ABOUT THE BLOG
The Microsoft Ecosystem Strategy (EcoStrat) team, as part of the Microsoft Security Response Center (MSRC) and Microsoft's Trustworthy Computing (TwC) group, operates at the intersection of technology and people. Our team works with a virtual team of security experts from all over the world in order to better understand how vulnerabilities affect our customers, our products and the Internet as a whole. The EcoStrat team is one of the groups responsible for securing Microsoft's current and future products.
We see this blog as an opportunity to talk about our work within some of these ecosystems, from the front lines. We have opened this virtual forum to members from the Security Response Communications team, the Microsoft Security Science team, and the MSRC Operations team to join in on this conversation and provide a broader look at the many faces of Microsoft's Trustworthy Computing Security. Together our aim is to dive into the many complex challenges we encounter on a unified front to continue to seek better solutions. A lot of what drives us is our aspirations – our hopes, if you will. Our hope that by bringing together people and policy within different organizations, we can increase trust, better defend our ecosystems, and ultimately help secure our planet from malicious software threats. Our hope is that by being more transparent about our work in various security ecosystems and regions around the world, a message will be heard: Nobody alone can “secure the planet”. No one product, no one company.
ABOUT THE ECOSTRAT BLOGGERS
ANDREW CUSHMAN: Senior Director, TwC Security Andrew Cushman wears many hats, and goes by many names, as the senior director in the TwC Security Group. “The Cush” works closely with the MSRC Ops Team which is responsible for all things related to vulnerability reports and the company’s monthly security updates; and with the MSRC EcoStrat team which drives security ecosystem evolution through collaboration with security researchers, security companies and organizations and CERTs.
Cushman was introduced to security during his stint on Microsoft Money in the early ‘90s. He earned his apprentice security badge on the Internet Information Services team – where he helped ship IIS4.0, IIS5.0 and eventually IIS 6.0 the first “poster child” of Microsoft’s commitment to security engineering and Trustworthy Computing.
Since joining the MSRC in 2004 he has been a driving force behind the company’s security outreach and security update strategies. He is often heard to remark that he has the best job at the company and perhaps even the best job in the industry. He is often seen handing out business cards and spreading the religion of Microsoft Security at conferences and events around the world.
STEPHEN (STEVE) ADEGBITE: Sr. Security Program Mgr Lead Stephen aka “Cap’n Steve” Adegbite is a Sr. Security Program Mgr Lead in the Microsoft Security Response Center(MSRC) , working in the group that is responsible for securing current and future Microsoft products.
Steve started off in the computer field as a scared 10-year old who discovered his father's TRS-80 and proceeded to take apart to see how it worked. He then couldn’t put it back together. He later discovered the early NYC hometown BBS and the kind people on it, who took pity on him and helped him to put it back together and learn the early art of “hacking” (not the bad kind of course :-).
Steve went on to hone his chi on vulnerability intelligence, application security and Information assurance through many years in the Marine Corps’ Communication and signal Intelligence community. While there, he founded the first ever Information Assurance red team charged with adversarial testing of the Marine Corps Enterprises Network (MCEN). He also at time was the officer in charge of the Marine’s Corps’ Emergency Response Team (MAR-CERT) component to the Joint Task Force Global Network Operation Center (JTF-GNO). Following that, he worked as an Information Operations specialist for various “light” and “dark” places within the US government.
SARAH BLANKINSHIP: Senior Security Strategist - Lead Sarah Blankinship fights the good fight at Microsoft as a Senior Security Strategist, working with hackers and InfoSec sellouts alike, one continent at a time. On good days, she battles the asymmetry between attacker and defender together with the world's best security response team, the Microsoft Security Response Center. On other days, her diplomacy and firefighting skills are applied to some of the world's most challenging security problems. She dreams of a day when people, passion and policy unite to combat evil and secure the planet.
MIKE REAVEY: Director, MSRC As Director of the MSRC within Trustworty Comuting Security, Mike Reavey works with security teams to proactively identify and communicate critical software vulnerabilities to customers. Building on Microsoft’s commitment to Trustworthy Computing, Mike’s responsibilities include responding to vulnerability reports, engaging with the security community, and collaborating with internal product groups to provide updates to customers and help protect them from computing security threats.
Part of a collective initiative to better protect software users from such threats, Mike’s team is constantly evolving its response capabilities. Mike was deeply involved in Microsoft’s work combating the Zotob, Sasser, and Blaster outbreaks, and has helped MSRC continually prove its ability to respond to attacks and blended threats. His goal for the group is to continue to evolve in the wake of new threats and serve as the first and best source of information for customers and internal teams.
Mike joined Microsoft in June 2003 as part of the MSRC team focused on vulnerability response initiatives for Microsoft Internet Explorer. Before that, he served in the U.S. Air Force as team leader for the Air Force Communications Agency and 92nd Information Warfare Squadron, responsible for securing and optimizing global air force networks.
CELENE TEMKIN: [Unofficial ‘MSRC COO’ &] BlueHat Project Manager Celene Temkin deftly navigates a variety of disciplines within the Security Engineering department at Microsoft; such as operations, communications, and high-profile event project management. Focusing on security researcher outreach, Celene manages worldwide conference co-sponsorships while simultaneously shipping Microsoft’s own hacker conference, the BlueHat Security Briefings. She believes that bringing understanding about the current threat landscape is the best way to better educate our own defenders and help secure the platform, and works tirelessly towards such security information exchange. Her past experience in the entertainment industry helps her socialize the MSRC EcoStrat team initiatives while keeping them innovative and each one better than the last.
ADRIAN STONE: Senior Security Program Manager Lead
Adrian Stone (or “Stonez!” as referred to by his friends and colleagues) is a Senior Security Program Manager Lead in the MSRC. He is responsible for managing a component of the MSRC's Ops team that handles the organization’s analytics, infrastructure, bulletin publication and overall risk management responsibilities. Simply put, if it deals with data, infrastructure, bulletins, or tough decisions impacting the security of Microsoft’s customers, Adrian and his team are definitely in the mix.
Adrian’s security background encompasses over 15 years in securing and breaching networks, hosts and applications. His security indoctrination originally started when he protected a West Texas ISP built on Microsoft Windows NT4 from the actions of its former and then very rogue Architect. Afterwards, Adrian went on to become responsible for the Security Operations and Architecture to several early dot-com ventures that focused on Mobile Communications and e-commerce technologies. Adrian later served as a Security Analyst for one of the nation’s largest critical infrastructure nuclear energy providers at Florida Power & Light (FPL).
Adrian signed up for MSRC duty in 2005, driving security investigations that impacted the multitude of Windows Operating Systems and Microsoft Office application suites. Adrian is also the regular voice of the MSRC's TechNet Monthly Security Bulletin Webcast Series. He also occasionally posts and speaks his mind on his TechNet blog.
KARL HANMORE: Senior Security Strategist
Karl Hanmore works within the MSRC helping to maintain and grow relationships with key organizational partners globally. Karl’s front and center focus is to help the security ecosystem by ensuring stronger strategic and operational relationships between the Microsoft Security Response Center (MSRC) and the global CERT community – especially national CERTs. In the global battle against the forces who would do us harm, Karl believes that CERTs are the troops you want on your team.
Prior to joining the MSRC in June 2009, Karl lived and breathed the CERT community as the Operations Manager for AusCERT, Australia’s National CERT. In this role, Karl and his team were on the front lines of the battle for cyberspace, working both in the light and in the shadows for the greater good. Karl has a background in the banking and finance industry, as well as the ISP business in the heyday of the Internet in the early 90s.
Karl has progressed through the years always looking for a chance to protect a larger portion of the community, from his humble beginning being the only “computer guy” in his small country school in rural Australia through to his current role in the MSRC. Here, he feels he can make a real difference in helping to secure the planet.
DUSTIN CHILDS: Security Program Manager
Dustin Childs is a Security Program Manager for the Microsoft Security Response Center (MSRC) and is responsible for handling vulnerabilities reported in the Microsoft Windows family of operating systems. The MSRC identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. The MSRC also manages a company-wide security update release process and serves as the single point of coordination and communications. The MSRC focuses on providing customers with timely and authoritative information and by delivering high-quality security updates, and on helping to prevent future issues through security engineering and development changes.
Prior to joining the MSRC at the beginning of 2008, Dustin was working for the U.S. Air Force as both active duty serviceman and defense contractor performing such diverse duties as intrusion detection, incident response, network architecture, information warfare, and defense counter information. He was also a founding member of the Air Force Network Architecture Solutions (AFNAS) Facility.
Jerry has been immersed in the security community for over seven years, providing guidance and information during outbreaks such as Code Red, Nimda, Sasser, and Blaster. Jerry's roots in security response go back to 2003 when he helped to establish Microsoft's Security MVP community, and later working as a program manager for a security team in Customer Service and Support that provided response communications to partners in the Microsoft Security Response Alliance (MSRA).