“Leadership must also come from the C-Suite to positively influence security’s mission in a holistic manner. Security’s goal is to be viewed as a significant business enabler and partner.”

November 5, 2013

No Comments

“Leadership isabout understanding yourself first, recognizing strengths and weaknesses, and targeting continuous improvement,” says Mike Howard, Chief Security Officer at Microsoft. “It is an attitude and mindset to focus on the team and organizational goals first. Leaders are able to change focus from subject matter expertise to a focus on their team by setting strategic goals, letting go of the details and steering the team through execution.”

Mike’s view and strength in leadership had everything (almost) to do with his becoming the Global CSO at Microsoft. “My wife and I were both in the CIA. After we retired we wanted to be on the West Coast and near family. I connected with a friend who knew a recruiter who was seeking an executive opportunity protecting Bill Gates and Microsoft’s top executives. I spent a year as Director of Executive Protection.” One year later, Mike earned the Global CSO position and took over all of Microsoft Global Security.

One of the most important contacts is a person that Mike considers a mentor. “A former military officer I worked for at CIA gave me the chance at leadership where I was able to do new things and even fail without judgment. But through that process I remained positive and learned.”

During Mike’s time at Microsoft, he has worked to learn and improve his business acumen. “This is such an innovative sector, and it is great to be a part of the cutting edge of technology and to actually be able to touch it, from software to the cloud to communications.

“It is fascinating to watch Microsoft use the technology and do things that are beyond the traditional security technology market. For example, we are driving security product development and generating revenue through our Showcase Program. We leverage our Global Security Operations Center (GSOC), partnering with our Sales Teams, to showcase the Microsoft Technology we employ on a daily basis to enterprise customers. This process has helped our team learn more about the business and deliver better risk management and security to them. We have also been credited with bringing in millions of dollars to the enterprise.”

The very rapid scale and innovation in the information technology sector is challenging from the standpoint of remaining out in front, regarding emerging risks. The requirement to secure research and development is consistently escalating.

“Microsoft is changing from a strictly software company to a Devices and Services Company, which embraces tablets, mobile devices and cloud services,” Howard adds. “The way people get, use and move information is fluid, and we constantly reinvent our security policies and programs to stay ahead.”

In addition to the product set changing dramatically, Microsoft’s geography is ever expanding. The company has new growth initiatives in Asia and Africa. Mike and his team are on point to provide this growing employee workforce with protection and physical security in these regions. The company is now moving into retail arena with products such as the Surface, Windows Phone and Xbox.

“As we expand internationally, our relationships with public/private organizations such as OSAC become vital,” he says. “The competitive landscape is becoming more complex and the ability to deliver risk management and security is paramount.”

The Microsoft Information Risk Management Council (IRMC) includes Mike, the CISO, and the data center and trustworthy computing departments. “The IRMC developed a multi-year, transparent plan to avoid silos and leverage capabilities,” he explains. “The IRMC has gained sponsorship with corporate VPs, legal, internal audit and the new business lines, such as retail, to focus on security issues.” As a result, Microsoft security addresses the business units at an enterprise level to mitigate risks. They leverage resources and deliver a single, comprehensive risk management program.

“Leadership must also come from the C-Suite to positively influence security’s mission in a holistic manner,” Mike says. “Security’s goal is to be viewed as a significant business enabler and partner. We are not just there to break the glass in case of an emergency. Being told that we are seen as strongly integrated into the business’s mission is a great compliment. Security is a true profession and the landscape is changing. Security must be integrated into the core mission of the enterprise and receive a seat at the table.”

The diversity of experience and learning has been great for Mike. “On the management side, I have worked to understand the different business sectors in the company and industry. On the leadership side, I have learned how to manage in the private sector. It has been very rewarding to become a better business leader. The opportunity to participate in the industry, meet and work with peers and learn from others has been great.

Mike is married and has enjoyed martial arts since age 14. Mike, thanks for your service.

Security Scorecard

Annual Revenue: $73.7 Billion

Security Budget: $45 Million

Critical Issues

Expanding Global Footprint (Asia, Africa)
Protection of IP
Supporting New Business Lines (Retail)

Security Mission

Asset Protection/Loss Prevention (for Resale)
Brand/Product
Corporate
Enterprise Resilience
Enterprise Risk Management
Global Security Operations Center
Intelligence Analysis, Communications, Technology, Background Checks,
Showcasing
Investigations
Physical/Asset Protection (Not for Resale)
Workforce Protection

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Mike Howard: Leading Security Innovation and Business Growth

“Leadership must also come from the C-Suite to positively influence security’s mission in a holistic manner. Security’s goal is to be viewed as a significant business enabler and partner.”

Related Articles

Report Abusive Comment