Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

CISO Strategy

Microsoft Hires New CISO in Major Security Shakeup

Microsoft announced a major shakeup of its security hierarchy, removing the CISO and Deputy CISO and handing the reins to a recent hire.

Microsoft

Microsoft security boss Charlie Bell has quietly executed a major shakeup of the software giant’s security hierarchy, removing the CISO and Deputy CISO and handing the reins to Igor Tsyganskiy, a recent hire who previously served as CTO and President at asset management giant Bridgewater Associates.

Tsyganskiy, who joined Redmond just four months ago, will take over the CISO responsibilities from Bret Arsenault and help guide the company through a new  ‘Secure Future Initiative’ that promises faster cloud patches, better management of identity signing keys and a commitment to ship software with a higher default security bar.

Arsenault, who held the CISO title at Microsoft for 14 years, has been reassigned to a security advisory role.  His deputy, Aanchal Gupta, was also removed and will exit Microsoft’s security organization.

In an LinkedIn post, Bell described Tsyganskiy as “a technologist and dynamic leader with a storied career in high-scale/high-security, demanding environments,” noting that he brings “deep knowledge and experience from his previous role outside of Microsoft.”

Tsyganskiy spent seven years at Bridgewater, managing the tech stack for the world’s largest hedge fund and is credited with overhauling the firm’s trading and back-office system.  Prior to Bridgewater, Tsyganskiy did stints as SVP of product management at Salesforce and SVP Engineering at WideOrbit.

The changes come as Microsoft scrambles to contain the fallout from a spate of embarrassing hacks, zero-day exposures and patching problems on its flagship OS and cloud computing platforms. 

Earlier this year, Chinese government-backed hackers broke into Microsoft’s M365 cloud platform and stole U.S. government emails, an incident that prompted a U.S. senator to accuse Microsoft of “cybersecurity negligence.”

The M365 hack, caused by a mismanagement of signing keys, is being investigated by the Department of Homeland Security’s Cyber Safety Review Board (CSRB).

Advertisement. Scroll to continue reading.

Bell, who spent 23 years at Amazon before joining Microsoft in 2021 to lead the entire security organization, referenced the “speed, sophistication, and scale of cyber-attacks” in the shakeup decision. “This requires a new focus,” Bell declared.

Bell is betting heavily on the promise of AI to help Microsoft with its cybersecurity problems and there are plans to use AI to help automate threat modeling and adopt memory safe languages like Rust to build security at the language level and eliminate entire classes of traditional software vulnerabilities.

Microsoft has faced intense criticism for its approach to third-party vulnerability research of its cloud products and continues to struggle with faulty and incomplete patches and a surge in Windows zero-day attacks.

The company recently announced plans to expand logging defaults for lower-tier M365 customers and increase the duration of retention for threat-hunting data. 

Microsoft says it rakes in about $20 billion a year in cybersecurity-related revenue.

Related: Crash Dump Error: How Chinese Hackers Exploited Microsoft’s Mistakes

Related: US Senator Accuses Microsoft of ‘Cybersecurity Negligence’

Related: Microsoft Cloud Hack Exposed More Than Emails

Related: Chinese APT Use Stolen Microsoft Key to Hack Gov Emails

Related: Microsoft Bows to Pressure to Free Up Cloud Security Logs

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

SecurityWeek talks to Chief Information Security Officers from Bill.com, FreedomPay, and Tassat about their role and experience as CISOs.

CISO Conversations

SecurityWeek talks to Dennis Kallelis (CSO at Idemia) and Jason Kees (CISO at Ping), two of industry’s identity giants. The idea, as always, is...

CISO Conversations

U.S. Marine Corps and SAIC CISOs Discuss the Differences Between Government and Private Industry

CISO Conversations

While the BISO might appear to be a new role, it is not – and understanding its past provides insights into its present.