International Women’s Day: How to support and grow women in cybersecurity

Today, March 8, we are proud to celebrate International Women’s Day. The United Nations announced this year’s theme as “Women in leadership: Achieving an equal future in a COVID-19 world.” As a woman, a mother, a daughter, a sister, a friend, and a leader at Microsoft, this is an important time to acknowledge and celebrate the strength and resiliency women have shown during this pandemic. Women fill many frontline positions, caring for us in health facilities, keeping us fed by staffing grocery stores, and delivering our packages. They teach our children remotely while caring for their own children. They are information workers, cybersecurity professionals, and leaders all around.

The impact of this crisis makes it more important than ever to prioritize the education, careers, well-being, and growth of women at work. We are proud to be a part of a company and security team at Microsoft that makes it a priority to invest in programs and initiatives that will help support the role of women in the workforce today and in the future so they can bring their best selves to work every single day.

That is why as a collective group of security women, we feel it is important to share a bit about these efforts, as well as some thoughts from fellow leaders across our security teams on how we can work together to recognize and build on women’s achievements in cybersecurity.

New cybersecurity threats require diverse security perspectives

In addition to the personal impact it has had on so many, the pandemic has also threatened our cybersecurity community. With companies sending most of their employees home to work, cybercriminals have been eager to take advantage of new endpoints in their attempts to assess company systems. As well, phishing schemes have targeted people by mimicking pandemic healthcare alerts or unemployment information.

This increase in cybersecurity threats compounds the strain already placed on existing cyber defenders. With the cyber talent gap widening, we need more diverse cybersecurity professionals than ever to thwart them. Women make up just 24 percent of the cybersecurity workforce, according to the 2019 (ISC)² report, Cybersecurity Workforce Study: Women in Cybersecurity. That imbalance is a big problem and during an online discussion called “Future Proofing Against Bias in Tech,” participating women Microsoft leaders shared why. For one, gender-diverse teams make better business decisions 73 percent of the time, according to a Cleverpop study mentioned during the discussion.

It also is critical to catch cyber threats because limiting your hiring to only certain types of cybersecurity professionals can lead to biases and missed threat protection opportunities. And if there’s one thing we know about cybercriminals, it’s that they’re very good at exploiting our biases.

Joy Chik, who is Microsoft Corporate Vice President for the Identity division shares, “Building diverse cyber teams provides a strategic advantage. Diversity drives innovation and devalues group think. This helps to give us an edge in how we build our products, design our security programs, and respond to threats—ultimately giving us an upper hand against cybercriminals who exploit our biases.”

What’s Microsoft Security doing to help?

Cybersecurity represents an exciting career opportunity for women, especially now with cyber threats on the rise against a backdrop of women disproportionately affected by job loss due to the pandemic. It raises the importance of opening up more opportunities for women into higher-skilled professions, including technology. In response to the pandemic’s severe impact on parts of the labor market, Microsoft launched its Global Skills Initiative to help 25 million people worldwide acquire digital skills and certifications to find new jobs. With our mission of Security for all, Microsoft Security is making it possible through our sponsorships and programs to making cybersecurity available to everyone—as a professional option and as business protection against cyber threats.

Microsoft is partnering on several programs aimed at encouraging girls and women to consider careers in cybersecurity and expanding career opportunities for women. These programs include:

  • Girls Go Cyberstart: Launched in 2017, this program aims to inspire and uncover future female talent by featuring a girls-only community in the national program CyberStart America. Female cybersecurity professionals at Microsoft have encouraged top high school Girls Go Cyberstart clubs by sharing how they got into security.
  • WYiCyS: Established in 2012, this global community creates opportunities for women in cybersecurity through professional development programs, conferences, and career fairs.
  • CyberShikshaa: Launched in 2018 by Microsoft India and the Data Security Council of India, this program is creating a pool of skilled female cybersecurity professionals.
  • Microsoft Cybersecurity Professional Program: Launched in 2018, this program helps aspiring cybersecurity professionals, as well as late-stage career transformers, learn the necessary skills to start a career in cybersecurity. To date, we’ve seen over 4,000 registrations, spanning a diverse range of ages and abilities.
  • DigiGirlz: This program gives high school girls the chance to participate in hands-on computer and technology workshops, learn about careers in technology, and connect with Microsoft employees. We also help girls grow their skills and love for technology through our support of TECHNOLOchicas, Black Girls CODE, and Girls Who Code.
  • Microsoft Women in Security: This long-running, company-wide initiative was started with the goal of building a strong internal community of female cyber professionals through programs, mentorships, and week-long events.
  • Cybersecurity Converge Tour: In partnership with organizations like the Security Advisory Alliance (SAA), Microsoft hosted students in New York City for a “Capture the Flag” interactive education and mentorship event with the goal of creating 20,000 internship opportunities and increasing the number of women and minority security professionals. We’ve also sponsored key events that support women like Executive Women’s Forum, The Diana Initiative, and Wicked 6 Cyber Games.

How to encourage more women in cybersecurity

Encouraging more girls and women to get into cybersecurity creates more effective companies. It can also help reduce the world’s shortage of qualified cybersecurity workers, which is expected to grow to 3.5 million in 2021.

As we look past the pandemic, we can expect that cybersecurity challenges will continue to evolve. AI, machine learning, and quantum computing will shape our response, but technology alone will not be enough. Some of our challenges can only be solved by people—those with different backgrounds, ideas, and experiences. Women are such a crucial part of this. We must continually commit to supporting and empowering women leaders so that we can grow and educate the next generation of female cybersecurity superheroes.

We are so lucky to work with so many talented woman leaders across the security teams at Microsoft. Together we’ve put together some tips on how we can all work to increase the number of women in cybersecurity.

1. Commit to recruiting more women and retaining them

Nothing will change unless your organization commits to increasing its diversity. That starts at the top, with senior executives and other company leaders prioritizing a diverse workforce and asking themselves tough questions about why there are no women or very few women on their technology teams.

We believe the persistent gender gap in STEM starts early, so we must as well. A few years ago, a colleague’s pre-teen daughter signed up for an after-school robotics class and when she arrived, saw only two girls in the room. Unfortunately, we’re losing many girls from STEM before they are even out of middle school. We’ve got to work harder to build curriculums that fit with their age and focus not just on the mechanics of coding but with more emphasis on creativity and real-world problem-solving. Giving them an opportunity to see the breadth of cybersecurity will encourage even our youngest future cyber warriors.

Once women are in those technology roles, it’s just as important to prevent a talent drain. 52 percent of women leave technology fields—nearly double the percentage of men who quit the technology field. In part, the problem can be attributed to women feeling stalled in their careers, with a Center for Talent Innovation study finding that 27 percent of women in tech jobs feeling that way and 32 percent were considering quitting in the next year.

2. Expand your definition of qualified candidates

Some hiring managers may reject qualified women candidates because they don’t fit a preconceived notion of a cybersecurity professional who checks all the expected boxes for age, gender, and race and has the technical skills, degrees, and certifications. This limited view causes companies to miss out on some incredible candidates.

The best cybersecurity professionals are insatiable learners and highly skilled problem-solvers. They may not work in cybersecurity or have a college degree but could become incredible assets to your organization.

According to one of our Microsoft Cyber Defense Operations Center (CDOC) Directors in the CISO Spotlight episode 7: People behind the cloud, “We want to bring in as many people of diverse backgrounds and skills as the problems we’re trying to solve. I’ve got university hires, military veterans, a mom who rides a motorcycle, people with advanced degrees, and just about everything in between. We do have some specialists who have done this for a really long time but we also get people who are coming in with a fresh perspective and they’re looking at things in a different way.”

3. Educate and encourage women on cybersecurity and how to apply

There are opportunities for women at all levels in cybersecurity and the field is much wider than many imagine, encompassing roles in security products, cybercrime, compliance, privacy, and other related domains. According to Julie Brill, Microsoft’s Chief Privacy Officer, women early in their careers or changing roles mid-career may underestimate their qualifications, in part because the industry may be sending the wrong message to women on the value they can add to an organization even in the early stages of their careers.

“Talent comes from many places and doesn’t require a decade of prior experience. Women who are earlier in their careers are more likely to be digital natives and facile with technology. This tech-savvy generation brings critical insight into how we can approach user-centric privacy features across our products. Enthusiastic women professionals can add value to the diverse teams that are working quickly to address the constantly changing cybersecurity and privacy landscape. We will always need innovative thinkers at any stage of their career who are passionate about the impact they can make for the tech industry and society overall. There is so much opportunity to pursue a career in privacy and cybersecurity, and there is plenty of work to be done.”—Julie Brill, Chief Privacy Officer at Microsoft

Given the potential, Microsoft Security is paving the way by sponsoring these cybersecurity programs listed in this blog. We believe it is important to educate mid-level school and high school students about these opportunities, coach them, and give them career guidance in addition to teaching security fundamentals. In the future, we will also collaborate and sponsor Girl Security with a fellowship program to provide career education and mentoring to people with diverse backgrounds—enabling security to benefit all.

4. Help candidates counter self-doubt

Imposter syndrome—candidates entering high skills fields can often feel self-doubt, insecurity, and undeserving of their role. Help set the right tone from the outset by reassuring them that they don’t need a perfect set of qualifications or an ideal background to become an amazing security engineer or cybercrime investigator.

No one was born with security knowledge and experience. People learn as they go along. As we’ve heard from Kristina in the CISO Spotlight Episode, people of all different backgrounds make good security professionals.

Support women in cybersecurity

The work to develop programs and practices that attract and retain women in the field of cybersecurity is ongoing and moves as quickly as the field changes. In April, Microsoft Security is kicking off the Girl Security Fellowship program, a series of webcasts and training sessions that lead into the summer sharing inspiring stories from many of our women cybersecurity leaders and helping high school students learn security fundamentals along with mentorships. More information on the Microsoft and Girl Security program will be mentioned in a subsequent blog post later in March.

By embracing cybersecurity for all, we can both expand women’s options in the workforce and more effectively secure companies against threats. Stay tuned for more blogs this month featuring our women leaders in Cybersecurity. Happy International Women’s Day!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Other blogs to reference: