Microsoft appoints a new Global CISO amid security leadership shakeup

"A storied career in high-scale/high-security, demanding environments"

Microsoft has appointed a new Global CISO, Igor Tsyganskiy.

He replaces Bret Arsenault, who held the CISO title at Microsoft for 14 years. Arsenault has been moved to a security advisor role.

His deputy CISO, Aanchal Gupta, will exit Microsoft’s security organization for a senior role in its product group, her LinkedIn showed.

Tsyganskiy joined Microsoft in September 2023. He was previously head of investment technologies at hedge fund Bridgewater Associates.

His responsibilities at the firm included “design, development and operations of all software, infrastructure and cloud environments for our investment process, trading and all critical operations of the fund.” 

Prior to that he held roles (none CISO ones) at Salesforce and SAP – the latter including six years as head of its advanced technology group.

The appointment represents the latest step in an ongoing shakeup by Microsoft security chief Charlie Bell, who joined in 2021 after two decades at Amazon, where he was Director of Software Engineering.

Bell said: "Igor is a technologist and dynamic leader with a storied career in high-scale/high-security, demanding environments. He brings deep knowledge and experience from his previous role outside of Microsoft."

The new Microsoft CISO appointment comes after Redmond in November vowed to radically overhaul how it builds and deploys software in a bid to improve product and cloud security, under its "Secure Future Initiative."

Both the SFI and the appointment of new Microsoft CISO Tsyganskiy come as Redmond grapples with the significant fallout from a spate of high-profile incidents caused by its security failings.

Among those that has caused most political consequence was one in which Chinese government-backed hackers stole a Microsoft account (MSA) cryptographic key, used it to forge authentication tokens to access enterprise email servers and then stole U.S. government emails. 

In the wake of that and other product security issues at major vendors, cybersecurity agency CISA has promised to make companies “take ownership for customer security outcomes’, saying “while the usual dialogue around an intrusion is about how victims could have done more to prevent or respond, alerts in [a new alert] series will invert this dialogue by focusing attention on how vendor decisions can reduce harm."

Other roles Microsoft has recently been looking to fill are a CTO one for its sensitive defense and intelligence business. That role was advertised in November with a remarkably low salary range of $152,300 - $292,200. Microsoft says it wants to see “8+ years marketing, strategy, business planning, consulting, banking, finance, economics, and/or partner organization experience” from applicants; or 6+ years and an MBA. 

The advert now appears to have been withdrawn.

Join peers following The Stack on LinkedIn