Recent surveys indicate that only 20 per cent of cybersecurity professionals are female, underscoring the need for concerted efforts to bridge this gender gap. Amid this disparity, attracting more women to the cybersecurity sector will contribute to a more diverse and inclusive industry, says Sarah Armstrong Smith, chief security adviser at Microsoft.

Sarah Armstrong Smith was recently in Malta to discuss the evolving landscape in cybersecurity. Before joining Microsoft, she managed crises at Thames Water, AXA, EY, Fujitsu and the London Stock Exchange, and throughout her 25-year career, she has been focusing on the human aspects of cybersecurity, trust-building and transparency.

“One major deterrent for women entering the IT sector, especially in cybersecurity, is the pervasive perception of a male-dominated industry. This stereotype can dissuade women from pursuing careers in the field, perpetuating a cycle of underrepresentation,” Armstrong Smith said.

“Moreover, there is a misconception that cybersecurity roles are exclusively technical, overlooking the diverse array of opportunities within the industry, including governance, compliance, risk management and incident respons.”

She explained that addressing these issues requires a multifaceted approach.

“Microsoft recognises the importance of visibility and representation, emphasising the need for positive role models at all levels of the cybersecurity hierarchy. From entry-level positions to chief information security officers (CISOs), diverse role models can inspire women to envision themselves in similar roles and challenge preconceived notions about who belongs in the industry.”

The recently published 2023 Microsoft Digital Defence Report revealed a 35 per cent increase in demand for cybersecurity experts in the past year, highlighting the urgency to address the gender gap. And, with over 2.5 million jobs available in cybersecurity globally, women have a significant opportunity to contribute to this rapidly growing field.

To empower women in cybersecurity, Microsoft has expanded its cybersecurity skills initiative to 28 countries, focusing on strategic partnerships with educational institutions, non-profits, governments and businesses, an initiative that seeks to develop localised cybersecurity and artificial intelligence (AI) skills programmes that align with market needs.

This collaboration between Microsoft and over 20 non-profit organisations has already trained more than 400,000 individuals worldwide in cybersecurity skills through platforms like Microsoft Learn and LinkedIn Learning.

Armstrong Smith noted how the challenge to tackle the persisting shortage of talent requires a holistic approach.

“The scarcity of skilled cybersecurity professionals poses a critical threat to safeguarding both public and private infrastructure. We have recognised the need for comprehensive solutions and are actively addressing the talent shortage by providing training and certification programs globally.

However, she said, it is not just about technical skills. Microsoft acknowledges the importance of diversity at all levels, emphasising the need for individuals who can bring different perspectives to the table.

“Soft skills such as problem-solving, abstract thinking and effective communication are deemed crucial in countering cybersecurity challenges and breaking away from groupthink,” Armstrong Smith said.

Microsoft is also addressing gender imbalances by redefining workplace norms. Transparency in job roles, remote work policies and flexible scheduling options are crucial elements in making the industry more accessible to women who may have caregiving responsibilities or other considerations.

“By offering options such as part-time or condensed hours, Microsoft aims to create an inclusive environment where employees can thrive without compromising personal priorities,” Armstrong Smith continued.

“We need to empower women with skills, foster diversity, and reimagine workplace norms. This is what we are doing at Microsoft not only to address the immediate talent shortage but to also pave the way for a more inclusive and innovative future in the cybersecurity sector.”

She also spoke about her personal experience as a female working in the IT sector, the challenges she encountered and how she tackled them.

“The biggest challenge I found was to be taken seriously when I was younger. I, therefore, felt like I had to work harder to earn my seat at the table, by learning and experiencing lots of different things, so that I could be regarded as the ‘subject matter expert’ in the room. I guess ultimately it is what spurred me on to want to achieve more.

“Today, I no longer feel that I need to justify myself. Whatever the age, background, gender or culture, it is the diversity of thought and experience that enables us to collectively think and act differently, rather than relying on the dominant voice in the room. This is ultimately what we need to innovate and move forward,” she concluded.

In 2022, Sarah Armstrong Smith authored ‘Effective Crisis Management’, which swiftly became a bestseller and was nominated for multiple industry awards, including ‘most influential and inspiring women in UK tech’ and ‘most influential women in cybersecurity’ over the last five years. She earned the title of fellow of the British Computer Society in 2021 and today, she also passionately engages with SMEs as an independent board adviser, guiding them on their tech journeys.