Interview with Tom Easthope at Microsoft episode artwork

EPISODE · Jul 31, 2021 · 26 MIN

Interview with Tom Easthope at Microsoft

from FLIP THIS RISK® Podcast · host Dr. Karen Hardy

Tom is a senior program manager specializing in Enterprise Risk Management. He shares his thoughts about issues such as ransomware, cybersecurity, supply chain disruptions, and the presumed technology challenges in a post pandemic world. We also discover how his personal risk taking experiences prepared him for his role in this innovative company.

Episode metadata supplied by the publisher feed · Published Jul 31, 2021

Tom is a senior program manager specializing in Enterprise Risk Management. He shares his thoughts about issues such as ransomware, cybersecurity, supply chain disruptions, and the presumed technology challenges in a post pandemic world. We also discover how his personal risk taking experiences prepared him for his role in this innovative company.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Interview with Tom Easthope at Microsoft

0:00 26:31
of MATCHES

TRANSCRIPT · AUTO-GENERATED

Hi, everyone. I'm Dr. Karen Hardy, and welcome to Flip This Risk Podcast, where we interview high achievers about their relationship with risk-taking and how that impacts their leadership abilities. You can check us out at FlipThisRiskPodcast.com to find out more information about our episodes and also to get free downloads about our Flip This Risk Podcasting books.

And today, my guest today is Tom Easthope. He's with Microsoft. He's a senior program manager specializing in enterprise risk management. I'm so excited to have you here with us, Tom.

Dr. Hardy, it's my pleasure. I enjoy our conversations, each and every one of them, and I'm looking forward to this one. That is fantastic.

I'm glad you're excited to be here, and I'm excited to talk to you because Microsoft is an iconic company. I remember when Windows 95 first came out, and like everyone else, I was mesmerized by the product and what it could do. So the company has always been a part of innovation since I've known it, and you work at one of the most innovative companies there are. Well, I have a great job.

Yeah. In our team, we have enough people where we can be matrix organized. So part of our responsibility is to understand deeply what the business strategies of certain divisions are. And then the other part of our role is to get deep on certain risk topics.

So in my great job, I get to pay attention and mind after our cloud and artificial intelligence are what we call C&AI division, which is really what people most generally associate with our cloud called Azure. And the topics that I track include cybersecurity, and I'm also the person who drives, myself and a colleague drive the annual, Microsoft's annual internal assessment and application of the NIST cybersecurity framework. And I also track some infrastructure topics that we have in our hardware supply chain as well. And then in my spare time, I'm also as kind of the senior person on our team, I drive a lot of program development work where we try to increase the capability of just the foundational work that we do, whether that's improving bow ties, looking at key risk indicators.

And right now, for example, we're doing a study on the network effect or the interconnectedness of certain risks. Well, that's key, the interconnectedness of risk, because I think everyone's starting to get on board and understand that you can't look at risk in isolation, but you have to look at it and see what those connections are across the board. And you actually mentioned three top to me big risks right now that you actually are involved in. Cybersecurity, that's one.

The second one is infrastructure, one, which is two. And then the third one is supply chains. How in the world do you manage prioritization and looking at these three different important risks? Well, I think that there's elements of commonality in some of those in terms of what is it that executives need to know and, you know, how do we lever the great work of the people who are on the front line, you know, or in the first line, if you want to call it that for the inside the risk bubble, I would say.

And so, you know, the way that, you know, we think about this is, you know, you look at what are the, you kind of start with the business strategy, and that really is what grounds you in the prioritization. So, you know, for Microsoft, you know, it has a company that aspires to be, you know, the world's computer in terms of our Azure platform. You know, a lot of that is trust. And, you know, you know, people kind of go through a similar kind of calculus when they, you know, they got a car that they need to take into, you know, a repair center.

You know, how do I trust this repair center? And, you know, what, how do they prove that to other people with certifications? Or, you know, how do I know that they've got my best interests? And those types of things.

So it's, you know, a lot of understanding what our business strategy is and understanding fundamentally that kind of, you know, necessarily centers around trust is kind of how we look at priority. So let me ask you this question. I know that cybersecurity is a big deal right now. How can you not have that as far as your business conversation in any organization that you're working in, especially with a ransom and a cyber?

Does being in Microsoft just give you an upper hand on actually dealing with this risk? Or is it pretty much a level playing field? You're no different than another company, any bigger or smaller company. That's actually a great question.

So let's take, let's break that apart a little bit. I think that in some cases, it's not the same. And that doesn't mean that it's easier. They're more of a target than most companies.

And so, and because we have such a large install base, there is a higher responsibility, I think, that we feel, we have to the industry. And so, and true, there is a, I hate to call it that, it's like an embarrassment of riches in terms of, you know, being in the tech sector right now. But in that respect, you know, I think that, you know, I'm very, very impressed with our leadership of the company that said, okay, let's, instead of fearing this thing, let's embrace it. Let's put some of the best minds in the world on some of these problems.

And let's turn this into, in preventing, you know, you know, preventing a bad thing to happen to seeing what we can do through embracing it and make it a positive thing where it allows us that our commitment, you know, in 3,500 people, you know, there are cybersecurity specialists and spending the money that we spend on the topic helps differentiate us from our competitors and does help, you know, reinforce that sense of trust. You know, there was a time when, you know, when the first, I think it was the cyber attack against Target years ago, at that time was the biggest breach that we had seen. And the impact was, it was a domino effect on the organization, not just, it may have started as a cyber risk, but it ended up impacting, you know, reputation and finance and strategy as a whole. So how can organizations feel confident during this time knowing that, and how can they thrive in the midst of all these threats, which was first seen as, oh, that's, that's different.

That was an anomaly, but now it's more common. How can they continue to thrive? Well, there's a couple of things. And I think, you know, one of, one of the key takeaways, I think, is that, you know, there's this notion of security hygiene.

And that is, you know, having your systems patched, you know, within a reasonable frequency when the patches are available, making sure that you have, you know, multi-factor authentication, some basic things there that, and making sure that you have limits on, on, you know, who can have access for how long to what systems and, and just doing some of these basic security hygiene things. And the industry will say, we'll prevent 80% of the attacks that people have that they experience. You know, the, the, the tech industry is always good at, you know, at trying to mold some of these concepts into, around an idea that they can get other people to buy into. And, and the current aggregation of some of these topics that we're talking about, they fall into this, this, this little banner called zero trust.

That is, you know, that, you know, a lot of companies, we're trying to help companies understand and migrate to that point where you have, you know, a number of things that you can do very simply to make them the, and make that part of the culture of your organization. So then your, your security team then can focus on the other 20%. You know, if they spend all their time just fighting fires, because you haven't done the 80%, then it becomes a problem. Awesome.

And I know that your organization, as a key leader within your organization, you are doing a great job of helping others understand the value of enterprise risk management, but also to, to not fear risk. How do you, how do you motivate or, or encourage or help your staff and team understand risk-taking within an organization that is like, it could be a good thing, but actually getting the right mindset for that, especially now. Well, part of it is, you know, and again, I'll point back to, you know, organizational strategy and, and that lies in your, in your business objectives or in your mission. And, and really understanding what it is that, you know, you're all about, what is it that gives your organization purpose?

And, and, and then I think, you know, each, you know, utilities, I think maybe you face different, you know, operating environment than a very high, you know, a highly competitive tech company might in terms of the risks are somewhat tied to that business strategy and the ecosystem that you participate in. So for us, it's, it's not necessarily getting people to think about, you know, the, the, the goal is trying to make that, that trying to help them systematically consider, you know, what has to go right, what can't go wrong as a part of their, as a part of those steps, those strategic decisions, you know, kind of like what the new coastal stuff talks about in terms of the risk to the strategy and the risk of the strategy. And, and so for us, we, we, we don't have to encourage anybody. We, we, we're very blessed with a very, a very thoughtful senior leadership team.

And I think part of that came from, you know, our legacy of, of going through that, that, you know, that decade of, of antitrust, you know, activity where, you know, where people may not have thought about these things in the past. And now the value of those types of things, I think helps our leadership, you know, migrate through with a little bit more forethought. And so it's, you know, right now it's, it's, for us, it's, it's, it's maybe a different challenge than other companies have to, to go through, but it's, it's a lot of fun. It's a lot of fun, but you know, you, you actually bring a perspective and a unique insight to your organization because besides growing up in Ann Arbor, Michigan, you were also a former entrepreneur.

You've owned a couple of startups that you sold. And how does that experience influence, how does that experience managing an organization and looking at risk as an entrepreneur? How does that, you know, help you in your current role? Well, I, I'd say, you know, for all of those, you know, people who are oldest in their family, and I'm the oldest of six, I, you kind of grew up like with a, you know, I understand what, you know, responsibility and got to get it done, all that kind of stuff.

But I, you know, I think one of the things that, you know, going through the two startups that I had, one, which was a technology startup, a software as a service company that I launched in right around the year 2000, you get an understanding of what, you know, your business strategy is. You own the business strategy as the entrepreneur. And, and you really, you know, have to look at prioritizing what can mess with that strategy. And certainly the startup world is, is highly tied to funding and, and customer value and developing some momentum.

And, and so you get a sense for what that big picture is. And also you, you, you have to be, you know, the, the, the CEO and, and the janitor at the same time. And that kind of self-sufficiency, whether it was, you know, being the oldest of six kids or having that entrepreneurial environment, you bring to a big corporate environment. And in a time where the corporate environment was changing, it used to be that, you know, you, your measure of, of influence in the company was, you know, how many, how many assistants you had to get your job done.

And, and as the tech roles changed, you know, it was, you know, your ability to be agile and to be able to do things and, and, and not have to wait for others' calendars to align with yours to get them done made me much more efficient and effective at what I was doing. So it was a great way. It was a great launching point for what I consider to be the, you know, the, you know, the modern, in the modern technical roles that you have today. So what I'm hearing is that understanding your relationship with risk-taking personally does have an impact or influences your leadership development with the organizations.

It does. You know, I, I, I, I don't really consider myself necessarily, you know, fitting into a certain risk profile. Am I a conservative? I'm a risk baker or whatever.

But I think, you know, understanding what, and I think it's, it's intuitive that, and I think, you know, a lot of your audience and, and certainly risk professionals around the, you know, the globe, and just intuitively consider in terms of, you know, what is the objective? What, you know, what's the, what's the, you know, what is the benefit if, if we're successful? And, you know, what happens if things go well? Are we prepared for that success?

And so I think that there's a number of things where that can play in. So moving forward, now we're talking about a lot of organizations, even if someone listens to this podcast five years from now, it will be a post pandemic world. So how, what is the picture? What is the, you know, the foresight in terms of technology and cyber and supply chain, all these things looking like in the post pandemic world, and what can organizations do to strengthen their position in those areas?

You know, I think in some ways, you know, it's one of those stories about the more things change, the more they stay the same. You know, I, you know, for us fundamentally, it comes back down to that, you know, to that trust concept. And, and really, you know, the solution to that trust is, is, is that, you know, that triad of people, process and technology. And, you know, you, you would, you know, you need all three.

And, um, because those three are really your, your, your company culture, your organization culture. And, um, and I think in a post pandemic world, you know, I think we, um, you know, the, at least the learning I've taken from this is that perhaps maybe the more fragile part of that, that triad are the people. And, um, and whether it's, you know, you have new leadership changes that you have in the public sector every once in a while, or that you've got, um, you know, a pandemic that just changes the whole type of the work paradigm, as we know it. Um, I think it's, it's focusing on the people and having some, some great people skills.

And, you know, you hear people talk about relationship building. It's all about relationships. I don't know that it's necessarily about the relationships per se, that that's not the goal. I think that's just the method by which you, you, you fundamentally understand that, um, organizations are made up of humans.

We all have to kind of put our pants on one leg at a time. And we all got, we all bring a lot of, you know, stresses and, and, and, you know, to the job every day that, you know, we hope we can, you know, put a compartmentalizing. our jobs done and and really to you know i think people to be a little bit more you know empathetic is really i think the post-pandemic um view and this probably was something that we all needed to get better at anyway and the pandemic was ways and emphasize that so moving forward in terms of the industry what what technology or where should we be on the lookout for i mean we've seen a lot of things happening is this something on the horizon that we need to start focusing on yeah you know that's that's it's a big question you know i'm sure one of the things that we do you know is in terms of you know we map our whole you know uh program and process to you know a number of risk management standards where it's the cost of 20 principles of that the iso um 31 000 and and part of it is you know living in you know with a shout out to the iso people is the um is you know being grounded in that external context and so we look at things like the um you know the world economic forum and and and and particularly i think you know you know nothing necessarily said that that's the the one source of insight that everybody should go to but you know those organizations that work maybe on a hyperscale or uh you know in you know across the world it would be one um but we look at some of those things and and and i think that you know the world is just going to be increasingly volatile and and one of the things that we're trying to do at microsoft right now is just understand what those all are not necessarily to be the person with the crystal ball that says oh number seven on the 2019 world economic forum is pandemic and that's going to be number three or something like that but it's to understand what what is going on in the world you know what what who are you know how are these things manifesting themselves and and then look at and understand how those can impact your ecosystem and and and when i think about ecosystem i'm thinking about upstream you know your supply chain who brings stuff to you and then particularly even for you know like microsoft who's part of so many other people's supply chains that's right just understand how all of that i think is is is is i think job number one and then you're you're just be prepared to be super responsive so that when something does manifest itself then you can you can know a little bit about you can get a head start on what to look at what to look for and and be there um and so to me i know if i were to give people some uh you know advice and advice i would just be aware of your context you know understand that macro environment understand the interconnectedness of your ecosystem right and and understand how that ecosystem serves your mission or your business objectives and then you'll be it's like you're it's like your little cheat sheet but i think we're the industry in general is probably going to have to be be ready to be more of a responsible organization just because i don't know that there is a crystal ball for what the big thing is exactly you know you know some of the things that we get you know we think about at microsoft is okay you know this big we've been going through this phase where everybody's moving to the cloud you know and the total addressable market just keeps the pie just keeps getting bigger you know if that pie stops you know that growth starts to stop or you know you start to find out have you been lucky or are you good right and so one of the things we're we're continually challenging ourselves and and and checking on our culture is to see do we have that commitment to be good are we just riding on the lucky train right now and um and so those are some things that we're trying to do to to look at you know one particular aspect that could impact us but um you know as far as you know general thoughts you know i think just understanding that that macro culture and how it can impact you know this very increasingly interconnected world that we live in thank you so much tom i really appreciate the fact that you've shared your insights with uh you know giving a lot of companies big and small a lot of hope in this area even though microsoft is this is your you know your wheelhouse it doesn't eliminate you from the challenges like any other organization and the different things uh uh implementations you have to do uh and strategies you have to think about to move forward and be successful in the future so i definitely want to thank you for your time today to discuss microsoft and your work oh it's been my pleasure you know i'm just i'm so happy that we have your energy out there helping the profession get better and and maintaining that you know a public dialogue i think super important and particularly in this year where you know a lot of people couldn't see or share have you know part of these conversations i think you know you know what you're doing right now is a public good and uh and so i'm i'm certainly happy to do my little part to continue well i appreciate you being part of this journey tom and i want to thank everyone my audience for listening in today i'm dr karen hardy and i'll see you next time you

French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! HOMELAND HOMELAND The Church is a body not a building. It's the bride of Jesus Christ! Jesus is coming back for a mature bride. That means it's time for the church of Jesus Christ to move from milk to meat. This is the hour of maturity!HOMELAND is an announcement that the church is being set free. Only the church has the ability to transform the world. The kingdom's of this world will become the kingdoms of our Lord and Savior!All of creation has been waiting for this moment! Sons and daughters of God are rising up and taking their seat!

Frequently Asked Questions

How long is this episode of FLIP THIS RISK® Podcast?

This episode is 26 minutes long.

When was this FLIP THIS RISK® Podcast episode published?

This episode was published on July 31, 2021.

What is this episode about?

Tom is a senior program manager specializing in Enterprise Risk Management. He shares his thoughts about issues such as ransomware, cybersecurity, supply chain disruptions, and the presumed technology challenges in a post pandemic world. We also...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this FLIP THIS RISK® Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!