Sarah Armstrong-Smith has been Microsoft’s Chief Security Advisor for Europe since 2020. In this role, she offers strategic guidance to major customers, helping them navigate cloud adoption, digital transformation, and the ever-evolving landscape of cyber threats. We spoke with Sarah about her career journey, her perspectives on diversity in technology, and her advice for those looking to break into the tech industry.
Q: You have been the Chief Security Advisor at Microsoft Europe since 2020. What was it like joining such a large technology company?
Sarah Armstrong-Smith: I actually joined Microsoft one week after the UK went into lockdown. It was interesting to be in the middle of a global pandemic, joining a new company, and also seeing the inner workings of Microsoft.
Microsoft is a massive organisation with thousands of employees worldwide. Beyond keeping the company itself running, we had to ensure our customers remained operational during the pandemic. There was also a huge acceleration toward the cloud, particularly with collaboration tools like Teams.
In my role, I work with strategic and major customers across Europe, acting as an executive sponsor in different sectors. It allows me to understand their challenges, especially around cloud adoption and digital transformation.
No matter how bad things get—and we’ve had major crises over the years—I always focus on the opportunities. What can we learn? What can we do better? That’s why I’m proud to work at Microsoft.
Q: What inspired you to pursue a career in cyber security?
Sarah Armstrong-Smith: I’ve been working in the technology space for over 20 years now, dating back to 1999. At the time, I was with a water utility company during the lead-up to the Millennium Bug in 2000, when many organisations were recoding their systems to avoid potential Y2K issues.
From a young age, ’ve always been driven to keep asking ‘why’ and an abundance of questions: What if systems go down? What if people can’t get to work? What if we lose critical data? That mindset was essentially business continuity, though I didn’t realise it at the time—it just felt like common sense. That period marked the start of my career. From business continuity, I pivoted into disaster recovery, cybersecurity, fraud, crisis management—all of which fall under the banner of resilience. That’s how my career has evolved, and it’s been fantastic.
Q: What advice would you give to young professionals wanting to pursue a career in the technology sector?
Sarah Armstrong-Smith: Don’t be afraid to push yourself forward. When I was younger, I often volunteered for projects I didn’t fully understand, and that led to a lot of growth. Many people hesitate to apply for roles if they don’t meet 100% of the requirements—but you learn a lot on the job.
I never planned on working in tech. I originally wanted to be a graphic designer because I loved art. Careers aren’t always linear, and that’s okay. Take opportunities, keep learning, and enjoy the journey.
Q: As a woman in technology, what more must be done to improve gender diversity?
Sarah Armstrong-Smith: We need people who think outside the box, and diversity is crucial for that. It’s not just about gender; it’s about diversity of background, experience, and culture. Inclusion is about removing false barriers—like the notion that tech is only for men or that you need to be highly technical to work in cybersecurity. That’s just not true.
We also need to rethink how we support young people. Expecting them to pick a career path so early is unrealistic. People should try different things and pivot as they grow. Careers are getting longer as life expectancy increases, and many will take breaks to start families or shift industries. It’s about enabling flexibility and providing options.
Q: How have global events shaped the cybersecurity sector?
Sarah Armstrong-Smith: I think having a background in business continuity has enabled me to think about the bigger picture. I was always thinking about worst-case scenarios—what is the worst thing that could happen? But we also need to think more broadly. We need to consider incidents that are not just relevant to our own company but that impact cross-sector and even global changes.
I think back to 9/11 as a really good example of a major incident on a massive scale that we had probably never seen before. The way it was televised and the shock that came with it really brought home the impact of terrorism and how important business continuity is at that kind of scale.
Fast forward to the last five years, and the global pandemic showed how interconnected and dependent we all are, from small businesses to large enterprises. When we consider these threats—whether they’re physical or digital—we have to think holistically. That’s where resilience to all types of threats really comes into play.
Q: What are the biggest cyber threats businesses face, and what can they do to reduce the risk?
Sarah Armstrong-Smith: Cybercriminals are opportunistic and thrive in a crisis. We’ve seen a massive increase in phishing attacks that prey on people’s fears and emotions, with attackers pretending to be banks, charities, or legitimate organisations offering help.
Businesses need to adopt an ‘assume compromise’ mindset. No matter how strong your cybersecurity is, attackers will try to find a way in. Focus on preparedness: What happens if someone gains access to your systems? If your data is leaked, what’s the impact? Where should you prioritise security efforts?
Cybersecurity isn’t just about defences—it’s also about crisis response. If your network goes down, can your business revert to manual processes? How do you communicate with customers and partners? The response strategy is just as important as prevention.
