Every product Microsoft ships to hundreds of millions of customers passes through a gauntlet of security checks before it reaches a single device. Someone has to build that gauntlet. Karthikeyan Thirumalaisamy, a Principal Software Engineer based in Redmond, Washington, is the one of the engineering leaders responsible for the company-wide supply chain security platform that protects code integrity for Azure, Office, and Windows. Over the past decade, his engineering leadership has quietly become one of the most consequential lines of defense inside one of the largest technology organizations on the planet.

​A Billion Requests a Day

Thirumalaisamy joined Microsoft in 2015 and rose through progressively senior roles over nine years before being promoted to Principal Software Engineer in May 2024. His mandate has been singular and sprawling. He builds and maintains the infrastructure that verifies, signs, and validates every piece of software released across Microsoft’s product ecosystem.

​The numbers tell a striking story. He led a complete redesign of one of Microsoft’s supply chain security services into a cloud-native, container-based architecture. That effort resulted in a 50 percent reduction in operational costs, delivering significant annual savings. He built a high-performance platform that now processes over one billion requests per day with low latency and high availability.

​”I focus on building resilient, secure systems that operate reliably at global scale,” Thirumalaisamy said. “The platforms and security architectures I help build reduce operational risk, improve system resilience, and strengthen trust in cloud infrastructure.”

That understatement masks the scope of what he owns. His cryptographic security library provides signing, encryption, and integrity validation across distributed microservices environments. It enables secure service-to-service communication for several internal mission-critical services at global scale. His defense-in-depth and zero-trust security strategies have been adopted across Microsoft’s engineering and platform teams, embedding secure-by-design patterns throughout the organization’s cloud infrastructure.

Ten Papers and a Threat Model the Industry Needed

While maintaining his responsibilities at Microsoft, Thirumalaisamy has authored 10 peer-reviewed research publications addressing some of cybersecurity’s most urgent problems. His output includes work on zero-day vulnerability detection in container images, methods for verifying the accuracy and drift of Software Bill of Materials, isolated build environments that defend against insider threats, and a formal threat taxonomy for Model Context Protocol server ecosystems.

That last paper may prove to be his most significant. Presented at the IEEE Global Leaders Summit in December 2025, it introduced a structured framework for categorizing protocol-specific, authentication-specific, and prompt-specific attack vectors in agent-based orchestration systems. Traditional application security models were never built to account for autonomous tool invocation, context injection, or agent-to-agent communication risks. His framework fills that gap. A startup founder in the infrastructure space has already reached out to explore adopting the taxonomy in production environments.

​​Recognition From Peers, Institutions, and the Stage

Thirumalaisamy’s contributions have earned him independent recognition from multiple professional bodies. He received the 2025 Cybersecurity Excellence Award for leadership in cloud security and software supply chain protection, an honor recognizing measurable impact in information security. He also received the Claro Gold Award that same year for contributions to security through applied artificial intelligence methods.

He holds Senior Member status with IEEE, a distinction awarded to professionals with at least 10 years of significant accomplishments in engineering. He is a Fellow of IETE, the Institution of Electronics and Telecommunication Engineers, a grade that acknowledges sustained professional excellence. He serves as a peer reviewer for international cybersecurity journals and conferences and has judged global technology competitions.

His presence on the conference circuit reinforces his standing. He delivered a keynote at Conf42 KubeNative 2025, an international cloud-native conference attended by engineers, DevOps practitioners, and enterprise architects. His presentation on defense-in-depth security for mission-critical Kubernetes services was later published on Conf42’s YouTube channel, expanding its global reach. In February 2026, he served as a keynote speaker at the International Conference on Intelligent Computing, Artificial Intelligence, and Automation, presenting mitigation models for threats to agent-based systems.

​“Through research, advisory roles, peer review, judging, and mentorship, I contribute to raising security standards across the ecosystem,” Thirumalaisamy said.

He holds a Bachelor of Computer Applications and a Master of Business Administration. Before Microsoft, he served as a Technical Manager at Cognizant working on Ernst and Young engagements, an Associate Technical Architect at Aditi Technologies, and a Technical Architect at Payoda Technologies. Each role involved re-architecting enterprise systems for greater performance, reliability, and security. His 18-year trajectory from software developer to the architect of one of the most critical security layers at one of the most scrutinized technology companies on earth speaks to the sustained and measurable nature of his contributions.