Kerissa Varma, African Chief Security Advisor for Microsoft, shares her journey into cybersecurity, the importance of female role models in tech, and how AI is reshaping the threat landscape.
Kerissa Varma, African Chief Security Advisor for Microsoft, shares her journey into cybersecurity, the importance of female role models in tech, and how AI is reshaping the threat landscape.
[00:00:00]
Megan Garza: Yeah. / As you mentioned, you know, there, there's a cybersecurity team, but it can't be siloed. It
Kerissa Varma: Yeah.
Megan Garza: be that team's, responsibility for the whole organization. 'cause they're, they can't be everywhere at the same place.
Megan Garza: Welcome to Speed Data, quick Conversations with Cybersecurity Leaders. I'm your host, Megan Garza. Today I'm speaking with Carissa Varma, the African Chief Security Advisor for Microsoft.
Welcome to Speed Data, Carissa.
Kerissa Varma: Hi, Megan. Lovely to be here.
Megan Garza: In her role, Carissa uses her wealth of cybersecurity and leadership experience to solve the most complex cybersecurity challenges and improve cyber resilience across Africa. A former BCX Digital Innovations Award finalist, Carissa also serves as president of the Southern Africa Chapter of Women in cybersecurity. A nonprofit that promotes the recruitment, retention, and advancement [00:01:00] of women in cybersecurity. Carissa has volunteered with I-S-A-C-A. She leads tech Empowering young women to pursue careers in technology. Chrisa, you once said that we have to get more women to be less afraid or intimidated to have careers in technology, we need fewer women believing it's too difficult of a career, and we need stronger female role models to share their stories, to help pave the way. Why do you think that's so important?
Kerissa Varma: Megan, unfortunately today, women still have an uneven footing when it comes to adopting technology careers. live in South Africa. And, women are still the major, uh, caregivers for children, for the elderly. and so we have this role, on top of our careers that we are all managing.
And I was at an event a few years ago, um, at a technology event, quite a big event. and I gave a talk about cybersecurity at the event. and a student came to sit next to me at lunch, to tell me she was so excited about a career in cybersecurity. Um, she felt [00:02:00] inspired. Um, she wanted to go into cybersecurity and the joy on her face just gave me a lot, you know, gave me the warm and fuzzies inside.
Um, it got me super excited and then. All of a sudden her face drops and you know, she goes really quiet. And I asked her, why? Why? What happened? What? And she's like, well. At school, I get good grades. My teachers tell me I can do anything. But when I go home in my community, um, they tell me a female can only do, you know, certain types of roles in, in society.
and it broke my heart a little. Um, but that is what women and and girls are facing on a daily basis, they're facing this societal norms around what women can't can and can't do. And so it really needs strong role modeling to be able to say, not just is a career in cybersecurity possible, but you can thrive in a career in cybersecurity.
It's not too difficult for you. It is something that you are. Able to achieve and still have, you know, everything else that you want in your life. Um, and so that, that's [00:03:00] why I believe that it's really important to have strong female role models in cybersecurity.
Megan Garza: I have a teenage stepdaughter. And I try to, ingrain, in her mind that women are just as capable as men. whatever the role may be, whether it's in cybersecurity, whether it's in politics, whether it's in science. and so I try to help her. I try to kind of teach her. That there shouldn't be any barriers, especially gender barriers, but I can only do that inside the home. And so when she leaves and goes out into school or her community, unfortunately, a lot of times she gets conflicting messages that say, mm, no, actually this, this is a man's role, or. that also kind of hits, hits close to home for me as well. but what made you, what drew you to cybersecurity in the first place?/
Kerissa Varma: uh, well to be honest, it was a little bit of luck. I was convinced I was gonna be a software engineer. and in my first round of interviews, uh, a cyber leader said, no, I want to hire you as a cybersecurity practitioner. And I kicked and I screamed, and I was like, Hmm, doesn't this company have something else in software [00:04:00] engineering?
Um, and so that little fortuitous interview actually landed me in my first cybersecurity role. It's been 21 years in cybersecurity, and I'm still loving it, and I can't imagine ever being a software engineer, so thank goodness for that interview. Um, But what actually keeps me in cybersecurity is my passion, and I'm, I'm very, very blessed to have something that I'm so passionate about, um, also be my vocation.
Megan Garza: I guess they must have seen something in you that you hadn't yet seen in yourself. so you talk about being passionate about cybersecurity. What do you enjoy the most about your role, either day to day or overall? I.
Kerissa Varma: there's very few roles out there where you can see the clear line of the work that you do and the benefit to society. And cybersecurity is one of those roles where you can clearly see that every day you wake up and you try and make the world a safer place for people to operate in, whether it's, A grandmother using internet banking for the first time, or a child going onto the internet for the first time, or some big corporate business, all of the bits and pieces come together to [00:05:00] make society safer. And so that mission is very close to my heart, protecting people, protecting society. that inspires me every single day./
Megan Garza: and you mentioned you've worked in cybersecurity now for over 20 years, so you've, been around, you know how we love our acronym soup. What do you think is the most important acronym in cybersecurity today?
Kerissa Varma: I'm going to use an acronym that is, symbolic of, I think the cybersecurity change and the change in the ecosystem that we are experiencing right now. And the acronym is XPIA, which is cross site, injection attack. And it's a type of attack against an ai and it's not, That that is the most critical attack that we are seeing or that it's the biggest volume or anything of the sort.
But the reason I chose that acronym is because it's really symbolic of the rate of change. A few months ago, we didn't have something like a cross site injection attack in artificial intelligence, and because. Technology is changing so quickly, the world is changing so quickly. Cyber attacks are also changing so [00:06:00] quickly that we are inventing new terms on a daily basis to be able to categorize what we are seeing.
Megan Garza: And you mentioned ai, so of course I have to mention, what do you foresee as the biggest threat or risk to cybersecurity on the horizon?/
Kerissa Varma: AI is being used by attackers, but equally it's being used by defenders so you can use it for good and for bad. and there's a lot of organizations that are talking about how do you adopt. AI safely. there's an exuberance towards wanting AI to improve business practices and, you know, get competitive edge and service customers better.
But equally we have to take the steps to make sure we're doing it responsibly, that we are securing our environments as we adopt ai. And so I think there's a lot of conversation happening around that. But equally, um, I think AI does have the potential to give defenders the upper hand as well. We are very fortunate as defenders that we have access to the data within our organizations. An attacker has to work to gain access to that data.
So by putting [00:07:00] AI on top of the data that we already have, we can then draw analysis that can maybe give us the upper hand against defenders. So really, I, I see it as a double edged, you know, make sure you protect against attacks that are coming in, enabled by ai, but also use AI to, to support your own cyber teams and cyber practices.
Megan Garza: Kind of take that edge back.
Kerissa Varma: Yeah.
Megan Garza: And lastly, what do you think is the most important thing to remember when working in cybersecurity?/
Kerissa Varma: cybersecurity is a team sport. this is an analogy that's been used, know, probably overused, but I really believe that you cannot influence. Cybersecurity across an organization. If you're thinking about a single individual or a single team having accountability for cybersecurity, yes, there's going to be a cybersecurity team.
There's going to be a CISO that's driving the direction that the organization takes, but every single individual and every single business Decision has impact on cybersecurity. So when you're making a new acquisition, when you are, you know, starting a new business line, when you're changing business practices, [00:08:00] all of that has impact on cybersecurity.
So executives understanding that impact and making sure that they're bringing cybersecurity to the forefront of the decision making is really important. Equally CISOs and cybersecurity teams, making sure that they understand the business, can speak the business's language, and can predict what is needed from a cybersecurity perspective to enable business practice instead of, you know, stopping business practice I think is really critical.
So that bridge between business and cybersecurity super, super critical.
Megan Garza: Yeah. / As you mentioned, you know, there, there's a cybersecurity team, but it can't be siloed. It
Kerissa Varma: Yeah.
Megan Garza: be that team's, responsibility for the whole organization. 'cause they're, they can't be everywhere at the same place. Well, thank you so much for joining me today, Carissa. I loved chatting with you, especially about the things that are kind of near and dear to my heart as well. For our audience, if you are interested in being a guest on Speed Data, please visit veronas.com/speed data. Thank you again, Carissa./
Kerissa Varma: Thank you, Megan.
[00:09:00]