Tech Talent Spotlight Series: Sarah Armstrong-Smith

Sarah Armstrong-Smith, who is the Chief Security Advisor at Microsoft and works at the forefront of the cybersecurity sector, has established a solid career in STEM.

Sarah was appointed in the role in 2020, but she has already made an impact on business procedures by using her prior expertise working on incidents like the Millennium Bug to inform her plans for Microsoft's cyber security. Sarah has been at the forefront of significant cyber incidents and is passionate about pushing boundaries and challenging the status quo, Sarah has been on the front-line of major cyber incidents and helps businesses to navigate their tech journeys.

Sarah first developed an interest in everything cyber security related while working for Thames Water as a Business Continuity Analyst. As part of the large water utility business, Sarah was given the responsibility of working on the Millennium Bug programme for the business, finding her passion for crisis management.

In the ensuing 20 years, Sarah's passion of technology grew, and her knowledge of disaster recovery, data protection, and privacy increased. Sarah’s previous professional positions include Group Head Business Resilience & Crisis Management at The London Stock Exchange Group and Head Continuity & Resiliency, Enterprise & Cyber Security at Fujitsu. Such high-profile roles earned Sarah a place in the Most Influential Women in UK Tech and Most Influential Women in Cybersecurity and as a speaker, Sarah is passionate about empowering women in STEM industries.

In 2022, Sarah was recognised as a 'Distinguished Speaker' by Microsoft, which is the highest accolade provided by the Executive Briefing Center, and an individual can only win this award once.

Passionate about challenging the status quo, Sarah is an advocate for women in STEM. Effective Crisis Management, Sarah's first book, debuted at number two on Amazon's Best Selling List. Sarah was recognised on ComputerWeekly's longlist of the UK's Most Influential Tech Leaders 2023 as a result of her accomplishments in 2023. Sarah has been distinguished as one of the Most Influential Women in UK Tech and one of the Most Influential Women in Cybersecurity for her dedication to the sector.

Tell us a bit about your background and your route into cybersecurity.

I've been working in a tech environment for over 25 years, and trace this back to c.1999 when I found myself working on the ‘millennium bug’ or ‘Year 2000’ program for a water utility company. Many companies were on large transformation programs to re-code a lot of their computers and servers and my role was to consider what tests had to be performed at midnight to prove that IT systems were working properly.

Even from a young age, I’ve always been driven to ask ‘why’ and ask abundant questions: what if the systems don’t work or are corrupted; how do we keep the Call Centre operational; how do we communicate with customers; how do we look after customers who may have additional needs?

I didn’t know that what I was looking at was ‘business continuity’, to me it just felt like common sense, but I just knew that this was the start of a career for me, and I’ve never looked back! From there I pivoted to disaster recovery, crisis management, and into cybersecurity.

I currently operate as the Chief Security Advisor at Microsoft and act as an executive sponsor to strategic and major customers across Europe. I’m an experienced PR spokesperson and keynote speaker and often talk about the human aspects of cyber, breaking down the silos, and why 'resilience' in the face of adversity is a differentiator in a competitive environment.

This led me to publish my first book ‘Effective Crisis Management’ in October 2022, which explores the traits needed to be an effective leader, no matter what is on the horizon. This quickly became the publisher’s best-seller, and I’m really enjoying sharing the case studies, stories, and anecdotes that have spanned the last 25 years of my career.

You have been the Chief Security Advisor at Microsoft Europe since 2020, and have worked at giants such as Fujitsu and EY- what has been your proudest achievement and biggest career achievement to date?

Apart from writing my first book, the role I have right now at Microsoft has been a huge achievement and one that I have been able to shape and build. I joined in April 2020, just as the UK went into lockdown and therefore, I spent the first 18 months working from home and on Teams. When you don’t have the benefit of working directly with people, you need to spend more time being creative and thinking of different ways to engage people in conversation.

It was a privilege for me to work across so many industries and countries as multiple organisations struggled with how to embrace living and working through a global pandemic, to transition into true hybrid working, to where we are today. So many organisations are re-inventing themselves, by considering new business models, mergers, and acquisitions and how they embrace new and emerging technology, such as artificial intelligence – love it or loathe it, the buzz around generative AI has been extraordinary and is bringing potential issues on security, privacy, and ethics right to the forefront of people’s minds.

I’ve also had the privilege of speaking at 100’s of events and conferences around the world where I get to share my love of tech, and cybersecurity, and address some of these big questions that are top of mind. It is unfortunate that as much as we want tech for good, there are those that want to use it for nefarious purposes too.

As a cybersecurity expert, what are the biggest risks for businesses when it comes to emerging technologies and what advice do you have for them?

It’s important to adopt an assumed compromise mindset and take a risk-based approach to consider the risk versus reward when it comes to assessing emerging technologies. Our role is not to prevent the business from innovating or entering new markets but to help them make sound decisions when it comes to security, privacy, and resilience, and being accountable for how technology is utilised. This means ‘shifting left’ so that security is ‘by design and by default’, rather than a bolt-on at the end.

What are the most in-demand technical skills and certifications for cybersecurity professionals?

Cybersecurity is such a broad area, which includes technical and operational roles, as well as non-technical roles, like risk and compliance. As noted, it touches on so many aspects of our daily lives, and the way in which we consume products and services, now and into the future will continue to evolve.

Before investing time and money in training or certificates, have a look at some of the free resources that may be available, and take time to do some research. For example, Microsoft Learn is a free platform that enables you to create your own learning path, which fits your schedule and at a pace that suits you.

What top tips would you give to an individual who is trying to excel in their career in technology?

It sounds like a cliché, but we really need people who can ‘think outside of the box’. It’s why diversity is so important. It’s about people who think and act differently, from a variety of backgrounds and experiences, so we can continue to keep improving and innovating.

Don’t be afraid to keep putting yourself forward. I got where I am today because I kept volunteering for things, without really knowing what I was letting myself in for, but always taking it as an opportunity to learn, and try new things. After all you never know where it may take you!

More than anything, enjoy the journey.

What one thing do you believe has been a major factor in your achieving success?

A willingness and desire to never stop learning, and a curious mind that is not afraid to ask questions or challenge the status quo. You need to be willing to be disruptive if you want to influence change!

With a passion for women in business, what more needs to be done to improve gender inclusion in the workplace? 

We need to remove the notion that tech is predominantly a male-dominated subject, or that you need to be deeply technical to succeed. It is sad to me, that schools are still promoting subjects for girls, or subjects for boys. Examples might include computer science for boys, or drama for girls. These stereotypes, therefore, get instilled in children at young ages, whether we mean to or not. The reality is that we want children to experience as many different things as possible, to be excited about what lies ahead, and to enable them to be as creative and inquisitive as possible.

How has gender inclusion in the workplace evolved since the start of your professional journey? 

We often overgeneralise and stereotype people, by assuming that women lack confidence, and don’t have an interest in a career in tech, or leadership positions. These are all false barriers that can get in the way of people realising their full potential. We, therefore, need to find ways to help overcome and deal with some of these perceptions, because I truly believe that with the right encouragement and support, anyone can fulfill their potential.

Ironically the global pandemic has been a brilliant example of how we can break down some of these barriers and misconceptions through the ability to work from any place, at any time, from any device. That means that even people with specific caregiving, or other needs that perhaps restricted their ability to find work in some industries, are now finding fulfilling careers, that work in unison with their lifestyle as opposed to against it.

A huge thank you to Sarah Armstrong-Smith for dedicating her time to this interview. Her book is available for purchase now on Amazon using the link here. More information about Sarah can be found on: Sarah's LinkedIn - https://www.linkedin.com/in/sarah-armstrong-smith/