/
Zero Trust Segmentation

3 Cybersecurity Rules Microsoft’s Sherrod DeGrippo Lives By — And Why You Should Too

Headshot of Sherrod DeGrippo Director of Threat Intelligence Strategy at Microsoft

When it comes to cybersecurity, few voices resonate as powerfully as Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy. With nearly 20 years of experience and a resume that spans across the cyber industry, Sherrod is a true thought leader in the space.  

We recently sat down together on The Segment: A Zero Trust Leadership Podcast to discuss cyber resilience, threat intel trends, and Zero Trust. During our conversation, Sherrod revealed the three cybersecurity commandments that she believes should be guiding every cyber leader’s decisions and strategy.  

Keep reading to gain Sherrod’s insight into security best practices.

1. Productive anxiety: Driving cybersecurity progress

One of Sherrod’s most powerful points during our conversation was how anxiety can actually be a strength in cybersecurity. Instead of viewing anxiety as a weakness, she sees it as a "superpower."  

“Not enough organizations have enough anxiety. I think there’s not enough worry, and there’s not enough productive anxiety professionally in the industry,” she said.

This so-called “productive anxiety” turns nervous energy about the inevitability of ransomware and breaches into proactive security effort.

She explained, "What I care about is whether you feel a deep connection to the work. Does securing something bring you a sense of calm? If it does, those are the people we want in this industry because they relentlessly pursue better results."

Her message is clear: The best security professionals don’t just check boxes — they’re driven by a sense of purpose. By embracing the anxiety built into the cyber industry, security teams can prioritize building stronger, more proactive defenses.

This mindset is essential for cyber resilience, where being prepared and constantly improving keeps businesses a step ahead of evolving threats.  

2. Spiraling now: The key to ransomware resilience planning

Ransomware is one of the toughest challenges in cybersecurity today. As Sherrod pointed out, it’s impossible to prevent all attacks. Instead, organizations need to start thinking proactively and prepare for the next breach.  

She stressed the importance of making decisions before an attack occurs. "I’d like to see more decisions made before something happens,” she said. “This would put executives and security experts on the same page."

This approach of “spiraling now,” as Sherrod calls it, simply means planning ahead. When a crisis hits, everyone knows their role and what steps to take.

Sherrod urges businesses to build resilience by involving key leaders in proactive decision-making and creating clear response strategies. “I’m a big believer in ransomware resilience planning,” she explained.  

With these plans in place, companies can handle ransomware attacks more calmly and effectively. They’ll reduce damage and speed up recovery. This kind of preparation is at the heart of cyber resilience — making sure organizations can bounce back when a breach happens.

3. Zero Trust: Communicating security priorities to business leadership

In many ways, Zero Trust complements Sherrod’s call for planning ahead. By assuming that nothing — inside or outside the organization — is automatically trusted, Zero Trust requires businesses to limit access and verify identities before anyone can reach critical systems or data.

As ransomware attacks rise, Zero Trust becomes even more vital. It ensures that, even if an attack occurs, the damage is contained. This aligns with an overall resilience strategy that reduces risk and limits a breach’s impact.

Most importantly, Sherrod pointed out that Zero Trust not only strengthens security but also bridges communication between security teams and business leaders.  

“I think the best thing that the Zero Trust concept has done over the past few years is resonate so strongly with executive leaders,” she said. “Zero Trust has allowed us to communicate in the same language with executives, decision-makers, and even people that aren't necessarily in technical roles.”

Meet Sherrod DeGrippo, Microsoft’s threat intel expert

With over 19 years of experience in cybersecurity, Sherrod brings a wealth of knowledge to threat intelligence. Her expertise in the field has earned her widespread recognition, including being named Cybersecurity Woman of the Year in 2022 and Cybersecurity PR Spokesperson of the Year in 2021.

Before joining Microsoft, Sherrod served in several leadership roles in major security tech companies. Her experience ranges from threat research and intelligence to red team services and security consulting.  

Sherrod is recognized for her expertise in the threat landscape and her passion for helping organizations build cyber resilience. She’s a sought-after speaker and thought leader in the industry.

Listen, subscribe, and review The Segment: A Zero Trust Leadership Podcast

Want to learn more? Listen to the full episode on our website, Apple Podcasts, Spotify, or wherever you get your podcasts. You can also read the full transcript of the episode.

Related topics

No items found.

Related articles

How Illumio Builds Cohesive Security for Containers
Zero Trust Segmentation

How Illumio Builds Cohesive Security for Containers

Learn how Illumio enforces security policies and offers complete visibility within all environments – all in one platform.

API Security CISO Richard Bird on the Power of Cyber Creativity
Zero Trust Segmentation

API Security CISO Richard Bird on the Power of Cyber Creativity

Learn from Richard Bird, CISO at Traceable AI, about the transformative power of creative storytelling and the integration of Zero Trust and API security.

Allowlist vs. Denylist
Zero Trust Segmentation

Allowlist vs. Denylist

Learn why allowlists are the perfect solution for securing east-west data flow.

Can Zero Trust Bridge the Cyber Equity Gap?
Cyber Resilience

Can Zero Trust Bridge the Cyber Equity Gap?

Learn from Nicole Tisdale, a leader in cyber policy, about how cybersecurity can protect both our institutions and the people they serve.

How Armis CTO Carlos Buenano’s OT Security Journey Led to Zero Trust
Zero Trust Segmentation

How Armis CTO Carlos Buenano’s OT Security Journey Led to Zero Trust

Learn about Buenano's journey into OT security, the pivotal role Zero Trust principles play in safeguarding industrial environments, and the challenges to get there.

API Security CISO Richard Bird on the Power of Cyber Creativity
Zero Trust Segmentation

API Security CISO Richard Bird on the Power of Cyber Creativity

Learn from Richard Bird, CISO at Traceable AI, about the transformative power of creative storytelling and the integration of Zero Trust and API security.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?