Women in cybersecurity have made great progress but a gender gap still yawns wide. It's time to close it. And Apple raised eyebrows by forming an alliance with Google to power Siri while a closer look at Salt Typhoon shows a change in techniques.
Closing the Cybersecurity Gender Gap: 11 Steps That Matter
Looking around a large security conference like the upcoming RSA show in San Francisco, it would be understandable to think that the cybersecurity industry is rife with women, that their numbers are now on par with their male counterparts. And while great strides have been made over the last nearly two decades, the numbers aren’t close. Women make up just 22 percent of the security workforce and only seven percent hold C-suite positions, according to the most recent ISC2 Cybersecurity Workforce Study. And unfortunately, pay disparity stubbornly continues. Some of the unevenness is more subtle. Women tend to leave their cyber jobs in the middle of their careers…for a variety of reasons. ISC(2) findings show that they are at least slightly more likely to be affected by layoffs and job freezes. At a time when cybersecurity teams worldwide face severe talent shortages, expanding opportunities for women is not just a matter of equity. It is a strategic imperative for organizations that need deeper technical expertise and broader perspectives to combat increasingly sophisticated threats. There are steps women can take to strengthen their positions within the cybersecurity industry—but the responsibility should not fall solely on them. Given women’s demonstrated expertise, enthusiasm, and job satisfaction in the field, organizations would be wise to actively recruit, support, and retain women. This is especially important as cyber threats grow in number and complexity and as artificial intelligence reshapes the cybersecurity landscape.
Apple Taps Google’s AI to Power Siri Overhaul in Unlikely Alliance
A multi-year partnership between Apple and Google will see Apple’s Siri voice assistant using Google Gemini’s AI models for its next-generation upgrade. The alliance comes as a surprise, not least because both companies are direct competitors in several key areas.
Furthermore, Apple has long been considered a ‘walled garden’ with their strictly controlled hardware and software ecosystem and lack of interoperability with external tools and platforms. The deal is a significant win for both parties, with Apple gaining access to an industry-leading frontier model and Google’s parent company Alphabet briefly hitting a $4 trillion valuation on the wave of AI optimism following the news.
AI-powered DevOps Becomes Key to Speed and Scale
Generative artificial intelligence (GenAI) became the leading tactic for speeding up software delivery, a recent survey of over 800 IT leaders found with the focus over the last year shifting from shipping more AI-enabled features to operationalizing AI across the entire software development lifecycle. In other words, making it a core part of the process rather than the product alone. We’re now entering an era where AI is becoming the operating system for software development, as well as business models themselves. For many software teams, 2025 marked a turning point, where AI maturity shifted from pilot projects and experimentation to widespread operationalization. That trend is set to peak in 2026. The DevOps pipeline is now starting to feature AI at multiple stages. For example, AI coding assistants are becoming standardized and governed, allowing teams to generate boilerplate code and configurations without having to defer to shadow AI. AI-powered test generation to analyze logs and detect anomalies have become the norm. The impact of AI in DevOps is also becoming more holistic as software companies try to close the gaps between speed and security.
IBM Bets on Built-in Data Compliance to Meet Digital Sovereignty Needs
IBM’s launch of Sovereign Core, a new cloud stack, reflects rising attention on digital sovereignty in data management, especially in regions like the EU as governments tighten control over where and how their data and AI workloads run. It will be available in tech preview in February, with general availability planned for mid-2026. Unlike many existing cloud offerings, which offer local hosting to meet data residency requirements, IBM’s approach reflects a growing shift towards full data sovereignty by allowing companies to deploy the stack on their own hardware or regional clouds, typically via local service partners. This keeps data and encryption keys under their own jurisdiction and control. The launch of Sovereign Core, and other cloud offerings like it, are designed to mitigate risks from laws like the U.S. CLOUD Act.
China’s Espionage Playbook Focuses on Congress’s Inner Layer
An intrusion observed linked to the Chinese threat actor known as Salt Typhoon and observed in December avoided dramatic targets and chose a smarter path, choosing Congressional staff email systems supporting House committees on China policy, intelligence, foreign affairs, and military oversight as the entry point. China’s response to these reports has been firm in denial, calling accusations “unfounded” and framing them as politically motivated commentary. That diplomatic script is familiar, but it does not change the multi-year pattern of Salt Typhoon activity observed by defenders and incident responders across critical sectors. US officials detected the activity in December and traced it to infrastructure and techniques associated with Salt Typhoon, a group already tied to long-running espionage campaigns against US telecommunications and government networks. The objective aligns with a familiar intelligence logic: observe policy formation before it solidifies. Staffers occupy a strategic position inside Congress. They draft briefs, frame questions, coordinate hearings, and translate intelligence into legislative momentum.