life balance and mental health, that bring in any range of gender identity, race, junior to senior, technical and managerial – those are the best cultural awareness and learning opportunities.”
Demoranville commented that these initiatives often fail because they’re built to be palatable to a patriarchal leadership, rather than impactful to those they’re intended to help. “If your program doesn’t include lived-experience voices at the design table, it’s cosmetic and a press release. Better representation starts with realizing, ‘Who’s not in the room, and why?’ and being uncomfortable with the answer, then taking action and repeating the process till it’s corrected.”
“D&I programs could create pathways for mentorship and provide a platform for women to showcase their skills beyond traditional networking,” Govender stated. “This includes cross-functional project execution and presentation opportunities. Platforms like Industrial Cyber provide opportunities for women to showcase their talent, mentoring where women share fresh perspectives, and provision of leadership development tracks that fast-track high-potential women engineering candidates.”
Fixing ICS retention for diverse talent
The executives discuss specific strategies organizations can adopt to support, develop, and retain women of diverse ethnicities and backgrounds in ICS and OT roles.
“Start with equitable pay and transparent promotion paths; anything less is noise. Offer professional development that isn’t limited to those already in leadership,” Demoranville said. “Stop assuming mentorship alone is the answer. Sponsorship, where someone with influence introduces you to people you wouldn’t typically meet, is where real change occurs. Do not, I repeat, do not have another webinar or class about Impostor Syndrome. We don’t need another class to tell us how we feel; we need classes that focus on more than survival.”
Govender said that organizations could implement support ecosystems, including men and women, skills development partnerships with universities, skills enhancement funding, and clear career progression pathways with transparent criteria. “Establishing measurable diversity targets with leadership accountability will drive sustained change. It’s up to us ladies to raise our hands and volunteer participation when these opportunities arise.”
OT firms shift after facing hard truths
The executives share an example where intersectional challenges sparked meaningful improvements in workplace culture, policy, or hiring practices within the industry.
Demoranville said that, honestly, it’s rare, and that’s part of the problem. “We don’t have more examples because we’re still not listening to the people most affected. I don’t have a feel-good success story to share here, but I’ll say this: speak up. You don’t have to be the loudest voice in the room.”
She added that change often starts with a quiet conversation, amplifying someone else’s voice when they can’t. “And I’m not just talking to the women. Gentlemen, if you walk into a room and notice there are no women, say something. If a project keeps stalling or a risk keeps getting overlooked, ask who’s missing from the table. In critical infrastructure, a lack of diversity isn’t just a cultural problem; it’s a security risk.”
“My experience with strong male and female mentors advocating for me to lead in OT cybersecurity led me to champion and support others emerging in the field,” Govender stated. “This support sparked team collaboration and encouraged young engineers to develop and contribute to projects, which contributed to meaningful improvements.”
Building networks that lift women in OT
The executives look into how mentorship, sponsorship, and peer networks can be structured to empower women facing overlapping systemic barriers in industrial cybersecurity.
Jablanski said that ironically, “I think we need to get back to real spaces. Social media has dominated as a platform, but it’s only one part of the story. Relying on social media for perspectives on real-world conversations is weird, and it also promotes dominating voices, which are not the only type of relevant personality.”
She added that “We also need to respect the quiet and diligent contributors, whose voices may not appear in a blog or a byline but are critical for understanding and approaching unique problems sets in our work. How do we share those contributions and celebrate those personalities as well?”
“There are so few of us in industrial cybersecurity that finding each other isn’t optional; it’s survival. People tend to stay in a field when they see others like themselves thriving. That’s why peer networks matter,” Demoranville remarked. “They shouldn’t just be corporate-sponsored feel-good projects. They should be real spaces to vent, connect, and share strategies.”
She identified that mentorship needs to be two-way, not a hierarchy. “And sponsorship? That’s where the power is. Women, especially from marginalized backgrounds, need someone in the room to say their name when decisions are made. Not after the meeting. Not once have they ‘proven themselves.’ Right now. Sometimes the biggest shift comes from hearing, ‘You’re not imagining this. It is hard. And you’re not alone.’ That kind of support isn’t fluff, it’s fuel.”
Govender said that in her experience, male sponsors really helped bridge the gap and biases. “As ladies in the field, pairing up and connecting with male colleagues who are affluent in the space helps us gain the confidence that we need to progress. Leadership support and advocacy for such mentorship models will help foster change.”
“Effective networking requires intention: women could seek out influential sponsors, creating peer groups within their organisation for mutual support,” according to Govender. “Organisations encouraging inclusive development programs, allowing both women and men to progress towards their OT cybersecurity career journeys, will help bridge the skills gap. Success metrics should track not just participation but career progression outcomes.”
She concluded that regular structured check-ins and project-based collaborations will ensure these relationships drive real results.
