Closing The Gap

Microsoft's Ann Johnson wants to close cybersecurity's talent gap—here's how

Microsoft's Ann Johnson addresses cybersecurity professionals at the 2019 RSA conference in San Francisco.
RSA Conference
Microsoft's Ann Johnson addresses cybersecurity professionals at the 2019 RSA conference in San Francisco.

There's a significant talent and skills gap in the cybersecurity industry and it needs to be addressed, Microsoft's Ann Johnson tells CNBC.

Women make up less than 10 percent of the cybersecurity industry and people of color far less, Johnson, Microsoft's CVP of cybersecurity solutions, said. She thinks it's critical to take steps to fix it now. Over 3 million job openings are projected to open in the industry within the next two years, and she sees a real need to bring different people into the industry to fill those jobs.

"Our teams need to be as diverse as the problems we are trying to solve," Johnson said. "We need to be much more inclusive as an industry and go out and recruit through non-traditional channels."

In the past few years government agencies like the FBI and Department of Homeland Security have faced breaches, and a number of high-profile corporate breaches, like Equifax, Marriott and Yahoo, have garnered national attention. Cybercrime damages are expected to top $6 trillion annually by 2021, according to a report from Cybersecurity Ventures. Experts say breaches are inevitable and the industry is focused on managing the risk.

In a recent blog post, Johnson wrote that those on the front lines of cybersecurity are often overwhelmed by threats and alerts, and that problem is amplified by a shortage of skilled cybersecurity professionals.

She said it has become an industry-wide effort to recruit, train and retain a diverse workforce, and that Microsoft is leading that effort and focusing on creating a pipeline of talent.

One program she highlighted is Microsoft's partnership with the Security Advisor Alliance, a non-profit that aims to support and diversify the cybersecurity industry. The program hosts cyber hackathons for students in grades 7 to 12 at underserved schools. The program's goal is to impact 2 million students and encourage then to pursue a career in cybersecurity, Johnson said. They also want to create 20,000 internship opportunities to help build that talent pipeline.

Addressing cybersecurity professionals at a recent conference in San Francisco, Johnson asked the crowd, "What happens if these jobs remain unfilled?" She said if this gap persists, the industry as a whole will suffer because, "cyber criminals will continue to exploit the unconscious bias that is inherent in this industry...we will become weaker relative to our adversaries."

Like this story? Subscribe to CNBC Make It on YouTube!

Don't miss: The ugly truth behind why men are more likely to get noticed by job recruiters, according to new LinkedIn study