It is our pleasure to introduce Jinisha Norwood, a Principal Cyber Security Architect at IBM. In simple terms, security architecture is the design of an organization's computer systems to protect their data and systems from cyber threats. In this role, Jinisha collaborates with clients to identify security needs, define requirements, and establish strategic roadmaps based on industry best practices and organizational objectives. Jinisha is also a passionate advocate for increasing the presence of women in technology fields, particularly cybersecurity. Her commitment has led her to various speaking engagements, including at the United Nations.

We hope you enjoy getting to know Jinisha as much as we did. Thank you Jinisha for sharing your insights and thoughts with us!

‍

1. What inspired you to pursue a career in cybersecurity, and how did you get started in the field?

My tech journey started when I moved to the U.S. in 9th grade. Struggling to communicate effectively in school due to my Indian accent, I found my voice in an "Intro to Java" class, where coding made me feel understood. Convinced that I wanted to be a computer programmer, I began interning and working as a software engineer before pivoting to an infrastructure role. Ultimately, curiosity about cybersecurity’s unfavorable reputation among other teams catapulted me into the field.

In my first cybersecurity role, I worked on implementing risk mitigation strategies for the business unit I supported. This experience taught me the crucial role of integrating business context into security strategies. Within a year, I discovered a passion for cybersecurity — a field that perfectly combines technology with the opportunity to make a meaningful impact. Since then, I have taken on various roles within the field, from being a security engineer to a manager to leading security product management. Today, I cannot envision doing anything else.

‍

1. How have you seen the cybersecurity landscape evolve throughout your career, and how does a diverse workforce help?

The cyber threat landscape has evolved significantly; below are a few ways:

- Threats like advanced persistent threats (APTs), ransomware, and supply chain attacks have grown more sophisticated, targeting critical infrastructure and organizations.

- Regulations such as GDPR and CCPA have heightened requirements for data privacy and security.

- The shift to cloud services and remote work has expanded the attack surface, prompting new security strategies.

- AI and automation play increasing roles in threat detection, while collaboration and threat intelligence sharing have become essential for collective defense.

- Cybersecurity attacks are leveraged to wage conflict between nation states.

A diverse workforce is crucial in cybersecurity. Cyber threats come from a variety of sources, each with unique tactics and perspectives. By bringing together individuals from different backgrounds and experiences, we can foster diverse thought processes and innovative solutions. This diversity enables us to anticipate and counteract threats more effectively, ensuring a more resilient cybersecurity posture. As technology continues to advance, the importance of diversity in our teams will only grow, helping us to stay ahead in the battle against cyber threats.

‍

3. Can you describe a particularly impactful project you've worked on, and what lessons you learned from it?

One of my favorite projects was hosting an internal security podcast at my previous organization. We aimed to demystify complex cybersecurity topics, such as sophisticated APTs and supply chain attacks, making them accessible to both tech-savvy and non-technical employees. What started as a personal initiative within our team quickly gained traction across the entire company.

This project taught me the importance of empathy-driven education in cybersecurity. By breaking down intricate concepts and presenting them in an engaging, understandable way, we were able to foster a more security-conscious culture. The key lesson I learned is that effective cyber education requires collaboration and empathy — we are all most secure when we work together.

‍

4. How do you stay updated and continue to develop your skills in such a rapidly changing field, and what resources would you recommend to others in the field or aspiring to join the field?  

I stay updated and develop my skills by consistently engaging with various cybersecurity resources. Every day, I read several cybersecurity websites, listen to podcasts, and follow prominent cybersecurity accounts on social media platforms. Additionally, I regularly review briefings and updates from organizations like the SEC, NIST, and other industry and government bodies. This routine helps me stay informed about the latest threats, trends, and best practices in the field.

For those aspiring to join the field, I recommend finding an intersection between your passions and cybersecurity. For example, if you have an interest in medicine, explore how cybersecurity is crucial for medical devices and the enforcement of HIPAA regulations. Security is integrated into every industry, so combining your interests with cybersecurity can lead to a fulfilling and impactful career. By aligning your passions with cybersecurity, you can stay motivated and continuously grow in this dynamic field.

‍

5. Looking back, what is one thing you wish you knew when you were starting your cybersecurity career?

I wish I had known that it's perfectly okay to come from a non-traditional background. When I first ventured into cybersecurity, I felt very intimidated and unsure of my place in the field. I'll never forget the advice from one of my former colleagues, Tamisha Dixon: "You are already at the table. Stop wondering if you belong… take a seat and eat!" This wisdom helped me realize that diverse backgrounds are valuable and that confidence in my unique perspective was crucial for success. Embracing this mindset early on would have made my transition into cybersecurity smoother and more self-assured.

‍