bt_bb_section_bottom_section_coverage_image

Internal memo: Microsoft makes security a ‘core priority’ for employee review process

Microsoft will make security a “top priority” for all employees as part of their performance reviews and job focus, according to an internal email sent Monday morning.

It’s the company’s latest move to implement what it calls a security-first mindset. It comes after a series of high-profile breaches that have raised concerns among regulators and lawmakers and raised long-standing questions about the widespread reliance on Microsoft technology by major customers.

The change will be rolled out to all employees during the priority-setting and performance review process, known internally as “Connect,” according to a Monday email from Kathleen Hogan, Microsoft’s chief people officer.

“Security first is not a checkbox compliance exercise; It’s a way for every employee and manager to commit to putting safety first — and be held accountable for it — and a way for us to systematize your contributions and recognize your impact,” Hogan wrote. “We must all operate with a safety-first mindset, speak up and proactively seek opportunities to ensure safety in everything we do. »

With this decision, security will combine two existing core priorities within the Connect process, focusing on diversity and inclusion, and Microsoft’s expectations and principles for for the manager.

Priorities and performance reviews are factors in employee bonuses, but the company does not provide details on the extent to which the change could affect employee compensation .

The schedule for the Connect process varies, typically occurring two to three times per year. Microsoft is calling on employees to take on the new core priority starting with their first “Connect” of the fiscal year, which begins July 1. Separately, Microsoft said last week that it will award give employees a special one-time cash bonus of an additional 10 to 25% of the value of their annual bonus for the fiscal year just ended.

The security changes build on Microsoft makes security Future Initiative (SFI), which was introduced last fall. It’s Microsoft’s latest effort to prioritize security since the “Trusted Computing” initiative started by Bill Gates in 2002. Microsoft said in May that it would base part of its executive compensation on security progress, assign deputy chief information security officers (CISOs) to each product group, and assemble teams from major platforms and product groups in “engineering waves” to improve security.

In an internal memo at the time, Microsoft CEO Satya Nadella urged employees to prioritize security, even if it meant making tough choices in the interest of greater security.

Subject: Outlining our top priority for enterprise-wide security

At Microsoft, we provide critical infrastructure around the world to enable us to achieve more. This belief comes with a great responsibility: to protect our customers, our businesses, and the world from cyberthreats. As Microsoft employees, we all have a role to play in this responsibility.

As Satya mentioned in his email on May 3 and again at the FY25 kickoff on July 9, security is our number one priority, and everyone at Microsoft puts security first. When faced with a trade-off, the answer is clear and simple: security first. Our commitment to security is long-term. New and innovative attacks will require us to continue to learn, innovate, and defend. But by working together, we will make non-linear improvements, stay vigilant, and meet the expectations of our customers. They trust us, and our future depends on their trust.

Our new core security priorities reinforce our commitment to security and require us to create secure products and services. This feature is now available in Connect for most employees, and we are working with geographic HR teams to expand access to all employees globally. Core Security Prioritization is not a checkbox compliance exercise; it is a way for every employee and manager to commit and take responsibility for safety, and a way for us to systematize your contributions and recognize your impact. We all need to act with a safety-first mindset, speak up, and proactively look for opportunities to ensure safety in everything we do.

Core Prioritization will have two parts:

Core, common elements that apply to all employees
An optional section for employees to further specify how they will enable Core Security Prioritization based on their role, their team, their organization, etc.
All employees will identify their core security priorities as part of their first Connect FY25, with the goal that in regular Connect conversations, you and your manager will discuss the progress and impact of your core security priorities. This process will follow a similar approach to our other core company-wide priorities on diversity, inclusion, and leadership. …

As we begin our 50th year as a company, I know we are all humbled and humbled to still be here – as a relevant and vital company – pursuing our mission together. When we empower every person and every organization on the planet to achieve more, we will solve society’s biggest challenges and empower the world. It’s a big, bold, meaningful mission that we have, but none of us can take it for granted. We’re here because our customers trust us, and we have to continue to earn their trust every day.

Thank you for your commitment to making security our core priority to help protect Microsoft, our customers, and our partners.

Kathleen

These changes come after Microsoft’s fiscal 2024 year-end date of June 30. Microsoft reported fiscal fourth-quarter earnings of $64.7 billion, up 15%, and net income of $22 billion, up 10%, beating Wall Street expectations, though some analysts were disappointed by the company’s cloud growth and the longer payback period for AI investments.

Share
× WhatsApp