Microsoft Security

Microsoft Security

Sign in

CISO series

Discover successful security strategies and valuable lessons learned from CISOs and Microsoft’s top security experts to help you navigate an ever-expanding threat landscape.

September 17, 2019

Operational resilience begins with your commitment to and investment in cyber resilience

Operational resilience cannot be achieved without a true commitment to and investment in cyber resilience.

July 11, 2019

Preparing your enterprise to eliminate passwords

If you’re a CIO, a CISO, or any other exec at a company who is thinking about digital security, the user name/password paradigm is more than a hassle, it’s a true security challenge, which keeps many of us up at night. Today, I’m outlining the basic steps necessary to eliminate passwords, with the acknowledgement that we’re still on the journey. I believe we’ve mapped out the right path, but we aren’t finished yet.

June 6, 2019

Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness

In our second post about people—our most valuable resource in the SOC—we talk about our investments into readiness programs, career paths, and recruiting for success.

April 23, 2019

Lessons learned from the Microsoft SOC—Part 2a: Organizing people

In the second of our three-part series, we focus on the most valuable resource in the SOC—our people.

Lessons learned from the Microsoft SOC—Part 1: Organization

February 21, 2019

Lessons learned from the Microsoft SOC—Part 1: Organization

In the first of our three part series, we provide tips on how to manage a security operations center (SOC) to be more responsive, effective, and collaborative.

January 31, 2019

CISO series: Talking cybersecurity with the board of directors

To maintain a board’s confidence, you need to engage them in your strategy early and often.

December 6, 2018

CISO series: Strengthen your organizational immune system with cybersecurity hygiene

Cybersecurity hygiene is about maintaining cyberhealth by developing and implementing a set of tools, policies, and practices to increase your organization's resiliency in the face of attacks and exploits.

November 29, 2018

CISO series: Secure your privileged administrative accounts with a phased roadmap

If you are working on initiatives to secure your privileged accounts (and I hope you are), this post is designed to help.

Lessons learned from the Microsoft SOC—Part 1: Organization

November 13, 2018

CISO series: Lessons learned—4 priorities to achieve the largest security improvements

In this blog, Jonathan Trull shares methods he uses to prioritize where and how he spends his resources to achieve the largest security improvements.

November 1, 2018

CISO series: Build in security from the ground up with Azure enterprise

Shawn Anderson, a former CISO, now meets with CISOs every other week to answer their questions on moving to the cloud and where to start. Today, Shawn shows you how you can use the Azure enterprise scaffold to migrate to the cloud—even in a hybrid-cloud environment.

October 24, 2018

CISO series: Partnering with the C-Suite on cybersecurity

In my last blog, we looked at five communication techniques that can help engage business managers in the work of cybersecurity. This week, we’ll look at how to use those techniques to bring the C-Suite into the conversation.

October 18, 2018

CISO series: Building a security-minded culture starts with talking to business managers

Protecting the company and its users against data leaks is no longer just the responsibility of IT and security operations. Everyone from the board to Firstline Workers has an important role to play.