March is a meaningful month for me personally as we honor Women’s History Month and International Women’s Day. Some of the most powerful role models in my own life are the women who raised me and the community of women who’ve provided the support and encouragement that continues to empower me to believe that I can be anything I aspire to. In security, this is particularly important because women are still underrepresented and so critical to the future of our industry. I’ve had the great fortune of working with many wonderful women throughout my career and one of the things I find so often to be true is that the path to a career in security does not have to be a linear one. There is no right way to come into this industry, no one background or training ground required. In fact, diversity of experiences and perspectives are the critical secret sauce to building a safer world for everyone.
Here are just a few examples of incredible women at Microsoft who may never have envisioned cybersecurity as their destination when they were starting out:
- In our recent Cyber Signals briefing, I had the privilege of talking to Homa Hayatyfar, Principal Detection Analytics Manager, Microsoft, who has seen how her pathway to a career in cybersecurity was nonlinear. She arrived at her career in cybersecurity by way of a research background in biochemistry and molecular biology—along with a passion for solving complex puzzles—and she believes that may be what the industry needs more of.
- From our threat intelligence team, Fanta Orr, Intelligence Analysis Director, who improves the understanding of and protection against nation-state cyberthreats to Microsoft customers and the global digital ecosystem. She’s a seasoned foreign affair professional, who spent well over a decade in United States government service before pivoting over to cyberthreat analysis.
- When Sherrod DeGrippo, Director of Threat Intelligence Strategy, began studying fine arts in college, internet access was a rare luxury and the cybersecurity field as we know it today was just emerging. She developed a dual interest in the new world of online communication and do-it-yourself computing after her first experience with bulletin board systems at 14 years old. She thinks her fine arts education helps her discover new ideas and methods for threat intelligence, after more than 20 years in cybersecurity and an unplanned role in incident response.
“Threat intelligence is about taking subjective information and turning it into objective protections. Ultimately, it’s data-driven intuition and it’s extremely powerful. Women learn this skill early, and in so many areas of life they’re natural threat intelligence analysts.”
—Sherrod DeGrippo, Director of Threat Intelligence Strategy, Microsoft
These cyberdefenders work every day to keep our world safe and also support and mentor other women to create their own trails and pathways. I invite you to follow them on LinkedIn and attend the Women in Cybersecurity (WyCiS) conference presentations and RSA Conference, where many of these amazing women will share their stories over the next few months.
We have made a lot of progress, but there is still much more opportunity
A huge opportunity still exists to welcome more women into cybersecurity. More than 4 million cybersecurity jobs are available globally.2 These are roles that women can help fill and triumph in, but we must lay the groundwork to make such roles an attractive and available career option, and to help change the perception of what it takes to succeed.
While there’s been steady progress over the past few years, women fill just 21% of cybersecurity leadership roles and only 17% of board member positions in cybersecurity.3 In 2022, Microsoft Security commissioned a survey to explore the reasons behind the gender gap in cybersecurity skills. Just 44% of women who responded said they feel adequately represented in the industry.
Several factors contribute to fewer women joining the cybersecurity profession than men:
- 28% of respondents believed parents were more encouraging of sons than daughters to explore technology and cybersecurity fields.
- Women lacking cybersecurity role models, including women in leadership roles.
- Implicit bias in the hiring process and a belief that men are a better fit for roles related to technology.
We need to create a pathway to success
By fostering an environment that welcomes women into cybersecurity, we break down barriers and build stronger, more resilient cyber defense mechanisms. Diversity isn’t about filling quotas; it’s about building resilient, innovative teams capable of outthinking and outmaneuvering cyberadversaries. It’s up to us to shift the view that cybersecurity is too demanding—especially as AI can help to alter this balance. And it’s past time to change the perception that cybersecurity is a field of hacker men in hoodies in their basement.
We need to continue to be role models and allies for underrepresented groups, especially for those from underprivileged backgrounds. There is often no easy way for underprivileged aspiring entrants to practice their craft from a young age and eventually enter science, technology, engineering, and mathematics (STEM) fields, regardless of other factors. To change this, we need to invest and support the many not-for-profits that help those from underprivileged backgrounds.
Inspiring the next generation of cybersecurity professionals
During the past year, Microsoft has partnered with many organizations similarly committed to building a more diverse cybersecurity workforce. One huge way these organizations are doing that is by offering training to girls so they can become the next generation of cybersecurity professionals through programs like GirlSecurity, TechTogether, and IGNITE Worldwide (Inspiring Girls Now in Technology Evolution).
Another initiative we support through partnerships offers training to women interested in switching careers or upskilling their cybersecurity knowledge through programs like WiCyS and Executive Women’s Forum (EWF). We also partner with global education programs, including CyberShikshaa in India and WOMCY in Latin America, to empower women and minorities in cybersecurity.
These programs and initiatives have a tremendous impact on encouraging more girls to consider careers in cybersecurity and getting more women to join the cybersecurity workforce. Among other benefits, they help girls and women build confidence, meet female cybersecurity role models, develop or enhance their skills, and gain experience to add to their resumes.
To further develop women’s careers, Microsoft Philanthropies and Women in Cloud jointly sponsor the Women in Cloud Cybersecurity Scholarship to provide women with structured skills development, certification opportunities, and employability readiness coaching. By 2025, more than 5,100 scholarships will be awarded.
The momentum is due in part to community-wide efforts to increase the number of women and diverse employees in cybersecurity roles. Community organizations like Blacks in Cybersecurity (BIC) and WiCyS play a crucial role in providing pipelines for marginalized groups to enter the cybersecurity field.
AI as an ally in cybersecurity diversity
AI is revolutionizing how we approach cybersecurity, from predictive analytics to automated threat detection. Yet beyond algorithms and data models, there’s an urgent need for human insight. According to a study from Utica University, women with their unique perspective also have strong analytical and problem-solving skills, which are essential for identifying and addressing security threats, and tend to have a more risk-averse approach, which can help to reduce the likelihood of human error in security operations.4 These unique perspectives help to shape our AI for security and help to ensure that AI is inclusive, fair, reliable, and safe, transparent and inclusive. We also believe that creators of AI, as well as its users, must hold themselves to a standard of accountability. And within that context, the possibilities for this exciting technology are limitless.
Happy International Women’s Day! While progress is being made—and opportunities are opening—for women and minorities in cybersecurity, much can still be done to overcome barriers to entry for these groups. Let’s continue to work for more representation in cybersecurity by forging new paths with more allies.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Women to Watch in Cybersecurity, Forbes. October 26, 2022.
2How the Economy, Skills Gap and Artificial Intelligence are Challenging the Global Cybersecurity Workforce, ISC2. 2023.
3International Women’s Day: Only One-Fifth of Cybersecurity Leadership Roles Filled by Women, IT Security Guru. March 8, 2023.
4Why we need more women in cybersecurity TechBeacon.
Microsoft is a technology company, a small local company, with few employees, no offices, and almost making no profit… >>
Please visit the firm link to site