Meet 9 women leading cloud security at Amazon and AWS

Melissa Bishop started her career in IT audit and consulting, but quickly became fascinated by the underlying technologies and controls that enable secure systems. She’s worked in security for more than 20 years, and now leads information security for the corporate business functions that run Amazon.

She believes women bring similar valuable attributes to the security field that they do to life in general, like "the ability to rapidly make multiple trade-off decisions, often in a crisis or semi-crisis situation while thoughtfully considering various possible outcomes, staying calm, and caring about the people around them."

Her advice to women? Focus on continuous learning and relationship building.

"Regardless of your background or level—and not unlike being good in any career—research and constant learning along with networking are fundamental to getting started and continually advancing."

Becky Weiss found herself in a security career by accident, and then deliberately. She first came to AWS as a software engineer in 2013 to work on EC2 and quickly realized how central security capabilities are to the customer experience across all of AWS's services.

"I'm now in my second stint at AWS, having been an AWS customer at a born-in-AWS startup in the interim. When I returned to AWS in 2018, having been personally responsible for the security of workloads running in AWS, I knew I wanted to contribute directly to AWS's status as the cloud with the strongest security offerings."

Weiss thinks each person brings unique attributes to the security field. She said it’s an especially good domain for people who are intellectually curious and want to bear meaningful responsibility in the world.

"The question to ask yourself is what attributes you might bring to the field of security. It's highly meaningful to be in a job where I can tip the balance toward the success of businesses and their customers, and against those who would try to disrupt that success. In this job, you can be your brother's keeper. That prospect appeals to me, and it's what motivates me to do this job."

Her advice to women? “It's the same advice I would offer any person considering this career. It's a line of work that best suits curious people, the kinds of people for whom a problem or a malfunction is an interesting opening rather than a mess to be avoided. I do think that's an attitude that can be cultivated. Take it upon yourself to take the long road: start on page one, dive in, build some things, and bring yourself up to speed.“

Brigid Johnson got into security when she got into the cloud. A peer said something eye-opening to her, 'you know what customers care about when it comes to the cloud? Security.'

Johnson believes women bring unique attributes to the security field, which she says is ultimately the field at center of technology, business, and innovation.

“Working in security requires driving alignment across teams, focusing on the broader picture, diving into details, while advocating for the right answer. Women in security bring the ability to connect the people and technology aspects to highlight and reduce security risk.”

Her advice to women? It’s threefold:

1. "You don't need to know everything about security to be in security, pick a subdomain that interests you and pursue that part. The rest can come in time.
2. Focus on articulating the risks to influence others, then use your creativity to recommend ways to reduce it. You might not always eliminate it, but reducing moves the needle, too.
3. Practice your backbone, you will probably need it throughout your career."  

For Jenny Brinkley, the path to becoming a security leader at AWS was equal parts happenstance and conviction. After a friend's devastating data loss, Jenny found herself naturally drawn to protecting people's digital lives through security.

"Seeing the impact of how my friend's life's work was stolen really pushed me into this career. I wanted to develop better programs that keep people and their intellectual property safe."

At AWS, she’s now responsible for security monitoring and analysis, training and awareness, supply chain security, vendor application security, internal security reviews and data center security controls. She thinks women bring a unique perspective to the security space thanks to their compassion, empathy, care, and a sense of responsibility.

“We need more diversification, full stop, to help fight security events. Security challenges vary on so many levels. Different backgrounds, lived experiences, and perspectives help drive new thinking and approaches to bring everyone along in keeping our systems, data, and people safe.”

Her advice to women? “Be bold, speak truth to power, push yourself to show up as your authentic self. Don’t change to fit a mold or what you think someone in security should look like, sound like, or act like. Be you. We need more women in this field to help bring everyone to the table — not just the same status quo of what people think of when they think of security leaders.”  

Neha Rungta was trained as a scientist in the field of automated reasoning, which is a form of artificial intelligence. After seven years at NASA, she took on a role at AWS Security in 2016.

"I knew nothing about the cloud or security. The opportunity to learn about both is what inspired me to take the job. Very soon after starting in my role, it became clear to me that I can develop transformational security products using automated reasoning."

Rungta believes diversity of thought is essential in security and products become better thanks to the diverse sets of inputs and voices shaping them.

"This holds true for security as well. Diversity of thoughts helps us detect blind spots, come up with new ideas, and break through the stereotypes."

Her advice to women? "Be ready to change, adapt, and evolve. A love for learning will serve you well in this field. It is important to believe in yourself. Remember, when you’re trying something new, it is important to have conviction and at the same time be nimble.”

Amy Herzog wasn’t looking for a career in security. She graduated with a math degree just after realizing that the professorial life wasn't for her. She was looking for roles where she could use her math skills while she figured out what she wanted to do with her life.

“A think tank in Boston was looking for someone to create formal proofs of security properties in networked systems, and it all just grew organically from there."

Herzog believes security teams should ensure they are places where women and people from all backgrounds thrive.

"At our best, security teams accelerate product teams — we create efficient ways for them to deliver products that hold the highest security bar. This requires creativity, curiosity, and a passion for innovation on behalf of our customers. A mix of viewpoints and approaches is vital for great innovation, and too often security teams don't prioritize ensuring this diversity."

Her advice to women? "Like all tech fields, there's continuous learning as new technology and patterns emerge. We then build on that learning to consider possible unintended behavior, how our systems appear to outside threats, and how we might adapt the way we build our products to better protect our customers. Personally, I love this constant opportunity to grow and learn something new. It's worth considering how you react to change and challenge as you consider a security career. And once you decide to join us, my best advice is to really embrace that curiosity. Keep asking questions, keep seeking divergent opinions and other approaches, and keep sharing your own.”

Caitlyn Shim didn't set out to pursue a career in security, but she found herself naturally drawn to the platform-level problems that needed solving.

"No matter what part of tech you're in, there are security challenges that are constantly evolving. Once I started to see them, I realized how much opportunity there was and couldn't stop seeing them."

Shim believes security is a highly desirable and transferrable skill, with opportunities across every industry. And she thinks women bring a unique perspective that is crucial to security's success.

"The field of security needs women because security succeeds or fails with its customer usability. We need diverse perspectives to meet a diverse customers' need set."

Her advice to women? "Don't be intimidated. Don't let the jargon scare you away. Pick one area you're interested in and learn it. As your experience expands, your knowledge will branch into other areas."

Arynn Crow started as a temporary customer service agent in an Amazon call center. She found her way into the security field "by accident," but quickly became passionate about the work during what was supposed to be a temporary job in the space.

“Working to protect people and important resources from bad actors felt infinitely compelling, and that feeling still holds up for me. I also read this older (but still fantastic book) called “The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography,” which helped me contextualize the work I was doing in this historic tug-of-war between securing or exposing information. That really cemented the connection between security and social sciences for me, which is where I’d thought my career might land instead.”

She believes security offers women a fulfilling career path with lots of opportunity to “choose your own adventure.”

"The problems are interesting. And if you're like me, the opportunity to continuously learn new things is a big part of whether a job feels fun."

Crow also thinks women's perspectives are essential, especially in the realm of identity and access management.

"Identity can't work for everyone unless it's built by everyone. Women make up roughly half the world population, and in too many circumstances are still among the most vulnerable people our communities. Our experiences and perspectives are essential as we continue to build the connective tissues between digital and real-world identity systems."

Her advice to women? "Being excited about this kind of work is the most important ingredient for success. If you want this career, you can do it. And if you're doing it, finding it difficult doesn't mean that you're failing."

Danielle Ruderman’s path to security was a winding one, but she's found her calling in enabling AWS customers and employees to improve their security posture. She's worked in tech for 25 years in many security-adjacent roles such as government IT consulting and biomedical IT modernization, with the last 8 years in AWS Security.

Ruderman believes more women should consider security careers because the industry could use more diversity in thinking and experience. She also thinks the caregiving mindset that many women have can be a real asset in security.

"Many of our customers tell us that their greatest challenges are not tech, but people. Security is such a deeply technical field that I think we sometimes forget that it is made up of people, and people are flawed and complicated. In my experience, the people who are able to relate with empathy to the human side of the security equation are the caregivers in our society—those who have a responsibility to children, elders, or others in their community who need support."

Many high-demand jobs—like those in security—require a dedication of time and travel, which can be challenging for caregivers. That’s why Ruderman believes accommodating the needs of caregivers is essential for promoting diversity in the field.

“We have to be prepared to rethink roles and responsibilities, and embrace the diversity of thought that those with a caregiving mindset can bring to security as we create user interfaces, equitable AI, coding practices, and other tech-related matters that are truly human-centric.”

Her advice to women? Don't be afraid to apply for roles, even if you don't meet 100% of the qualifications.

“I would tell anyone interested in a security career to find mentors in the industry, or just reach out and talk to security professionals. Most of the people I know in this field are incredibly generous with their time, as we all recognize that we have a serious skills shortage and need more people interested in security careers. Pretty much every job you can think of can have a security angle. We have developers who focus on security, just as we have professionals in compliance, legal, human resources, public relations, marketing, user experience design—you name it—who focus on security. Those interested just need a curious mind and a willingness to learn.”