The cybersecurity challenges of today require a diversity of skills, perspectives, and experiences, yet women remain underrepresented in this field. On International Women’s Day, some Microsoft Security women leaders penned a powerful blog highlighting the underrepresentation of women in cybersecurity (women make up just 24 percent of the cybersecurity workforce, according to the 2019 (ISC)² report, Cybersecurity Workforce Study: Women in Cybersecurity1), and the critical need for diverse perspectives in solving 21st Century cybersecurity challenges. While recent studies2 indicate an increase in the percentage of women in cybersecurity, they remain the minority of the workforce.
Women in cybersecurity
How do girls identify their superpowers in cybersecurity while women continue to make gains? To explore this key question, Microsoft Security in partnership with Girl Security, a nonpartisan, nonprofit organization preparing girls, women, and gender minorities for careers in national security, co-hosted an event on April 27, 2021, alongside thirty or more girls and women in high school and university from across the United States and globally.
Joining the Girl Security participants was an extraordinary panel of women in cybersecurity from Microsoft Security, including Amy Hogan-Burney, General Manager of the Digital Crimes Unit, Associate General Counsel, Microsoft; Vasu Jakkal, Corporate Vice President, Microsoft Security, Compliance, and Identity; Ann Johnson, Corporate Vice President of Security, Compliance, and Identity, Business Development; Edna Conway, Vice President, Chief Security and Risk Officer, Azure Microsoft Corporation; and Valecia Maclin, General Manager Engineering, Customer Security and Trust, Microsoft Corporation.
Girl Security and Microsoft Security are forging a new fellowship around a shared commitment to make cybersecurity more accessible to all, especially girls and women who remain underrepresented in the cybersecurity workforce. This first co-hosted event offered an exciting opportunity for participants to ask firsthand questions and participate in intimate breakout sessions with a diverse group of leading experts. Importantly, participants were able to hear women experts share personal narratives that described their unique—and often non-linear—pathways into cybersecurity.
Security requires all
Vasu Jakkal, who leads Microsoft Security, Compliance, and Identity strategy, kicked off the event with a simple but powerful message: “Security is for all, and security requires all.” Over the one-hour program, the group explored a wide-ranging series of topics that included career-oriented questions, such as the importance of certifications to recruiters and pathways into cybersecurity, as well as topics on advances in the field, such as emerging cybersecurity threats, the impact of quantum cryptography and artificial intelligence on the digital landscape, and the intersection of policy and security.
When asked how someone with a humanities background might consider a pathway in cybersecurity, Valecia Maclin poignantly noted that cybersecurity is a complex field with many components, including law, policy, technical competencies, and more. She emphasized the need for professionals who can bridge the gaps between those areas, but also work within them. In addition, she added that beginning one’s career in one area of cybersecurity does not preclude a transition into other areas of cybersecurity. In response to a question posed to all panelists, Maclin noted that her cybersecurity “sheros” included the long unsung African American women codebreakers who provided crucial intelligence to the United States during WWII.
The many pathways of a cybersecurity career
The narrative that pathways into cybersecurity are nonlinear is a crucial message for girls and women who may not perceive their own technical competencies or seek to pursue more technical careers, but whose strengths and interests may lie in the field’s myriad tracts. Girl Security works with girls, women, and gender minorities across the United States and globally to convey the message that girls already have the competencies they need to excel in security’s many pathways. Additionally, Girl Security is exploring the best analytical approaches to better understanding girls’ interests in cybersecurity. Combining an equity-informed approach to existing STEM models assessing girls’ interests and pathways can offer important insights into needed interventions.
As the field continues to forge new, crucial approaches to supporting girls’ interests in cybersecurity, reaffirming that there is no one “right” path into cybersecurity offers timely reassurance to girls and women amid a more challenging pandemic economy. One high school participant noted that she was graduating high school and pursuing community college. Another participant, who was transferring from community college into UC Berkeley, jumped in to reassure her that community colleges offer many pathways into the field. Jakkal, in response to observing the participants’ positive support, highlighted the importance of building peer and lateral networks at the onset and throughout one’s career.
Edna Conway, who began her career in law, emphasized the value of career twists and turns. Detours, she noted, can provide invaluable experience. She added that the most important aspect of any career is bringing one’s whole self to the job and appreciating the process. She explained, “Understand what gives you energy and follow that.” Ann Johnson, who leads Microsoft’s security and compliance road map across industries worldwide, agreed: “Bring who you are to what you do.” Conway also noted that women tend to have an inclination toward critical thinking and problem solving, making them particularly qualified for cybersecurity challenges. And in the event of a professional roadblock? Johnson reassured participants: “As for help, don’t take no for an answer. You’re going to stumble and that’s ok.”
Amy Hogan-Burney, who holds a law degree and began her career as an attorney with the U.S. Department of Justice and Federal Bureau of Investigation, now leads Microsoft’s Digital Crimes Unit, a global team of attorneys, investigators, engineers, and analysts working to fight cybercrime. She encouraged participants to trust their instincts, noting, “It is easy to make things hard and hard to make things easy, so trust yourself and trust your capabilities and ask questions.”
Girl Security participants offered meaningful feedback following the event about the importance of visible women role models in cybersecurity, the value of “face-to-face” (albeit virtual) interaction with women leaders, and the need for additional programming that highlights the field’s diverse pathways. As one participant noted, “I never realized how broad the field is. It’s exciting to think my interests could lead to a career!”
As part of this exciting new partnership, Girl Security and Microsoft Security will continue to host programming and cybersecurity education. On June 28, 2021, at 4 PM CST, Girl Security and Sara Manning Dawson, Chief Technology Officer, Enterprise Security at Microsoft, will conduct a session on disinformation, cybersecurity, and national security alongside budding cybersecurity leader Kyla Guru for Girl Con—an international tech conference (for high school students, by high school students) aiming to empower the next generation of female leaders. In addition, Girl Security and Microsoft Security will join forces for a new leadership program on cybersecurity for the Girl Scouts Greater Chicago, Northwest Indiana, and more. Sign up to be the first to learn about new Girl Security and Microsoft Security events.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Cybersecurity Workforce Study: Women in Cybersecurity, (ISC)² Cybersecurity Workforce Report, 2019.
2(ISC)² survey shows women increasingly embracing cybersecurity as a career path, Security, BNP Media, July 21, 2020.