Jakarra (J.J.) Jones is senior corporate counsel at Microsoft. In her role, J.J. supports incident response and threat intelligence, as well as cybersecurity regulatory compliance to help Microsoft satisfy and shape emerging cybersecurity requirements worldwide. Previously, J.J. was a member of the Litigation group in Sidley’s office in Washington, D.C. Colleen Brown, partner in Sidley’s office in Washington, D.C., recently sat down with J.J. to catch up on how she stays connected to Sidley, her transition to an in-house role, and her many invaluable mentorship experiences.
Microsoft must be a fascinating place to work on cybersecurity. What has your path been there?
I joined Microsoft in an internal investigations role, conducting investigations into business misconduct for a number of our large business units around the world. That really gave me an opportunity to gain that bird’s-eye view of Microsoft that usually takes a long time to develop at a company of this size. From there, I gradually transitioned into cybersecurity and decided I really wanted to focus on it.
My current role supports our Microsoft Threat Intelligence Center, with threat intel analysts across the world who track advanced actors, nation state threats, private sector offensive actors, and ransomware groups to really understand what those actors are doing and how it’s impacting our customers or the ecosystem. Our team, the Digital Security Unit, also does threat context analysis, looking at the geopolitical context of why, for example, Russia might be trying to compromise IT service providers, or why North Korea might be interested in compromising humanitarian aid agencies.
That is such fantastic work and it’s so exciting that you are really in the heart of some of the most cutting-edge cybersecurity issues today.
I think a lot of the white collar defensive work that I did at Sidley, including the transnational Foreign Corrupt Practices Act (FCPA) investigations and healthcare fraud litigation, along with my time as an Assistant U.S. Attorney, prepared me for the world of cybersecurity, especially on the incident response side because it is truly at the intersection of investigations and crisis management.
How do you stay connected to colleagues from your Sidley days?
I make quarterly trips to D.C. because I engage with key cybersecurity agencies and stakeholders in the U.S. government who are based there. Microsoft’s U.S. Government Affairs team is also based in D.C., so there is a lot of collaboration that we do year-round related to new cybersecurity-related legislation, including developing requirements that are going to impact cybersecurity at Microsoft as an enterprise, or requirements for our products and services. When I’m there, I meet up with former colleagues from Sidley’s office in D.C. I also read the alumni newsletters when they hit my inbox. Occasionally, I catch a virtual alumni event.
What is your best memory from your time at the firm?
I spent about a month in Norway on a big FCPA investigation, and that was a lot of fun. It was just so cool to be in such a different place working closely with local counsel on a really fascinating internal investigation. Another time, I ended up in Istanbul, Turkey, for about a month. I remember regularly working 18-hour days on that investigation, so I was exhausted by the end of it. But hanging out with a great group of colleagues in the White Collar practice and checking out some of the local attractions, in both Norway and Istanbul, were definitely highlights.
I haven’t been traveling as much lately, except to D.C., but I will hopefully travel to Europe again to meet with different EU agencies for regulatory cybersecurity next spring.
Do you do much on the NIS Directive (the first piece of EU-wide legislation on cybersecurity)?
Yes, cybersecurity compliance is the other half of my portfolio at Microsoft. We help influence and shape emerging cybersecurity requirements globally, especially if those requirements impact Microsoft and how we sell our products, or our own internal cybersecurity compliance obligations. Even before a new critical infrastructure or cybersecurity law is passed, my team is working with relevant corporate teams and engineering compliance organizations to help translate a lengthy bill into requirements that engineering teams can actually understand and operationalize. So that work keeps me incredibly busy right now because of the number and breadth of pending or recently passed legislation globally that are creating new regulatory obligations.
What was the biggest adjustment you had to make going in-house?
Navigating the Microsoft matrix was probably the biggest challenge. Before, I had been in organizations of 1,500 employees or so in private practice or the U.S. Attorney’s office. There are limited organization charts at Microsoft because things change so quickly, so you have to learn how to navigate, figure out where to get information, and find the right stakeholders who need to weigh in on any given legal issue or new initiative that could have cross-company impacts. As my role and organization structure have evolved over the years, I’ve been responsible for different issues and projects with a wide range of stakeholders, and one of the dangers of working across a highly matrixed organization is failing to obtain buy-in or input from a pertinent stakeholder, who may be impacted.
Can you share some advice to young attorneys who are starting their careers in private practice?
I would recommend trying different practice areas. Get exposure to a lot of different things and think about how you can get as many different perspectives as possible. I gained different perspectives from having worked in private practice, in the public sector in the Department of Justice, and in-house, and all of those perspectives now inform how I assess risk, spot issues, and influence and persuade as an advocate.
Have you had mentors and, if so, how have they helped you in meaningful ways?
I have had so many mentors. When you’re in-house, it is key to have a network that can help point you in the right direction and help you build connections, especially when you work in a highly matrixed organization with hundreds of thousands of employees. It takes time, but it is super critical to getting anything of high impact done. Also, mentors can help facilitate a bridge to opportunities with other teams or individuals. From a network-building perspective, mentors are invaluable.
As a mentor myself, I have led the monthly brown bag lunch development series for the African American and Black employee network within the law department, known as Corporate, External, and Legal Affairs (CELA) at Microsoft. I have created a safe space for key conversations and a lot of different career development opportunities that I think are helpful and meaningful. I am also a co-chair of Women in CELA, the largest employee network in the law department. Through that, I’m constantly advocating and trying to create opportunities for women in the law department. I continue to pick up mentees, and I really love that part of my day. It makes work much more fun.
Published December 2021
Read more articles in our Alumni Profiles series and learn more about our Alumni Network by clicking here.