Microsoft's CSO Mike Howard Is Full Of ItBy: John Honovich, Published on Nov 11, 2013
This is the worst, most disingenuous security advice I have ever seen...
And the best, most cunning sales and marketing campaign possible.
[link no longer available]Over the last few years, Microsoft's Chief Security Officer, Mike Howard [link no longer available], has established himself as the security management guru, demeaning the rank and file security director, who unlike him, does not generate business value, or show real leadership.
Howard implores his peers that:
"Security must be integrated into the core mission of the enterprise and receive a seat at the table."
How Howard accomplished this is extremely clever yet hypocritical and worthless to 99% of security directors.
Chief Security / Sales Officer
Here's him talking about how he "lead(s) security innovation and business growth":
"We are driving security product development and generating revenue through our Showcase Program. We leverage our Global Security Operations Center (GSOC), partnering with our Sales Teams, to showcase the Microsoft Technology we employ on a daily basis to enterprise customers. ... We have also been credited with bringing in millions of dollars to the enterprise.”
So security has been turned into sales - sales of Microsoft products, services and partner offerings (like their PSIM partner, Microsoft Sharepoint, Microsoft Lync, Microsoft Infopath, Microsoft Azure, etc.)
Indeed, Howard has negotiated for the security department to get commissions on deals sold:
"Approached our sales organizations, we said if you have clients ... bring them through our GSOCs ... if they sign on the dotted line, at least give us credit for helping make that sale. That in itself turned into its own vertical, now we have a whole team that does nothing but the showcasing piece and we have been credited with helping the company bring back a lot of money."
Watch the video where he explains the process:
Endorsing Manufacturer Partners
A real CSO neither has the motivation nor time to be endorsing manufacturers. However, here's Howard praising Genetec for using Microsoft's cloud software and here's Howard celebrating with another manufacturer, ISD, for winning a trade show award for a Microsoft powered camera:
It is not that the other CSOs are ineffective leaders or do not understand business value. It is that the business value of a Chief Security Officer is security, not product sales.
Security Sales Hall of Famer
That said, this is genius. Pure sales and marketing genius. If there was a Hall of Fame for security sales, Howard would be a first ballot shoe-in. The ability to transform a physical security end user into a commissioned sales agent is gold. Other end users will not see this coming. Most will simply assume that this is just a peer trying to help them out.
Howard has generated immense publicity that his manufacturing rivals would have to pay millions for, and still would not get the authenticity because of the impression that he is a CSO, not in reality, a commissioned Microsoft sales agent.
Low Self Esteem of Security Directors
Unfortunately, security directors tend to suffer from low self esteem and masochist tendencies, blaming themselves for being a 'cost center', not generating enough value and not being worthy of a seat at the table. So this shtick plays very well.
Unfortunately and ironically, Howard's advice has been great for him but worthless for pretty much every other security director unless they too become sales people for their company's products.