“This reality propels us to maintain a forward-looking stance, ensuring our resilience and readiness.”
Expert Profile: Homa Hayatyfar
Homa Hayatyfar has seen how pathways to a career in cybersecurity are often nonlinear. She arrived at her career in cybersecurity by way of a research background in biochemistry and molecular biology—along with a passion for solving complex puzzles—and she believes that may be what the industry needs more of.
“The diversity of technical and soft skill competencies is how I build a team and is one of the biggest strengths I see at Microsoft. As Microsoft builds more diverse teams, which include those with the same demographics as attackers themselves, we continue to expand our threat intelligence capabilities,” she says.
She says no day is the same working in cybersecurity, especially the intersection of cybersecurity and data science. As part of the data science arm to Microsoft’s security operations team, Homa’s work is to take an immense amount of data and transform those insights into practical steps to tackle potential risks head on, refining threat detection methods and using machine learning models to reinforce Microsoft’s defenses.
“Analyzing data has been the main catalyst propelling my career in cybersecurity. I specialize in securing digital landscapes and extracting insights from complex datasets.”
As adversaries have evolved, she says, so has Microsoft, consistently focusing on the perpetual evolution of adversaries to stay ahead. Being a frequently targeted company propels Microsoft to maintain a forward-looking stance to ensure resilience and readiness. As adversaries have evolved, she says, so has Microsoft, consistently focusing on the perpetual evolution of adversaries to stay ahead. Being a frequently targeted company propels Microsoft to maintain a forward-looking stance to ensure resilience and readiness. This reality propels us to maintain a forward-looking stance, ensuring our resilience and readiness, she says.
Homa says attackers will generally gravitate to what’s easy and can be automated. The reason they persist with social engineering and traditional attacks like phishing, for example, is because it’s effective—all it takes is one successful attempt to lure someone into sharing information, clicking a malicious link, or granting access to sensitive files. In the same way, attackers are increasingly looking to AI to help them do more.
Feeding from the trust economy: social engineering fraud
“AI can help attackers bring more sophistication to their attacks, and they have resources to throw at it. We’ve seen this with the 300+ threat actors Microsoft tracks, and we use AI to protect, detect, and respond.”
For companies looking to protect themselves, Homa stresses that the fundamentals matter: “Layering to add extra barriers such as applying Zero Trust principles, data protection, and multifactor authentication can protect against many of these attacks.”
“To customers in industries outside of government, do not underestimate your risk of nation state network intrusion.”
Follow Microsoft Security