\nMicrosoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company\u2019s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering leaders across the company to create accountability and advance cybersecurity protection for Microsoft, our customers, and the industry.<\/p>\n
In this second part of our series, we’ll introduce three more of these leaders and share more about their background, their role, and their priorities.<\/p>\n
* **Terrell Cox** , Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.
* **Ilya Grebnov** , Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.
* **Damon Becknel** , Vice President and Deputy Chief Information Security Officer, Regulated Industries.<\/p>\n
<\/p>\n
## Q: How did you get your start in cybersecurity?<\/p>\n
**Terrell Cox** : \u201cIt began with Public Key Infrastructure (PKI) work on Windows Server 2003. What hooked me to cybersecurity was the challenge of taking powerful security tools like encryption and making them usable and approachable. Later, AI and threat detection became natural extensions of that \u2018accessible security\u2019 mission.\u201d <\/p>\n
**Damon Becknel** : \u201cWhile I was a United States Army Officer, I attended a course at Quantico, the U.S. Marine Corps base outside of Washington D.C. During that time, we toured various government agencies, and I had a long conversation with a researcher on a hacking tool that was fairly point and click. That really caught my attention and opened my eyes. This introduction fueled my choice for my master’s degree, as part of my research had me working on techniques for what we now call hunting. My interest solidified when I led U.S. Military Academy cadets as interns inside the National Security Agency for a summer, and it\u2019s driven my career choices since.\u201d<\/p>\n
**Ilya Grebnov** : \u201cI initially began my career as a coding-focused individual contributor. However, I naturally gravitated towards threat modeling and security reviews. As a result, my colleagues began to assume that I was responsible for this area, leading it to become my official role. I embraced these responsibilities, which ultimately defined my current position.\u201d<\/p>\n
## Q: What does your team do, and how do you work with others across the company?<\/p>\n
**Terrell Cox** : \u201cI\u2019m part of the Microsoft Security division, where we deliver security, management, and privacy products. My dual focus includes serving as Deputy Chief Information Security Officer for our products and leading privacy, compliance, and risk efforts. Separately, my team oversees infrastructure used company-wide to ensure we respect customer data rights. We\u2019re essentially the backbone of Microsoft\u2019s privacy operations.\u201d <\/p>\n
**Damon Becknel** : \u201cI’m part of the Microsoft Security division, and my job is to help the divisions of Microsoft ensure they, our products, and our services are compliant with all these various regulations. To do that I adopt the best practices from our customers in regulated industries like banking and healthcare. I provide guidance to teams on how to follow those regulations so we can ensure our products and services are compliant now and built in from the beginning. This also helps us be a better partner to our customers in these regulated industries by providing the security they need when they buy something from us.\u201d<\/p>\n
**Ilya Grebnov** : \u201cI’m part of the Microsoft Cloud and AI division, and my team is responsible for compliance, security, quality, and other cross-group initiatives. Given our heavy focus on platform engineering, much of our work involves defining standards and assisting with their adoption. Many engineers within our group also know me personally, which facilitates trust and effective collaboration across the group.\u201d<\/p>\n
## Q: Security is a team sport at Microsoft\u2014how do you emphasize awareness and accountability within your organization?<\/p>\n
**Terrell Cox** : \u201cBy making security everyone\u2019s key performance indicator. Senior leadership has set the tone, but mid-level managers operationalize it. For example, when engineering teams see security requirements as innovation multipliers and not obstacles, that\u2019s cultural success. We also \u2018shine lights\u2019 on risks through transparent reporting. People naturally step up when their metrics are there for everyone to see.\u201d <\/p>\n
**Damon Becknel** : \u201cActions speak louder than words. Communication is important, but more important is creating a safe space for that communication. Whether I\u2019m sharing updates, or my team is setting commitments and holding ourselves to them, it\u2019s critical everyone feels they can be vulnerable and admit mistakes, because mistakes are a necessary part of the learning process.\u201d<\/p>\n
**Ilya Grebnov** : \u201cSecurity relies on clear prioritization and effective collaboration. Our team aims to set high standards within both Microsoft and the broader industry, aligning objectives accordingly. Due to our scale, this is primarily a process matter. If engineers perceive conflicting priorities or lack awareness, it indicates a communication issue, not a technical one.\u201d<\/p>\n
## Q: What are some of the biggest cybersecurity misconceptions that you encounter?<\/p>\n
**Terrell Cox** : \u201cBelieving you can wall yourself off in today\u2019s connected world. Threat actors don\u2019t play by rules, so defense must be proactive, not containment based. That\u2019s why we treat every team, from finance spotting phishing invoices to human resources securing onboarding docs, as frontline defenders.\u201d<\/p>\n
**Damon Becknel** : \u201cThe notion that the next best thing is going to solve all our problems.\u201d<\/p>\n
**Ilya Grebnov** : \u201cContrary to popular misconceptions, hackers typically operate as professionals rather than mere publicity seekers. Understanding that these actors often view their activities as employment, sometimes even state-sponsored, requires us to rethink our defensive strategies. Given their high level of skill and sophisticated resources, our defensive measures must be equally robust.\u201d<\/p>\n
## Q: How does your approach to security enable rather than inhibit innovation?<\/p>\n
**Terrell Cox** : \u201cSecurity isn\u2019t about shackling innovation\u2014it\u2019s about focusing it. When engineering teams see compliance as core to their mission and not an add-on, that\u2019s when breakthroughs happen. You want durable solutions? Embrace the tension, because good security doesn\u2019t limit what you build\u2014it builds trust that lets you go further.\u201d <\/p>\n
**Damon Becknel** : “I liken it to playing football, where basic skills are required before adding a Hail Mary play. You can’t go straight into Hail Mary plays without the ability to block, tackle, throw, and run. You have to do the basics over and over until they are second nature. In an enterprise, security needs to be one of those basics that is practiced every day, and using new technologies to build upon those basics make us better.”<\/p>\n
**Ilya Grebnov** : “Critical and immediate threats are prioritized. For non-critical tasks, my team evaluates work against innovation to find a balanced approach. And we prefer central or standard solutions instead of quick fixes. Since our team handles all aspects of customer trust, we use prioritization frameworks to maintain this balance.”<\/p>\n
## Security as the operational backbone<\/p>\n
These leaders underscore that cybersecurity success hinges on rigorous process discipline, not just technology.<\/p>\n
Terrell’s product and privacy focus, Damon\u2019s compliance rigor, and Ilya\u2019s engineering standards reveal the need for, and benefits of, proactive trust-building. By redefining cyberattackers as persistent professionals and prioritizing fundamentals, they exemplify how security enables innovation.<\/p>\n
Stay tuned as we continue to share profiles of Microsoft\u2019s deputy chief information security officers, outlining their mission to pioneer strategies that redefine trust, resilience, and innovation in a world where security enables progress for all.<\/p>\n
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.<\/p>\n
The post Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 appeared first on Microsoft Security Blog.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 Update ID MSSECURE:400F32A06BEADFE3E50D7E8821CB7A94 Type mssecure Published…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,110,13,33,7,11,5],"class_list":["post-3484","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-mssecure","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=3484\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 Update ID MSSECURE:400F32A06BEADFE3E50D7E8821CB7A94 Type mssecure Published...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=3484\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-07T13:36:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3484#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3484\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2\",\"datePublished\":\"2025-05-07T13:36:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3484\"},\"wordCount\":1373,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"mssecure\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=3484#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3484\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3484\",\"name\":\"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-07T13:36:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3484#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=3484\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3484#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=3484","og_locale":"en_US","og_type":"article","og_title":"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 - zero redgem","og_description":"Security Update News Update Information Title Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 Update ID MSSECURE:400F32A06BEADFE3E50D7E8821CB7A94 Type mssecure Published...","og_url":"https:\/\/zero.redgem.net\/?p=3484","og_site_name":"zero redgem","article_published_time":"2025-05-07T13:36:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=3484#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=3484"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2","datePublished":"2025-05-07T13:36:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=3484"},"wordCount":1373,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","mssecure","news","NONE","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=3484#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=3484","url":"https:\/\/zero.redgem.net\/?p=3484","name":"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-07T13:36:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=3484#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=3484"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=3484#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Meet the Deputy CISOs who help shape Microsoft\u2019s approach to cybersecurity: Part 2"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/3484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3484"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/3484\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}