“Leadership isabout understanding yourself first, recognizing strengths and weaknesses, and targeting continuous improvement,” says Mike Howard, Chief Security Officer at Microsoft. “It is an attitude and mindset to focus on the team and organizational goals first. Leaders are able to change focus from subject matter expertise to a focus on their team by setting strategic goals, letting go of the details and steering the team through execution.”
Mike’s view and strength in leadership had everything (almost) to do with his becoming the Global CSO at Microsoft. “My wife and I were both in the CIA. After we retired we wanted to be on the West Coast and near family. I connected with a friend who knew a recruiter who was seeking an executive opportunity protecting Bill Gates and Microsoft’s top executives. I spent a year as Director of Executive Protection.” One year later, Mike earned the Global CSO position and took over all of Microsoft Global Security.
One of the most important contacts is a person that Mike considers a mentor. “A former military officer I worked for at CIA gave me the chance at leadership where I was able to do new things and even fail without judgment. But through that process I remained positive and learned.”
During Mike’s time at Microsoft, he has worked to learn and improve his business acumen. “This is such an innovative sector, and it is great to be a part of the cutting edge of technology and to actually be able to touch it, from software to the cloud to communications.
“It is fascinating to watch Microsoft use the technology and do things that are beyond the traditional security technology market. For example, we are driving security product development and generating revenue through our Showcase Program. We leverage our Global Security Operations Center (GSOC), partnering with our Sales Teams, to showcase the Microsoft Technology we employ on a daily basis to enterprise customers. This process has helped our team learn more about the business and deliver better risk management and security to them. We have also been credited with bringing in millions of dollars to the enterprise.”
The very rapid scale and innovation in the information technology sector is challenging from the standpoint of remaining out in front, regarding emerging risks. The requirement to secure research and development is consistently escalating.
“Microsoft is changing from a strictly software company to a Devices and Services Company, which embraces tablets, mobile devices and cloud services,” Howard adds. “The way people get, use and move information is fluid, and we constantly reinvent our security policies and programs to stay ahead.”
In addition to the product set changing dramatically, Microsoft’s geography is ever expanding. The company has new growth initiatives in Asia and Africa. Mike and his team are on point to provide this growing employee workforce with protection and physical security in these regions. The company is now moving into retail arena with products such as the Surface, Windows Phone and Xbox.
“As we expand internationally, our relationships with public/private organizations such as OSAC become vital,” he says. “The competitive landscape is becoming more complex and the ability to deliver risk management and security is paramount.”
The Microsoft Information Risk Management Council (IRMC) includes Mike, the CISO, and the data center and trustworthy computing departments. “The IRMC developed a multi-year, transparent plan to avoid silos and leverage capabilities,” he explains. “The IRMC has gained sponsorship with corporate VPs, legal, internal audit and the new business lines, such as retail, to focus on security issues.” As a result, Microsoft security addresses the business units at an enterprise level to mitigate risks. They leverage resources and deliver a single, comprehensive risk management program.
“Leadership must also come from the C-Suite to positively influence security’s mission in a holistic manner,” Mike says. “Security’s goal is to be viewed as a significant business enabler and partner. We are not just there to break the glass in case of an emergency. Being told that we are seen as strongly integrated into the business’s mission is a great compliment. Security is a true profession and the landscape is changing. Security must be integrated into the core mission of the enterprise and receive a seat at the table.”
The diversity of experience and learning has been great for Mike. “On the management side, I have worked to understand the different business sectors in the company and industry. On the leadership side, I have learned how to manage in the private sector. It has been very rewarding to become a better business leader. The opportunity to participate in the industry, meet and work with peers and learn from others has been great.
Mike is married and has enjoyed martial arts since age 14. Mike, thanks for your service.
Security Scorecard
Annual Revenue: $73.7 Billion
Security Budget: $45 Million
Critical Issues
- Expanding Global Footprint (Asia, Africa)
- Protection of IP
- Supporting New Business Lines (Retail)
Security Mission
- Asset Protection/Loss Prevention (for Resale)
- Brand/Product
- Corporate
- Enterprise Resilience
- Enterprise Risk Management
- Global Security Operations Center
- Intelligence Analysis, Communications, Technology, Background Checks,
- Showcasing
- Investigations
- Physical/Asset Protection (Not for Resale)
- Workforce Protection