The Gurus sat down with esteemed cyber professional Tannu Jiwnani to discuss navigating leadership, challenges, and empowering diversity in cybersecurity.
Q: Can you share how you got to where you are today in your career?
A: My journey into cybersecurity leadership wasn’t a direct path, but each role I took along the way helped shape where I am today. I started my career in business analysis, designing systems for an airline parts company. It wasn’t what I imagined would lead me to cybersecurity, but it was a formative experience. From there, I moved to Ernst & Young, where I worked on fraud identification systems. It was during this time that I first encountered fraud detection and identity management, which sparked my interest in the cybersecurity field.
Eventually, I joined Microsoft on the operations side, managing tools and systems used to process hundreds of invoices. This role helped me build a deep understanding of tools, processes, and testing skills that laid the foundation for my future work in cybersecurity. Then, I took a leap and transitioned into cybersecurity. Looking back, it was one of my best decisions, although I didn’t always feel that way at the time. Imposter syndrome was real, but I pushed through.
I started as a product manager for configuration management, focusing on identity authentication and authorization systems, as well as geo-expansion for cloud applications critical areas for securing applications. At that time, security wasn’t as prominent as it is today, so I had to learn quickly, often on the job.
Eventually, I transitioned into incident response, which allowed me to interact with multiple services and lead efforts to detect and defend against threat actors. Today, I lead the detection strategy for the entire organization, overseeing threat detection and mitigation across Microsoft.
While my path wasn’t linear, the diverse roles I’ve taken on have equipped me with the skills and experiences that enable me to drive meaningful impact in cybersecurity today.
Q: What does your job role entail?
A: As a Principal Security Engineer at Microsoft, my role focuses on leading security efforts, particularly in identity and access management. I’m responsible for shaping and implementing our detection and incident response strategy, working with teams across the company to protect Microsoft’s cloud and identity infrastructure.
To give you an analogy, imagine there’s a burglar trying to break into your home. The first step is to secure the entry point just like when a system goes down, we work to contain the issue quickly, preventing it from spreading to other systems. Our job is to prevent the breach from escalating, ensuring the threat actor is contained before they can cause further damage.
Once the “burglar” is inside, the next step is about neutralizing them and stopping their access this is when we’re actively responding to the threat, eliminating any vulnerabilities, and ensuring that they don’t move further within our system. This is like dealing with the immediate danger and ensuring your home is secure again.
The final stage is learning from the incident, so the next time an attack happens, we can stop the intruder before they even get close to the door. This step is all about improving our defenses, strengthening our detection systems, and ensuring we’re better prepared for the next threat actor who may try to break in.
It’s a constant cycle of detecting, mitigating, and learning, ensuring that we’re always one step ahead in protecting Microsoft’s systems from emerging threats.
Q: What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?
A: One of the biggest challenges I faced early in my career was the lack of women in the industry and in the rooms, I found myself in. This not only made the environment feel isolated, but it also acted as a catalyst for pre-existing imposter syndrome, which is common in cybersecurity. We all speak the same language but with different vocabularies, and when you don’t see anyone like yourself in the room, it can feel intimidating. Coming from a small town in India with no role models or exposure to this field, I never knew it was even a possibility for someone like me. So, standing here today was quite a shock. Early in my career. I had to learn to pretend I knew things and then dug deep to figure them out on my own, putting in that extra effort to be taken seriously, as there were no clear answers about where to start or what to learn.
However, I didn’t let that stop me. I took the initiative to create opportunities for myself and others. I made it a point to push for more women to be in the room, always striving to help bring more women into tech and cybersecurity. I’ve worked to ensure that my example shows others that it’s possible to succeed in this field, even when there aren’t many role models who look like you. It’s about ensuring that others know they belong here and that they can thrive, just as much as anyone else.
I personally took the initiative to support women through mentorship and by supporting various security-related organizations and chapters. By ensuring that women have a platform to talk, share their experiences, and see others in the field, I’ve created an opportunity for them to explore whether they would like to pursue a career in cybersecurity. Additionally, I make sure to regularly share my insights, contributing to the conversation and helping to further empower others.
All I want to say to the next generation of women entering this industry is: You belong here, exactly as you are. Just speak up, and you’ll see that people in the room are open to hearing your voice. It’s just that we all use different vocabularies, but the essence of what we’re doing is the same.
Q: What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?
A:I’m deeply committed to promoting diversity and inclusion in cybersecurity. One of the primary ways I do this is through mentorship. I mentor women from underserved communities through the Global Give Back Circle, helping guide them into the cybersecurity field. For example, I mentored a high school student who later founded her own startup in Rwanda, an incredibly rewarding experience.
At Microsoft, I am a co-chair of the MS Families ERG, where we run a program designed to help individuals, particularly women, return to technical roles after parental leave. This program provides mentorship, reskilling, and a support network to ease their transition back into the workforce. I also co-chairwomen in Security at Microsoft, where one of our efforts enabled the Women Rising Leadership Program, empowering 15 women to prepare for leadership roles and helping increase female representation in senior cybersecurity positions. Additionally, I was also involved in organizing the Women in Security Annual Summit, where we bring together women to share their experiences and knowledge.
I’m also launching the first Seattle chapter of Women in Security and Privacy (WISP), which will offer mentorship, resources, and career development for women and underrepresented groups in cybersecurity. I serve on advisory boards for Bellevue College and Shoreline Community College, where I help shape cybersecurity curricula that prioritize diversity.
By creating spaces for mentorship and career development, advocating for greater representation, and offering practical support, I aim to make cybersecurity a more inclusive and diverse industry.
Q: Who has inspired you in your life/career?
A: I’m inspired by the women who have dared to speak up and make their mark in fields where they were never expected to belong. These women aren’t just making waves in cybersecurity, but in every industry whether it’s business, technology, or science. They’ve shown that success doesn’t require conformity, and they’ve paved the way for others to follow.
But what truly motivates me is thinking of the young girls sitting in a classroom, overwhelmed by the thought of how hard it all seems. I’d say to them: Keep dreaming. You don’t need a roadmap or a blueprint to succeed you just need the zest and determination to become the expert you aspire to be. I was once there, staring at the walls, unsure if a different future was even possible, but I kept pushing forward.
It’s these girls, the ones who may not yet see their potential, who inspire me to keep showing up, building, and creating opportunities. Every time I break a barrier or take a step forward, I know I’m helping build a path for them. Visibility is power, and together, we’re proving that anything is possible for the next generation.
The post Q&A Spotlight: Tannu Jiwnani – Navigating Leadership, Challenges, and Empowering Diversity in Cybersecurity appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
