Source URL: https://www.microsoft.com/en-us/security/blog/2025/06/05/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-3/
Source: Microsoft Security Blog
Title: Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3
Feedly Summary: Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee.
The post Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 3 appeared first on Microsoft Security Blog.
AI Summary and Description: Yes
**Short Summary with Insight:**
The text discusses the establishment of Microsoft’s Cybersecurity Governance Council and features interviews with three deputy CISOs. It emphasizes the importance of human factors in cybersecurity resilience, cultural adaptability, and the role of intentional leadership in shaping secure environments. The insights from these leaders highlight that security is not just about technology, but also about fostering a culture of trust and accountability within organizations.
**Detailed Description:**
The article elaborates on Microsoft’s recent steps to enhance its cybersecurity strategy through the formation of the Cybersecurity Governance Council and the appointment of deputy chief information security officers (CISOs). Here are the major points:
– **Cybersecurity Governance Council:**
– Microsoft launched this council in 2024 to provide comprehensive oversight of its cybersecurity risk management and compliance.
– The council aims to enhance collaboration between cybersecurity and product/engineering teams.
– **Focus on Leadership:**
– The article spotlights three leaders—Kumar Srinivasamurthy, Geoff Belknap, and Ann Johnson—discussing their backgrounds in cybersecurity and their roles at Microsoft.
– Each leader shares their motivations for joining Microsoft and their plans to enhance cybersecurity.
– **Insights on Human Factors in Cybersecurity:**
– The leaders emphasize that cybersecurity relies heavily on people, promoting a culture where learning from failure is encouraged.
– Strategies for raising cybersecurity awareness include sharing industry breaches and implementing programs that normalize discussing failures.
– **Balancing Security with Innovation:**
– There is a strong focus on integrating security into the innovation process rather than treating it as an impediment.
– The leaders advocate for creating secure systems that enable rapid innovation without compromising security.
– **Cultural Values:**
– Trust and accountability are highlighted as foundational elements for successful cybersecurity strategies.
– Continuous learning and adaptive leadership are proposed as essential components of building resilient security cultures.
– **Conclusion on Security Framework:**
– The article articulates that modern security approaches should not be limited to technological controls but should create an ecosystem where trust and proactive engagement with security are paramount.
Overall, the insights presented in the article are crucial for professionals in cybersecurity as they navigate the ever-evolving landscape, emphasizing that to foster robust security measures, organizations must invest heavily in cultural and human resource aspects.