Hi, Andrew Cushman the new director of the MSRC here.

 

I’m thrilled to join this kickass team.  I ‘m excited by the chance to continue delivering industry leading security response and by the chance to more closely integrate my other responsibilities with the MSRC team.

 

Over the past couple years I led Microsoft’s Security Outreach Initiative. I was part of a small team responsible for Microsoft’s engagement of the security research community. That team was responsible for the Security Researcher Appreciation receptions at the Black Hat conferences, for “hacker” conference sponsorship, for community outreach programs and for the internal Microsoft BlueHat security conference.

 

And BlueHat is the reason for this blog post.  On Wednesday May 9th we kicked off the fifth BlueHat security conference with talks presented to executives and senior engineering leaders from across the company. BlueHat v5 continues on Thursday with general sessions for the engineering teams. We have a full day of content planned of interest to engineers on our newest products XBox, Mobile, Security Products, Live and Web Apps.  The agenda and speaker bios can be found here.

http://www.microsoft.com/technet/security/bluehat/2007spring.mspx

 

Included below is a short description of the event along with the why we do this and what we learn.

 

Additionally here’s more background on BlueHat from a couple channel9 videos from past events http://channel9.msdn.com/ShowPost.aspx?PostID=194518#194518.

 

The BlueHat goals are two-fold

-          Expose senior product leaders and front line engineers to the threats and attack tools and methodologies used in the real world. Take the security threat from the theoretical/intellectual level of, ”I understand what a buffer overflow is”, to “OMG that’s what it’s like.”  BlueHat connects with employees at a visceral in order and *really* brings the message home. You can read about security issues and still be somewhat detached, but when someone breaks your product in front of a few hundred peers  - that’s a real catalyst for change.

-          Expose security researchers (and the security community) to Microsoft engineers and business leaders.  In the past there’s been the perception that MS doesn’t “get” security and that we don’t really care about security or customer protection.  BlueHat gives us a chance to open up on our home turf and gives the researchers an opportunity to interact with all levels of the organization. They too get to experience first-hand that Microsoft does have smart, passionate engineers that do care about security.

 

I’m super excited about v5. It’s a great line up of engaging speakers with fantastic content. Stay tuned, we’ll be sure to post updates on the BlueHat blog (http://blogs.technet.com/bluehat) and likely on the SDL blog (http://blogs.msdn.com/sdl/)in the week ahead.

 

 

Andrew

Sr. Director Security Response and Community

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*