Securing our future from Microsoft Ignite

Hi everyone! I’m sharing this newsletter after an amazing week in Chicago at Microsoft Ignite. It’s always energizing to spend time with peers, partners, and security professionals from all over the world. At the event we announced a number of new security innovations that I’ve highlighted below. I was also thrilled to interview Tara Ragan from Lighthouse, a key compliance partner and a wonderful champion of diversity and inclusion. It was also such an honor to take the stage with Satya Nadella and Charlie Bell for the event keynote to discuss Microsoft’s commitment to security above all else! 

One of my favorite ways to connect with my colleagues and friends at events like this is through karaoke and I was glad to be able to fit it in during my time at Ignite. I hope our rendition of “We are the Champions” didn’t split anyone’s eardrums 💜 

As Satya said during our keynote, security is job number one for all of us. Since we established the Secure Future Initiative (SFI) a year ago, we have gathered valuable insights from our customers, partners, and the global security community, as well as shifted our company culture to security first. 

One of the biggest and most important things we shared at Ignite this year was the Zero Day Quest, Microsoft’s latest hacking event for security researchers. Zero Day Quest was born out of our Secure Future Initiative commitments and our belief that security is a team sport. Although we already partner broadly with the security community via our bug bounty program to mitigate potential issues before customers are impacted, Zero Day Quest will offer an additional 4 million dollars in rewards focused on cloud and AI – the highest potential rewards of any hacking event in the industry. It aims to encourage researchers to try AI security hacking and helps them upskill into this new and critical area for security. In that spirit, we will also offer free AI red-teaming training with industry experts, our engineering teams, and the Microsoft AI Red Team. I love the inherent teamwork that comes with an event like this, and I cannot wait to see what comes from it and share more with you all. 

Our SFI work is turbo charging our flywheel of defense and we are integrating these learnings to continuously innovate on our end-to-end security platform to help defenders stay ahead of threats and enable their AI transformation. Another major announcement at Ignite was that Microsoft Security Exposure Management is now generally available. This powerful solution, which is graph-enabled, is critical for enabling security teams to understand the posture of their organizations and manage their risk. It helps security teams see potential paths to critical assets as if they were looking through the eyes of a threat actor, thereby helping prevent attacks before they happen. 

The general availability release includes several new capabilities to help stay ahead of threats by continuously identifying, prioritizing, and mitigating risks. It should also come as no surprise that generative AI was key to many of the innovations shared at Ignite. Security must be the foundation of AI transformation, and one of the most critical uses of AI technology is protecting our world from cyber threats. Because new threats — many of which were the domain of science fiction movies just a decade ago — have become real-world problems on a massive scale, with new dangers arising on a regular basis. Microsoft remains dedicated to empowering IT and security teams through responsible AI by expanding the capabilities of Microsoft Security Copilot and strengthening comprehensive security. We also shared some key announcements about securing and governing AI at Ignite, including new data protection capabilities to help prevent oversharing, detect insider risks, and more. 

I’m so optimistic about the possibilities of what defenders will do with the innovations we shared at Ignite. Security is a team sport, and I am excited and grateful to be on this journey of AI transformation with you. 

I had the pleasure of catching up with Tara Ragan at Ignite! Tara is a compliance partner working in data security and governance. She currently manages Lighthouse’s relationship with Microsoft, primarily from a programmatic, operations and business development lens, but actually got her start in international sports management. She decided to move into the cybersecurity space as a consultant, in part because she has “always been fascinated by big data, because the power in that is very evident.” She says that she loves working with governance solutions, and in helping teams manage and secure their enterprise data because she “has always liked being able to unblock problems”

As the technology landscape evolves, Tara sees organizations' awareness and approach to data compliance and security changing dramatically due to “The change itself –meaning the pace at which technology is evolving. With the added complexities of generative AI, organizations need to rely on experts like Microsoft and trusted partners because those challenges and risks and opportunities are coming so fast. As a result, I think there’s going to be a shift in the relationships that organizations have with companies like Microsoft and their partners to something more intimate.” Tara emphasizes that having a diverse team of experts is crucial for staying agile amid rapid innovation and changing compliance regulations. “One of our top strategy objectives is building a team with the right experts so we can adapt. Mastering that art of agility is key to our success, especially working with companies that are multijurisdictional.” 

Tara highlighted that predictability, extensibility, and responsiveness are key intersections between cybersecurity, AI advancements, and the needs or challenges of clients. She shares, “If you’re looking at customer needs for data security and data governance, that trio is what’s most important. Predictability not only in having experts predict you know what's coming but also in the day-to-day. Creating products and implementation frameworks need to be extensive and evergreen and can be grown upon. And responsiveness across the board.” 

Lighthouse has also been recognized for its diversity efforts, a priority that’s near and dear to my heart. Tara says that to foster a culture of diversity and inclusivity across their business and in the cybersecurity field, she and her team use and leverage technology like Teams and digital platforms, because “Not only are they great for productivity, but the world opens up. We have colleagues from different countries and all different kinds of walks of life and backgrounds and experiences, and we’re able to be very intentional about how we leverage our team's experience.” 

• I loved reading these Ignite articles, which focus on Microsoft’s deep AI investment and leadership (Bloomberg) and share our strengthened focus on security (The Verge). I’m so glad the event and our innovative new security solutions are as exciting to the security community as they are to me! 

• Microsoft recently published a white paper about Accelerating AI Transformation with Strong Security that found that 95% of organizations are planning to or are already using and developing AI applications. This effort was led by Tina Ying and team, who I previously profiled in an earlier edition of Heart of Security. 

• Small and medium sized businesses face heightened cybersecurity threats, and, unlike large enterprises, often lack the resources and expertise to implement extensive security measures. Microsoft recently released a report to help us better understand the SMB security needs and trends. 

• Last week, Microsoft published our annual Data Security Index Report, highlighting generative AI revolution, along with insights from Herain Oberoi. 

• Microsoft Threat Intelligence recently shared information about a large-scale spear-phishing campaign and a password spray attack. This is a reminder for us all to stay vigilant about keeping our information safe! 

• Over the past year, Microsoft blocked roughly 7,000 password attacks per second, marking a significant increase in password-based attacks. Listen to Alex Weinert discuss these different types of attacks and how you can better protect yourself and your information with passkeys!

Something that recently inspired me is the concept and philosophy of “Kaizen”. Kaizen originated in Japan and is a Japanese term that means “change for the better” or “continuous improvement”. I recently visited an Aptiv manufacturing factory in Portugal and saw this in action in every aspect there and I am so looking forward to adopting it in my every day at work and home, because I truly believe when we adopt the kaizen mindset it sparks joy, pride and excellence.  

A quote I love: “Kaizen is everyday improvement, everybody improvement, everywhere improvement.” ― Masaaki Imai