Podcasts
Afternoon Cyber Tea with Ann Johnson
Ep 66
Afternoon Cyber Tea with Ann Johnson 1.10.23
Ep 66 | 1.10.23

Security Trends in 2023 and Beyond

Show Notes
Transcript

Ann Johnson: Welcome to "Afternoon Cyber Tea," where we speak with some of the biggest security influencers about what is shaping the cyber landscape and what is top of mind for the C-suite and other key security decision-makers. I'm Ann Johnson. And today I'm joined by a long-time colleague and friend, Chris Young. Chris leads the Business Development, Strategy and Ventures team here at Microsoft. Prior to Chris' current role, he was the CEO at McAfee and held senior leadership positions in cybersecurity at Intel, Cisco, VMware and RSA Security. Chris serves on the board of directors for American Express and is a member of the Cybersecurity Advisory Committee for the U.S. Cybersecurity and Infrastructure Security Agency. Chris lives in the Bay Area with his family. Welcome to "Afternoon Cyber Tea," Chris.

Chris Young: Thanks, Ann - great to be here with you. 

Ann Johnson: So I remember many years ago, we worked together back at RSA Security, and I remember that really fondly. You were always very visionary and always had this view of the industry that was really inspiring. And you played a really big role in cyber then. You've played a really big role in cyber since then. So most of the audience knows you or knows of you. But I'd love for you to get folks to hear more about your journey and why you decided to get into cybersecurity many years ago. 

Chris Young: Well, Ann, I appreciate that. It was a great time at RSA. I've had a lot of great experiences in cyber. And I will tell you, like you, I'm one of the probably few people who you would meet that's actually been in cybersecurity since before we even called it cybersecurity, you know, back in the days when people would call it info security or infosec or IT sec. And if - you know, today, if you ask the average CEO about cybersecurity, they would - you know, they know exactly what they're doing. They know who their teams are, priorities, etc. And I always like to say, back in those days, this is probably the - call it the '90s, late '90s. If you asked the average CEO about cybersecurity, most of them would probably say, well, you know, we've got some folks in IT, and that's kind of what they do. And that's probably the extent of their knowledge around cyber. And we've come a long way since then. 

Chris Young: But, yeah, I kind of got into the business almost a little bit by accident, which, back in those days, is probably not abnormal for many of us. You know, I got involved with a couple of guys doing a startup in the mid-'90s. And we originally were focused on downloading and trying to help cache, like, content from the internet so that people could experience - they could actually get the content quicker because in those days, you know, a lot of us were using, you know, dial-up modems and, you know, had a lot slower connection speed. So you needed your web interactions to go a lot faster. 

Chris Young: But we ultimately - you know, we ended up building sort of a search capability. And as we went around kind of pitching some of our ideas, I remember this guy in the cable business said to us, you know, this is great, but what I could really use some help with is - I want you guys to help me figure out who out there on the internet is abusing my content. You know, what are they saying about my company? Are there any threats I should be worried about? And so that's how we kind of got into it. And we started this company, which - when we first started it, we called it Online Monitoring Services, which was, like, super-creative naming. But ultimately we called ourselves Cyveillance, and I'm sure people heard - many people have heard of Cyveillance. But that was kind of my original foray into cybersecurity. And, you know, Cyveillance now - it's kind of had a few iterations, but it's still out there. And it's - I think it's part of LookingGlass today, if I'm not mistaken. 

Ann Johnson: That's an incredible story. And, you know, reflecting on it a little bit, we used to say at RSA, you know, back in the early 2000s that people spent more on their coffee budgets than they spent on their IT security budget. 

Chris Young: (Laughter). 

Ann Johnson: You know? And the industry has changed so much. Like you, I was accidental. I think a lot of folks who came into the industry in the '90s, early 2000s, were really accidental. So given that, you know, you came into the industry a little bit accidentally, I know you've had some great mentors, some peer leaders that have played in shaping who you are today. Anyone specific come to mind that gave you advice or sponsored you in a key period of your career? 

Chris Young: You know, I've been fortunate, Ann, to have many, you know, great mentors and people that I've worked with over the years. You know, one will I will call out - you know, how can I not since I'm sitting here talking to you? But when we were at RSA, I mean, Art Coviello was a great mentor of mine. As you know, I worked for Art for a number of years, both when we were a standalone company as RSA, a tiny little cybersecurity company out there with a big name brand because we had the conference, you know, the conference we all still know and love. But then we became part of EMC, and, you know, Art continued to run it. But he was - you know, he was always a great mentor, gave me a lot of opportunities. He was the guy who originally brought me into RSA when they - you know, they had the opportunity to try to go after better protection for consumer online banking 'cause that's kind of how I came to the company. 

Chris Young: As you may recall, like, I was at AOL before then, and I had done some work with RSA. And we rolled out some AOL-branded tokens, which didn't get a ton of uptake. So it probably wasn't our most successful security offering as AOL. But, you know, ultimately, I got to know the RSA team, got to know Art, and when the online banking opportunity arose because of some of the new regulation that was happening in the industry, you know, I decided to come over and join the RSA team. And it was a great run after that. We did a number of acquisitions. We really built out that business and really changed RSA from a token company to a much broader security play. 

Ann Johnson: To your point, that was a really fun time. And we have, you know, Michal Braverman-Blumenstyk is now here with us at Microsoft, and Israel Aloni, and a lot of other folks who are a part of that, you know, identity protection business that we built for consumer online banking and anti-malware and antifraud solutions. So, and Art's a great mentor to a lot of folks in the industry, including me - so a great callout. You've passed two years of Microsoft. Congratulations. It's been almost exactly two years, right? 

Chris Young: Literally, almost exactly two years. It's been a fun ride. It's - was a weird time to join in the middle of the pandemic when literally all of our interactions were like this, like, completely virtual. 

Ann Johnson: So when you think about why you joined Microsoft, why? Why Microsoft, and what made you excited about the company then? 

Chris Young: You know, I've known Microsoft for many years, you know, whether I was a partner of Microsoft, a customer of Microsoft, a competitor of Microsoft, sometimes probably all three at the same time. I came to know Satya and some of the senior leaders, you know, during my previous lives, previous careers at other companies. And, you know, we had always had a little bit of a dialogue about would there be an opportunity to join Microsoft at some point. And after I had left McAfee in early 2020 and wasn't expecting the pandemic to happen - it did, which was in some ways for me really good. I got a lot of time to spend with my family. And, you know, that was fun while it lasted. But certainly, you know, in retrospect, you know, there was certainly a lot of cost that we all had as well, from not being able to interact with one another in a work context. 

Chris Young: But later that year, I got involved in a conversation with Satya about coming to Microsoft. And one thing that I really came to appreciate in a different way at the beginning of the pandemic was just the importance of cloud platforms, of these collaborative applications like Teams and their - basically their ability to help us, you know, just function as a society, which is pretty amazing, right? I mean, we were using Teams, you know, a lot of - there was a lot of Zoom talk back in those days too. Less Zoom talk now, but, you know, Teams and Zoom and WebEx and, you know, these applications, these collaborative applications, video applications, were just literally keeping people afloat. Like, we could have meetings. We could connect. We could operate our businesses. We could talk to family and friends that we hadn't been connected to, and we could see their faces and not just speak to them and hear them in an audio form factor. And on top of that cloud technologies, SaaS-based applications, you know, just the role that technology played in allowing us to move our way through the pandemic without having to completely shut down was super impressive. 

Chris Young: And Microsoft was one of the key companies, I think, that played a big role, at a platform level, at an application level, at a security level. And, you know, when the opportunity arose, I said, this would be a great, you know, team to join because so much of the world is going to change and so much of the world is changing and Microsoft is a key influential player in all of that. I would say Microsoft and the executive team had the right way of thinking about our role in the world. I feel like the executives here have a very responsible view about how we make our technology available. What's been great is the team has got, you know, a lot of focus on security at a company level. As large as Microsoft is, security is such an important - not only business for us, but ethos for us, right? We want to make sure that every experience we bring to a customer is incredibly high fidelity and secure and something that they can trust. And so, you know, I kind of added all of that up and, you know, the opportunity to join the team was there. And so I took it, and I came. 

Chris Young: And I will tell you, I've not been disappointed. The opportunity to work in so many different industries, including security - you know, I did have a lot of fun. As you'll remember, right after I joined, we had - the SolarWinds issues took hold, and so we spent a lot of time on that. But I will tell you, it was - it's been a great perspective at Microsoft. I've learned a ton, you know, about, you know, parts of the industry that I didn't see as much, you know, whether it's, you know, what we're doing in cloud, what we're now doing in AI. Security, as, you know, cuts across all of that. So it's been great to join Microsoft, have a little bit of a role that's broader than security. But because security is so fundamental and the work that you and I do together, you know, Ann, in our team through your group, has allowed me to stay close to the security industry. And so I'm thankful for that as well. 

Ann Johnson: Well, it's been great to have your leadership there, right? Because you bring a unique perspective, and you bring a lot of industry knowledge to the work we're doing in cybersecurity. We're going to talk about ecosystem in just a moment. But before we do that - you're two years in, so what are you excited about in the next five years for Microsoft? What is it that keeps you coming back and keeps you excited every day? 

Chris Young: The biggest thing I'm excited about now is AI, and we are at a place now where - and, you know, the - just the last couple of weeks, there's just a ton of - explosion of interest in the ChatGPT, which is built by OpenAI, which is one of our - which is our core partner here at Microsoft as it relates to AI. And that's just given people a taste for what's possible with these large language models. And on top of that, now we're seeing a - what I would say is a, like, a Cambrian explosion in new products, new companies that are taking advantage of the technological advances in AI and bringing new companies to life. I think security is going to be a big, you know, new - like, a big space where we're going to see a lot of companies that leverage AI as foundational to just new ways to solve some of the problems that we're seeing in and we've always seen in the security landscape. And I'm excited about that. I'm excited about the innovation that's happening. I'm excited about Microsoft's role in it. 

Chris Young: And, you know, it's going to open up new problems, as we always know. You know, one thing I always like to say in security is whenever there's a new technological advancement that allows you to do something great in the broader landscape, there's always a security issue that comes along with it, whether it's something that gets exploited or whether attackers find ways to use it for their own gain. So AI will not be without its cybersecurity challenges. It certainly will. But I do think AI can be used in ways that is going to really help cyber professionals do their jobs better, help us get better at pinpointing attacks, help us get better at seeing some of the signal through the noise, a lot of the classic challenges that we face in this industry since its inception and the constant battles that we fight. I think it's just a new tool in our arsenal that we'll all have to leverage. 

Ann Johnson: I agree. I actually spent some time over the past week or so playing with ChatGPT, right? And I asked it, Chris, to define adversarial artificial intelligence for me in a - in common terms and then to write a syllabus for a course on the topic. And it was just exceptional in the quality of what it delivered. And then I had some fun with it in that I asked it what the most common penguin species is on the planet and then to tell me a story about the penguins. I just wanted to see its capability to do something both technical and something that was less technical. And the storytelling aspect - you think about it delivering technical content, but it actually wrote this, like, short story about penguins that was just cute. And I was like, this is amazing that it has the capability to do these things. 

Chris Young: I totally agree. Like, one of my fun ones is I asked it, how would Donald Trump describe AI? And it gave me three different types of responses which were just really amazingly well-written. I've used it to - like you say, to help me outline and frame how I might think about a topic. It's really good at letter writing or memo writing. I've used it to help me summarize notes from a meeting. I thought it did a fantastic job. 

Chris Young: There are some - there are issues. It's not perfect. But, you know, given where we started and where we've come in the technology and now just with the incremental improvements we'll be able to make, I think the potential is just - is really, really massive. And it's - even if you look at what we've been able to build with the GitHub copilot where, you know, you can use AI to write, you know, a large percentage of the code, as a developer, if you think about the analogy there and extend it into other aspects of our lives, we can have a copilot for nearly everything that we do. And I think that's just going to - that's going to really power us in a lot of different ways. 

Ann Johnson: I completely agree. And it's been a great partnership for Microsoft. And speaking of partnerships, let's go to our core job, what you and I do daily. So you have this fairly large remit where you think about business development. You're thinking about the company's strategy all up. And, of course, you lead, you know, the ventures team with Michelle Gonzalez. But I want to focus for just a minute about ecosystem and why you think ecosystem is important even for a company like Microsoft. And why do you think it's so important for the security ecosystem to exist and help our customers and our partners? 

Chris Young: No company can solve all the problems themselves, you know, No. 1. I think - and that's true in any space. I think it's especially true in security. Like, nobody's got 100% of the solution, partially just because, you know, security is a living, breathing problem. It changes all the time. It changes faster, I'd argue, than other elements of the technology landscape. And that's one of the reasons why ecosystem work is super-critical to security because as much as we can do at Microsoft - you know, we have a lot of great products and a lot of great solutions that we apply to helping our customers solve some of their thorniest cyber challenges. We don't cover the entire landscape, every use case, every platform, every threat mitigation technique. 

Chris Young: And so ecosystems are critically important because there are a lot of great companies out there that can help us cover the use cases that are most important to our customers. And therefore the ecosystem creation and the orchestration of the ecosystem in ways that makes it come together in service of the customer's need, which is ultimately to deliver their business or deliver their outcomes in a secure, efficient, effective way - that's really what's most important. And as you point out, Ann, that's such a huge part of our role inside of Microsoft - is to be the orchestrator of these ecosystems, to bring companies together from outside of Microsoft with all the great people here inside of Microsoft who are trying to solve these problems on behalf of our customers and then to help our customers get the most out of the ecosystems themselves. It's hard - right? - because, you know, we all know some of the classic challenges that people face in cyber - you know, a lot of vendors, a lot of stitched together solutions. 

Chris Young: You know, part of our goal in these ecosystem programs is to make it feel more seamless, to take some of the burden off of our customers so they don't have to do all the heavy lifting of bringing together some of the different solutions they need to ultimately solve their problems. We're trying to do that work for them. It's a never-ending job because it never stops. There's always new work to be done, new ecosystem partners to be cultivated, new technologies to be integrated and solutions to be delivered. That's what makes it sort of interesting and challenging for us to come to work every day. 

Ann Johnson: Yeah, I agree. And I think that a lot of our ecosystem work is with startups, and those are also sizes of startups - right? - from the really nascent and early, where we're giving them some coaching and advice and helping them go to market via Microsoft for Startups, where we're doing those integrations that are valuable to the customers - because there's so much innovation and so much learning for startups. And I know you have a huge passion. So why is it your view that it's so important to have this vibrant security startup community? 

Chris Young: Startups are - they're the lifeblood, I think, of our industry. I think that's true in broader tech. And they're also - it's also true if you double-click down into cybersecurity. And the reason is they move us forward. Here's a good example. I talk about this - I used to talk about this all the time, which is, you know, if I think about just - take endpoint security. Until companies like Cylance and CrowdStrike came along, a lot of the endpoint security industry was - it was AV signature-based. And in today's world, we've all moved on. Why? Because innovation happened. It didn't happen in the big companies. It happened in the startup landscape. It happened to be a bunch of McAfee alums that went out and did it. You could argue about, you know, the outcomes of the companies. You know, obviously, CrowdStrike has done really well. We don't see Cylance as much anymore. They're part of BlackBerry. But they push the industry forward in a unique way. And I think we're all better off for it. And I use that as one example. There are many examples like those two that I would use. 

Chris Young: And I think that we - you know, we continue to see that happen in cyber, where you have a new problem. It evolves, or the attack landscape is clearly moving quicker than our ability to deal with it. And so you have to evolve the approaches that you take to solving some of the unique problems, like bringing machine learning in that case - in the endpoint space case - to replace some of what you were - what we were doing at the time with signatures. And I - you know, I think AI and how that gets applied to some of these problems is also going to be an example of that. And I'm excited to see what startups are doing with it. It's one of the reasons why, as you know, we - you know, we've been prolific and investing directly in cybersecurity startups through M12, which is our ventures fund. 

Chris Young: Every year I continue to be a judge at the RSA Sandbox competition. And it's been - it's just - it's a lot of fun, as well as it's - I have a great opportunity to learn about where the innovation is happening, where it needs to happen, new ways to do things. So I just believe that startups are a critically important part of the ecosystem. They keep us moving forward, solving problems in new and different ways. And as we all know, having spent a lot of time in this industry, you always have a need for a new and different approach to solve a problem. Why? Because the attackers are likely ahead of you with some new and different approach that they've implemented. 

Ann Johnson: Yeah, they're always innovating. And one thing we learned in SolarWinds more than - and we've seen it in the past, but they know our playbooks, too, right? 

Chris Young: Absolutely. 

Ann Johnson: They know how we're protecting and defending and how we're investigating. We have to stay ahead of them. And startups, obviously, could help do that - right? - because they bring new, fresh ideas. And this industry - you know, security in particular - is always in need of new, fresh ideas. 

Ann Johnson: So, Chris, let's switch a little bit. As we record this, the world is in a bit of a rough spot socially, economically. People are uncertain about what 2023 is going to look like. And that makes, you know, execution really important in business right now. And I know you and I - we're old enough, you know, that we've seen these cycles throughout our careers. But what advice do you have for leaders that are helping their companies and teams navigate this tough time? And what advice do you have for founders that are looking to build and innovate right now? 

Chris Young: Depending on what kind of company you're in, you know, where that company is in its life cycle, its size and scale, the challenges are a little bit different. Now, if you're in a big company, it's a lot about, in today's world, doing more with less, maybe getting a little bit sharper in your focus. But the reality is, you know, people are still buying. You know, companies and individuals still need to operate. So established businesses aren't going out of business. You know, I think it's going to be harder sledding here for many of us over the next - I don't know, call it year or so. Maybe it's two years. I'm not - I can't predict it. If I could, I probably wouldn't be doing this for work. 

Chris Young: But I do think in larger organizations that are growing concerned, it's more - it's just about doing more with less. It's about getting more efficient. But it's also about, I think - you know, what I - the advice I give to people is set yourself up to come out of this cycle in the right way. Like, you don't want to just cut, cut, cut and, you know, get rid of all the future innovation to save money today. Because there will be a time when we come out of the downturn. And those are the times that can be very exciting, when you have an opportunity to grow, maybe take share, depending upon what space you're in. 

Chris Young: And so I think it's always important to make sure you've got some bets on that business of tomorrow, irrespective of, you know, how tough it might be today. If you're in a smaller company, it's a little bit different, right? I think, you know, I think there's - it's always a good time to try something new. I mean, we are seeing new cybersecurity startups. We are seeing new funding still come into the market right now. And the reason is we still have got problems. Those problems have to be solved. We need new and efficient ways to go about it, just like we just talked about when you were asking me the last question. 

Chris Young: And I think as a founder today, the opportunity is still rich. The challenge you're going to face is money is less plentiful than it was the last several years. And so it's going to be a little harder to raise money. You're not going to be able to raise money at the same types of valuations that most companies were getting a year ago, two years ago, three years ago. However, for good companies with good teams and solid execution, there's still venture capital to be had. There's still customers who want access to the capabilities that you bring to market. 

Chris Young: And so you just have to be a little bit more focused. You have to execute better. You have to be sharper in your, you know, in the way you set goals and the way you execute against those goals. But some of the best companies in the world were built during recessions or downturns. And so I would encourage anybody who feels like they've got a strong idea in cyber to pursue it, if you have the means to do so because the world needs you. 

Ann Johnson: I think that's really good advice. And I think that one of the last things you said is some of the best companies in the world were built during downturns. So, you know, you need to be moderate with your expenses, but that doesn't mean you shouldn't have vision and ideas. 

Chris Young: There's always room for vision and ideas. And I think that's true in big companies. It's certainly true in the startup landscape. 

Ann Johnson: Yeah. And that leads to, you know, one of our final questions. We have a couple more. But, you know, when you think about vision and ideas and you look into the future, you know, you - I know you have a little bit of a crystal ball - but what trends do you think there will be in security that are going to be relevant over the next three, 10 years? 

Chris Young: Well, I think we're seeing a few things that are very relevant. One, it may seem obvious, but it's only been a year since we saw Russia attack the Ukraine. And for many years in this industry, for those of us who've been around for a while, we've been saying, you know, cyber is going to become an element of how wars are fought. And with the Ukraine and Russia, we've been experiencing that. And, I mean, that's something that we all have to pay attention to in our industry, that cyber as an element of war. And I know this is a little bit of a dark kind of topic, but it's a reality for us. Cyber as an element of warfare is real. And we've seen it now in a major international conflict. And that's, you know, that's something I think we all have to take very seriously in our work as cyber professionals. And that's something we've talked about. It's been more theoretical than real. It's now real. 

Chris Young: I would say the other thing is, as we've seen the rise of digital currencies, we've seen, you know, we've continue to see, I think, a high incidence of ransomware attacks. I mean, it's the ability to cash out that's really been making, you know, I would say making ransomware attacks one of the preferred attacks of choice. And it's just something that we've got to stay super vigilant about. I still think there's a lot of opportunity for us to solve the ransomware problem in new and different ways. You know, I think we're still a little bit more in mitigation mode than we'd all like to be as an industry. So an opportunity there still exists. 

Chris Young: I still find myself in conversations where people talk about, to pay the ransom or not to pay the ransom, which I find interesting. 'Cause it's - the analogy I like to use is, it's a little bit of like that Mike Tyson quote where everybody has a plan till they get punched in the face, right? It's like everybody says - talks tough - they're not going to pay the ransom until they actually get hit with a ransomware attack. And then I think a lot of people loosen up those thoughts once they get hit. But it's why we got to deal with this problem, right? Like, I don't want our customers to feel like they've got to be faced with that challenge. But the prevalence is high. It's just not new. And that's one of the reasons why I think we've got to stay focused on it. 

Chris Young: But when I look forward and I think about the newer kinds of issues we're going to be faced with, I worry a lot about deep fakes. Again, that's move - again, with, particularly now, with the power of AI. And I talked about this a little bit earlier, it cuts both ways. AI's an amazing tool for good potentially, but it's also a potential tool for our attackers. And I do think that deep fakes, misinformation, misrepresentation, the opportunities for that for impersonation, are going to be high. And that's something we've got to spend a lot of time on as an industry. I don't think we've got good solutions in place. You know, identity has been a perpetual challenge for us in the digital world. Nobody's kind of cracked that code yet. And I think identity becomes even harder when you really can't look at pictures. You can't necessarily trust what you hear. I think that's a whole new landscape that is something that we're all going to be faced with. 

Chris Young: I would say information, as it relates to integrity of how we train models and, you know, making sure that what we use for training, what we use for inferencing isn't poison in those models and is - you know, again, these were all things that before the AI started becoming something that was more mainstream, you could think about it as a theoretical set of attacks. These are now attacks we're going to have to reckon with as we start to implement AI-based solutions in a more mainstream way, whether it be how we service customers, how we decision, how we think about operations and the like. 

Chris Young: And so those are some of the categories that I'm focused on when I think about where we're going to be faced with challenges in the future. I think some of the issues that have come up over the last couple years, whether it's supply chain attacks or secure DevSecOps. I think there's still tons of room for growth and development in those categories. I think AI can play a positive role. But I think integrity of our code bases, integrity of our applications, integrity of the way our applications communicate via APIs are all known problems that are being worked, but they're all very early in their lifecycle and are going to require more investment, more people, more focus across the entire ecosystem of players, whether it's big companies like Microsoft or the smaller startups who are out there as well, battling the same set of problems. 

Ann Johnson: Yeah, I think, you know, everything you said, right? And I do think the problems of the future - there's some - still problems of the past that will linger related to cyber hygiene. But then there's all these things related to deepfakes and adversarial AI and supply chain and ransomware. And we're going to continue to, you know, work hard as an industry to stay one step ahead of the attackers. And that's really what the job is. With that, because this is a cyber podcast and you can - we can always go to a darker place that's not as - you know, not as happy and positive, we always try to end with a bit of optimism. So, Chris, what are you optimistic about with the future of cyber, and what role do you think cybersecurity is going to play in the future of business? 

Chris Young: You know, Ann, despite all the hard things that we - you know, we experience as an industry that I've seen personally, I've remained a cyber optimist through all of it because I also look at the incredible things that we can do with technology, the incredible role that technology plays in our lives. I talked a little while ago at the beginning about - you asked me about when I joined Microsoft, and I talked about how technology and collaborative applications were really foundational to our ability to operate through the pandemic. Like, that's a great example. Like, we were able to effectively operate through the pandemic. The world - you know, the world didn't come to an end. We were able to do it securely. We were able to do it safely. There were some hiccups. You know, there were some places where people, you know, there was - you know, people were able to break into video streams and that sort of thing. But that was reasonably minor. 

Chris Young: But the fact that we can do the things we do today with technology and do it in a reasonably trustworthy way is a testament to how far we've come with our ability to operate systems in a resilient manner, to feel comfortable that we can stave off cyberattacks. Our ability - you know, Microsoft is a good example. Like, we played - and we've published a lot of the work around this - but the role we played when Russia attacked Ukraine and used cyberattacks at the forefront of a lot of its efforts, and the fact that the Ukraine in general has been relatively resilient against a lot of those attacks, I think speaks volumes to how far we've come in our ability to use cyber for good. And so I remain an optimist. I think as we continue to see technology become more pervasive in our lives, it says as much about the good things we can do with cybersecurity and the trust that we build as it does about the risks that we have to remain vigilant against as we look out into the future. 

Ann Johnson: Yeah, I completely agree with you. We're doing OK. You know, as I say to folks, for every big story you see in the news about cybersecurity, there's thousands that we have detected and blocked before they became a big story. And it gives me optimism. Chris, thanks so much for joining me today. I know you're super busy, so I appreciate you making the time. 

Chris Young: It was absolutely my pleasure, Ann. It's always great to talk cyber. It is one of my life passions and my life's work in many respects. And always great to talk with you. And I thank you for your contribution to not only this podcast, but to the industry as well, Ann, because you're - you, like me, are one of the people who've been around fighting the good fight for a lot of years. So thanks to you, as well. 

Ann Johnson: Thank you so much to our audience for listening. Join us next time on "Afternoon Cyber Tea." 

Ann Johnson: I invited Chris Young to join "Afternoon Cyber Tea" because he has been in the industry a very long time, has an incredibly new perspective, and we've worked together a few times over the years. And I know Chris quite well, and I knew that he would bring a really visionary and insightful perspective to the audience about the industry, what he's seeing, how the industry has changed. And it's just this exceptional episode. So I know everyone will enjoy it.

Afternoon Cyber Tea with Ann Johnson
Podcast Info
HOST(S):
Ann Johnson
Ann Johnson, CVP of Security, Compliance and Identity at Microsoft, oversees the long-term security investment and partnership strategies helping organizations become operationally resilient and unlock capabilities of Microsoft's intelligent cloud and next generation AI. From the way we tackle cyber threats to the language we use, Ann encourages the industry to get outside its comfort zones to expand how we address the evolving threat landscape.
Schedule: Tuesdays
Credits: Executive Producer is Bruce Bracken, Co-Executive Producer is Greg Ormsby, Producer is Rob Petrillo. Production Manager is Max Solomon, Scheduling and Administrative Support is Annalisa McBride, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft