Tracey Pretorius. PHOTO: Cybercrime Magazine.

Globetrotting Speaker Changing Cybersecurity Dialogue for Microsoft Customers

Industrial Psychology and Crisis Communications Expert on Best Practices and Leading a New Women in Cybersecurity Group

Georgia Reid

Northport, N.Y. – Oct. 29, 2018

What happens when you combine a background in industrial psychology and experience in crisis communications, add a dash of bubbly extraversion and a hint of humor, and package it into a globe-trotting speaker and cybersecurity educator? Meet whip-smart Tracey Pretorius, Director of Global Partner Business Strategy at Microsoft.  The story behind her role is incredibly unique — and one that is fitting of her expertise and character. And, in a time where cybersecurity crises are on the rise, Tracey’s role is more important than ever.

Tracey leads global efforts at Microsoft to help customers benefit from an unparalleled partner network that delivers world-class security and AI solutions, among others. Leveraging her “experience in cloud and cybersecurity strategy, incident response, and crisis communication,” Tracey meets regularly with customers to share best practices for the protection of critical infrastructure and information technology systems.

We met with Tracey at the Cybercrime Magazine office in Northport, N.Y., after her visit to Carbon Black Connect in New York City where she spoke on a panel of expert Women in Cybersecurity

Here is the interview with Tracey (watch the video for complete version):

CM: Tell our audience a little bit about how you fell into technology as a career, and what you are doing at Microsoft today.

TP: Well, I actually was born and raised in South Africa, and I studied industrial psychology and communications. I joined Microsoft after apartheid had lifted and then a whole lot of multi-national companies came back to the country. So I sort of fell into tech and in 2005, I moved to the headquarters in Redmond, Wash. Along my career within Microsoft, I have had various roles that touched on security, from product security, consumer security, and commercial security, and cybersecurity is something I was introduced to in 2012 when I took on a crisis communications role. I fell in love with cybersecurity, and it was a non-traditional entry into the space.

CM: Many of the women I speak to in cybersecurity also fell into it in a non-traditional way. What are some of the initiatives you are working on to get more women into cybersecurity?

TP: I think it’s creating awareness for women in the security space that it is not just the traditional engineering roles you have to pursue if you wish to follow a career in cybersecurity. There are other skill sets that are valuable and that are needed. So there are a couple of things I am trying to do. In May of 2018, I co-founded and I now chair the Microsoft Women in Security Community, which is internal at Microsoft, and it includes our male colleagues. We did this to bring people together to share best practices, what’s worked for your career, and to help each other advance.

Watch the video interview with Tracey to hear more about what she has to say about the human factor in crisis communications, the criminal mind, and media attention when it comes to cybersecurity:

CM: What are you doing now that you have a tried and true method of crisis communications that you developed internally at Microsoft?

TP: One of the things I focused on was actually getting our own house in order when I started in this area in 2012, and so I then started to think about how we could help our customers and our partners. We have a lot of best practices in place, so why would we not share that? Currently, my role now is actually consulting with customers and partners and helping them understand some of the things that we have learned, some of the pitfalls, and some of the best practices so that they don’t have to go through that. And the response has been great working with the CISOs. I am actually meeting with some CISOs next week to go through an Incident Response exercise. This is really about learning from each other and creating a sense of community.

“Tracey spoke to a group of senior CISOs recently at an I-4 event we sponsor… You could see immediately how well Tracey landed the point with the CISOs present at the forum. There was a real buzz and energy in the room and a very lively discussion. At KPMG, we work with the C-suite to practice crisis management and develop the right responses… Speaking personally, I immensely enjoy working with talented professionals like Tracey, and it’s also great for our clients.” – Paul Taylor, Partner, Cyber Security at KPMG LLP

CM: So what are some of the biggest challenges that are being faced by CISOs when it comes to Incident Response Communication?

TP: I think one of the challenges is ensuring that when something does happen that they truly are prepared and that they have the rest of the C-suite fully bought in. One of the hardest things to do during a time of crisis is to build a set of principles. And to get buy-in on those principles. I am seeing from CISOs that they are very well-versed in their practices, but that they aren’t necessarily practicing it enough across the organization so that it is ingrained in the company DNA.  So that business can go on as normal in the event of an incident, and that it doesn’t escalate into a crisis. 

CM: Let’s talk about media attention in the event of a hack or a breach. Do you think that the media is fairly portraying what is going on? What kind of communication is best in the event of an incident?

TP: I think that what is particularly hard is that good news doesn’t sell. The over-sensationalizing over this stuff really causes pain, not only for the average reader who doesn’t necessarily understand what is happening but also for the company that is trying to educate at the same time and communicate what happened. I think that there are some media who do a good job portraying things as accurately as possible, but there is also a lot of over-hype.

CM: What advice do you give business owners when it comes to crisis communications with the media?

TP: Words have meaning. Choose your words carefully. It will definitely impact your business, how you communicate during a crisis.

As Director of Global Partner Business Strategy, Tracey continues to lead Microsoft’s worldwide efforts to ensure customers benefit from an unrivaled partner network that delivers world-class security and AI solutions.

The company is advancing in cybersecurity with tools for Identity and Access Management, Information Protection, Threat Detection, and Security Protection.  Read more here

– Georgia Reid