Executive Leaders Discuss Making Big Security Bets at the Microsoft Secure Conference

At the recent Microsoft Secure conference, a roundtable discussion titled “How Do Executive Leaders Make Big Security Bets for Their Businesses” brought together industry experts to share their insights on the current state of cybersecurity and how businesses can stay ahead in this ever-evolving landscape. The panel featured Bret Arsenault, CVP and CISO at Microsoft, and Emma Smith, Cyber Security, Technology Assurance and Strategy Director at Vodafone. 

Evolving Threat Environment 

The panelists discussed the ever-changing threat environment, highlighting the increasing number of ransomware attacks, recessionary headwinds, and the complex regulatory environment that businesses must face. Smith mentioned the impact of war and volatile supply chains on cybersecurity, while Arsenault pointed out that the median time for an attacker to work laterally in a network is less than two hours, and the average cost of an attacker gaining unauthorized access to a business environment is estimated to be $4.35 million in the US. 

Both panelists emphasized the importance of adapting to the evolving threat landscape, with a focus on globally distributed workforces and investing in controls that bring tangible risk reduction. 

Prioritizing Investment in Cybersecurity 

Smith emphasized the importance of prioritizing investment in people and culture, ensuring that the correct depth of expertise is present within the company. A top-down culture that focuses on patching, hardening, vulnerability management, Zero Trust, endpoint control, and identity management are all essential aspects of a robust cybersecurity strategy. 

Arsenault expanded on the concept of “the brilliant basics,” such as patching and hardening. At multiple moments he stressed that it is a mistake to let these fall by the wayside. He noted that multi-factor authentication (MFA) is beginning to show some weaknesses and suggested that companies should also consider implementing phish-proof alternatives like Windows Hello. 

Both panelists highlighted the importance of having layers of control in place to address various security threats effectively. 

Machine Learning and the Human Aspect of Cybersecurity 

Arsenault also discussed the use of automation and machine learning (including large language models like ChatGPT) to manage telemetry and decrease the time to remediation. He emphasized the need to secure the code pipeline to limit exposure to the codebase, using automated code analysis to prevent security breaches and shore up possible exposed touchpoints. 

Smith shared her thoughts on the future of cybersecurity, mentioning post-quantum cryptography as an area to watch. She stated that the operating model at Vodafone assumes that cybersecurity will always be an ongoing job, requiring constant learning and adaptation to new risks. 

The panelists agreed that there is a “war for talent” in the cybersecurity field. They discussed the possibility of using learning models (like Microsoft’s Security Copilot which is under active development) to handle security operations center (SOC) level 1 work while devoting human capital to level 2 and beyond. 

As his forward-looking conclusion, Bret Arsenault noted that he believes there has been an inflection point of “good people vs. bad people,” with the former finally starting to outnumber the latter. Ultimately, this roundtable discussion at Microsoft Secure served as a reminder that “security is a team sport.” Businesses must continuously adapt to the evolving threat landscape and invest in the right controls, people, and technologies to maintain a robust cybersecurity posture. 

As executive leaders navigate this challenging environment, the insights shared by Arsenault and Smith emphasize the importance of maintaining a proactive approach to security, prioritizing investments in people and technology, and embracing the fact that cybersecurity is an ongoing battle with no finish line in sight. 

Joey Poole

Joey is a problem solver. With a background spanning the breadth of technology, business development, operations, and product management, he often finds workable solutions drawn out of his varied experience. As a Product Manager working with Cloudforce’s managed cloud product nebulaONE, Joey finds himself at the intersection of his team’s technological expertise and business needs.

Recommended for you.