Microsoft security boss Charlie Bell has quietly executed a major shakeup of the software giant's security hierarchy, removing the CISO and Deputy CISO and handing the reins to Igor Tsyganskiy, a recent hire who previously served as CTO and President at asset management giant Bridgewater Associates.
Tsyganskiy, who joined Redmond just four months ago, will take over the CISO responsibilities from Bret Arsenault and help guide the company through its new 'Secure Future Initiative' that promises faster cloud patches, better management of identity signing keys and a commitment to ship software with a higher default security bar.
Arsenault, who held the CISO title at Microsoft for 14 years, has been reassigned to a security advisory role.
His deputy, Aanchal Gupta, was also removed and will exit Microsoft's security organization.
Tsyganskiy spent seven years at Bridgewater, managing the tech stack for the world's largest hedge fund and is credited with overhauling the firm's trading and back-office system.
Prior to Bridgewater, Tsyganskiy did stints as SVP of product management at Salesforce and SVP Engineering at WideOrbit.
The changes come as Microsoft scrambles to contain the fallout from a spate of embarrassing hacks, zero-day exposures and patching problems on its flagship OS and cloud computing platforms.
The M365 hack, caused by a mismanagement of signing keys, is being investigated by the Department of Homeland Security's Cyber Safety Review Board.
Bell, who spent 23 years at Amazon before joining Microsoft in 2021 to lead the entire security organization, is betting on the promise of AI to help Microsoft with its cybersecurity problems.
The company plans to use AI to help automate threat modeling and adopt memory safe languages like Rust to build security at the language level and eliminate entire classes of traditional software vulnerabilities.
Microsoft has faced intense criticism for its approach to third-party vulnerability research of its cloud products and continues to struggle with faulty and incomplete patches and a surge in Windows zero-day attacks.
The company recently announced plans to expand logging defaults for lower-tier M365 customers and increase the duration of retention for threat-hunting data.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 06 Dec 2023 17:43:10 +0000