Security Leadership and Management / Security 500 Report

Mike Howard: Leading Security Innovation and Business Growth

“Leadership must also come from the C-Suite to positively influence security’s mission in a holistic manner. Security’s goal is to be viewed as a significant business enabler and partner.”

“Leadership isabout understanding yourself first, recognizing strengths and weaknesses, and targeting continuous improvement,” says Mike Howard, Chief Security Officer at Microsoft. “It is an attitude and mindset to focus on the team and organizational goals first. Leaders are able to change focus from subject matter expertise to a focus on their team by setting strategic goals, letting go of the details and steering the team through execution.”

Mike’s view and strength in leadership had everything (almost) to do with his becoming the Global CSO at Microsoft. “My wife and I were both in the CIA. After we retired we wanted to be on the West Coast and near family. I connected with a friend who knew a recruiter who was seeking an executive opportunity protecting Bill Gates and Microsoft’s top executives. I spent a year as Director of Executive Protection.” One year later, Mike earned the Global CSO position and took over all of Microsoft Global Security.

One of the most important contacts is a person that Mike considers a mentor. “A former military officer I worked for at CIA gave me the chance at leadership where I was able to do new things and even fail without judgment. But through that process I remained positive and learned.” 

During Mike’s time at Microsoft, he has worked to learn and improve his business acumen. “This is such an innovative sector, and it is great to be a part of the cutting edge of technology and to actually be able to touch it, from software to the cloud to communications.

“It is fascinating to watch Microsoft use the technology and do things that are beyond the traditional security technology market. For example, we are driving security product development and generating revenue through our Showcase Program. We leverage our Global Security Operations Center (GSOC), partnering with our Sales Teams, to showcase the Microsoft Technology we employ on a daily basis to enterprise customers. This process has helped our team learn more about the business and deliver better risk management and security to them. We have also been credited with bringing in millions of dollars to the enterprise.”

The very rapid scale and innovation in the information technology sector is challenging from the standpoint of remaining out in front, regarding emerging risks. The requirement to secure research and development is consistently escalating.

“Microsoft is changing from a strictly software company to a Devices and Services Company, which embraces tablets, mobile devices and cloud services,” Howard adds. “The way people get, use and move information is fluid, and we constantly reinvent our security policies and programs to stay ahead.”

In addition to the product set changing dramatically, Microsoft’s geography is ever expanding. The company has new growth initiatives in Asia and Africa. Mike and his team are on point to provide this growing employee workforce with protection and physical security in these regions. The company is now moving into retail arena with products such as the Surface, Windows Phone and Xbox.

“As we expand internationally, our relationships with public/private organizations such as OSAC become vital,” he says. “The competitive landscape is becoming more complex and the ability to deliver risk management and security is paramount.”

The Microsoft Information Risk Management Council (IRMC) includes Mike, the CISO, and the data center and trustworthy computing departments. “The IRMC developed a multi-year, transparent plan to avoid silos and leverage capabilities,” he explains. “The IRMC has gained sponsorship with corporate VPs, legal, internal audit and the new business lines, such as retail, to focus on security issues.”                      As a result, Microsoft security addresses the business units at an enterprise level to mitigate risks. They leverage resources and deliver a single, comprehensive risk management program.

“Leadership must also come from the C-Suite to positively influence security’s mission in a holistic manner,” Mike says. “Security’s goal is to be viewed as a significant business enabler and partner. We are not just there to break the glass in case of an emergency. Being told that we are seen as strongly integrated into the business’s mission is a great compliment. Security is a true profession and the landscape is changing. Security must be integrated into the core mission of the enterprise and receive a seat at the table.”

The diversity of experience and learning has been great for Mike. “On the management side, I have worked to understand the different business sectors in the company and industry. On the leadership side, I have learned how to manage in the private sector. It has been very rewarding to become a better business leader. The opportunity to participate in the industry, meet and work with peers and learn from others has been great.

Mike is married and has enjoyed martial arts since age 14. Mike, thanks for your service.


Security Scorecard

Annual Revenue: $73.7 Billion

Security Budget: $45 Million


Critical Issues

  • Expanding Global Footprint (Asia, Africa)
  • Protection of IP
  • Supporting New Business Lines (Retail)


Security Mission

  • Asset Protection/Loss Prevention (for Resale)
  • Brand/Product
  • Corporate
  • Enterprise Resilience
  • Enterprise Risk Management
  • Global Security Operations Center
  • Intelligence Analysis, Communications, Technology, Background Checks,
  • Showcasing
  • Investigations
  • Physical/Asset Protection (Not for Resale)
  • Workforce Protection 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security May 2015 Issue cover

2015 May

In the May 2015 issue of Security, learn how to be the bridge between busieness and security with "customer facing," how to effectively work with your CFO, and covert security.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.