Skip to main content
close search
site logo

Microsoft is training developers on the intricacies of threat intelligence

Cybercrime wonk Sherrod DeGrippo is taking Microsoft’s software developers and engineers on a journey into her world, the depths of threat intelligence.

Published Sept. 4, 2024
Matt Kapko's headshot
Senior Reporter
Microsoft headquarters in Redmond, Washington.
A sign is seen at the Microsoft headquarters on July 3, 2024 in Redmond, Washington. David Ryder/Getty Images via Getty Images

Microsoft’s Secure Future Initiative may not pertain much to threat intelligence professionals, or that is at least what Sherrod DeGrippo thought at first.

DeGrippo, Microsoft’s director of threat intelligence strategy, initially saw the companywide effort to overhaul its cybersecurity strategy across core platforms and services, unveiled in fall 2023, as tied to product.

“I thought SFI is about making the world safer in every way that Microsoft can. I don’t really make our software safer. I’m not in that code base,” DeGrippo said in an interview.

With Microsoft embracing a security-first approach throughout the company, it’s also getting serious about cybersecurity at the programming level. The company is trying to fix how software developers approach security, in part, by familiarizing them with threat intelligence, including the objectives and motivations of attackers who are targeting Microsoft’s systems.

The responsibility for security isn’t exclusive to Microsoft’s security team. “We need to develop software differently,” Bret Arsenault, corporate VP and chief cybersecurity advisor at Microsoft, told Cybersecurity Dive in May during an interview at the RSA Conference.

Last month, DeGrippo led the first of a series of four-hour workshops at Microsoft’s headquarters in Redmond, Washington with 100 software developers and engineering leaders across the company. As DeGrippo took them on a journey into her world, she got a firsthand look into how developers overlook threat intelligence on a daily basis.

“I'm finding that these super smart software engineers are incredible at developing mass-scaled code and mass applications, operating systems, but these are concepts that they really don't have in their day-to-day that are my entire life,” DeGrippo said.

Over the course of the discussions, quizzes and reading, Microsoft developers and engineers learned about the different operating models of Russia- and China-linked threat groups. This included the choices the groups make, who they are, where they live, what they do every day and what their lives are like.

These intricacies of threat intelligence humanize attackers and can boost the confidence of defenders who might otherwise view threat groups as an insurmountable force.

During an early break in the first workshop, DeGrippo was surprised to learn none of her developer colleagues had a favorite threat group.

The lack of any favorites among software developers exemplified a broader lack of interest and understanding of the threat groups Microsoft is trying to defend itself and customers against.

“I could never choose a favorite. I have so many. They had none,” she said.

By the end of the workshop, everyone had a favorite threat group. “What that told me was, I didn't just teach you material, I gave you the ability to have an opinion on the material,” DeGrippo said.

Threat intel’s role in software development

Workshops like these are new, part of Microsoft’s ongoing initiative it doubled down on in April to make security the company’s No. 1 priority, superseding all other features and investments, CEO Satya Nadella said.

The initial workshop, DeGrippo’s first time talking to internal non-security audiences about threat intelligence, was an eye-opening experience for her and her colleagues.

“I'm not a developer, but I'm enabling those developers to understand threat in a way that they never would have before,” DeGrippo said. “Ultimately, to me, the most important thing that SFI can do is change decision making within all of Microsoft, and make us have intentional choices about how we do security and software within Microsoft.”

Microsoft’s security-first revival followed a pair of sweeping nation-state linked attacks on Microsoft’s infrastructure and services used by its enterprise and government customers.

The Cyber Safety Review Board released a damning report in April about a “cascade of security failures at Microsoft” that allowed a China-affiliated threat group to compromise Microsoft Exchange accounts in May 2023.

The company’s security lapses were further exposed in January when it disclosed an attack by Midnight Blizzard, a Russia-linked threat group, that stole emails from top Microsoft executives through a password-spray attack.

For DeGrippo, the workshop underscored the need for Microsoft to do more cross-functional activities and get threat intelligence built into everything the company does.

“Really, the hope lies with those developers,” DeGrippo said. “They have to really move toward making the best choices under the SFI principles they can.”

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell