Summarize

Simplifying... Inshort

Microsoft is now linking employee career progression to their cybersecurity skills, making it a key factor in evaluations alongside diversity and inclusion.
The tech giant's new policy requires staff to demonstrate their commitment to security in their work and during performance reviews.
This move is part of Microsoft's Secure Future Initiative, which has already led to changes in products like Outlook, emphasizing the use of Modern Authentication.

Was a long read? Making it simpler...

Next Article

This move could potentially impact promotions, salary increases and bonuses

Microsoft links job performance of employees to their cybersecurity skills

By Mudit Dube

Aug 06, 2024

10:45 am

What's the story

In a significant shift toward prioritizing cybersecurity, Microsoft has announced that security performance will be a major factor in employee performance reviews The company's chief people officer, Kathleen Hogan, detailed the new policy in an internal memo. "Everyone at Microsoft will have security as a Core Priority," Hogan stated unequivocally. She emphasized that in situations where a security trade-off exists, "the answer is clear: do security."

Policy implications

Security focus could impact employee advancements

Microsoft has cautioned its employees that a lack of focus on security could potentially affect their career progression, including promotions, merit-based salary increases, and bonuses. The company stated in an internal FAQ regarding the new policy, "Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards." This clearly indicates that security is now a significant factor in employee evaluations.

Core priorities

Security joins diversity as key Microsoft priorities

Security now stands alongside diversity and inclusion as one of Microsoft's key priorities. These elements are required to be part of performance conversations, internally referred to as a "Connect," for every employee. This is in addition to other key parameters agreed upon between employees and their managers. The company's FAQ explains that this policy goes beyond mere compliance, with employees expected to prioritize security in all their work.

Accountability measures

Microsoft employees to demonstrate security commitment

Microsoft's new policy requires employees to demonstrate their commitment to security by showing how they've made impactful changes. For technical staff, this involves incorporating security into product design processes from the start of a project, adhering to established security practices, and making sure products are secure by default for customers. All employees are expected to use the company's Connect tool for performance reviews and document their impact whenever they complete a Connect.

Product changes

Microsoft's Secure Future initiative impacts products

Microsoft's Secure Future Initiative (SFI), aimed at enhancing the protection of the company's networks, production systems, and engineering systems, has led to changes in some of its products. Notably, support for Basic Authentication for Outlook personal accounts will end in September. Additionally, the light version of the Outlook web application will be removed on August 19. Users of Outlook.com, Hotmail, and Live.com will need to access their email accounts through apps using Modern Authentication from September 16 onwards.