Breaking down Microsoft’s pivot to placing cybersecurity as a top priority

Recently, Microsoft had quite frankly a kicking from the US Department of Homeland Security over their security practices in a Cyber Safety Review Board report. I’ve tried to keep as quiet as possible about this one for various reasons (and I was not involved in the CSRB report, even anonymously) — although long time followers will know I’ve been often critical of Microsoft’s security posture. The CSRB report is well worth a read — they did a great job.

In particular, I aired some pretty critical (but vague) thoughts after leaving Microsoft — which although there was a period where I gather people were told it was because I had an axe to grind, it wasn’t — it was because I had been concerned about what I had seen. I couldn’t do anything about it at the time due to other issues going on there. Truthfully I’d always been critical of Microsoft over various things, e.g. prior to joining Microsoft I talked to BBC News about docs.com being the source of Microsoft’s customers accidentally leaking their documents, which ultimately led to the quiet mothballing of the product.

To give Microsoft its credit, it has a unique (from what I’ve seen) and good corporate culture that tolerates dissent. The reason I aired concerns is.. well.. what happens at Microsoft impacts society. And, selfishly, also me, and the ability for me to defend the orgs I work for.

Leave a Comment