If you follow my blog you saw recently that there are two themes constantly popping up: One is everything about a government’s Cybersecurity Agenda (or the lack thereof) and the second one is the Cloud.
Let me briefly line them out: When I talk to governments I often feel that there is a lack of internal coordination when Cybersecurity is addressed. No too many people in governments are trying to get a holistic view on their Cybersecurity agenda and the sequence things should be addressed. I am convinced that an effective program or agenda will drive the growth of an economy as there will be increased trust in the respective country. If I may give you an example of what I mean: I am often asked whether governments could get more intelligence from us. Therefore we recently launched a program called DISP (Defensive Intelligence Sharing Program) where we share vulnerability information with governments. This information is only useful to the government if they can do something with it like if they have a Critical Infrastructure Protection program in place where they have the technical people understanding the information, being able to aggregate it to the right level and distribute it to the critical infrastructure provider in due time.
The Cloud is the other big theme. You know that I am convinced that there is too much fuzz out there and not enough guidance. Therefore we published our Cloud Security Considerations paper to elevate the discussion and give a framework which works for high-level people. The framework has been very effective and I used it often with customers so far. However, to me there is a huge necessity to work closer with customers and governments on a very senior level on how to approach those challenges and what is needed to enable the customer to move to the cloud – from a technical, regulatory but from an emotional perspective as well.
All these points, made us re-think our strategy around the Chief Security Advisor (CSA) community, where I was responsible for EMEA (yes, was but I am coming back to that). Today we are covering in
- Americas Time Zone: Brazil, LATAM, US
- Asia Time Zone: APAC, Australia, Korea, Greater China Region, India, Japan
- EMEA Time Zone: EMEA, Russia, France, Germany, Austria, Finland, the Netherlands, Norway
This is simply not enough for the work to be done. Therefore, we decided to significantly invest in Chief Security Advisors around the Globe to get closer to the businesses of our customers and governments and to help to leverage security as an enabler, rather than a disabler. Therefore we will broaden the coverage and end up with the following countries (the underlined countries/regions are the ones we are in the process of hiring or will kick the hiring process off):
- Americas Time Zone: Americas Time Zone Lead, LATAM, Brazil
- Asia Time Zone: Asia Time Zone Lead, Australia, Korea, Greater China Region, India, Japan
- EMEA Time Zone: EMEA Time Zone Lead, Poland, Russia, France, Germany, UK, Austria, Denmark, Finland, Italy, the Netherlands, Norway, Spain, Sweden, Switzerland, South Africa, Turkey
These will be very senior security people being able to work on eye’s level with CxOs, government elites and policy maker – if you think that you suit this high-level description and are interested, get in touch with me and I could link you to the relevant people.
This is a huge investment in time and an investment I am convinced is needed to drive the market and support governments in their initiatives.
Finally, I have the great pleasure to move on – well, partly. I will move away from my EMEA position to take over the worldwide Chief Security Advisor role, being responsible for Microsoft’s global CSA community. This is a great challenge, which I am looking forward to. To remain close to the field and close to the customer’s need, I decided to stay in Switzerland and not to move to the headquarters (well, there are some family reasons as well 
).
I will continue my blog but will broaden the scope from EMEA to the world.
Roger
