The Role of AI in Cybersecurity

I think you’ve heard us talk about Copilot and its capabilities. We’re excited about that, and we believe a lot of the federal agencies can accelerate some workflows and gain insights to the data a lot faster, with a focus on doing more with less. We believe the responsiveness will be there, but also cost reduction. An example would be identifying potential waste and fraud in various programs. Cybersecurity will be an important part that could enhance things we have done, like patching vulnerability at scale.

For me, the part that’s most important is being nimble and adaptive to new threats and threat actors. There’s a lot of potential. We’re excited for the next 50 years so that our federal customers can meet their mission goals, and we intend to be their partner for the next 50.

El Koubi: Microsoft Federal’s capabilities are very impressive. Part of your experience is doing this kind of work in Asia and, of course, there’s a lot of discussion about technology capabilities in the United States and competition with China. How did your work with Microsoft in Asia inform what you’re doing with the federal government now in the United States?

Ling: It was a privilege to have that opportunity. Whether it’s the Australian government or the Singaporean government or the Japanese government, at the core of any federal or central government is really the ability to effectively serve the public, the citizen, through services that are relevant, and where it matters.

Despite different countries and cultures that I was exposed to in Asia, the challenges are similar. Whether that’s siloed data or legacy IT, we need to modernize our exposure to cybersecurity risk that impedes operation. Take away the name of the country and you’ll still have that and the need for closer collaboration.

El Koubi: I framed that question against the backdrop of competition, but you also mentioned how important collaboration is, not just within this country, but also with partners outside the United States. In helping the federal government with national-level cybersecurity issues, how important is international collaboration and coordination with other global partners? How can U.S. industry leaders better engage with global partners in this evolving domain?

Ling: At Microsoft, we refer to cybersecurity as a team sport. The competition’s not about other industry players, it’s truly about how do we work together. Whether that’s across industry or across government, it’s about threat actors, and we need to work together as a cyber community so that we can collectively share information and, at times, coordinate actions to repel threats that have become much bolder, from much more sophisticated threat actors.

Our company is fully engaged in partnering with many organizations on cybersecurity, whether that’s technology or the idea of our platform’s interoperability and the ability to integrate with cyber tools. The No. 1 goal is to be proactive, also ensuring maximum coverage and flexibility for our customers to design cybersecurity answers and systems that work best for their needs. That, to me, is international coordination — internal coordination and at the national level — but also working outside the tech companies to make sure we are protecting critical infrastructure.

El Koubi: I would love to get your take on the cybersecurity landscape for industry in the United States. In particular, your assessment of it in Virginia. We know Virginia has a lot of strengths in this area. Help us understand the national landscape and how the Commonwealth fits in on a national level.

Ling: My vantage point right now is the federal community in and around the DMV area. It’s hard for me to compare what’s happening elsewhere in the U.S. from state to state to state. I would say that the focus has been on the federal government where it’s headquartered here. So, for me, the spotlight is on how to secure critical infrastructure in the system. I believe we’re celebrating the fact that many amazing companies here in Virginia are building and innovating cyber technology, and we have a chance to help and partner with them.

I know we’ve been partnering with Governor Youngkin on his executive directives, whether that’s on AI, how we provide IT safeguards for K-12 and higher education, or how to bring people to Virginia to work here. I also understand Virginia has an interest in cybersecurity, whether on the research side or leading on AI innovation, and that’s interesting to watch. I love that Virginia has talked about responsible AI and responsible security — ethics and transparent use of AI.

El Koubi: You mentioned AI and its role. Talk about the role AI plays in Microsoft’s cybersecurity work. What’s on the horizon? How does it relate to cybersecurity?

Ling: I think they work hand in hand. It is essential that AI is part of how we look at cybersecurity. AI, as we know, in the company and with the government, surfaces anomalies and creates that alert system. AI is essential to building world-class cybersecurity capabilities for our customers. We are proud that AI is infused across our technology and our product stack.

One thing we know is important is not just about the technology, but to understand there are end-to-end scenarios. I mentioned threat hunting and intelligence gathering, but there are other things, like incident response. Once you’re hit, what do you do? It’s technology plus customer real-life scenarios.

El Koubi: As we think about managing cybersecurity issues at the federal level in the United States and elsewhere, what do you see as the big trends? What are you looking at over the next few years in terms of opportunities and challenges?

Ling: We want to tie back to AI. I would expect the level of sophistication of cyber threats to increase, and we all know that it will continue. The question is how to best mobilize and use AI to support proactive protection. We’ll see greater reliance on AI to augment what I would call cyber defensive capabilities, how to repel threats before they happen, using AI to be proactive.

Another element of social engineering will also continue to be a challenge. We’ve got to partner to make sure that AI does not dupe people. Training, awareness, and policies must be in place to spot that kind of campaign, similar to the work we’ve done at an earlier stage to train people to spot phishing.

We are excited to see if we can continue to solidify adoption of that. We mentioned that the U.S. Department of Defense has a goal to implement all those practices across their system by 2027. We are really just working, being diligent, given that the Navy met their zero-trust goal in 2024. Now we’ve got to make sure that others would take a similar approach because it’s important for national security. It is really about being proactive and not just reactive. Then, obviously, partnering with higher ed or even high school and community colleges to bring that kind of skill set to bear in Virginia and our federal government.

El Koubi: Candice, we’re thrilled to have you personally in the Commonwealth. You like to get outside — you’re not always in the office or behind a computer. What are some of your favorite things to do here in Virginia?

Ling: Hiking is definitely a personal favorite. We’ve been picking up pickleball. My son plays competitive ice hockey, so we travel around Virginia and outside Virginia to many, many ice rinks, some of them stinkier than others. But especially in the cold months here, we continue to support the homeless shelters because, as a family, we strongly believe how important it is to be good citizens and residents of our local community in Loudoun County. I think it’s those things that are important — not just enjoying what God has given us here in the Shenandoahs of Virginia, but also to be a good resident of Virginia and supporting what is needed here, especially in these colder months.

El Koubi: Candice, thank you so much for joining us today.

Ling: Thank you, Jason. I appreciate your time.

Full the full interview, visit www.vedp.org/Podcasts