Jim DuBois, Former Microsoft CIO and CISO, on Incentives, AI and Cyber’s Future
The CISO role has changed less than many assume, but the pace of change and attacker capabilities have made the stakes far higher, said Jim DuBois, former CIO and CISO of Microsoft. What has not kept pace, he argues, is how organizations structure accountability between the teams driving innovation and the teams responsible for security.
See Also: AI Impersonation Is the New Arms Race—Is Your Workforce Ready?
The core problem, DuBois said, isn’t technology; it’s accountability. When both teams pursue conflicting goals, friction is inevitable.
“If we can align those incentives, and we can help the teams that are wanting to innovate be accountable for the security as well as the innovation, then they can go to the security teams and ask for help, as opposed to the conflict when incentives aren’t aligned,” DuBois said.
In this video interview with Information Security Media Group at RSAC Conference 2026, DuBois also discussed:
- The value of board service in broadening an operator’s strategic perspective;
- Why AI will separate high-performing security professionals from the rest;
- The pipeline problem of automating entry-level SOC roles and what the industry must do to address it.
After a 25-year career at Microsoft, DuBois has spent most of the last decade as an active board member of multiple technology companies. His board roles focus on cybersecurity and technology with an increasing emphasis on AI. He currently advises companies ranging from Fortune 500 to startups.