Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
You're listening to the CyberWire network, powered by N2K. Defense contractors face immense pressure to comply with CMMC 2.0 security standards, needing a secure, user-friendly file-sharing solution. KiteWorks, a FedRAP moderate authorized solution, supports nearly 90% of CMMC 2.0 level 3 requirements, reducing compliance effort and cost. KiteWorks leverages a zero-trust framework for swift compliance and offers a secure platform for defense data protection needs with advanced security features and ease of use. Its intuitive UI, mobile apps and centralized policy management simplify administration. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with KiteWorks universal secure file-sharing platform made for defense contractors. Visit kiteworks.com to get started. Hi, I'm Anne Johnson. I'm the Corporate Vice President of Cybersecurity Business Development at Microsoft. My family would tell you from the time I was very young I was going to be a lawyer. And I went to undergraduate and I ended up with a degree, a dual major in communication and political science with a minor in history, all with the intent of going to law school. I wanted to understand how the world worked, but I also wanted to make sure I could speak effectively. And somewhere over that summer, I just decided I didn't want to be a lawyer, which was like a shock to everyone. Honestly, I said, "You know what, I can go work. The magical I can go work and then I'll go back to school." So I moved to Los Angeles because I thought there'd be greater career opportunity there and I really didn't have any idea what I was going to do. So I ended up in technology fairly accidentally and I've never left, by the way. I walked into a, at the time, there were computer stores and retail malls and they were hiring a floor salesperson. And I said, "Well, I know I can talk to people and I know something about personal computers because I've used one. So I'm sure I can do this job." And literally that is how the career started. So from there, I realized that I had a deep technical aptitude for technology. I did not go back to formal education, but I took every course and every certification that was available to me, did some Cisco certifications and IBM certifications and Microsoft certifications so that I could learn the technology. Then I went on, ultimately ended up in cybersecurity because I became fascinated with public private key infrastructure with PKI. So I actually started my cybersecurity career as a PKI architect and specialist. And from there, it just grew as I learned all of the different things and ultimately ended up spending 14 years in RSA security. I get up every day and get to solve some of the world's hardest problems and they don't even know they're being solved. I work with a team of brilliant professionals who are solving some of the world's hardest problems. We're helping make things as straightforward as their online banking transaction safe. Everyone can kind of understand that analogy. When I talk about online banking transactions or I talk about you have your ATM card, it has a pin. Well, we're doing that role of your online type transactions. Whether you're shopping online, you're banking online, we're trying to just make the world safer. A lot of cybersecurity folks like me love to mentor talent that wants to come into the industry. I'll give you one example. Every year I sponsor, my personally sponsor five people to attend Black Hat. And I try to look at folks that are new in the industry or career changing or from some diverse background or transitioning from US military. I have people come to me and apply and then I choose based on those criteria. So find a good mentor. And you know, sans training, black hat, the RSA conference, try to attend the experiences. And cybersecurity is a really broad and vast field. So decide what is interesting to you, right? And you should develop, you know, you should have a lot of different fundamental knowledge, but develop some type of expertise, whether it's, you know, secure coding, whether it's anti fraud, whether it's identity, but decide what it is you want to do. And then work with a mentor or work with the entities that you're getting training from to really develop a career path via training. I hope that the impact I have had in the industry is to do a few things. Number one, bring more diversity to the industry. And like I talked about, diversity is a broad spectrum. It's not just the, you know, man and woman type of diversity, but people from different backgrounds, educational backgrounds, socio economic backgrounds, global backgrounds. Number one, that's what I want to be known for. Number two, bring a human aspect to cybersecurity. Cyber security can be a very insular industry. I hope that, you know, the work that I've been doing and just changing the language of cybersecurity over the past 18 months is something that will have a long term impact. And the final thing I would say is that really truly being empathetic to the end user experience. So truly changing the culture of the industry and being one of those change agents for the industry and developing tools and that are easier to use, easier to consume is one of my big objectives. And that's really, you know, if I put it in those three dimensions, if I can accomplish those things, I will feel like I've had an impact and a legacy that's worthwhile. This September 18th and 19th in Denver, a tight community of leading experts is gathering to tackle the toughest cybersecurity challenges we face. It's happening at M-Wise, the unique conference built by practitioners for practitioners. Brought to you by Mandiant, now part of Google Cloud, M-Wise features one-to-one access with industry experts and fresh insights into the topics that matter most right now to frontline practitioners, register early and save at M-Wise.io/Cyberwire, that's M-Wise.io/Cyberwire. [MUSIC]
