Reflecting on 2024 and looking ahead to 2025

Hi everyone! The year has flown by and was full of so much change and growth for me both personally and professionally. Through it all I am grateful for all the people, the learnings, the experiences and the opportunities in my life.  

Before the year ends, I want to take a minute to reflect on some of those moments that were pivotal to my journey in 2024 and what we have ahead of us in 2025. I would love to hear about your own reflections on 2024 as well. 💜 

One of the highlights of my year was last Friday! It was so fun chatting with Mad Money host Jim Cramer about the current cybersecurity threat landscape and Microsoft 's approach to security, especially in light of our Secure Future Initiative (SFI). 

2024 was a challenging yet exciting year in security. As an industry, we faced increased threats and sophistication of attacks, but we also made significant strides in enhancing our security measures and protecting our customers. A few things that stood out to me this year: 

• Security must come above all else. Microsoft expanded upon our Secure Future Initiative back in May to put security above all else by expanding SFI pillars and goals across the company. We shared a progress report in September about how Microsoft mobilized the equivalent of 34,000 engineers to advance SFI—making it the largest cybersecurity engineering effort in history. Charlie Bell also shared an update in November at Microsoft Ignite with insights into our efforts to foster a culture that prioritizes security above all else, establish governance and engineering frameworks to help manage cybersecurity risk at scale, and deter escalating nation-state threat actor activity. And the changes we are making through SFI are creating a flywheel of defense that’s contributing to greater visibility, deeper insights, better detection, and greater safety in our security products.  

• One of the most important ways we protected our customers was with generative AI. Gen AI is a game changer for the security industry and helps us outpace adversaries in this rapidly changing threat landscape. Password attacks are now occurring at a rate of more than 7,000 per second, and the number of threat actors Microsoft tracks has increased by more than five times in the last year. We launched Security Copilot in April 2024, which helps level the playing field. It uses Microsoft’s security data and OpenAI’s GPT models to simplify tasks, whether it’s analyzing incidents or automating reports. The most meaningful stat to me which I call the “joy” stat, is that over 90% of users said they wanted to use it again. That’s why I love gen AI –because I think this tool is going to make it easy for everyone to become a defender.  

• It's essential to secure and govern AI to empower its adoption. Over 95% of organizations are implementing or developing an AI strategy, which necessitates the need for accompanying data protection and governance strategies. AI transformation requires security transformation, or as Satya said at Ignite, “In the age of AI, data governance takes on an even more critical, central, important role”. 

• Everyone around the world is vulnerable to threats and we need to provide security for all, by all! I had a wonderful time talking to customers in Mexico City and Bogota on Microsoft’s AI Tour about how AI is relevant to them. It was also amazing connecting with customers and partners at industry events such as RSA. It was so nice seeing old friends and colleagues on my home turf, singing my heart out hosting karaoke, and talking about what we’ve collectively learned about securing AI. 

• As cyber threats become more sophisticated in speed and scale, we need to be as diverse as the threats we are defending. Creating more diversity in security is a mission that is near and dear to my heart, and I loved participating in the Women in Security panel at Ignite, where I sat down with Ann Johnson, Amanda Minnich, and Amulya Panakam of Girl Security. 

• Security is a team sport, and this was especially evident at our Windows Endpoint Security Ecosystem Summit in September, which brought together a diverse group of endpoint security vendors and government officials to discuss strategies for improving resiliency and protecting our mutual customers’ critical infrastructure. Microsoft continues to be committed to our platform approach and partner ecosystem, while driving our customers’ resiliency and security.  

While I’m grateful and proud of all our accomplishments, Microsoft’s commitment to a growth mindset is more important: making sure we learn and grow from what we faced this year. I look forward to exploring how we can continue to innovate and lead in cybersecurity in 2025.

 As we prepare for 2025, I hope you all have time over the next several weeks to recharge, reflect and set intentions for the coming year – setting intentions and goals is one of my favorite things to do! And I’m looking forward to so many things – starting with the chance to travel around the globe to talk about the opportunities AI offers in security. 

We are at the start of what could become one of the most transformative technological eras in modern history. AI has the capability to elevate human potential in all facets of our lives, and AI must be trustworthy in order to achieve its promise. Looking ahead to 2025, I believe we will see even more advancements in security technology and practices due to AI, especially in security. The industry is evolving rapidly, and it’s crucial that we stay ahead of the curve. 

Because of this, I expect to see a need for an upskilled workforce, and for organizations to do the work to get their employees on board with the fact that security needs to be everyone’s priority. As my friend Charlie Bell likes to say, “security is not a technology challenge, it's a culture challenge.” It is so important as defenders that we are stewards of a security first culture, both in promoting wide adoption of things like multi-factor authorization and in making sure security is a priority in the products they are using/ Securing and governing AI will be critical so we can provide peace of mind as organizations use this incredible generative AI technology to create new possibilities. And it will be equally important to use generative AI to stay ahead of threats. 

Finally, as threat actors leverage AI for phishing campaigns, password spray attacks, ransomware and more, it will be more important than ever to have comprehensive threat Intelligence and a platform approach where we can collaborate together to have proactive and collective defense, security after all is a team sport. I’m looking forward to what Microsoft is doing to stay ahead of hackers, including our recently announced Zero Day Quest and our graph capabilities. 

The strides we've made in enhancing our security focus, leveraging AI, and fostering a culture of resilience are just the beginning. Looking ahead to 2025, we must continue to prioritize security, embrace technological advancements, and cultivate a security-first mindset across all levels of our organization. Together, we can navigate the evolving threat landscape and ensure a safer digital world for everyone. I’m looking forward to another year of growth and collaboration in 2025! 💜 

• I love this recap of Microsoft’s security announcements at Ignite! I’m so proud of the work we are doing through our focus on security and our investment in AI for a more secure future, as well as our work to deliver unified data security, governance, and compliance. 

• I’m looking forward to visiting Hong Kong next month for the Microsoft AI Tour on January 16, where I’ll dive into how AI is transforming our life and work. If you’re in the area, I hope to see you there! 

• I’m so proud that Microsoft has been acknowledged as a leader in access management by Gartner’s Access Management Report for the eighth year in a row. 

• Last week I joined Bluesky! I’m so excited to engage with and learn from the brilliant minds in this space going into the new year. As I like to say, security is a team sport, and I’m eager to see the amazing ideas and inspirations that this platform’s users will bring to the cybersecurity industry. If you have an account yourself, let’s connect! 

Something that recently inspired me was our GIVE campaign at Microsoft. While giving is a yearlong activity at Microsoft, every October we have a special focus with our GIVE campaign. I was incredibly inspired by the generosity of our team and how they all contributed and gave with full hearts whether it was money or time towards a worthy cause. I am in awe of the inherent goodness in people and the desire and passion to help others in need! 

A quote I love: “It’s not happiness that brings us gratitude but gratitude that brings us happiness.” – Unknown