Microsoft Appoints Deputy CISO For Europe To Reassure European IT leaders (csoonline.com) 15
Microsoft has appointed a Deputy CISO for Europe to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment. "The move also highlights strong fears from European IT execs and government officials that the Trump administration may exert significant influence on cybersecurity companies," reports CSO Online. From the report: Who that Deputy CISO will ultimately be is unclear. Wednesday's statement simply said that Microsoft CISO Igor Tsyganskiy is "appointing a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council," but the phrasing made it unclear when that would happen. However, Tsyganskiy made a separate announcement on LinkedIn that he has given the role to current Deputy CISO Ann Johnson. But he then said that Johnson, who is based at Microsoft's head office in Redmond, Washington, will hold that post "temporarily."
In his LinkedIn post, Tsyganskiy explained that the Cybersecurity Governance Council, which was created in 2024, consists of "our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company's cyber risks, defenses, and compliance across regions and domains." "The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA)," Tsyganskiy wrote. "These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead." Microsoft said in Wednesday's statement: "the appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company's commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft's CISO."
Michela Menting, France-based digital security research director at ABI Research, said when she heard on Wednesday that Microsoft was creating such a role, "I was mostly surprised that they don't already have one."
"GDPR has been in place for quite some time now and the fact they are only now putting in a European deputy CISO is concerning," Menting added. "They are playing catch up."
In his LinkedIn post, Tsyganskiy explained that the Cybersecurity Governance Council, which was created in 2024, consists of "our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company's cyber risks, defenses, and compliance across regions and domains." "The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA)," Tsyganskiy wrote. "These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead." Microsoft said in Wednesday's statement: "the appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company's commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft's CISO."
Michela Menting, France-based digital security research director at ABI Research, said when she heard on Wednesday that Microsoft was creating such a role, "I was mostly surprised that they don't already have one."
"GDPR has been in place for quite some time now and the fact they are only now putting in a European deputy CISO is concerning," Menting added. "They are playing catch up."
Re: (Score:2)
Re: (Score:2)
Perhaps because it isn't for sale, like the locals told trump and vajay dunce already?
What is a CISO ? (Score:3)
Re: (Score:2)
Would having a CISO make the underlying OS any safer
Of course. They'll make sure to hire a stage actor with many years of experience in security theatre.
If Microsoft wasn't part of the problem (Score:3)
They could just relocate to the EU, C-suite and all, and be out of Trump's easy reach, thus eliminating all the political-based security risks.
Anything short of that, they can have all the fancy new titled positions they want, Microsoft products remain a Trojan Horse for the US government.
Re: If Microsoft wasn't part of the problem (Score:2)
Microsoft is a trojan horse for everyone these days. Entra, Onedrive, Recall, Office365 licensing...
It doesn't matter if you have a contract or not, they can pull the plug for a whole continent now and that would cause chaos everywhere. Think of the crowdstrike incident magnified to a large scale.
Re: (Score:2)
Indeed. In particular, Microsoft is a trojan for the Chinese, because they are too incompetent to even notice a full compromise of critical systems (https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewOfTheSummer2023MEOIntrusion508.pdf). Using their stuff professionally is clearly gross negligence and needs to be treated as such.
Makes no difference (Score:1)
You can appoint all the CXXOs you want, create as many shell companies as you like, but as long as you are headquartered in USA, listed on NASDAQ, the US gov can get your data legally and issue a NSL to prevent you talking and there is nothing you can do about it.
maybe the advice is don't setup your company in USA or work to change your laws from within
EU IT leaders ain't stupid, they know the US gov pwn you.
it "was" overlooked as USA "was" a stable, democracy ruled by law, now with DT and his dweebs in cha
No such commitment. (Score:3)
to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment.
Microsoft has made no such commitment. This should be obvious because talk is cheap and their actions for decades have spoken volumes. Microsoft has one and ONLY one commitment: making as much money as possible. This isn't unique to Microsoft, this is how publicly traded corporations behave. At no point should ANY trust be placed in a publicly traded corporation. If publicly traded corporations are people then they are the Ferengi because they have an insatiable hunger for profit and their only loyalty is to themselves.
Re: (Score:2)
Indeed. And they are not even careful about revealing it: MS product security has sucked badly for ages. They make products that are just barely good enough and sometimes are not. Using their crap may seem cheap in the short run, but it gets really expensive over time.
Who will it be? (Score:2)
Only a fool of an european would apply for such position. If it an American gets the role it will just be void.
Itâ(TM)s ridiculous to think a ciso can reassure anything. The law is the law and Microsoft must follow the law. This is the problem. It is impossible for a European country to trust American services, there is no privacy nor any confidentiality any more - no doubt we need to stop depending on all non-European services and build ourselves.
It is all just a show (Score:3)
Microsoft is an US company and will deliver any and all European data to the US government if asked so, no matter how illegal that happens to be in Europe. It is time Europe wakes up and realizes the US is nobody's friend anymore and acts accordingly.