Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management at Microsoft and leader of Microsoft Security, highlights the rapid evolution of cybersecurity in the Middle East, driven by AI security, Zero Trust, and government-backed initiatives. Microsoft leads with an integrated security portfolio, AI-powered defences, and global collaboration for a safer digital world.
How do you view the cybersecurity landscape in the Middle East compared to the West?
I am truly inspired by the level of innovation happening in the Middle East. The digital transformations I’ve witnessed in Riyadh and Dubai are phenomenal. Governments and enterprises here are adopting cutting-edge technologies at an accelerated pace. What excites me even more is that cybersecurity is a central conversation in these advancements. The presence of AI ministries and cybersecurity initiatives shows a commitment to secure innovation. However, one challenge that still exists globally is the need for standardized security frameworks. As we move towards AI-driven ecosystems, we must evolve Zero Trust principles to accommodate AI as an integral part of enterprise security. Simplifying security, fostering collaboration, and embedding security into technology development from the ground up are crucial for the future.
Have you always been in cybersecurity?
Not always. I started as an engineer in chip design. Science fiction, particularly Star Trek, inspired me to pursue science and engineering. My journey began in technology as an engineer and then transitioned into product management and strategy. I started in the silicon space, writing VHDL code for chips at Intel. Over time, I moved into security, which I fell in love with. Back then, security was mostly about encryption and basic technologies, and few people realized its true significance. I saw security as a noble pursuit—safety is fundamental, right up there with water, shelter, and food. That realization led me to dedicate my career to cybersecurity. Before joining Microsoft, I was with FireEye Mandiant, but I saw Microsoft’s potential to truly transform the industry at scale, which is what drew me here.
How long have you been associated with Microsoft, and what do you take care of at Microsoft?
I joined Microsoft in July 2020, right in the middle of the pandemic. Microsoft operates through various solution areas, and in June 2020, we established security as a distinct business. I was brought in to lead that business. My role involves overseeing the business and product strategies, working closely with our engineering teams, and leading go-to-market, pricing, and packaging while ensuring we create value for customers. Essentially, I look at the portfolio from a broad perspective, ensuring that everything aligns to serve our customers effectively.
How has it evolved since you joined or started this division?
It has been an incredible journey. When I started, the business was smaller, but within no time, we hit 10 billion dollars in revenue, then 15 billion, and soon after, 20 billion. That was the last publicly disclosed figure, but that was two years ago, and we have continued growing at an unprecedented rate. Today, we have 1.2 million customers globally, the largest security portfolio in the industry, and we were the first company to introduce generative AI solutions for security with Security Copilot. Our platform integrates over 50 categories to offer an end-to-end security stack, and we are now focused on securing AI as well. We work with 15,000 partners worldwide, operate in over 120 countries, and continue to invest significantly in innovation, including our 20 billion dollar R&D investment over the past three years. This rapid evolution has made us the largest cybersecurity vendor in the world by both volume and value.
So, you are probably the biggest cybersecurity company in the world?
Yes, by an order of magnitude. However, not enough people are aware of this fact, and that is something we need to change. Customers trust us immensely because we have the largest threat intelligence network in the industry. We have made deep investments in security, including AI-driven security solutions. Our commitment is to serve our partners and customers, who continue to place their trust in us, and we are excited about the impact we can make. I have been working in technology for 25 years, and this has been one of the most exciting and rewarding journeys in my career.
Can you describe Microsoft’s security portfolio? What are the major solutions, and which one is the standout product?
Microsoft Security consists of five major product families, with Security Copilot as a unifying layer. It’s hard to pick just one hero product because they all serve critical roles. Our Defender and Sentinel solutions provide threat protection—Defender is our extended detection and response (XDR) solution covering endpoints, identity, and email security, while Sentinel is our security operations platform, forming a unified security framework. Purview is our data security and governance platform, addressing insider risks and compliance. Entra and Intune focus on identity and access management, with Entra covering the full identity lifecycle and Intune handling device management. Security Copilot, which we introduced in March 2023 and made generally available in April 2024, integrates AI into these products, simplifying security operations. It cannot function alone but enhances all our security offerings, providing an easy button for security operations. Our focus remains on securing AI and using AI to enhance security, which are the two dominant conversations in the industry today.
How easy is it to secure AI?
It’s not necessarily about difficulty but about being thoughtful and strategic. Securing AI involves four key stages. The first stage is preparation, which includes organizing data repositories, classifying information, and controlling access. Many organizations still lack centralized data governance, which is a foundational step. The second stage is discovery, where we help organizations identify AI applications in use through Defender for Cloud Apps. Companies are often surprised by the number of AI applications employees are using without formal oversight. The third stage is protection, where we use Purview, Defender, and Entra to enforce security policies, block unauthorized applications, and prevent data leaks. The final stage is governance, ensuring AI security policies align with regulatory requirements and best practices. AI security is a journey, but by implementing these structured steps, organizations can manage risks effectively.
Cybersecurity is still an external layer in most technologies. When will it become an intrinsic part of software architecture?
That’s precisely why we are pushing for secure by design and secure by default principles through our Secure Future Initiative. Cybersecurity must be ingrained in every layer of technology, just like fire safety principles are integrated into urban planning. Every individual in an organization—whether in IT, HR, or marketing—needs to be aware of their role in cybersecurity. Until security is built into every product from inception, it will remain a secondary consideration. However, I am encouraged by the growing awareness, especially in AI innovations, where security is now part of early discussions.
How do you think we can create a safer world?
Collaboration is key. The attackers work together far more efficiently than defenders do, and that must change. Industry-wide collaboration between private companies, governments, and technology providers is essential. For effective collaboration, we need common platforms that enable intelligence sharing. At Microsoft, we are building a security platform where customers can use Microsoft solutions alongside third-party tools, ensuring a seamless and collective defense approach. AI is another crucial element. AI has the potential to revolutionize cybersecurity by filtering noise, detecting anomalies, and enhancing threat response. Lastly, cultural transformation is vital. Security cannot be an afterthought. It must be embedded in every innovation from the outset. If we ensure security-first thinking in every aspect of technology, we can create a safer digital world.