LAS VEGAS — Ann Johnson didn’t get much sleep the evening of July 18. The corporate VP and deputy CISO at Microsoft finally went to bed at 11:30 p.m. after the company resolved and remediated a limited Azure outage.
But around 1:15 a.m. the following morning, July 19, she was awoken by a phone call from a customer reporting blue screens of death.
Johnson didn’t know what was going on at the time, but soon after “lots of calls started coming in and we rallied the troops,” she said Wednesday during a keynote at Black Hat.
Soon it became clear Johnson and her colleagues were dealing with one the largest IT outages in history, one caused by a doomed CrowdStrike software update that took 8.5 million Microsoft Windows systems offline.
“We surged hundreds of engineering resources” to focus on getting customers back online to resume operations, Johnson said.
The collective response and recovery efforts underscored for Johnson the industry’s ability to come together and put competitive interests aside for the greater good. Particularly, in times of widespread calamity.
“We didn’t care that we were working with somebody that’s at times a competitor. We didn’t care that we were working across industries with folks that at times are competitors,” Johnson said.
“The industry came together and was working around the clock. And even though it was the operations folks that were most impacted, not cyber folks, the resilience, the community, the things I saw in the industry were so powerful that, yet again, it renews my faith that we all can win together,” Johnson said.
Johnson, a longtime Microsoft executive, has been in cybersecurity since 2000 and seen a lot of major cyberattacks and disruptive IT outages over the last 24 years. In the aftermath of those events, she’s often asked if it was the biggest incident to date, and her answer is always non-definitive.
Johnson’s reaction to the outage CrowdStrike caused is no different. “I hope we’ve seen the worst events,” she said. “I’m not sure we have.”
Bad things can and will continue to happen, but Johnson takes comfort in what the cybersecurity industry can deliver in the face of tremendous adversity.
“I hope we don't live through another one of those anytime soon, but knowing what we can do, the power of all of us together, is really what I want to leave with this audience,” she said. “That power of community.”
Disclosure: Black Hat and Cybersecurity Dive are both owned by Informa. Black Hat has no influence over Cybersecurity Dive’s coverage.