Cybersecurity

Microsoft Is Getting a New ‘Outsider’ CISO

In a blog post on Dec. 5, Microsoft executive vice president of security Charlie Bell announced that as part of its new strategic focus on security, the company will shift Bret Arsenault out of his longtime role as CISO and into a chief security adviser position. In his place, Igor Tsyganskiy will assume the CISO job in the new year, Bell added.

“Bret will focus on escalating our impact across the entire ecosystem:¬†Microsoft, partners, customers, government agencies, and important communities,” Bell wrote. “I am also pleased to welcome Igor into the CISO role. Igor is a technologist and dynamic leader with a storied career in high-scale/high-security, demanding environments.”

Shakeup Reflects Shift in CISO Role

The CISO switch-up comes as the role itself is being transformed, with tremendous pressure being put on the cybersecurity leader holding the title. Security executives like former Uber CISO Joe Sullivan have been held personally liable and threatened with jail time as a result of corporate compromises. Likewise, SolarWinds CISO Tim Brown is being charged by the SEC for his role in the infamous 2020 supply chain attack.

There’s also the rise of artificial intelligence (AI) to contend with. AI technology needs to be developed with a keen eye toward cybersecurity. And Arsenault would be a natural fit to lead that charge, according to cybersecurity expert Jake Williams.

“[It’s possible] that with Microsoft’s focus on integrating AI into products, they wanted a new security advisor position to ensure that’s done securely,” Williams says. “Arsenault is a logical choice to fill that role, since he’s had more than a decade of experience building relationships with security leaders in partner organizations.”

CISO Appointment Wins Plaudits

Williams joins others in the cybersecurity community in viewing Tsyganskiy’s appointment as CISO as positive for Microsoft.

“This could just be a talent management issue,” Williams explains. “It’s also possible that the timing closely aligning with the new SEC regulations might offer a clue. But this is a great time to make a change.”

Tsyganskiy joined Microsoft in September as chief strategy officer for security. Prior to Microsoft, he worked for more than seven years with Bridgewater Associates, eventually rising up to the CTO role, according to his LinkedIn profile.

Notably, Tsyganskiy hasn’t previously held a CISO post.

“Replacing a Microsoft and cybersecurity industry veteran with an outside candidate, having no direct experience in the CISO role, but a substantial amount of broader product and technology experience, could be seen as a bold move by outsiders,” says Claude Mandy, chief evangelist for data security at Symmetry Systems. “It is perhaps indicative of the desire to build better security products, along with the security of Microsoft more broadly.”