Before I actually start with content, let me briefly give you some background: I took the role of the Chief Security Advisor (CSA) in EMEA (Europe, Middle East and Africa) after having been 5 years the CSA in Switzerland. I went through all the nice challenges of Nimda, Code Red, Slammer, Blaster, Sasser and some more. February 1st, I joined the EMEA organization to expand my function over the whole region. Now, in Switzerland we have kind of a unwritten agreement between the "classe politique" (the politicians) and the journalists: During the first 100 days the press does not aggressively talk about the politician. After 100 days the politician (especially ministers) give a press conference to report on his/her initial findings – I am not that important, therefore I just blog.
Looking at this, it would be my time to look back at the first period in this role – being an engineer, it is not too important that it took me 143 days J
The Chief Security Advisors in the countries Microsoft has offices have basically one important goal: Building trust! Building trust with our companies, governments, law enforcement, press, analysts, partners and last but definitely not least consumers. But trust not only in Microsoft. We work with the industry to help to gain trust in the information infrastructure as a whole. In EMEA alone, we are working with 15 CSAs and I am extremely proud being part of this great community.
Besides this community, there are a lot of people working with us to achieve this goal:
The biggest highlights during this first phase were definitely the product launches with Windows Vista on the top. Windows Vista is the first product being engineered and developed with security in mind from the beginning and is a testament to our Security Development Lifecycle as research by my colleague Jeff Jones shows. Additionally we launched Forefront Client Security. Are we done now? No, definitely not. Products are by far not the end of the road but a fundamentally secure platform is key. Will we ever be secure? No – there is no such thing as 100% secure because threats and criminal behind them constantly evolve, but definitely Windows Vista is the most secure Operating System we shipped ever.
I am convinced that we have to work even harder to make sure we stay focused on the new challenges.
Therefore, let's talk about priorities as this is usually the core of a 100-day-press-conference:
Basically there are three things on my list. The first is 'earn the trust of my customers'. So is the second and so is the third. If I had more room available in this blog, you'd see the same thing all the way down it.
In order to do this, I will focus on different areas:
Besides these priorities, all the CSAs will further engage with the security community in the region and work with our customers of all sizes to help them to solve their business problems in a secure and safe way.
So, let's jointly work to "make the Internet a safer place"