How Microsoft is securing our future

I am thrilled to share the latest edition of this newsletter from Bogotá, the beautiful capital of Colombia, where I'm presenting the Security keynote at the Microsoft AI Tour. It’s so wonderful to connect with our global customers and partners and celebrate the remarkable wonders of AI. I believe AI will elevate human potential across all facets and for that it has to start with trust. To that end, Microsoft has announced new capabilities in the Microsoft portfolio to enable customers in developing Trustworthy AI systems. These advancements will enable organizations to safely and responsibly tap into the potential of this revolutionary technology, keeping security, privacy and safety at the center.    Security is a team sport and in our ongoing commitment to secure and protect our customers, we recently collaborated with our amazing security partners at the Windows Endpoint Security Ecosystem Summit. The collective effort to prioritize user protection and security was truly inspiring, and the resulting plans will ensure our customers' technology remains safeguarded and resilient. I’m heartened by how our ecosystem is coming together to keep our customers and community safe. 

It’s hard to believe the summer is already gone! As we enter the transformative season of fall, we are wholeheartedly embracing the power of change. Just as transformation is constant in both nature and technology, we are taking this opportunity to evolve, adapt, and enhance our security strategies. In this era of innovation, I’m in awe of our team and the way they have adopted this mindset and have met the challenge of ensuring that we are putting security at the heart of everything we do. 

When Microsoft launched the Secure Future Initiative (SFI) last November, we announced a cross-company effort to prioritize a security first culture. Now, I am happy to share our SFI Progress Report discussing the changes to our company culture and governance, standards and principles, and our six major commitments: 

SFI is focused on prioritizing security above all else and Microsoft’s commitment to creating a safer digital ecosystem. It evolves how Microsoft creates and operates our products and services based on Zero Trust principles to achieve the highest possible standards for security.  

Security is not a destination but a constantly changing landscape that requires continuous adaptation as threats evolve. We are changing the culture in several ways. Not only did we mobilize the equivalent of 34,000 full time engineers to achieve our goals, but we added security as a core priority for all employees, tied our Senior Leadership Team’s compensation to security performance, and launched an internal Security Skilling Academy to offer curated training for all employees. And we introduced Deputy Chief Information Security Officers (Deputy CISOs) aligned with major product groups to ensure comprehensive security governance. 

I’m delighted to spotlight Ann Johnson , one of Microsoft’s Deputy CISOs and Corporate Vice President of Microsoft’s Customer Security Management Office. Ann has been in tech her entire professional career and has been in the cybersecurity industry for more than two decades. Her launch into the security space started at RSA with a fascination with RSA security tokens. Her willingness to learn this new-to-her space led to a successful career shift. In her new role as a Deputy CISO, she is responsible for helping drive faster, more transparent, and more detailed security engagements with customers. 

This company-wide focus has been key to the initiative’s success so far. Ann shares that her advice for other companies looking to commit to a security first stance is that, “You have to get the governance right and you have to get the culture right if you're going to do some type of wholesale change like this.” And now that we do, she and the other Deputy CISOs are working to keep security top of mind. 

Some strategies Ann shared for fostering a culture of cybersecurity awareness across organizations include consistent alignment on core priorities, making cybersecurity relatable to everyday experiences, and the importance of continuous education and engagement. That ongoing training and awareness, even for seasoned professionals, is important to maintain a high level of cybersecurity vigilance and knowledge. 

Ann adds, “It's not that we weren't doing security previously, it's just we didn't have the energy and focus of the entire company around it. So now that we do, we have to get the culture piece right, and we have to get the governance piece right and we have to keep things top of mind. If we don't, we'll start to lose the momentum that we have. I love the fact that we've put in place those core priorities, the additional training, the compensation levers, the Deputy CISOs who are going to drive governance, and the new risk processes. All of those things are going to keep the energy going in the right direction and keep the momentum going. We've already seen phenomenal progress in support of this effort. And we're going to continue seeing that.” 

• We recently announced the date for our annual Microsoft Ignite conference! This event is one of my favorites, and I look forward to connecting with the security and IT community as we come together to discuss the future of our industry. 

• The Microsoft Threat Analysis Center recently shared a report detailing cyber influence operations conducted ahead of the United States election. As we count down to November, it’s so important to be mindful of fake websites and social channels geared to spread divisive political content, staged videos, and AI-enhanced propaganda. 

• Microsoft Threat Intelligence recently shared a threat research blog about Peach Sandstorm and the group's latest attacks on our customers that featured new malware techniques. Security is a team sport and as we continue to find threat actor groups such as this, Microsoft is committed to sharing this information with the broader security community to make sure every organization is equipped with the latest information to keep each other safe and secure. 

• I recently published a blog about how end-to-end cybersecurity addresses the modern complexities of defense, and why I truly think it’s the future of data protection. 

Something that recently inspired me is the book Second Mountain by David Brooks. In the book David explores how to live a life of purpose and meaning sharing stories of extraordinary people who are doing that. It’s a deeply moving book. 

A quote I love: "We are born and reborn every day. The act of living, if we live with meaning, is a constant process of renewal.” — Octavio Paz