Off to See the World

If you follow my blog you saw recently that there are two themes constantly popping up: One is everything about a government’s Cybersecurity Agenda (or the lack thereof) and the second one is the Cloud.

Let me briefly line them out: When I talk to governments I often feel that there is a lack of internal coordination when Cybersecurity is addressed. No too many people in governments are trying to get a holistic view on their Cybersecurity agenda and the sequence things should be addressed. I am convinced that an effective program or agenda will drive the growth of an economy as there will be increased trust in the respective country. If I may give you an example of what I mean: I am often asked whether governments could get more intelligence from us. Therefore we recently launched a program called DISP (Defensive Intelligence Sharing Program) where we share vulnerability information with governments. This information is only useful to the government if they can do something with it like if they have a Critical Infrastructure Protection program in place where they have the technical people understanding the information, being able to aggregate it to the right level and distribute it to the critical infrastructure provider in due time.

The Cloud is the other big theme. You know that I am convinced that there is too much fuzz out there and not enough guidance. Therefore we published our Cloud Security Considerations paper to elevate the discussion and give a framework which works for high-level people. The framework has been very effective and I used it often with customers so far. However, to me there is a huge necessity to work closer with customers and governments on a very senior level on how to approach those challenges and what is needed to enable the customer to move to the cloud – from a technical, regulatory but from an emotional perspective as well.

All these points, made us re-think our strategy around the Chief Security Advisor (CSA) community, where I was responsible for EMEA (yes, was but I am coming back to that). Today we are covering in

  • Americas Time Zone: Brazil, LATAM, US
  • Asia Time Zone: APAC, Australia, Korea, Greater China Region, India, Japan
  • EMEA Time Zone: EMEA, Russia, France, Germany, Austria, Finland, the Netherlands, Norway

This is simply not enough for the work to be done. Therefore, we decided to significantly invest in Chief Security Advisors around the Globe to get closer to the businesses of our customers and governments and to help to leverage security as an enabler, rather than a disabler. Therefore we will broaden the coverage and end up with the following countries (the underlined countries/regions are the ones we are in the process of hiring or will kick the hiring process off):

  • Americas Time Zone: Americas Time Zone Lead, LATAM, Brazil
  • Asia Time Zone: Asia Time Zone Lead, Australia, Korea, Greater China Region, India, Japan
  • EMEA Time Zone: EMEA Time Zone Lead, Poland, Russia, France, Germany, UK, Austria, Denmark, Finland, Italy, the Netherlands, Norway, Spain, Sweden, Switzerland, South Africa, Turkey

These will be very senior security people being able to work on eye’s level with CxOs, government elites and policy maker – if you think that you suit this high-level description and are interested, get in touch with me and I could link you to the relevant people.

This is a huge investment in time and an investment I am convinced is needed to drive the market and support governments in their initiatives.

Finally, I have the great pleasure to move on – well, partly. I will move away from my EMEA position to take over the worldwide Chief Security Advisor role, being responsible for Microsoft’s global CSA community. This is a great challenge, which I am looking forward to. To remain close to the field and close to the customer’s need, I decided to stay in Switzerland and not to move to the headquarters (well, there are some family reasons as well Smile).

I will continue my blog but will broaden the scope from EMEA to the world.



9 thoughts on “Off to See the World


    Your analysis of the lack of “joined up thinking” with regards to many governments’ cyber security strategies is very true and aligns with my own thoughts and indeed experience.

    This sounds like a very interesting initiative and hopefully it will bring change for the good to many countires.

    I wish you the best of luck with it. If I can be of any help just let me know.



    Congratulations on your new role – get ready for NO sleep at all.

    Seriously, I know how passionate you are about Cybersecurity, and the role you and your colleagues play in working with governments and organisations to deal with major security issues. I wish you the very best as you build your global CSA community, and look forward to hearing about the major developments you are involved in.



    It is perfect time to make some plans for the future and it is time to be happy. I have read this post and if I could I desire to suggest you some interesting things or suggestions. Maybe you could write next articles referring to this article. I want to read more things about it!

Leave a Reply