Women in cybersecurity: Saudi Arabia’s 32% moment

Globally, women make up roughly 20-25% of the cybersecurity workforce – and we’ve hovered around that number for years. The latest insights from ISC2 note that women account for about 22% of security teams on average – progress, but incremental.

But Saudi Arabia looks different. 

In 2024, the Saudi National Cybersecurity Authority (NCA) reported that women now represent 32% of the nation’s cybersecurity workforce, which has grown to more than 21,000 professionals – a 9% increase year-on-year. The NCA explicitly compares this to a 24% global average, positioning Saudi Arabia well above the international baseline.

That 32% figure isn’t a marketing stat; it’s from the national regulator overseeing cybersecurity strategy under Vision 2030.

At Black Hat MEA 2025, the shift was visible

Jameeka Green Aaron (CISO at Headspace) said during an interview at the event: 

“I just came back from the Women in Cybersecurity Middle East booth. It’s the best thing ever, to meet with other women who are in this industry. We have the same challenges, the same problems, it’s exciting.”

Representation changes who feels comfortable to enter the room – and who feels welcome enough to stay. 

To increase gender diversity in cyber, infrastructure is key 

The rise in women entering the cybersecurity workforce in Saudi Arabia, and the wider region, is no accident. 

Women in Cyber Security Middle East (WiCSME), founded in 2018, has been building a regional support structure for women entering and advancing in the field.

When we spoke to Irene Corpuz (Founding Partner and Board Member at WiCSME), she explained: 

“WiCSME emerged as a visionary collaboration among nine founding partners. We set out to forge a nurturing community tailored for women in the Middle East’s cybersecurity domain – a space to foster connections, enhance knowledge, and facilitate professional growth.”

The emphasis is practical: mentorship programmes, conference partnerships, boot camps, and involvement in international initiatives.

“Through strategic alliances with conferences as a community supporter and initiating partnerships to roll out mentorship programs and boot camps, we've cemented our commitment to nurturing our women members.”

And Corpuz was clear that this isn’t about symbolic inclusion: “Diversity is not just a metric – it's a strategy that drives innovation and success.”

This echoes a reality that many CISOs acknowledge – that a homogenous team struggles to model a heterogeneous threat landscape.

A workforce problem with a talent solution

Zoom out, and the diversity discussion intersects with a harder reality: the global cybersecurity labour gap remains stubbornly high. ISC2’s 2023 Workforce Study put the shortfall at 3,999,964 professionals worldwide.

In that context, excluding half the population is a strategic failure. 

Aaron said: 

“Ultimately we can’t do this job unless diverse minds are included in what we’re doing. Hackers are from everywhere, they’re global, we have to be global in how we solve these problems.”

Saudi Arabia’s wider labour reforms may also be feeding the pipeline. According to the 2024 global gender gap analysis from the World Economic Forum, female labour-force participation in the country has risen sharply over the past two decades, reaching over 40% in recent reporting. That macro shift inevitably influences who studies technology, who enters the workforce, and who moves into cybersecurity roles.

In other words, this isn’t just a cyber story; it’s a labour market story too. 

Black Hat MEA as a barometer 

On their own, events like Black Hat MEA don’t create workforce change – but they do make it visible, and shed light on where improvements need to be made. 

Corpuz described the impact like this:

“Events like Black Hat MEA are invaluable – they're not just about knowledge exchange but also about inspiration and community building.”

And Aaron sees it through a practitioner’s lens:

“Black Hat I think is the gold standard. This is where the practitioners come. We’re not technologists for the sake of technology, we’re here to protect people.”

Seen this way, diversity stops becoming a social initiative and starts becoming an operational imperative. 

What can global CISOs and founders learn from this 32% moment? 

Saudi Arabia will continue to work to close the gender gap in cybersecurity – there’s no sign of stopping at 32%. 

But at this moment in time, the nation’s approach offers valuable lessons that CISOs and founders around the world can use: 

• Treat diversity as capacity building. With a global workforce gap of about 4 million, widening the talent funnel is essential.
• Invest in community infrastructure. Mentorship programmes and visible career pathways, as seen with WiCSME, compound over time.

The Middle East is increasingly discussed as a fast-growing cyber market. Less discussed is the possibility that it may also be rewriting the industry’s gender balance.

If 32% becomes 35%, and 35% becomes 40%, the question for international markets will be why they’re falling behind – and how they can adopt practices that will help them catch up.