Celebrating Women in Cybersecurity

Hi everyone, and welcome to this month’s Heart of Security! Since March is Women’s History Month and March 8th is International Women’s Day, this month’s newsletter is the perfect place to highlight two incredible women in cybersecurity. Cultivating the future talent of cybersecurity is something very near and dear to my heart. Women are estimated to hold just 25% of cybersecurity jobs globally, with the percentage being even lower for senior leadership positions. Additionally, the global cybersecurity workforce needs to grow by almost 75% to close the current workforce gap. As cyber threats become more sophisticated with speed and scale, we need to be as diverse as the threats we are defending.  

So how do we welcome more women into cybersecurity? First and foremost, it’s important to provide training opportunities for everyone to explore our field and create a pathway to success. One way we can do this is through partnering with organizations that are committed to educating the next generation of cybersecurity professionals, such as Girl Security, TechTogether, and IGNITE Worldwide. I’m excited to discuss empowering underrepresented communities with the skills, experiences, networks, and support to pursue security careers with Girl Security CEO & Founder Lauren Buitta below. 

I recently returned from Japan where I participated in the Tokyo Security Forum during the country’s Cybersecurity Awareness Month. I had a wonderful time delivering the keynote address, meeting with customers and partners, and participating in a fireside chat and panel discussion with the Asia chapter of Microsoft’s CyberWomen Initiative. I also had a delightful talk with my colleague and CyberWomen chapter lead Neha Monga, who I spotlight below. I’m so proud to be an executive sponsor for this initiative aimed at fostering talent in cybersecurity, and a mentor in an industry in which women are still critically underrepresented. 

I was so thrilled to chat with Lauren about the work she’s doing to  develop inclusive resources that benefit all future security leaders. Lauren got her start in the security field shortly after the terrorist attacks of September 11, after which she started working for a national security institute. Her initial focus was on national security law but shifted into cybersecurity as the field’s significance began to further expand in the mid-2000s. 

In 2019, Lauren took a leap of faith to form Girl Security, which Lauren says, “is reification of a number of realities: primarily that women remain underrepresented across the security sector—in the U.S. and globally—and that the strength of our economy, nation, and a global community will depend on activating as many people as possible to contribute.” She shares that through her education and volunteer work, she observed “the ways in which girls and women globally are restrained, in far more severe ways than I experienced”. In her professional life, she noticed that “at nearly every security room or conference I attended, I was one of very few women”—an experience many of us in the security field can commiserate with. 

One of the main reasons Lauren champions security as a career is that the security workforce offers meaningful pathways that also provide economic security – especially as, statistically, girls and women tend to seek paths of purpose and impact. Lauren says, “Every individual in our program brings something different to the table, whether it be their experience as a girl from the South Side of Chicago or Appalachia, a first-generation college student or someone seeking a non-traditional path, the child of a servicemember, immigrant, or refugee who relocated throughout their life—the cumulative richness of their insights strengthens our collective ability to more fully understand security challenges and develop solutions to respond to them.” 

This work is so important. Lauren and her team pour themselves into their mission, programming, and participants, and work in a constant state of innovation and reinvention, since education, technology, and the security workforce ecosystems are rapidly changing. I hope that we can all work in a field where women’s experiences, knowledge, and the solutions they develop are prioritized. 

There are many initiatives and programs that are dedicated to empowering and mentoring women in cybersecurity and I’m so thankful to work with a so many programs where women can find allies, mentors, and friends who can help them navigate their careers and achieve their goals. Our industry needs a variety of perspectives and talents, and I hope that seeing the work we do in action can entice more women to explore and pursue opportunities in the exciting field of cybersecurity. 

Programs like the CyberWomen Initiative hold a special place in my heart because they embody the spirit of mentorship, respect, and community support. Neha leads Microsoft's charter on Cybersecurity, Risk & Compliance for Small Medium Enterprises and Channel in Asia and helped found the Asia chapter for Microsoft CyberWomen last July. She has more than 20 years of experience in the technology industry and is a seasoned leader and strategist in the field of cybersecurity and data governance. In her current role, she supports organizations in Asia in their efforts to build a robust cyber foundation. 

Microsoft’s CyberWomen Initiative aims to equip women to transition to or build a career in the field of cybersecurity with the assistance of mentors, coaches and experts. It focuses on developing essential skills for a future career in cyber, boasting a comprehensive program for both internal employees and externally through partnership with key universities to inspire potential talent. Neha says she got involved with the CyberWomen Initiative because, “I am deeply passionate about fostering growth, particularly among women and underserved communities. When I learned about the CyberWomen Initiative being piloted in EMEA, I was determined to bring this program to Asia, where gender diversity in cybersecurity still has significant gaps to bridge. Together with the worldwide leads for the program, we tailored a version of the program that resonates with the unique needs of Asia.” 

Something that sets the program apart is its emphasis on linguistic and geographical diversity among the mentees and mentors, both internal and external. Neha and team also collaborate with customers and partners to help them develop their own Women in Cyber programs. Neha says, “I strongly believe everyone needs a friend, an ally, someone who can guide us when we are trying to find the right path for ourselves. If each one of us can pay it forward and impact one person’s life, that’s one more woman to join arms with us in this endeavor.” 

One thing Neha wished more women knew about the cybersecurity industry that I wholeheartedly agree with, is that “the cybersecurity industry is not only about technical skills and coding. While technical expertise is important, there are numerous roles within cybersecurity that require diverse skill sets, such as risk management, policy development, communication, and leadership. This means that there are ample opportunities for women from various backgrounds to contribute and excel in this field.” She also stresses that our industry offers the chance to make a significant impact, something that many women looking to make a career change are looking for, including herself: 

• Microsoft shared some truly exciting news last month about how we created a new state of matter to power quantum computers and introduced Majorana 1, the world’s first quantum processor powered by topological qubits, that will bring about new, scalable quantum computing on an unprecedented timeline. 

• We have a fantastic line-up of security-focused events coming up in the next few months where you can hear from Microsoft Security experts. I’m looking forward to our annual Microsoft Secure digital event on April 9. Sign-ups are also live for RSAC, and I can’t wait to kick things off at the annual Microsoft Pre-Day! You can learn more about what we have planned for the event here and register for the pre-day here. 

• I’m always impressed with the work of our threat intelligence team, including the rich threat intelligence research we share to keep everyone safer online. A few recent highlights include how Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon targeting IT supply chains, how we’re rethinking remote assistance security in a Zero Trust world, research into Russian state actor Seashell Blizzard and its multiyear initial access operation, and how Microsoft discovered cyberattacks being launched by a group we call Storm-2372. 

Something that recently inspired me is my trips to Tokyo, Dubai, and Riyadh. It was wonderful to see the AI innovations and cybersecurity focus. I was also deeply inspired by how warm, welcoming, and inclusive our teams are and the deep partnerships and trust they have developed with our customers and ecosystem. 

A quote I love: “If you are always trying to be normal you will never know how amazing you can be – Maya Angelou”