Over the past 20 years, Microsoft has evolved from an email sent by Bill Gates to announce a new trustworthy computing initiative to becoming a true powerhouse in cybersecurity – most recently announced to have $15 billion in revenue and climbing.
In our latest NightVision event, NightDragon Founder and Managing Director Dave DeWalt sat down with two of the leaders newly in charge of the most recent chapter of the incredible Microsoft growth story in cybersecurity: Executive Vice President, Microsoft Security Charlie Bell and Corporate Vice President, Microsoft Security Services Kelly Bissell. They discussed their recent decisions to join the Microsoft team, their visions for the future of cybersecurity at the company and what trends they are watching in the years to come.
Here are some takeaways from the conversation. A full video can also be found above.
- Security in Cloud is Essential – When he began looking for his next new opportunity from launching Amazon Web Services, Bell said he started reflecting on the biggest problems facing the industry today. He said one of the biggest challenges he saw was the real problem growing in security around the cloud, calling it the “mother of all problems.” “If you don’t solve that problem, you don’t get to do any other innovation,” he said. Bell said that was the primary driver for joining Microsoft to solve this big problem given its position in cloud and security and its ability to tackle it at scale and in an end-to-end way.
- A Strong Cybersecurity Culture – Trust, safety and security is something that Microsoft lives and breathes. Bell said this is because of a culture of deep empathy built by CEO Satya Nadella for customers and what their pain points might be. Bissell added that this empathy is backed up by a sense of mission and purpose around cybersecurity, while also moving innovation as fast as possible to keep pace.
- Importance of Closing the Cyber Skills Gap – Microsoft has been a leader on the nationwide effort to close the cybersecurity talent and skills gap, announcing initiatives like a plan to work with U.S. community colleges to train 250,000 new cyber professionals. Bissell said it is important for cyber leaders to look outside of traditional paths into the industry, such as a four-year university degree, to bring more people into the workforce in cyber and also open the opportunity to a greater diversity of individuals.
- Escalating Threat Landscape – As a sign of the continued threat landscape, Microsoft is tracking more than 260 attacker groups currently and 43 trillion telemetry events a day. “They’re definitely getting better organized and their innovating fast,” Bell said about attackers. That increased sophistication is happening on the part of the independent attackers, who he said in many cases have begun to specialize and build an economy of sorts, and nation state actors targeting supply chain, infrastructure and other critical assets. “The threat is definitely growing,” he said. With all that said, he said he is optimistic to see innovation increasing across the industry to meet this rising threat. “I’m optimistic that we’re going to change the asymmetry of the whole game going forward,” he said.
- Room for Many Cyber Players – While Microsoft continues to grow its security business, Bell said he also recognizes that there won’t be one company that provides all cybersecurity solutions to the entire market. “It’s going to be an ecosystem,” he said. That said, he said there will be leaders, particularly when it comes to offering a platform approach. He said that is a clear place where Microsoft can take a leadership role.
- Security Needs to be Considered Earlier in Development Cycle – One of the big problems that Bell sees is that when people are innovating and building technology, they often aren’t considering security first. “We all know that isn’t the right recipe,” he said. It is important for security to “shift left” and get integrated earlier into the development tools to prevent and detect potential vulnerabilities early on, versus retrofitting it for cybersecurity.
- Services Opportunity Continues to Evolve – While CISOs used to want to do everything on their own, ultimately many joined the services revolution and looked to outsource some cybersecurity tasks to large services firms. “I always dreamt of a day we would have air, water, electricity, and security as a service,” DeWalt said. Bissell said he is seeing that evolution is now enter its next phase, with cybersecurity leaders looking for a “partner in innovation” to help them problem-solve and innovate side by side. Bissell said Microsoft is seeing an increased opportunity for itself in this space alongside its customers.
- Cybersecurity is a Team Sport – While public-private partnership is not a new concept, Bissell said it has taken on new life between government and commercial organizations in the last year. “I think us in the private sector and governments are ready to make big bets together,” he said. “This is the first year I’ve seen the big bets as opposed to baby steps.”
- Cyber Meets Physical on the Battlefield – The ongoing crisis in Ukraine has served as a seminal moment in cybersecurity history, showing the intersection between cyber events and physical events. Bell recalled one case where Microsoft was working with individuals inside of a nuclear reactor to remediate a potential cyberattack, and the individuals in Ukraine had to take cover from shells. “You realize that this is a form of warfare. It’s being integrated into the battle plan,” said Bell. Ransomware and the increase in wiper technology also showed the “weaponization of cyber going on out there,” he said.
- Cyber-Physical Convergence Accelerating – Kinetic and cyber are coming together because of increased digitization and convergence with other physical domains, such as land, air, space and sea. This creates massive amounts of new risk that must be mitigated, said Bell. “It’s wonderful from a capabilities standpoint, but… if you don’t get ahead of this, what happens is some of these events will be so cataclysmic that we will be afraid to move forward and we should move forward,” he said.
- Future Trends to Watch – When asked what future trends they are watching, Bell said he is watching the acceleration and potential around artificial intelligence technologies to monitor and respond more quickly to threats. “This is a fundamental game changer for us,” he said. Bissell said he, meanwhile, is watching better third-party risk management systems, post-quantum encryption and confidential computing with data down to the chip-set level.
A full recording of the event can be found above. To view NightDragon’s other NightVision events, visit our Events page.
