Tannu Jiwnani FBCS, named on the 2026 425 Business 40 under 40 list, is a leader in the cybersecurity field. She recently sat down with Grant Powell MBCS to reflect on her career and what professionalism means in the tech sector.

Becoming a Fellow of BCS is a significant professional milestone. What does FBCS represent to you personally, and why do you believe professional recognition like this matters for the wider technology and cybersecurity community?

FBCS represents both recognition and responsibility for me. On a personal level, it feels like a milestone that reflects years of learning, growing and staying resilient in a field that constantly evolves. Cybersecurity does not really allow you to ‘set it and forget it’, so this recognition feels like a moment to pause, reflect and appreciate the journey so far.

For the wider community, recognition like this acts almost like a trusted certificate. In an industry built on trust, having visible benchmarks of excellence helps reinforce credibility and accountability. It also creates representation. When people see leaders from different backgrounds being recognised, it sends a powerful message that there is space for them too. In many ways, visibility becomes its own form of access control, opening doors that may have previously felt out of reach.

Equally important is the opportunity for networking. Being part of the FBCS community allows me to connect with like minded professionals and other fellows, exchange ideas and learn from diverse experiences. These connections strengthen not just individual growth but the collective resilience of the cybersecurity community.

You’ve been deeply involved in mentoring women in cybersecurity. Why is mentorship, particularly for women, so critical in this industry, and what impact have you seen it have over time?

Mentorship is incredibly important because cybersecurity can feel complex and, at times, isolating. For many women, the challenge is not just about building technical skills, but also about feeling like they belong in the room. Mentorship helps bridge that gap. It provides guidance, encouragement and sometimes just the reassurance that you are on the right path.

On a personal level, this work has been deeply fulfilling. Through my involvement with Global Give Back Circle, I have had the opportunity to mentor women students at different stages of their careers. One of the most rewarding moments for me was seeing a mentee go on to start her own venture. Moments like that make the impact of mentorship very real. It is not just about career progression, but about confidence, independence and creating new paths.

I have also had the opportunity to connect with incredible women across the industry and contribute to building communities, including helping establish a Women in Security and Privacy chapter. That has been a meaningful milestone in creating spaces where women can learn, share and grow together. Being recognised as a 2025 Woman of Influence by the Puget Sound Business Journal was also a humbling moment, as it reflects the collective impact of these efforts.

Over time, I have seen mentorship create a ripple effect. Women who once hesitated to speak up are now leading discussions, driving initiatives, and mentoring others. It strengthens the entire ecosystem. Much like a well connected network, the more strong and trusted connections we build, the more resilient and inclusive the industry becomes.

Cybersecurity and incident response are often high‑pressure disciplines. What aspects of your role do you find most rewarding, and what keeps you motivated in such a demanding field?

What I find most rewarding is the impact. In incident response, the work you do has real-time consequences. You are helping contain threats, reduce risk and protect people and systems at scale. There is a strong sense of purpose in knowing that your decisions can make a difference in critical moments, and you often see that impact almost immediately.

If you think about incidents in critical sectors like healthcare, the role of cybersecurity becomes even more tangible. During an attack, systems that doctors and care teams rely on can be disrupted, directly affecting patient care. In those moments, a strong incident response team plays a crucial role in restoring access, enabling operations to continue, and ultimately supporting outcomes that go far beyond technology. That real-world impact is incredibly motivating.

What keeps me going is the dynamic nature of the field. Threat actors are constantly evolving, which means we have to stay one step ahead. It pushes you to keep learning, stay curious, and adapt quickly. I am also deeply motivated by the teams I work with. There is something powerful about seeing people come together during high pressure situations and operate with focus and clarity. It can feel like controlled chaos at times, but when everything aligns, it is incredibly rewarding.

Professionalism and trust are fundamental in security and identity work. Why do you feel professionalism within the tech and cybersecurity industry is more important now than ever?

We are living in a time where technology underpins almost every aspect of our lives. In cybersecurity and identity, we are often working behind the scenes to protect sensitive data, systems and user trust. That responsibility makes professionalism more important than ever.

Professionalism ensures that decisions are made with integrity, accountability and a deep awareness of their broader impact. It is like a foundational security control. You may not always notice it when it is present, but you immediately feel the gap when it is not. In a world where trust can be easily compromised, maintaining high professional standards is essential to sustaining confidence in technology.

In today’s digital age, identity is at the core of everything. It is the key to our digital kingdom, and protecting it is no longer just a technical challenge but a societal responsibility. With the current geopolitical landscape, conflicts are not limited to physical battlefields. They extend into the digital world, where cyber attacks can disrupt economies, critical infrastructure, and everyday life. In many ways, we are navigating a new kind of frontline.

This also means that cybersecurity is no longer just the responsibility of security professionals. Every individual plays a role, whether it is recognising phishing attempts or safeguarding their own digital footprint. Professionalism in this space is what helps guide not just organisations, but also the broader community, toward more secure and responsible behaviour.

Looking back on your journey to a senior leadership role at Microsoft, what key lessons or experiences most shaped your development as a cybersecurity leader?

One of the biggest lessons I have learned is that technical expertise alone is not enough. I would not describe myself as the strongest technical expert in every room, but what has helped me grow is my willingness to ask questions, communicate openly, and keep learning. Being able to bring clarity to complex situations, influence decisions, and align teams during critical moments has been just as important as technical depth. Some of the most defining moments in my career have come during incidents where strong collaboration and clear communication made all the difference.

Another key lesson is the importance of staying adaptable. Cybersecurity is constantly evolving, and you have to evolve with it. You need to be comfortable being challenged, and honestly, be okay with not getting everything right the first time. Failure is part of the process. There are days when things do not go as planned, but each of those moments builds resilience and perspective.

I have also learned the value of investing in people. Strong systems are important, but it is strong, trusted teams that make those systems effective. Leadership is about creating an environment where people feel supported, challenged and empowered to do their best work. Over time, I have realised that growth is not about being perfect, but about being consistent, curious and willing to keep showing up every day.

For those aspiring to follow in your footsteps, particularly early‑career professionals and women entering cybersecurity, what practical advice would you give on building skills, resilience and a successful long‑term career? 

My first piece of advice is to focus on building strong fundamentals. Understanding how systems work, how identities are managed and how threats evolve will give you a solid foundation to grow from. If you already know cybersecurity is your calling, investing time in structured learning can make the journey easier. I did not take a traditional path into cybersecurity, and at times I have found myself wishing I had gone deeper into formal learning earlier. That said, it is never too late. There are so many ways to learn today, whether through courses, podcasts, or simply staying up to date with leaders in the field.

Cybersecurity is also a field where conversations matter. Talk to people, explore different areas and learn about the variety of roles that exist. The field is broad, and speaking with others can help you discover what truly interests you and what may not be the right fit. Those conversations can often be the most valuable way to learn and grow.

At the same time, do not underestimate the importance of communication. Being able to explain complex ideas in a simple and clear way is a skill that will set you apart throughout your career.

Seek out mentors and communities. You do not have to navigate this journey alone, and having the right support system can make a significant difference. Surround yourself with people who challenge you and support your growth.

Most importantly, be patient with yourself. Careers are not a race. They ar more like long running processes that require consistency and persistence. There will be challenges along the way, but each experience adds to your growth. Over time, those small steps compound into meaningful progress.