ServiziApri Ticket
Knowledge BaseTeamViewer
AziendaPartner
+39 0350666547info@agoratech.eu

Notizie per Categorie

Articoli Recenti

cybersecurity
7 Maggio 2025
by

Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2

Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company’s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering leaders across the company to create accountability and advance cybersecurity protection for Microsoft, our customers, and the industry.

In this second part of our series, we’ll introduce three more of these leaders and share more about their background, their role, and their priorities.

  • Terrell Cox, Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.
  • Ilya Grebnov, Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.
  • Damon Becknel, Vice President and Deputy Chief Information Security Officer, Regulated Industries.
A group of people with text.

Q: How did you get your start in cybersecurity?

Terrell Cox: “It began with Public Key Infrastructure (PKI) work on Windows Server 2003. What hooked me to cybersecurity was the challenge of taking powerful security tools like encryption and making them usable and approachable. Later, AI and threat detection became natural extensions of that ‘accessible security’ mission.” 

Damon Becknel: “While I was a United States Army Officer, I attended a course at Quantico, the U.S. Marine Corps base outside of Washington D.C. During that time, we toured various government agencies, and I had a long conversation with a researcher on a hacking tool that was fairly point and click. That really caught my attention and opened my eyes. This introduction fueled my choice for my master’s degree, as part of my research had me working on techniques for what we now call hunting. My interest solidified when I led U.S. Military Academy cadets as interns inside the National Security Agency for a summer, and it’s driven my career choices since.”

Ilya Grebnov: “I initially began my career as a coding-focused individual contributor. However, I naturally gravitated towards threat modeling and security reviews. As a result, my colleagues began to assume that I was responsible for this area, leading it to become my official role. I embraced these responsibilities, which ultimately defined my current position.”

Q: What does your team do, and how do you work with others across the company?

Terrell Cox: “I’m part of the Microsoft Security division, where we deliver security, management, and privacy products. My dual focus includes serving as Deputy Chief Information Security Officer for our products and leading privacy, compliance, and risk efforts. Separately, my team oversees infrastructure used company-wide to ensure we respect customer data rights. We’re essentially the backbone of Microsoft’s privacy operations.” 

Damon Becknel: “I’m part of the Microsoft Security division, and my job is to help the divisions of Microsoft ensure they, our products, and our services are compliant with all these various regulations. To do that I adopt the best practices from our customers in regulated industries like banking and healthcare. I provide guidance to teams on how to follow those regulations so we can ensure our products and services are compliant now and built in from the beginning. This also helps us be a better partner to our customers in these regulated industries by providing the security they need when they buy something from us.”

Ilya Grebnov: “I’m part of the Microsoft Cloud and AI division, and my team is responsible for compliance, security, quality, and other cross-group initiatives. Given our heavy focus on platform engineering, much of our work involves defining standards and assisting with their adoption. Many engineers within our group also know me personally, which facilitates trust and effective collaboration across the group.”

Q: Security is a team sport at Microsoft—how do you emphasize awareness and accountability within your organization?

Terrell Cox: “By making security everyone’s key performance indicator. Senior leadership has set the tone, but mid-level managers operationalize it. For example, when engineering teams see security requirements as innovation multipliers and not obstacles, that’s cultural success. We also ‘shine lights’ on risks through transparent reporting. People naturally step up when their metrics are there for everyone to see.” 

Damon Becknel: “Actions speak louder than words. Communication is important, but more important is creating a safe space for that communication. Whether I’m sharing updates, or my team is setting commitments and holding ourselves to them, it’s critical everyone feels they can be vulnerable and admit mistakes, because mistakes are a necessary part of the learning process.”

Ilya Grebnov: “Security relies on clear prioritization and effective collaboration. Our team aims to set high standards within both Microsoft and the broader industry, aligning objectives accordingly. Due to our scale, this is primarily a process matter. If engineers perceive conflicting priorities or lack awareness, it indicates a communication issue, not a technical one.”

Q: What are some of the biggest cybersecurity misconceptions that you encounter?

Terrell Cox: “Believing you can wall yourself off in today’s connected world. Threat actors don’t play by rules, so defense must be proactive, not containment based. That’s why we treat every team, from finance spotting phishing invoices to human resources securing onboarding docs, as frontline defenders.”

Damon Becknel: “The notion that the next best thing is going to solve all our problems.”

Ilya Grebnov: “Contrary to popular misconceptions, hackers typically operate as professionals rather than mere publicity seekers. Understanding that these actors often view their activities as employment, sometimes even state-sponsored, requires us to rethink our defensive strategies. Given their high level of skill and sophisticated resources, our defensive measures must be equally robust.”

Q: How does your approach to security enable rather than inhibit innovation?

Terrell Cox: “Security isn’t about shackling innovation—it’s about focusing it. When engineering teams see compliance as core to their mission and not an add-on, that’s when breakthroughs happen. You want durable solutions? Embrace the tension, because good security doesn’t limit what you build—it builds trust that lets you go further.” 

Damon Becknel: “I liken it to playing football, where basic skills are required before adding a Hail Mary play. You can’t go straight into Hail Mary plays without the ability to block, tackle, throw, and run. You have to do the basics over and over until they are second nature. In an enterprise, security needs to be one of those basics that is practiced every day, and using new technologies to build upon those basics make us better.”

Ilya Grebnov: “Critical and immediate threats are prioritized. For non-critical tasks, my team evaluates work against innovation to find a balanced approach. And we prefer central or standard solutions instead of quick fixes. Since our team handles all aspects of customer trust, we use prioritization frameworks to maintain this balance.”

Security as the operational backbone

These leaders underscore that cybersecurity success hinges on rigorous process discipline, not just technology.

Terrell’s product and privacy focus, Damon’s compliance rigor, and Ilya’s engineering standards reveal the need for, and benefits of, proactive trust-building. By redefining cyberattackers as persistent professionals and prioritizing fundamentals, they exemplify how security enables innovation.

Stay tuned as we continue to share profiles of Microsoft’s deputy chief information security officers, outlining their mission to pioneer strategies that redefine trust, resilience, and innovation in a world where security enables progress for all.

A blue and pink background with black text

Microsoft Secure

Learn how to enhance your defenses, discover Microsoft’s latest security investments, and explore how Security Copilot can help your team improve remediation efforts.


Watch now

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2 appeared first on Microsoft Security Blog.


Source: Microsoft Security

Share:

Agora Tech è una società di consulenza informatica. Ci occupiamo di Cybersecurity, Digital Transformation e Digital Marketing.
Partner Microsoft Certificato: Cloud Platform; Small and Midmarket Solutions; Azure Administrator.

Link Utili

Newsletter

AGORA TECH srls | Via Borfuro 7, 24122 Bergamo (BG)
AGORA TECH ® marchio registrato | p.iva IT-04202550168