The CISO’s Playbook: How DXC Is Aligning Security with Business Growth

‍The CISO’s Playbook is an ongoing series featuring strategic insight from the industry’s top cybersecurity executives. This post features Mike Baker, CISO at DXC Technology.

Cyber resilience isn’t about checking boxes anymore. It’s about outpacing risk with strategy — one that doesn’t just react but anticipates.

That’s the vision driving Mike Baker, CISO at DXC Technology. With over 130,000 employees and a client base that spans some of the world’s most complex enterprises, Baker doesn’t have the luxury of treating cybersecurity as an IT issue. For him, it’s a business enabler.

“Back in the day, if you had firewalls, antivirus, and endpoint tools, that was enough,” Baker said. “Today, that barely scratches the surface.”

Now, Baker is leading DXC’s global security strategy with one guiding principle: to protect the business without slowing it down. That requires more than tools. It demands a cohesive, forward-looking strategy powered by Zero Trust and AI.

Zero Trust + AI = a perfect match

To keep up with the speed and scale of modern threats, Baker believes CISOs must treat Zero Trust and AI as a strategic pairing, not separate investments.

“Zero Trust is the framework. AI is the capability,” he explained. “Together, they help you make better decisions, faster.”

At DXC, that strategy is in action every day in its own network. And it’s what DXC recommends to customers.  

The DXC security team uses role-based access and microsegmentation to ensure only the right people have access to the right data and nothing more. AI enhances these controls by automating policy enforcement, flagging anomalies, and dynamically adjusting access based on user behavior.

Zero Trust is the framework. AI is the capability. Together, they help you make better decisions, faster.

The key to making that possible is security graphs, which offer a unified, structured view of the organization’s security data.

“Security graphs aren’t new,” he said. “But what’s changed is how essential they are to enabling AI across platforms.”

These graphs give organizations a model of how users, devices, and systems interact in their network. They allow AI to detect patterns at scale, surface risks faster, and trigger rapid response without waiting for a human to connect the dots.

“Pairing AI and security graphs let us reduce detection time and free up people for higher-value work,” Baker said. “It’s a force multiplier.”

Moving beyond compliance

Too many organizations still treat compliance as the north star for cybersecurity. For Baker, that’s a dangerous trap.

“Compliance is table stakes,” he said. “Zero Trust helps you move beyond checking boxes and start thinking proactively.”

Instead of retrofitting controls to meet each new regulation, Baker’s team builds proactive, repeatable processes that address the underlying network risks, not just the compliance requirements.

Compliance is table stakes. Zero Trust helps you move beyond checking boxes and start thinking proactively.

This approach helps DXC get ahead of audits and frees up resources for long-term improvements. It also makes security teams more adaptable when mandates shift — as they always do.

“You go from chasing compliance to anticipating risk,” Baker said. “That makes the whole organization more resilient beyond compliance mandates’ baseline requirements.”

It also builds credibility with business leaders who want to see security as an asset, not a cost center.

Make the case with strategy, not tools

One of the biggest shifts Baker has seen in his career is how CISOs communicate with the board. Gone are the days of reporting patch counts and tool rollouts.

“Cybersecurity today is about showing a holistic strategy, not a pile of controls,” Baker said. “You’ve got to show the board where you’re applying time, energy, and investment across the entire network and, just as important, why.”

That’s where Zero Trust comes in. It gives security leaders a clear, business-friendly framework for explaining how they’re protecting the organization, from users and devices to data and applications.

“It gives you a clean way to explain how you’re protecting the organization and where you’re prioritizing investment,” he said. “Boards understand that.”

By tying every decision back to business impact, like reducing downtime, protecting IP, or maintaining customer trust, CISOs can shift the conversation from fear-based metrics to resilience and readiness.

Secure business without slowing it down

Security shouldn’t be a bottleneck to productivity. Baker sees frictionless security as a key competitive advantage.

“Users shouldn’t feel like they’re being slowed down,” he said. “They should just see that they can do their jobs securely.”

At DXC, security controls are designed to be invisible wherever possible. Smart defaults, adaptive access, and embedded AI allow employees to move quickly without creating new risks.

This balance is essential for innovation. “Trust is the currency of growth,” Baker said. “If we can’t protect our data and our customers’ data, we can’t earn the trust to grow.”

Trust is the currency of growth. If we can’t protect our data and our customers’ data, we can’t earn the trust to grow.

That’s why DXC doesn’t just promote Zero Trust to clients but lives it in their own network infrastructure. It’s also why Baker treats AI not as an emerging tool but as a foundational capability.

“Adversaries are already using AI to accelerate attacks,” he said. “Not adopting AI is not only a missed opportunity but a liability.”

Protect the business at speed and scale

Boards want visibility. Customers want trust. Attackers aren’t slowing down.

To lead in this environment, CISOs need a clear, cohesive strategy that aligns with business outcomes.

That’s why Baker is doubling down on Zero Trust and AI — and working with partners like Illumio to bring that strategy to life with AI-powered observability and Zero Trust controls.

His advice to security leaders: “Tell a real story. Show how your security investments protect the business. Use frameworks like Zero Trust and capabilities like AI to make your strategy make sense.”

At the end of the day, today’s CISOs shouldn’t just secure systems but keep the business resilient without compromise.

Ready to turn your Zero Trust and AI strategies into action? Start your Prueba gratis de Illumio Insights Hoy.