Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security EU Microsoft

Microsoft Appoints Deputy CISO For Europe To Reassure European IT leaders (csoonline.com) 15

Microsoft has appointed a Deputy CISO for Europe to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment. "The move also highlights strong fears from European IT execs and government officials that the Trump administration may exert significant influence on cybersecurity companies," reports CSO Online. From the report: Who that Deputy CISO will ultimately be is unclear. Wednesday's statement simply said that Microsoft CISO Igor Tsyganskiy is "appointing a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council," but the phrasing made it unclear when that would happen. However, Tsyganskiy made a separate announcement on LinkedIn that he has given the role to current Deputy CISO Ann Johnson. But he then said that Johnson, who is based at Microsoft's head office in Redmond, Washington, will hold that post "temporarily."

In his LinkedIn post, Tsyganskiy explained that the Cybersecurity Governance Council, which was created in 2024, consists of "our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company's cyber risks, defenses, and compliance across regions and domains." "The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA)," Tsyganskiy wrote. "These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead."
Microsoft said in Wednesday's statement: "the appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company's commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft's CISO."

Michela Menting, France-based digital security research director at ABI Research, said when she heard on Wednesday that Microsoft was creating such a role, "I was mostly surprised that they don't already have one."

"GDPR has been in place for quite some time now and the fact they are only now putting in a European deputy CISO is concerning," Menting added. "They are playing catch up."

Microsoft Appoints Deputy CISO For Europe To Reassure European IT leaders

Comments Filter:
  • by Mirnotoriety ( 10462951 ) on Friday May 02, 2025 @09:08PM (#65348693)
    A Deputy CISO; that would a Chief Information Security Officer. Would having a CISO make the underlying OS any safer from malicous email attachments or clicking on a malicious URL ?
    • Would having a CISO make the underlying OS any safer

      Of course. They'll make sure to hire a stage actor with many years of experience in security theatre.

  • by Baron_Yam ( 643147 ) on Friday May 02, 2025 @09:09PM (#65348695)

    They could just relocate to the EU, C-suite and all, and be out of Trump's easy reach, thus eliminating all the political-based security risks.

    Anything short of that, they can have all the fancy new titled positions they want, Microsoft products remain a Trojan Horse for the US government.

    • Microsoft is a trojan horse for everyone these days. Entra, Onedrive, Recall, Office365 licensing...

      It doesn't matter if you have a contract or not, they can pull the plug for a whole continent now and that would cause chaos everywhere. Think of the crowdstrike incident magnified to a large scale.

      • by gweihir ( 88907 )

        Indeed. In particular, Microsoft is a trojan for the Chinese, because they are too incompetent to even notice a full compromise of critical systems (https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewOfTheSummer2023MEOIntrusion508.pdf). Using their stuff professionally is clearly gross negligence and needs to be treated as such.

  • by Anonymous Coward

    You can appoint all the CXXOs you want, create as many shell companies as you like, but as long as you are headquartered in USA, listed on NASDAQ, the US gov can get your data legally and issue a NSL to prevent you talking and there is nothing you can do about it.
    maybe the advice is don't setup your company in USA or work to change your laws from within

    EU IT leaders ain't stupid, they know the US gov pwn you.
    it "was" overlooked as USA "was" a stable, democracy ruled by law, now with DT and his dweebs in cha

  • by Gravis Zero ( 934156 ) on Friday May 02, 2025 @11:36PM (#65348861)

    to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment.

    Microsoft has made no such commitment. This should be obvious because talk is cheap and their actions for decades have spoken volumes. Microsoft has one and ONLY one commitment: making as much money as possible. This isn't unique to Microsoft, this is how publicly traded corporations behave. At no point should ANY trust be placed in a publicly traded corporation. If publicly traded corporations are people then they are the Ferengi because they have an insatiable hunger for profit and their only loyalty is to themselves.

    • by gweihir ( 88907 )

      Indeed. And they are not even careful about revealing it: MS product security has sucked badly for ages. They make products that are just barely good enough and sometimes are not. Using their crap may seem cheap in the short run, but it gets really expensive over time.

  • Only a fool of an european would apply for such position. If it an American gets the role it will just be void.

    Itâ(TM)s ridiculous to think a ciso can reassure anything. The law is the law and Microsoft must follow the law. This is the problem. It is impossible for a European country to trust American services, there is no privacy nor any confidentiality any more - no doubt we need to stop depending on all non-European services and build ourselves.

  • by gweihir ( 88907 ) on Saturday May 03, 2025 @06:45AM (#65349275)

    Microsoft is an US company and will deliver any and all European data to the US government if asked so, no matter how illegal that happens to be in Europe. It is time Europe wakes up and realizes the US is nobody's friend anymore and acts accordingly.

"Don't drop acid, take it pass-fail!" -- Bryan Michael Wendt

Working...