March is a significant month for me personally, as we celebrate Women’s History Month and International Women’s Day. Some of the most powerful role models in my own life are the women who raised me and the community of women who have given me the support and encouragement that continue to empower me to believe that I can be anything I can be. I aspire. In security, this is especially important because women are still underrepresented and so critical to the future of our industry. I have been very fortunate to work with many wonderful women throughout my career and one of the things I find so often true is that the path to a career in security doesn’t have to be linear. There is no right way to enter this industry, no experience or training ground is required. In fact, diversity of experiences and perspectives is the essential secret sauce to building a safer world for all.
Here are some examples of incredible women at Microsoft who may have never considered cybersecurity as a destination when they were starting out:
- In our recent Cybersignals briefing, I had the privilege of speaking to Homa Hayatyfar, senior manager of detection analytics at Microsoft, who saw how her path to a career in cybersecurity wasn’t linear. She began her career in cybersecurity with a research background in biochemistry and molecular biology, as well as a passion for solving complex puzzles, and she believes this may be what the industry needs needs it the most.
- From our threat intelligence team, Fanta Orr, director of intelligence analysis, which improves understanding and protection against nation-state cyber threats to Microsoft customers and the global digital ecosystem. She is a seasoned foreign affairs professional, having spent more than a decade serving the U.S. government before turning to cyber threat analysis.
- When Sherrod DeGrippo, director of threat intelligence strategy, began studying fine arts in college, access to the internet was a rare luxury, and the field of cybersecurity as we know it today was just coming to emerge. She developed a dual interest in the new world of online communication and DIY computing after her first experience with bulletin board systems at the age of 14. She believes her fine arts background helps her discover new ideas and methods in threat intelligence, after more than 20 years in cybersecurity and an unanticipated role in incident response.
“Threat intelligence is about taking subjective information and turning it into objective protections. Ultimately, this is data-driven and extremely powerful intuition. Women learn this skill early, and in many areas of life, they are natural threat intelligence analysts.
—Sherrod DeGrippo, Director of Threat Intelligence Strategy, Microsoft
These cyber defenders work every day to keep our world safe and also support and mentor other women to create their own trails and pathways. I invite you to follow them on LinkedIn and attend the Women in Cybersecurity (WyCiS) conference presentations and the RSA Conference, where many of these extraordinary women will share their stories over the coming months.
We have made a lot of progress, but there are still many opportunities
There is still a huge opportunity to welcome more women into cybersecurity. More than 4 million cybersecurity jobs are available worldwide.2 These are roles that women can help fill and triumph over, but we need to lay the foundation to make these roles an attractive and available career option, and to help change the perception of what it takes to succeed.
Despite steady progress in recent years, women hold only 21% of cybersecurity leadership positions and only 17% of cybersecurity board positions.3 In 2022, Microsoft Security commissioned a survey to explore the reasons for the gender gap in cybersecurity skills. Only 44% of women respondents said they felt adequately represented in the industry.
Several factors contribute to fewer women than men joining the cybersecurity profession:
- 28% of respondents believe that parents encourage their sons more than their daughters to explore the fields of technology and cybersecurity.
- Women lack role models in cybersecurity, including women in leadership positions.
- Implicit bias in the hiring process and the belief that men are better suited to technology-related roles.
We must create a path to success
By fostering an environment that welcomes women in cybersecurity, we break down barriers and build stronger, more resilient cyber defense mechanisms. Diversity is not about filling quotas; it’s about building resilient and innovative teams, capable of outperforming and outwitting cyber adversaries. It’s up to us to change the mindset that cybersecurity is too demanding, especially since AI can help shift that balance. And it’s high time to change the perception that cybersecurity is a domain of hackers in hoodies in their basements.
We must continue to be role models and allies for underrepresented groups, especially those from disadvantaged backgrounds. There is often no easy way for disadvantaged aspirants to pursue their profession from a young age and eventually enter the science, technology, engineering and mathematics (STEM) fields, independently other factors. To change this, we must invest in and support the many nonprofit organizations that help people from disadvantaged backgrounds.
Inspiring the next generation of cybersecurity professionals
Over the past year, Microsoft has partnered with many organizations equally committed to building a more diverse cybersecurity workforce. One way these organizations do this is by providing training to girls so they can become the next generation of cybersecurity professionals through programs like GirlSecurity, TechEnsembleAnd IGNITE worldwide (Inspiring Girls Now in Technological Evolution).
Another initiative we support through partnerships provides training for women looking to change careers or improve their cybersecurity knowledge through programs such as WiCyS And Executive Women’s Forum (EWF). We also partner with global education programs including CyberShikshaa in India and WOMEN in Latin America, to empower women and minorities in cybersecurity.
These programs and initiatives are having a huge impact in encouraging more girls to consider careers in cybersecurity and attracting more women to join the cybersecurity workforce. Among other benefits, they help girls and women build confidence, meet female role models in cybersecurity, develop or improve their skills, and gain experience to add to their CV.
To further develop women’s careers, Microsoft Philanthropies and Women in Cloud are jointly sponsoring the Cybersecurity Scholarship for Women in the Cloud providing women with structured skills development, certification opportunities and coaching in preparing for employability. By 2025, more than 5,100 scholarships will be awarded.
This momentum is due in part to community-wide efforts to increase the number of women and diverse employees in cybersecurity roles. Community organizations like Blacks in Cybersecurity (BIC) and WiCyS play a crucial role in providing avenues for marginalized groups to enter the cybersecurity field.
AI as an ally in the diversity of cybersecurity
AI is revolutionizing our approach to cybersecurity, from predictive analytics to automated threat detection. Yet beyond algorithms and data models, there is an urgent need for human knowledge. According to a University of Utica study, women, with their unique perspective, also possess strong analytical and problem-solving skills, essential for identifying and addressing security threats, and tend to take a more cautious approach, which can help reduce risk. probability of human error in security operations.4 These unique perspectives help shape our AI for security and help ensure it is inclusive, fair, trustworthy, safe, transparent and inclusive. We also believe that AI creators, as well as its users, must adhere to a standard of accountability. And in this context, the possibilities of this exciting technology are limitless.
Happy International Women’s Day! Even as progress is being made – and opportunities are opening up – for women and minorities in cybersecurity, there is still much work to do to overcome the barriers to entry for these groups. Let’s continue to work for greater representation in cybersecurity by blazing new trails with more allies.
To learn more about Microsoft security solutions, visit our website. Bookmark it Security Blog to follow our expert security coverage. Also follow us on LinkedIn (Microsoft Security) and@MSFTSecurity) for the latest cybersecurity news and updates.
1Women to watch in cybersecurity, Forbes. October 26, 2022.
2How the economy, skills gap and artificial intelligence are challenging the global cybersecurity workforce, ISC2. 2023.
3International Women’s Day: Only a fifth of cybersecurity leadership positions are held by women, computer security guru. March 8, 2023.
4Why we need more women in cybersecurity TechBeacon.