MSRC Ecosystem Strategy Team

Helping to secure the planet

About MSRC Ecosystem Strategy (Ecostrat) Team

About

About MSRC Ecosystem Strategy (Ecostrat) Team

ABOUT THE BLOG

The Microsoft Ecosystem Strategy (EcoStrat) team, as part of the Microsoft Security Response Center (MSRC) and Microsoft's Trustworthy Computing (TwC) group, operates at the intersection of technology and people. Our team works with a virtual team of security experts from all over the world in order to better understand how vulnerabilities affect our customers, our products and the Internet as a whole. The EcoStrat team is one of the groups responsible for securing Microsoft's current and future products. 

We see this blog as an opportunity to talk about our work within some of these ecosystems, from the front lines. We have opened this virtual forum to members from the Security Response Communications team, the Microsoft Security Science team, and the MSRC Operations team to join in on this conversation and provide a broader look at the many faces of Microsoft's Trustworthy Computing Security. Together our aim is to dive into the many complex challenges we encounter on a unified front to continue to seek better solutions. A lot of what drives us is our aspirations – our hopes, if you will. Our hope that by bringing together people and policy within different organizations, we can increase trust, better defend our ecosystems, and ultimately help secure our planet from malicious software threats. Our hope is that by being more transparent about our work in various security ecosystems and regions around the world, a message will be heard: Nobody alone can “secure the planet”. No one product, no one company.

ABOUT THE ECOSTRAT BLOGGERS

ANDREW CUSHMAN: Senior Director, TwC Security 
clip_image001Andrew Cushman wears many hats, and goes by many names, as the senior director in the TwC Security Group.  “The Cush” works closely with the MSRC Ops Team which is responsible for all things related to vulnerability reports and the company’s monthly security updates; and with the MSRC EcoStrat team which drives security ecosystem evolution through collaboration with security researchers, security companies and organizations and CERTs.

Cushman was introduced to security during his stint on Microsoft Money in the early ‘90s. He earned his apprentice security badge on the Internet Information Services team – where he helped ship IIS4.0, IIS5.0 and eventually IIS 6.0 the first “poster child” of Microsoft’s commitment to security engineering and Trustworthy Computing.

Since joining the MSRC in 2004 he has been a driving force behind the company’s security outreach and security update strategies. He is often heard to remark that he has the best job at the company and perhaps even the best job in the industry. He is often seen handing out business cards and spreading the religion of Microsoft Security at conferences and events around the world.

 


STEPHEN (STEVE) ADEGBITE: Sr. Security Program Mgr Lead
clip_image002Stephen aka “Cap’n Steve” Adegbite is a Sr. Security Program Mgr Lead in the Microsoft Security Response Center(MSRC) , working in the group that is responsible for securing current and future Microsoft products.

Steve started off in the computer field as a scared 10-year old who discovered his father's TRS-80 and proceeded to take apart to see how it worked. He then couldn’t put it back together. He later discovered the early NYC hometown BBS and the kind people on it, who took pity on him and helped him to put it back together and learn the early art of “hacking” (not the bad kind of course :-).

Steve went on to hone his chi on vulnerability intelligence, application security and Information assurance through many years in the Marine Corps’ Communication and signal Intelligence community. While there, he founded the first ever Information Assurance red team charged with adversarial testing of the Marine Corps Enterprises Network (MCEN).  He also at time was the officer in charge of the Marine’s Corps’ Emergency Response Team (MAR-CERT) component to the Joint Task Force Global Network Operation Center (JTF-GNO). Following that, he worked as an Information Operations specialist for various “light” and “dark” places within the US government.

 

SARAH BLANKINSHIP: Senior Security Strategist - Lead
clip_image003Sarah Blankinship fights the good fight at Microsoft as a Senior Security Strategist, working with hackers and InfoSec sellouts alike, one continent at a time.  On good days, she battles the asymmetry between attacker and defender together with the world's best security response team, the Microsoft Security Response Center.  On other days, her diplomacy and firefighting skills are applied to some of the world's most challenging security problems.  She dreams of a day when people, passion and policy unite to combat evil and secure the planet.

 

 


MIKE REAVEY: Director, MSRC
clip_image004As Director of the MSRC within Trustworty Comuting Security, Mike Reavey works with security teams to proactively  identify and communicate critical software vulnerabilities to customers. Building on Microsoft’s commitment to Trustworthy Computing, Mike’s responsibilities include responding to vulnerability reports, engaging with the security community, and collaborating with internal product groups to provide updates to customers and help protect them from computing security threats.

Part of a collective initiative to better protect software users from such threats, Mike’s team is constantly evolving its response capabilities. Mike was deeply involved in Microsoft’s work combating the Zotob, Sasser, and Blaster outbreaks, and has helped MSRC continually prove its ability to respond to attacks and blended threats. His goal for the group is to continue to evolve in the wake of new threats and serve as the first and best source of information for customers and internal teams.

Mike joined Microsoft in June 2003 as part of the MSRC team focused on vulnerability response initiatives for Microsoft Internet Explorer. Before that, he served in the U.S. Air Force as team leader for the Air Force Communications Agency and 92nd Information Warfare Squadron, responsible for securing and optimizing global air force networks.

 


CELENE TEMKIN: [Unofficial ‘MSRC COO’ &] BlueHat Project Manager
clip_image005Celene Temkin deftly navigates a variety of disciplines within the Security Engineering department at  Microsoft; such as operations, communications, and high-profile event project management. Focusing on security researcher outreach, Celene manages worldwide conference co-sponsorships while simultaneously shipping Microsoft’s own hacker conference, the BlueHat Security Briefings. She believes that bringing understanding about the current threat landscape is the best way to better educate our own defenders and help secure the platform, and works tirelessly towards such security information exchange. Her past experience in the entertainment industry helps her socialize the MSRC EcoStrat team initiatives while keeping them innovative and each one better than the last.

 

 


ADRIAN STONE: Senior Security Program Manager Lead

clip_image006Adrian Stone (or “Stonez!” as referred to by his friends and colleagues) is a Senior Security Program Manager Lead in the MSRC. He is responsible for managing a component of the MSRC's Ops team that handles the organization’s analytics, infrastructure, bulletin publication and overall risk management responsibilities. Simply put, if it deals with data, infrastructure, bulletins, or tough decisions impacting the security of Microsoft’s customers, Adrian and his team are definitely in the mix.

Adrian’s security background encompasses over 15 years in securing and breaching networks, hosts and applications. His security indoctrination originally started when he protected a West Texas ISP built on Microsoft Windows NT4 from the actions of its former and then very rogue Architect. Afterwards, Adrian went on to become responsible for the Security Operations and Architecture to several early dot-com ventures that focused on Mobile Communications and e-commerce technologies. Adrian later served as a Security Analyst for one of the nation’s largest critical infrastructure nuclear energy providers at Florida Power & Light (FPL).

Adrian signed up for MSRC duty in 2005, driving security investigations that impacted the multitude of Windows Operating Systems and Microsoft Office application suites. Adrian is also the regular voice of the MSRC's TechNet Monthly Security Bulletin Webcast Series. He also occasionally posts and speaks his mind on his TechNet blog.


KARL HANMORE: Senior Security Strategist

clip_image008 Karl Hanmore works within the MSRC helping to maintain and grow relationships with key organizational partners globally. Karl’s front and center focus is to help the security ecosystem by ensuring stronger strategic and operational relationships between the Microsoft Security Response Center (MSRC) and the global CERT community – especially national CERTs. In the global battle against the forces who would do us harm, Karl believes that CERTs are the troops you want on your team.

Prior to joining the MSRC in June 2009, Karl lived and breathed the CERT community as the Operations Manager for AusCERT, Australia’s National CERT. In this role, Karl and his team were on the front lines of the battle for cyberspace, working both in the light and in the shadows for the greater good. Karl has a background in the banking and finance industry, as well as the ISP business in the heyday of the Internet in the early 90s.

Karl has progressed through the years always looking for a chance to protect a larger portion of the community, from his humble beginning being the only “computer guy” in his small country school in rural Australia through to his current role in the MSRC. Here, he feels he can make a real difference in helping to secure the planet.


 DUSTIN CHILDS: Security Program Manager

Mando Dustin Childs is a Security Program Manager for the Microsoft Security Response Center (MSRC) and is responsible for handling vulnerabilities reported in the Microsoft Windows family of operating systems.  The MSRC identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. The MSRC also manages a company-wide security update release process and serves as the single point of coordination and communications. The MSRC focuses on providing customers with timely and authoritative information and by delivering high-quality security updates, and on helping to prevent future issues through security engineering and development changes.

 

Prior to joining the MSRC at the beginning of 2008, Dustin was working for the U.S. Air Force as both active duty serviceman and defense contractor performing such diverse duties as intrusion detection, incident response, network architecture, information warfare, and defense counter information. He was also a founding member of the Air Force Network Architecture Solutions (AFNAS) Facility.

 


JERRY BRYANT: Senior Security Program Manager Lead
Jman
Jerry 'JMan' Bryant is a Senior Security Communications Manager Lead on the security response communications team in Trustworthy Computing (TwC). Since joining the team in 2007, he has been working to streamline response operations and emergency communications. Jerry leads a dedicated team whose mission is to quickly provide clear and authoritative guidance on software vulnerability issues to customers.

Jerry has been immersed in the security community for over seven years, providing guidance and information during outbreaks such as Code Red, Nimda, Sasser, and Blaster. Jerry's roots in security response go back to 2003 when he helped to establish Microsoft's Security MVP community, and later working as a program manager for a security team in Customer Service and Support that provided response communications to partners in the Microsoft Security Response Alliance (MSRA).

 
 


JOE HEMMERLEIN: Security Program Manager
VoltyAs a Security Program Manager in the Microsoft Security Response Center (MSRC), Joe interacts with external security researchers and internal groups within Microsoft to make security bulletins, advisories, and updates happen. It all starts with a vulnerability report which he triages to determine the risks to customers, such as classifying the type of vulnerability and likelihood of exploitation. He works with the MSRC engineering and product teams to determine root cause, affected products, possible variants, and possible solutions. He stays in touch with the original finders of privately-reported vulnerabilities to keep them informed throughout the process. He and his team constantly re-evaluate the risk level of vulnerabilities so that a new course can be laid in quickly as needed to keep customers secure. Once a "bulletin-class" fix is checked in, Joe writes the security bulletin and works with key stakeholders to get the content reviewed while the solution is verified and the fix is undergoing testing. It’s his job to ensure that the security bulletins he releases address the issue in full and that the quality gates are met the first time.
Until he joined the MSRC in March 2008, Joe worked in the Security Incident Response team with Microsoft Customer Service and Support in the EMEA region. In this role he was responsible for training and providing technical guidance for early adopters of Microsoft Antimalware technology and corresponding beta programs. He also worked with customers to identify and recover compromised systems, determine the cause of the systems' compromise, and implement countermeasures to help prevent against the same thing happening again. Before that, Joe was a support engineer for the Windows platform, right around when Microsoft Windows NT 4.0 Service Pack 3 came out. In his past life, he also worked for various ISPs and sang in a famous choir.


MAARTEN VAN HORENBEECK: Senior Program Manager
ClusterMaarten Van Horenbeeck, né Cluster, came to being in the year 2056 in the small unincorporated town of Belgium, WV. After twenty-something years going through a rigorous training program led by a tight-knit group of rogues fighting against a society in which malicious code had taken over as the governing ruler, he was sent back in time to help the protect the planet against the precarious future he was raised in.
As a Security Program Manager in the Microsoft Security Response Center (MSRC), Maarten works with the security research community to help ensure Microsoft is responsive in addressing vulnerabilities reported in its software. Maarten’s main interests are in the areas of covert channel analysis, malicious code, and cryptographic breaks.
Before joining the MSRC, Maarten worked for a major telecommunications provider as a security specialist focusing on the financial services industry.


ALL-STAR GUESTS

clip_image009

The TwC Security All-Stars work to build and strengthen relationships within the security community and bring this information home to help build and strengthen Microsoft products.  Look for them on and off stage at security conferences near you.