Ann Johnson is Corporate Vice President of SCI Business Development at Microsoft.
She oversees the investment and strategic partner strategy roadmap for security, compliance, and identity for one of the largest tech companies on our planet to help organizations become operationally resilient on their digital transformation journey and unlock capabilities of Microsoft’s intelligent cloud and next generation AI. She is a member of the board of advisors for FS-ISAC (The Financial Services Information Sharing and Analysis Center), an advisory board member for EWF (Executive Women’s Forum on Information Security, Risk Management & Privacy), and an advisory board member for HYPR Corp. Ann recently joined the board of advisors for Cybersecurity Ventures. For more about Microsoft’s Cybersecurity Solutions, visit the Microsoft Security Site, or follow Microsoft Security on Twitter at @msftsecurity or @WDSecurity. You can also hear her talk with some of the biggest influencers in cybersecurity each week on Afternoon Cyber Tea with Ann Johnson. Ann is also an EWF Ambassador and Advisory Board Member. Please welcome her!
1) In college, you majored in Communications and Political Science. What drew you into the “tech/privacy/infosec/cybersecurity” field?
I am an incredibly curious person, who loves learning, and complex problem-solving. It’s one of the reasons why I was drawn to political science and law. My career path changed when I started working with computers. I found I had a deep aptitude for technology and started earning certifications to learn more about, at that time, what was an emerging field. I ultimately landed in cybersecurity following my interest in PKI. There are many similarities you can draw between communications, political science, and cybersecurity, but the biggest one is people. People are at the core of each of these.
2) How did you learn about the EWF? When did you become a member?
The Executive Women’s Forum has a stellar reputation of championing women and their careers. I knew I wanted to be not only a member, but involved in EWF, when I began meeting the women who were a part of the organization, hearing about their positive experiences, and learning about the connections they were making personally, and professionally because of being a part of EWF.
“Mentoring is a key tool I have used to integrate my career and my personal life. It can be a powerful tool for increasing the number of women in cybersecurity.”
3) What are some tools you’ve used to integrate your career with your personal life?
Mentoring is a key tool I have used to integrate my career and my personal life. It can be a powerful tool for increasing the number of women in cybersecurity. People select careers that they can imagine themselves doing. This process starts young. Recently a colleague’s pre-teen daughter signed up for an after-school robotics class. When she showed up at the class, only two other girls were in the room. Girls are opting out of STEM before they can (legally) opt into a PG-13 movie. But we can change this. By exposing girls to technology earlier, we can reduce the intimidation factor and get them excited. One group that is doing this is the Security Advisor Alliance. Get involved in organizations like this to reach girls and other underrepresented groups before they decide cybersecurity is not for them.
4) How did you overcome the “boys club” atmosphere in your career path? Did you feel supported when you first started out?
I’ve always pushed boundaries and challenged traditional schools of thought. It was only natural to encourage the cyber industry to get outside its comfort zones whether it was to expand how we address the evolving threat landscape or expand the number of seats around the cyber table.
5) Did you have a mentor or sponsor who supported you early on in your career? If so, what did you find most helpful?
One of the best pieces of advice I was given, and it’s why I continue to pay it forward and share this same advice, is to attend conferences to meet people in the roles you are interested in pursuing. RSA, Black Hat, and Def Con are among the largest cybersecurity conferences that offer attendees the opportunity to learn the latest research and dig into techniques. Consequently, these are great access points for joining the community. Budget or recent travel restrictions shouldn’t hinder your opportunities. Use social media to engage in online forums, find local events and reach out to experts. Several of my mentees use LinkedIn to start the conversation. If you go this route, make sure your introduction communicates you are connecting for the prospective mentor’s cumulative experience, not just their job status.
6) How has the EWF helped you expand your network?
No matter what stage you are in your career, we all need to continue learning from one another. This means continuing to grow our network as more people join the cyber industry. As someone who has spent nearly 20 years in cybersecurity leadership roles, I’m often asked for mentorship guidance. I welcome these opportunities because I learn from these conversations as well. I often tell people that ideally, everyone has three types of mentors to lean on: someone who helps you with your career inside your company or the one you want to enter; a coach who brings outside perspective to troubleshooting day-to-day problems; and an advisor in a more senior role who looks out for the next step in your career. The coach should be someone outside your immediate team to arm you with objective, external advice. The advisor can be internal or if you’re seeking to leave your company, someone elsewhere. EWF’s commitment to help advance all women in our industry, through education, leadership development and the creation of trusted relationships allows me to engage with women who also want to continue to learn and grow.
“My advice: be curious, be courageous, and be willing to be vulnerable.“
7) What advice would you give to the next generation of female leaders in the “tech/privacy/infosec/cybersecurity” industry?
My advice: be curious, be courageous, and be willing to be vulnerable. Anyone seeking to get into cybersecurity needs a network that provides the encouragement and constructive feedback that will help them grow. I have mentored several non-technical women who have gone on to have successful roles in cybersecurity. These relationships have been very rewarding for me and my mentees, which is why I advocate that everybody should become a mentor and a mentee.
If you haven’t broken into cybersecurity yet, or if you are in the field and want to grow your career recommend seeking out training and certificate programs offered by organizations like Sans Institute and ISC2. I am especially excited about Girls Go Cyberstart, a program for young people that Microsoft is working on with Sans Institute.
- Build up your advocate bench with the following types of mentors:
- Career advocate: Someone who helps you with your career inside your company or the one you want to enter.
- Coach: Someone outside your organization who brings a different perspective to troubleshooting day-to-day problems.
- Senior advisor: Someone inside or outside your organization who looks out for the next step in your career.
- Use social media to engage in online forums, find local events, and reach experts. Several of my mentees use LinkedIn to start the conversation.
- When you introduce yourself to someone online, be clear that you are interested in their cumulative experience, not just their job status.
For those already in cybersecurity, be open to those from the outside seeking guidance, especially if they don’t align with traditional expectations of who a cybersecurity professional is.
“Bravery allows us to consider new perspectives and new ideas to how we address our global challenges.”
8) What are you most proud of?
I am most proud of my daughter. She is one of the main reasons for my ardent efforts to push our cyber community to become diverse and inclusive. Her bravery and outlook on the world has taught me so much about who I am, and who I want to be. Bravery allows us to consider new perspectives and new ideas to how we address our global challenges. Quite often, you’ll hear me say that our teams must be as diverse as the problems we are trying to solve because gaining the advantage against cybercrime depends on it. As an industry, we have acknowledged that diverse data sets provide the best AI and Machine Learning outcomes. When we embrace this same understanding of diversity as it applies to our cyber teams, we help both future proof against bias in tech, while also opening the door to creativity, innovation, and problem solving.