Meet The One Who Saved Microsoft Secure For a very long time

Gain from Mike Howard, the one who made security a vital piece of Microsoft's organization culture for quite a long time.

Learn from Mike Howard, the man who made security an integral part of Microsoft's company culture for 16 years. He set industry standards like incorporating security into all employee training programs and making security an integral part of company culture.

This article is for business owners and security professionals who want to learn from a top CSO who managed Microsoft’s security protocols for more than a decade. Mike Howard is a former CIA operations officer with 22 years of experience who led Microsoft’s global security operations as the chief security officer (CSO) from 2002 to his retirement on August 31, 2018.

During his time at Microsoft, Mike ensured that the company instated protocols tailored to work for any type of physical or cybersecurity threat. Although Microsoft is considered one of the pioneers in the technology industry, Howard once said that much, if not all of the security protocols imposed by Microsoft are still rooted in the traditional ways of ensuring security in many corporations.

“But, traditional security issues of theft, violence against employees, terrorism, and natural disasters are all still paramount in terms of being the big security challenges for businesses.” Howard believes that while technology advances faster every day, large companies like Microsoft should still base their security protocols on blueprints created decades ago.

Whether you have over 700 offices scattered in a hundred countries globally, like Microsoft, or are a small business looking to improve your cybersecurity, you need to focus on the common security problems encountered across all levels of management. It’s worth noting that Microsoft invests a total of $1 billion annually in making sure that their own data, as well as their clients, is well protected.

Microsoft’s security incident management relies on the fundamental processes of mitigating security risks: preparation, detection and analysis, containment, eradication, and recovery, and post-incident activity. Even though Microsoft spends huge amounts of money on security, the savings it gets from preventing and mitigating the effects of attacks as a result of having exceptional security protocols in place, are more than what it spent.

“A lot of [Microsoft’s commitment to security] has to do with the evangelizing of security on several fronts within the last decade,” Howard said. Even when making plans with regard to Microsoft’s marketing efforts, Howard made sure to deliver information that would help the employees go about their responsibilities without compromising their integrity or that of the company’s valuable information.

Howard believes that aside from technology’s role in maximizing security at Microsoft, employees are key to ensuring that work is done with utmost vigilance and observance of adequate security guidelines. We have a certain amount of full-time employees and vendors to cover Microsoft globally; we could never cover the world adequately without educating and creating awareness programs that teach people what to look for.”

It’s about making sure they understand the importance of security protocols, no matter which department they work for, and training them to mitigate possible risks they might encounter in the course of their work. Paying attention to employees and proactively updating the information necessary to mitigate security risks is an effective way to preside over a company’s cybersecurity.

Mike Howard’s history as a former CIA security officer was a stepping stone to his role as Microsoft’s chief security officer, and his philosophy when it comes to security is rooted in the fact that all threats can be mitigated as long as proper protocols are in place. Howard’s time at Microsoft emphasizes the importance of both technological and protocol protections for security, whether that means implementing a cybersecurity system and response plan, training individual team members, or offering them the resources they need to remain vigilant.

written by: