Intel recently hosted a women in cybersecurity panel where, in addition to featuring an all-female panel and attendee list, the four-woman panel highlighted the diversity of security jobs and paths that led to them.

The all-Intel panel included VP Suzy Greenberg, who leads the company’s security communications and incident response teams; Maggie Jauregui, an offensive security researcher whose first-ever technical presentation at Defcon involved hacking and then exploding hairdryers on stage; attorney and law professor Amit Elazari, director of global cybersecurity policy at Intel; and Katie Noble, a U.S. Air Force and Department of Homeland Security veteran who now runs the bug bounty program and product security incident repost team (PSIRT) at Intel.

In addition to these women’s diverse backgrounds and roles within cybersecurity, a few topics they touched on really jumped out at me. First and foremost: a discussion about sponsorship versus mentorship, and how the industry needs both to make security more inclusive.

While women (or anyone) in security (or any industry) may have many different mentors throughout their career that provide them guidance and coaching about how to navigate a particular challenge or grow into a new position within an organization, sponsorship is more active.

“Sponsorship, for me personally, is really advocating for someone when they’re not in the room,” Greenberg said. When a job promotion or new opportunity arises, “there’s someone in the room that is speaking on your behalf, and what you’re capable of, when you’re not there to advocate for yourself,” she continued. “Sponsorship is a very intimate experience, and it’s very intentional as well.”

This mentor-versus-sponsor discussion reminded me of a similar one at VMware’s Women Transforming Technology conference earlier in the pandemic, where Kathryn Finney, founder and CEO of digitalundivided, described the differences this way:

“A mentor will give you a map, a sponsor will drive you there,” Finney said. “A mentor will show you the road and tell you how to walk it. A sponsor will take your hand, walk down that road, open the door, walk with you through the door, and make sure that you’re good. As a woman of color, and as people of color, we have mentors up the wazoo. I do not need any more mentors. But what we don’t have is a lot of sponsors.”

While being a sponsor involves action and advocacy on an individual level, organizations have a role to play in sponsorship as well. “It’s also about the organization, and how the organization is setting the expectation,” Elazari said on the Intel panel.

She cited Intel’s own diversity goals, which include filling 40% of technical positions with women by 2030. “This for me is sponsorship. In addition to the personal side, there’s the organization, and how the organization is moving from the concept of mentorship, and facilitating this personal relationship to that level of advocacy and commitment and setting the right expectations.”

This point resonated with me because holding organizations accountable fortifies the personal responsibilities of a sponsor. It builds in a backbone that spans an entire company. While it’s one thing to advocate for diversity and inclusion in hiring and promoting, when an organization makes a public commitment to do so and sets specific, measurable goals, it gives this type of advocacy more power than one person alone can muster.

This also speaks to the importance of diversity and inclusion reporting on an annual basis, and it makes all of us — at a company, or across an entire industry — responsible for holding the reporters accountable and ensuring that they meet these goals. So while there’s an immense individual responsibility to be a sponsor, inclusion is bigger than that and requires a commitment from the larger whole to move the needle.

For the organizations, however, there’s another step beyond setting and meeting targets on diversity and inclusion. As Jauregui noted: “Money talks.”

The cybersecurity gender pay gap is real. According to a 2020 report from Exabeam, in the U.S., male security professionals make, on average, $91,000 compared to $62,000 for female respondents.

While Intel first disclosed — and promised to fix — its pay disparity in 2019, it and the rest of the industry have a long road ahead to realizing equal pay. And no organization can claim to be an advocate for women and minorities unless it pays them equally and its top-salaried executives aren’t majority white men.

It’s also worth pointing out, as all of the women on Intel’s panel did, that men have a role to play in all of this, too. Men can be sponsors, and since they tend to be the ones who already have a seat at the table, their voices carry influence when it comes to helping women advance their careers. “We all rise together, and we all fail together, too,” Noble said.

This is especially true in cybersecurity where the attackers are largely equal opportunists — they don’t care if the defenders are men or women — and they’ve only got to find one weak point across a growing security landscape with not enough women and manpower defending it. This isn’t a fight that defenders will win unless they work together and recruit more people with diverse skills, backgrounds, and skin colors to help win the war. That’s the big picture, but it starts with individuals.

So what can we do? Be a sponsor. Insist on organization-wide diversity disclosures and growth targets. Demand salary parity. Support each other. Walk other women entering cybersecurity through that door and over to a seat at the table.