Microsoft will require employees to undergo security work as part of their performance review
The decision has been long rumored, but now it's a rule.
4 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Microsoft has just made a notable modification to its performance review system for workers. Engineers or executives are now required to consider security as one of their main focuses regarding these systems.
This transition is happening after different security events, which have shown that more robust protection from cyber dangers is needed.
Microsoft employees won’t have to worry only about coding or marketing. Their performance review also covers how well they integrate security into their everyday duties. This is very important because it impacts promotions, salary raises, and bonuses.
But what does this imply for technical personnel? It means that products should be secure from the beginning, incorporating security at the initial design stage and following best practices. For others, it is about maintaining a mentality of security first, being alert, and continuously seeking methods to improve their work’s security.
According to The Verge, Kathleen Hogan, Microsoft’s CPO (Chief People Officer), shared a note with all Microsoft employees letting them know their performance review will include a security check-up.
At Microsoft, we deliver mission-critical infrastructure that the world depends on to achieve more. With that trust in us comes a great responsibility: to protect our customers, our company, and our world from cyber threats. As Microsoft employees, we all have a role in that responsibility.
As Satya referenced in his May 3 email and again during his FY25 kick off on July 9, security is our number-one priority, and everyone at Microsoft will have security as a Core Priority. When faced with a tradeoff, the answer is clear and simple: security above all else. Our commitment to security is enduring. New and novel attacks will require us to continue to learn, innovate, and defend. Yet working together, we will make nonlinear improvements, stay alert, and meet the expectations of our customers. They are counting on us, and our future depends on their trust.
Our new Security Core Priority reinforces our commitment to security and holds us accountable for building secure products and services. It is now available in the Connect tool for most employees, and we are partnering with geo HR teams to expand access to all employees globally. The Security Core Priority is not a check-the-box compliance exercise; it is a way for every employee and manager to commit to—and be accountable for—prioritizing security, and a way for us to codify your contributions and to recognize you for your impact. We all must act with a security-first mindset, speak up, and proactively look for opportunities to ensure security in everything we do.
The core priority will have two parts:
Core and common elements that apply to all employees
An optional section for employees to further specify how they will activate the Security Core Priority based on their role, team, org, etc.
All employees will set their Security Core Priority as part their first FY25 Connect, with the intent that during regular Connect conversations, you and your manager will discuss your Security Core Priority progress and impact. This process will follow the same approach as our other company-wide core priorities for Diversity & Inclusion and Managers. You can learn more about the Security Core Priority here, including FAQs and Security Core Priority activation examples for three main types of roles: technical, customer and partner-facing, and all other roles.
As we kick off our 50th year as a company, I know we all feel honored and humbled that we are still here—as a relevant and consequential company—pursuing our mission together. When we empower every person and organization on the planet to achieve more, we take on society’s biggest challenges and empower the world. What a big, bold, and meaningful mission we have, and yet none of us can take this for granted. We are here because our customers trust us, and we must continue to earn their trust every day.
Thank you for your commitment to our Security Core Priority that will help protect Microsoft, our customers, and our partners.
Kathleen
This is not merely a check-the-box exercise. Microsoft is known in the tech industry as the top company with many security issues; in fact, the Redmond-based tech giant has been constantly criticized for not taking action sooner to prevent. Take, for example, the Black Basta incident.
It has been rumored the company would resort to this change, and it’s still taking the necessary steps to strengthen security. For example, Microsoft’s Secure Future Initiative (SFI) intends to strengthen the company’s protection in all areas.
So, why does this matter to you and me? In a world that depends increasingly on digital infrastructure, the safety of the products and services we use every day becomes paramount. Microsoft’s action marks an important progress towards making sure its offerings are as secure as possible.
What do you think about this?
