Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
Microsoft is proud to be recognized as a Leader in The Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.
Today, March 8, we are proud to celebrate International Women’s Day. The United Nations announced this year’s theme as “Women in leadership: Achieving an equal future in a COVID-19 world.” As a woman, a mother, a daughter, a sister, a friend, and a leader at Microsoft, this is an important time to acknowledge and celebrate the strength and resiliency women have shown during this pandemic. Women fill many frontline positions, caring for us in health facilities, keeping us fed by staffing grocery stores, and delivering our packages. They teach our children remotely while caring for their own children. They are information workers, cybersecurity professionals, and leaders all around.
The impact of this crisis makes it more important than ever to prioritize the education, careers, well-being, and growth of women at work. We are proud to be a part of a company and security team at Microsoft that makes it a priority to invest in programs and initiatives that will help support the role of women in the workforce today and in the future so they can bring their best selves to work every single day.
That is why as a collective group of security women, we feel it is important to share a bit about these efforts, as well as some thoughts from fellow leaders across our security teams on how we can work together to recognize and build on women’s achievements in cybersecurity.
In addition to the personal impact it has had on so many, the pandemic has also threatened our cybersecurity community. With companies sending most of their employees home to work, cybercriminals have been eager to take advantage of new endpoints in their attempts to assess company systems. As well, phishing schemes have targeted people by mimicking pandemic healthcare alerts or unemployment information.
This increase in cybersecurity threats compounds the strain already placed on existing cyber defenders. With the cyber talent gap widening, we need more diverse cybersecurity professionals than ever to thwart them. Women make up just 24 percent of the cybersecurity workforce, according to the 2019 (ISC)² report, Cybersecurity Workforce Study: Women in Cybersecurity. That imbalance is a big problem and during an online discussion called “Future Proofing Against Bias in Tech,” participating women Microsoft leaders shared why. For one, gender-diverse teams make better business decisions 73 percent of the time, according to a Cleverpop study mentioned during the discussion.
It also is critical to catch cyber threats because limiting your hiring to only certain types of cybersecurity professionals can lead to biases and missed threat protection opportunities. And if there’s one thing we know about cybercriminals, it’s that they’re very good at exploiting our biases.
Joy Chik, who is Microsoft Corporate Vice President for the Identity division shares, “Building diverse cyber teams provides a strategic advantage. Diversity drives innovation and devalues group think. This helps to give us an edge in how we build our products, design our security programs, and respond to threats—ultimately giving us an upper hand against cybercriminals who exploit our biases.”
Cybersecurity represents an exciting career opportunity for women, especially now with cyber threats on the rise against a backdrop of women disproportionately affected by job loss due to the pandemic. It raises the importance of opening up more opportunities for women into higher-skilled professions, including technology. In response to the pandemic’s severe impact on parts of the labor market, Microsoft launched its Global Skills Initiative to help 25 million people worldwide acquire digital skills and certifications to find new jobs. With our mission of Security for all, Microsoft Security is making it possible through our sponsorships and programs to making cybersecurity available to everyone—as a professional option and as business protection against cyber threats.
Microsoft is partnering on several programs aimed at encouraging girls and women to consider careers in cybersecurity and expanding career opportunities for women. These programs include:
Encouraging more girls and women to get into cybersecurity creates more effective companies. It can also help reduce the world’s shortage of qualified cybersecurity workers, which is expected to grow to 3.5 million in 2021.
As we look past the pandemic, we can expect that cybersecurity challenges will continue to evolve. AI, machine learning, and quantum computing will shape our response, but technology alone will not be enough. Some of our challenges can only be solved by people—those with different backgrounds, ideas, and experiences. Women are such a crucial part of this. We must continually commit to supporting and empowering women leaders so that we can grow and educate the next generation of female cybersecurity superheroes.
We are so lucky to work with so many talented woman leaders across the security teams at Microsoft. Together we’ve put together some tips on how we can all work to increase the number of women in cybersecurity.
Nothing will change unless your organization commits to increasing its diversity. That starts at the top, with senior executives and other company leaders prioritizing a diverse workforce and asking themselves tough questions about why there are no women or very few women on their technology teams.
We believe the persistent gender gap in STEM starts early, so we must as well. A few years ago, a colleague’s pre-teen daughter signed up for an after-school robotics class and when she arrived, saw only two girls in the room. Unfortunately, we’re losing many girls from STEM before they are even out of middle school. We’ve got to work harder to build curriculums that fit with their age and focus not just on the mechanics of coding but with more emphasis on creativity and real-world problem-solving. Giving them an opportunity to see the breadth of cybersecurity will encourage even our youngest future cyber warriors.
Once women are in those technology roles, it’s just as important to prevent a talent drain. 52 percent of women leave technology fields—nearly double the percentage of men who quit the technology field. In part, the problem can be attributed to women feeling stalled in their careers, with a Center for Talent Innovation study finding that 27 percent of women in tech jobs feeling that way and 32 percent were considering quitting in the next year.
Some hiring managers may reject qualified women candidates because they don’t fit a preconceived notion of a cybersecurity professional who checks all the expected boxes for age, gender, and race and has the technical skills, degrees, and certifications. This limited view causes companies to miss out on some incredible candidates.
The best cybersecurity professionals are insatiable learners and highly skilled problem-solvers. They may not work in cybersecurity or have a college degree but could become incredible assets to your organization.
According to one of our Microsoft Cyber Defense Operations Center (CDOC) Directors in the CISO Spotlight episode 7: People behind the cloud, “We want to bring in as many people of diverse backgrounds and skills as the problems we’re trying to solve. I’ve got university hires, military veterans, a mom who rides a motorcycle, people with advanced degrees, and just about everything in between. We do have some specialists who have done this for a really long time but we also get people who are coming in with a fresh perspective and they’re looking at things in a different way.”
There are opportunities for women at all levels in cybersecurity and the field is much wider than many imagine, encompassing roles in security products, cybercrime, compliance, privacy, and other related domains. According to Julie Brill, Microsoft’s Chief Privacy Officer, women early in their careers or changing roles mid-career may underestimate their qualifications, in part because the industry may be sending the wrong message to women on the value they can add to an organization even in the early stages of their careers.
“Talent comes from many places and doesn’t require a decade of prior experience. Women who are earlier in their careers are more likely to be digital natives and facile with technology. This tech-savvy generation brings critical insight into how we can approach user-centric privacy features across our products. Enthusiastic women professionals can add value to the diverse teams that are working quickly to address the constantly changing cybersecurity and privacy landscape. We will always need innovative thinkers at any stage of their career who are passionate about the impact they can make for the tech industry and society overall. There is so much opportunity to pursue a career in privacy and cybersecurity, and there is plenty of work to be done.”—Julie Brill, Chief Privacy Officer at Microsoft
Given the potential, Microsoft Security is paving the way by sponsoring these cybersecurity programs listed in this blog. We believe it is important to educate mid-level school and high school students about these opportunities, coach them, and give them career guidance in addition to teaching security fundamentals. In the future, we will also collaborate and sponsor Girl Security with a fellowship program to provide career education and mentoring to people with diverse backgrounds—enabling security to benefit all.
Imposter syndrome—candidates entering high skills fields can often feel self-doubt, insecurity, and undeserving of their role. Help set the right tone from the outset by reassuring them that they don’t need a perfect set of qualifications or an ideal background to become an amazing security engineer or cybercrime investigator.
No one was born with security knowledge and experience. People learn as they go along. As we’ve heard from Kristina in the CISO Spotlight Episode, people of all different backgrounds make good security professionals.
The work to develop programs and practices that attract and retain women in the field of cybersecurity is ongoing and moves as quickly as the field changes. In April, Microsoft Security is kicking off the Girl Security Fellowship program, a series of webcasts and training sessions that lead into the summer sharing inspiring stories from many of our women cybersecurity leaders and helping high school students learn security fundamentals along with mentorships. More information on the Microsoft and Girl Security program will be mentioned in a subsequent blog post later in March.
By embracing cybersecurity for all, we can both expand women’s options in the workforce and more effectively secure companies against threats. Stay tuned for more blogs this month featuring our women leaders in Cybersecurity. Happy International Women’s Day!
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
Other blogs to reference: