Microsoft has made changes to its security leadership team following a high-profile breach of U.S. government Office 365 email accounts by Chinese hackers. The company has demoted its CISO after 14 years and reassigned its deputy CISO. Igor Tsyganskiy, a former CTO at Bridgewater Associates who joined Microsoft four months ago as chief strategy officer, has been named the new chief information security officer. Tsyganskiy will lead Microsoft’s new Secure Future Initiative, which aims to address criticism of Microsoft cloud security and vulnerabilities in its software products. Former CISO Bret Arsenault will take on a chief security adviser role.
The staff changes come as the U.S. Department of Homeland Security investigates the hacking of email accounts tied to 25 different organizations, including the departments of State and Commerce, by a China-based hacking group. Charlie Bell, executive vice president of security at Microsoft, stated that the company needs to evolve and adapt its security approach in the face of the rapidly evolving threat landscape.
Tsyganskiy has a background in high-scale and high-security environments, having spent the last seven years at Bridgewater Associates as CTO and head of investment technologies and critical infrastructure. He has also held leadership roles at Salesforce and SAP. In his new role as CISO, Tsyganskiy will be responsible for protecting Microsoft with a global community of security professionals.
Former deputy CISO Aanchal Gupta has been reassigned to Microsoft’s “experiences + devices” business unit to help shape the future of their M365 products. Microsoft has faced security issues with its products in recent years, including the theft of digital signing keys that led to the Chinese hacking incident. The company has urged customers to patch vulnerabilities in its products to mitigate the risk of cyberattacks.