Women’s History Month is an opportunity to recognize the leaders shaping industries through innovation, resilience, and vision. In cybersecurity, that leadership is especially critical.
While women represent 22% of the global cybersecurity workforce (according to ISC2), parity remains elusive, especially at senior levels. However, a powerful wave of women leaders is driving transformation in cyber advisory, setting new standards for expertise, advocacy, and impact.
For Women’s History Month, we are spotlighting five Cynomi partners and industry leaders who are at the forefront of this transformation. They understand that cybersecurity is a business discipline, and their insights offer a roadmap for technical excellence, strategic vision, and inclusive leadership.
Shannan De Witt, Founder, Flex Consulting
Bridging Operations and Security Architecture
Shannan De Witt is the founder of FLEX Consulting, where she serves as a strategic advisor and global security lead. She manages complex digital transformations and security roadmaps for international enterprises, handling budgets exceeding $950 million. Her work focuses on bridging the gap between business operations and elite security architecture. She specializes in NIST, CMMC transitions, global identity and access management integrations, audit assurance, and the automation of governance, risk, and compliance.
De Witt provides executive-level guidance to C-suite leadership and boards of directors, using a hands-on approach to ensure large-scale AI and SaaS platform rollouts maintain strict adherence to regulatory standards.
Strategic advice for navigating a complex landscape
With over 20 years of experience leading global SaaS, cybersecurity, and AI transformations, De Witt has watched the industry evolve from technical gatekeeping to strategic business enablement. Her approach relies on a core set of principles:
- Master the intersection: True leadership happens where AI governance and global data governance meet core security.
- The multi-framework mindset: Compliance is about building strategic ROI roadmaps across various compliance and regulatory frameworks, rather than just checking boxes.
- Forensic rigor: Lead with a data-driven approach, leveraging forensic investigations to establish authority in high-stakes environments.
- Continuous excellence: Elite credentials represent the gold standard for GRC expertise.
- Operational vision: Focus on the strategic reasoning to drive initiatives that move the business forward.
Beyond the data center, De Witt’s background coaching football and serving as a firefighter and paramedic taught her that technical skill requires seamless teamwork. She brings that high-pressure, collaborative approach to cybersecurity, knowing that the strength of any crisis response depends on team unity.
When it comes to women in leadership, De Witt emphasized, “While we’ve made incredible strides, we must continue pushing for progress in mentorship pipelines and representation for women in cybersecurity, infrastructure, and AI.”
Ann Westerheim, Founder & President, Ekaru
Strengthening the Foundation for Small Businesses
Ann Westerheim is the founder and president of Ekaru, a technology consulting firm focused on strengthening the technology foundation and cybersecurity posture of small businesses. She helps organizations build the resilience they need to operate securely and efficiently.
Stepping into high-impact roles
Westerheim sees cybersecurity as one of the most interesting and high-impact careers in technology, offering far more opportunity than available talent. However, she notes a persistent gap in representation.
When attending technical sessions at industry conferences, Westerheim observes that the rooms remain overwhelmingly male. She advocates for more women to step into both technical and leadership roles, emphasizing that cybersecurity is a field where dedicated professionals can make a tangible difference for their clients and their communities.
Donna Gallaher, President & CEO, New Oceans Enterprises, LLC
Translating Cyber Risk into Business Impact
Donna Gallaher is the president and CEO of New Oceans Enterprises, a cybersecurity consulting firm specializing in data privacy and AI governance programs. Her firm provides fractional CISO services to organizations across healthcare, financial services, manufacturing, retail, energy, and education. She helps clients across healthcare, financial services, manufacturing, retail, energy, and education industries translate complex cyber and privacy risks into direct business impacts, empowering executives to make informed, strategic security decisions.
Leading with business acumen
Gallaher advises women entering cybersecurity leadership to focus on the broader business context. Cybersecurity is ultimately a business risk discipline, and leaders who rise quickly are those who speak the language of the boardroom.
She encourages emerging leaders not to feel intimidated if they aren’t deeply technical in every area. Leadership centers on enabling others to achieve their goals. Gallaher emphasizes the importance of rejecting self-doubt and ignoring critics who focus on perceived shortcomings. “Don’t let anyone use your self-doubt against you, because that tactic only works if you allow it,” she said. “Nobody is an expert at everything, including those who may criticize you.”
Instead, she recommends finding partners and collaborators who complement your strengths, building each other up, and never mistaking a knowledge gap for a leadership gap.
Nett Lynch, CISO, Kraft & Kennedy
Driving Strategy and Building Team Culture
Nett Lynch serves as the CISO at Kraft Kennedy, a technology consulting firm dedicated to the legal industry. She leads the firm’s cybersecurity strategy, compliance programs, and client advisory work. She also leads Legion, their left-of-boom cybersecurity advising division built for MSP partnerships. For Lynch, building a strong team culture is an operational priority equal to the security work itself.
Moving from mentorship to sponsorship
Having worked in the field for 30 years, Lynch has seen significant shifts. Early in her career, women in the C-suite (let alone the CISO seat) were the exception, not the rule. Today, she sees more women leading security programs, driving compliance frameworks, and earning seats at the executive table. However, she notes that progress does not mean the work is finished.
Lynch identifies a critical need to close the gap in sponsorship, not just mentorship. Women need advocates who will actively put their names behind new opportunities, rather than just offering guidance.
“There isn’t just one seat at the table for women in cybersecurity, and we have to act like it,” said Lynch.
She stresses that inclusion is not a zero-sum game. True progress requires men to act as genuine allies and women to actively champion one another and create space. That cultural shift, more than any single policy, is where she believes our next real progress lives.
Paige Goss, Founder & CEO, Point Solutions Security
Putting People First in Security Solutions
Paige Goss is the founder and CEO of Point Solutions Security. She focuses on building a company that prioritizes people, supporting both her clients and her internal team. Her role centers on growing the business, strengthening relationships, and ensuring that delivered security solutions genuinely protect and support the humans behind the mission.
Embracing vulnerability and continuous learning
Goss advises women stepping into leadership roles to lead with confidence, curiosity, and a willingness to stay uncomfortable. The cybersecurity industry changes rapidly, and successful leaders are those who continuously learn, push their own boundaries, and step into spaces where they may not feel fully ready.
She views vulnerability as a leadership strength. Being open about what you do not know, asking targeted questions, and surrounding yourself with people who challenge you will make you better and stronger over time.
“Cybersecurity is about far more than technology. At its core, it is about protecting people, organizations, and communities. When you stay grounded in that mission and lead with authenticity, your impact will go much further than you think,” said Goss.
Moving Forward: The Next Steps for Industry Inclusion
The insights from these five leaders make one thing clear: technical expertise must be paired with business acumen, strategic vision, and a strong team culture to deliver real outcomes. To continue building a robust cybersecurity workforce, the industry must move beyond passive mentorship.
We need active sponsorship, clear pathways to leadership, and a commitment to championing diverse voices at every maturity level. By creating space for women to lead, collaborate, and innovate, we build a future that is more secure, resilient, and ready for whatever challenges come next.
If you know a cybersecurity advisory leader who is making a significant impact on the industry and delivering exceptional results for their clients, we encourage you to recognize their contributions. Nominate them for our Cyber Advisory Excellence Awards today.