Manoj Kumar

Manoj Kumar (Class of 2026)

Manoj Kumar graduates as part of the TRIUM Class of 2026 this September. Here he reflects on his experience as a seasoned security and AI governance leader with more than two decades of experience turning security from a cost centre into a strategic advantage.

At Microsoft, he has helped unlock over $11B in government contracts, delivered $425M in annual savings, and architected security foundations supporting more than $100B in enterprise revenue—impact shaped across three senior roles, two entrepreneurial ventures, and years at the nexus of AI, engineering, and governance.

One fine morning in the first quarter of 2024, I received an email notification, informing me that my inbox had been accessed by adversaries working on behalf of a foreign government. The Midnight Blizzard breach had reached me personally. I was not just a responder and investigator at that time. I was also one of the targets.

I had spent years working in cybersecurity at Microsoft. I understood threat vectors, nation-state attribution, and incident response, and have been involved in plenty of nation-state investigations. What I did not fully understand, not until TRIUM, was the world that produces those threats and the reasons for those state sponsored attacks. The distinction matters more than I had ever appreciated.

The China Moment: An Overnight Decision, Years in the Making

Before the lectures in London, before Professor Michael Cox walked us through the rise and decline of American power and the long arc of China’s resurgence, I had already lived through a geopolitical event at close range. I just did not have the vocabulary to fully make sense of it at the time.

When the implications of U.S. sanctions on China became operational reality for my organization, the change was not gradual. My teams in China, who had been doing security-related work, had to stop overnight. Responsibilities were redistributed to teams in India and the United States in a matter of hours. The people involved were talented, committed colleagues. The decision had nothing to do with their performance and everything to do with forces operating far above any of us, in trade ministries, congressional committees, and export control agencies. I managed the operational consequences, but I processed it largely as a logistics problem. Move the work. Protect the IP. Ensure continuity.

TRIUM reframed what I had experienced. Cox’s sessions on China’s trajectory, covering its defining political moments, its economic reforms, and the question of whether we are entering a Cold War II, gave me the historical depth to understand what I saw firsthand. The overnight restructuring of my team was not a corporate anomaly. It was a small, local expression of something enormous: the systematic technological decoupling of two superpowers, playing out simultaneously in semiconductor policy, in cloud architecture, in workforce decisions, and yes, in the composition of a security team on a Tuesday morning.

Understanding China through that lens changed how I think about operational risk. It is no longer enough to ask “is this compliant today?” The more important question is “where is this political relationship heading, and are we well positioned for where it goes next?”

Midnight Blizzard: The Email About My Emails

The Russia sessions with Professor Cox were, for me, the most personally resonant part of the TRIUM geopolitics curriculum. The lecture plan covered Putin’s grand strategy, Russia’s near abroad, the logic behind Ukraine from 2014 to 2022, and the costs and scenarios of the war. What struck me, sitting in that classroom, was how much it illuminated events I had been in the middle of without truly understanding.

During the Midnight Blizzard investigation, I was part of the team working to understand what the SVR-linked actors had accessed and why. The breach was targeted and deliberate. The attackers went after emails belonging to executives, legal teams, and cybersecurity professionals specifically, not to steal product data, but to understand what Microsoft knew about Russian operations and what was it planning next. My emails were among those accessed. I received a notification, alongside others in similar roles, explaining that we had been part of the breach, outlining what came next, and guidelines on what to do and what not to.

At the time, I understood the tactical picture well. What TRIUM added was the strategic one. Cox’s framing of Putin’s worldview, the sense of encirclement, the use of information as both a weapon and a shield, the way Russia conflates intelligence operations with existential defence, made the logic of that attack legible in a way that pure threat-intelligence training never had. Adversaries do not breach systems randomly. They breach systems because they have a theory of the world, and that theory tells them what information is worth having. Understanding their theory is as important as understanding their malware.

North Korea: The Colleague Who Never Existed

The third incident I carry with me involves North Korea. I was part of investigations into cases where individuals were posing as American citizens to secure positions at Microsoft. I analysed source code, reviewed behavioural patterns, worked through the forensics of what these individuals had done and what they had been trying to access, talked to their managers and colleagues to find anomalous behaviours, and then ultimately removed their access from corporate resources.

The TRIUM material on BRICS and the broader sessions on how alliances form under pressure gave me a context I had not had before. North Korea’s cyber operations are, at their core, a sanctions-evasion strategy. They are how a regime locked out of the global financial system funds itself and its weapons programs. The connection to Russia and China, who shield Pyongyang at the UN and provide operational cover, is not incidental. It is structural. When I reviewed that source code, I was not just looking at a security incident. I was looking at the downstream consequence of decades of geopolitical choices by multiple governments.

Before TRIUM, I would have processed that investigation as a technical and HR problem. Now I process it as a geopolitical one that happens to manifest on an engineering team.

The Bigger Shift: The Map I Didn’t Know I Was Missing

The most significant thing TRIUM changed for me was not any single insight. It was the scope of what I consider relevant professionally.

I grew up in India. I have lived in the United States for years. Before the program, my intuitive geopolitical map was essentially those two countries and whatever touched them directly. Europe existed as a destination and a trading partner. Russia was a threat actor in a threat report. China was a supply chain and, increasingly, a competitor. The rest was noise.

The London module recalibrated all of that. The session on the SWIFT ban during the Russia-Ukraine war was a particular moment of clarity. The decision to exclude Russia from the international payments system was intended as a decisive economic weapon, and it was. But the secondary effect, China accelerating the construction of alternative financial infrastructure, illustrated something Professor Cox returned to repeatedly: in geopolitics, every action produces a reaction, and the reaction often matters more than the action. Adversaries do not simply absorb pressure. They adapt, form new alliances, build new systems, and emerge with capabilities they did not have before the pressure was applied.

This principle now shapes how I think about cybersecurity strategy. Sanctions drive technology decoupling, which drives domestic capability-building, which produces a more capable adversary. Export controls on semiconductors accelerate the very innovation they are designed to prevent. Isolation does not eliminate threat actors. It changes their tools and intensifies their motivation.

None of this makes me sympathetic to state-sponsored attacks. It makes me better at anticipating them.

What I Carry Forward

I am still a cybersecurity professional. I still think in terms of incidents, responses, and controls. But TRIUM added a layer of analysis that I find indispensable now: the ability to ask why a particular threat exists, not just how it works.

When Iran-linked groups frame Western technology companies as legitimate military targets in retaliation for perceived support of Israel, that is not irrational behaviour. It is the logic of asymmetric conflict applied to the digital domain, by a state that has concluded it has no other effective lever. Understanding that logic does not change my defensive priorities, but it does change how I communicate risk to leadership, how I think about where threats will escalate next, and how I counsel teams operating in politically sensitive environments.

The TRIUM program did not give me answers. It gave me a better set of questions. In a field where the threat landscape is inseparable from the geopolitical one, that turns out to be the most practical education I could have received.