Get career advice from 7 inspiring leaders in cybersecurity

Are you currently studying information security? Or are you considering transitioning to a career in cybersecurity? According to the US Bureau of Labor Statistics, cybersecurity jobs will grow 31 percent from 2019 to 2029—more than six times the national average job growth.1 Cybersecurity skills are clearly in high demand. But more than that, cybersecurity is a rewarding career attracting many bright, passionate practitioners and leaders who are invested in making the world a better, more secure place.

As part of Cybersecurity Awareness Month and this week’s theme on cybersecurity careers, we are focusing this blog on top experts in the industry who will share insights on their careers in cybersecurity. In this post, we’ve asked seven cybersecurity leaders six questions about their career experiences to help you navigate and grow your career in the industry and foster new talent. Be sure to also check out our career guidance and educational resources to help you navigate your cybersecurity career.

What’s one thing you know now that you wish you knew when you first started your career in cybersecurity?

“The diversity of backgrounds that drive the best teams of cybersecurity professionals; not everyone needs to have a computer science background as there are so many prisms of skills needed for cybersecurity.”—Valecia Maclin, Partner General Manager, Sovereign Cloud, Microsoft

“When I started in cybersecurity, the internet was not what it is now with such ubiquitous access across so many diverse layers from culture, geography, access to connectivity, language, geopolitics, and more. What I know is that I would have better embraced the different layers of diversity by pausing and taking time to learn about different cultures to better understand motivations and challenges. Also, I would have spent time learning languages as there are local thoughts that cannot be translated. But by living in a community, we learn to understand differences.”—Peter Anaman, Principal Investigator, Digital Crimes Unit, Microsoft

“It’s not the technical issues that are the biggest hurdles; rather motivating, inspiring, and rallying people is and always will be our greatest challenge.”—Edna Conway, Vice President, Chief Security and Risk Officer, Microsoft

“I began my career as a national security policy analyst shortly after September 11, 2001, amid the rise of pressing cybersecurity challenges and related privacy and civil liberties concerns. Much of my learning about cybersecurity was grounded in national security law. When I reflect back on that time, one of the overarching challenges I remember observing as a green college graduate surrounded by amazing security leaders was around how the United States can advance a cybersecurity strategy that responds to emerging threats while also upholding the Constitution. I wish I had a clearer sense then that cybersecurity law was a pathway! I still find these crucial tensions to be the most compelling.”—Lauren Bean Buitta, Founder and Chief Executive Officer, Girl Security

What has been the most enjoyable aspect of your career in cybersecurity?

“I love teaching things to people. I love discovering something new, and then sharing that knowledge with as many people as possible. I was a musical performer for most of my life, and somehow it never occurred to me to do public speaking. It had never occurred to me that even though I was a songwriter for 17 years, that I could also write blog articles and share knowledge that way. And that I could be good at it. It’s kind of funny because it seems so obvious in retrospect, but I love writing and I love speaking. Sharing knowledge is my favorite part of cybersecurity.”—Tanya Janca, Founder and Chief Executive Officer, We Hack Purple Academy

“Breaking stuff. I think that’s the same answer for many people in this industry because there’s a natural curiosity to see if they can make things behave in ways that they weren’t designed to do.”—Troy Hunt, Founder of Have I Been Pwned, information security author, and instructor at Pluralsight

“It has been a privilege to contribute to the safety of internet users and growth of business and socioeconomic opportunities across many jurisdictions. I have also enjoyed learning new technologies and working with many amazing colleagues and friends as we collaborate to solve new online security challenges.”—Peter Anaman

The most surprising?

“That a former homicide prosecutor with an undergraduate degree in Medieval and Renaissance Literature could bring a unique and valuable perspective to the cyber arena.”—Edna Conway

“The most surprising thing to me about cybersecurity is that time and again, our adversaries underestimate the power of the human spirit.”—Ann Johnson, Corporate Vice President, Security, Compliance, and Identity, Microsoft

“The fact that we keep finding the same things. There’s so much work to do, you know. Often, I get asked, ‘Are we winning the battle against the hackers?’ And I say, ‘It’s a little like looking at your fingernails and going, ‘I’m losing the battle.’’ No, you’re just maintaining equilibrium.”—Troy Hunt

Cybersecurity is a vast industry. How do you decide your focus or specialization within cybersecurity?

“Well, I don’t think you have to decide as a premeditated decision. I think what’s great about the tech industry, in general, is that there are so many places to get started with nothing. It’s very much a meritocracy. People are interested in what you have done. What are your achievements? Start somewhere and the path sort of reveals itself.”—Troy Hunt

“Ahh—that is the beauty of cybersecurity—I don’t have to. Rather, I can consistently drive a comprehensive approach that is customizable to the needs of the entire ecosystem. That lured me to the complexity of supply chain security and third-party risk.”—Edna Conway

“My career has always focused on delivering solutions that protect national security and critical infrastructure, so I tend to gravitate to focus in this area. I enjoy knowing my work is making a difference on a global scale.“—Valecia Maclin

“I think finding one’s focus is a balance of trial and error and trusting instincts. I always recommend trying new learning and training on the technical skill sets and there are plenty of amazing organizations that offer those programs, as well as the types of skills we teach at Girl Security, which include ethical decision making, critical thinking, risk management, strategy, and innovation, for example. In addition, identify those who might describe careers that appeal to you. Browse LinkedIn, or your favorite companies or organizations, consider role models or inspiring individuals and learn about their paths. You might be surprised at the twists and turns. Lastly, and most importantly, value your unique strengths. Everyone has some unique contribution to make in life and to cybersecurity. Don’t doubt your strengths and contributions, which may very well be potential pathways. My mom always reinforced the importance of active listening, which has benefitted me tremendously in my service and leadership roles.”—Lauren Bean Buitta

If you could recommend one skill to learn, what would it be?

“One skill is hard, and I would suggest two. As we live in the Fourth Industrial Revolution, we need to learn the skills associated with machine-enabled systems. I would encourage learning about databases, such as SQL or Kusto, and a programming language, such as C# or Python.”—Peter Anaman

“Be comfortable with change and the unknown.”—Valecia Maclin

“If there was one cybersecurity skill I’d recommend that people learn, it’s how to be empathetic to the end user. When we are empathetic, we innovate for people, not the end product.”—Ann Johnson

“The one skill I would suggest people learn is how to behave in a professional setting. Understand the basics, such as responding to emails in a timely manner, being precise and concise when you write or speak, and showing up on time and prepared.”—Tanya Janca

What’s the best career advice you’ve ever been given?

“Learn how to influence, set, and navigate policy, regulations, and legislation.”—Edna Conway

“If I could talk to my younger self, I’d say get out of your comfort zone. Whether it’s our professional or personal life, we learn more when we challenge ourselves to push our boundaries.”—Ann Johnson

“Have integrity. Life and professions can present challenging opportunities that test the bounds of our values and ethics. In addition, in competitive spaces, people might question one’s ‘credentials,’ their education, whether they know a particular person, or even how they run their business or do their job. If you maintain your integrity, you can weather the challenges and rise above the critics.”—Lauren Bean Buitta

“I was told to switch from software development to security. I was told I would make more money, the job security would be great, and I would always get to learn lots of new things. They were right!”—Tanya Janca

Learn more

Throughout the month of October, we will be sharing blog posts with in-depth information and helpful tips for each themed week of Cybersecurity Awareness Month 2021. Read our current posts:

To access training, certifications, and other resources that you can share with your organization, visit the Microsoft Security Cybersecurity Awareness education page.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

1Information Security Analysts, US Bureau of Labor Statistics. 8 September 2021.