In The Boardroom With...

Mr. Mike Howard
Chief Security Officer


SecuritySolutionsWatch.com: Thank you for joining us today, Mike.  Before discussing Microsoft solutions in greater detail and ASIS 2014 please tell us about your background. 

Mike Howard:  I started off my career as a police officer in Oakland, California. I worked there for a few years and then decided I wanted to see the world a little bit and get involved in other activities. So, I eventually joined the Central Intelligence Agency in 1980 and did 22 years there. I spent the first six years in their Office of Security, doing a lot of the things I am doing now in terms of investigations, physical security, and executive protection. Then I switched over to the Clandestine Operations side of the house and worked primarily in our Counterterrorism Center. Most of the work I did was either in Africa or Asia. I worked there for a few years. Also I spent about two or three years doing some other things like working HR, career development, mentoring. I worked for the Office of Military Affairs as an executive director, sort of working between the Agency and the military fostering better operational relations. I worked as an investigator for the Inspector General’s Office, and then ended up my career as a chief-of-station in one of our domestic stations. I was there during 9/11. I came to Microsoft in 2002, first worked in running Executive Protection for a year, and since then have been the chief security officer. So, I’ve been here for about 12 years.

SecuritySolutionsWatch.com: The security environment today seems to be more challenging than ever before with unprecedented security threats on the one hand and limited budgets and legacy systems on the other. Your thoughts?

Mike Howard: You are correct in what the environment is, and it continues to be more challenging. It just means that as professionals we have to really work on more strict and ruthless prioritization of our activities. We don’t have the luxury of doing everything so you want to do the most important things first, or strategic things that are going to enhance the life safety and protection of the people that are under your charge. The other thing is to make sure that you’re taking a real hard look at those legacy systems. If those systems are not doing the job, then you need to start building a business case of why the company should invest funds for you to update your systems. But the other thing is again, we always talk about having the strategy for the technology; so have you maximized the use of those legacy systems? Have you developed solutions that are off-the-shelf that you could string together to come up with ways to enhance your security operations? Or are you just looking to find a new widget? So those are things that people should be thinking about in this new environment.

SecuritySolutionsWatch.com: May we have an overview of the key trends and highlights Microsoft discussed at ASIS 2014?

Mike Howard: We had many discussions with key solution providers and an exciting new trend we’re seeing is cloud based video storage and services.  One such provider, SmartVue, leverages Microsoft’s Azure Cloud to store surveillance video reducing the need for expensive NVR, DVR hardware. 

SecuritySolutionsWatch.com: What is the unique value proposition Microsoft brings to the table in this environment?

Mike Howard: Microsoft’s platform allows businesses to be agile and productive.  When I first started 12 years ago, the corporate physical security infrastructure contained over 60 different security technologies that didn’t interoperate and were proprietary in nature.  I pushed my technology team to develop a strategy to leverage Microsoft commercial off the shelf technology and partner technology that integrates with the Microsoft platform.  This allowed for seamless security solutions that were configured instead of costly customization.  Microsoft is also a pioneer in cloud computing and we’ve developed a physical cloud strategy where most of our technology solutions are hosted in the cloud. 

SecuritySolutionsWatch.com: Mike, Microsoft’s brand recognition and track record in every market segment is truly second to none…are there any “wins” or success stories you’d like to mention? 

Mike Howard: We’ve developed three world-class global security operations centers located in the US, UK, and India that monitors security events for our 850 physical locations. The technology framework and operations are considered a benchmark in security today and we routinely present to Fortune 500 CSO’s, CIO’s, and CISO’s along with government technology leadership.  You can see more at www.msgsoc.com

SecuritySolutionsWatch.com: Are you seeing a trend toward greater collaboration between the CSO and CIO to reduce vulnerability? What can organizations do to educate employees and their communities about reducing attack points as more and more mobile devices are connected to the network?

Mike Howard: Out of necessity, you’re seeing greater collaboration between the CSO and CISO. I think there’s still more work to be done on that in the security world at large. There are still a number of companies and institutions in which the CSOs do not talk to the CISOs for any number of reasons; so that’s something that we need to continue to work on.  Coming back to one of your original questions, it’s a more challenging environment in terms of limited budgets and resources. The ability to use that proverbial term ‘force multiply’ with your CISO counterpart and look at areas of mutual threats and mitigation strategies. That’s really important. To the second part of your question – reducing the attack points on mobile devices – there’s a physical element to that about how to keep your mobile devices within your control, making sure you are using good passwords and making sure you’re using good security practices when you’re traveling. But there’s a huge IT element to that as well, in terms of people using technology to attack those devices. [Addressing] that would detail having your CISO and having his / her team working in collaboration with the CSO mostly from an education and awareness standpoint. Here at Microsoft, we’ve done a lot of work collectively between the CSO and the CISO as organizations for education and awareness --evangelizing good security practices. I think you’ll see more and more of this. Hopefully it will be driven by people doing the right thing though a lot of times, it will be out of necessity because you will really need each other in order to get the job done.