The official Microsoft Security Blog provides in-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance. Each week you’ll hear from Microsoft security experts who share insights and report on research and our collaborative work internally and with industry and governments around the world to build more secure software and services; to advance the IT ecosystem; and collective efforts to build a safer, more trusted Internet for everyone.
Meet the contributors to the Microsoft Security Blog – each one of them would love to hear your comments and feedback, so leave a comment or reach out to them on @msftsecurity.
Recently listed as one of 25 Most Powerful Voices in Security, Jeff Jones is a 25-year security industry professional that has spent the last several years at Microsoft helping drive security progress as part of the Trustworthy Computing initiative. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft's internal security teams to drive practical and measurable security improvements into Microsoft process and products. Among other activities, Jeff contributes research and analysis to the Microsoft Security Intelligence Report.
Prior to Microsoft, Jeff was the vice president of product management for security products at Network Associates where his responsibilities included PGP, Gauntlet and Cybercop product lines (and formerly managed the McAfee corporate antivirus product line). These latest positions cap a career focused on security, managing risk, building custom firewalls and being involved in DARPA security research projects while part of Trusted Information Systems.
Jeff is a frequent global speaker and writer on security topics ranging from the very technical to more high level, CxO-focused topics such as Security TCO and metrics. In addition to the Microsoft Security Blog, Jeff is also a contributor on the Trustworthy Computing Blog and The Security Decode blog on CSOOnline.
Jeff earned a Masters in Computer Engineering at the University of Southern California and a Bachelor of Science in Computer and Electrical Engineering at Purdue University.
Tim Rains is a Director in Microsoft's Trustworthy Computing group responsible for managing marketing and communications that span Microsoft's boxed and cloud products as they relate to security, privacy and reliability.
Tim's team manages marketing and communications for the Microsoft Security Response Center (MSRC), the Microsoft Malware Protection Center (MMPC), and the MicrosoftSecurity Engineering Center (MSEC) which includes the Security Development Lifecycle (SDL) and Security Science. Among other things, his team manages the Microsoft Security Intelligence Report (www.microsoft.com/sir) which provides an in-depth analysis on the global threat landscape.
In his early years at Microsoft, Tim served in several roles including Program Manager in the Windows Networking team – Core Operating Systems Division, Technical Lead on the Security Incident Response team in the Product Support Services (PSS) Security team and Technical Lead on the PSS Windows Server Networking team.
Tim's background early on set the foundation that led to roles including Senior Public Relations Manager of Security Response, Senior Product Manager of the Microsoft Malware Protection Center and more recently the Director of Product Management within Trustworthy Computing.
Tim earned a Master's degree in Business Administration (MBA) at Seattle University and a Bachelor of Arts (BA) degree at the University of Alberta. Tim also holds several technical certifications including CISSP, MCSE, MCSA, including a Computer Systems Technology diploma from the Northern Alberta Institute of Technology.
Paul Nicholas leads Microsoft’s Global Security Strategy and Diplomacy Team, which focuses on driving strategic change, both within Microsoft and externally, to advance infrastructure security and resiliency. His team addresses global challenges related to risk management, incident response, emergency communications, and information sharing.
Paul recently served as subject matter expert for the East West Institute’s 2011 publications, including the first U.S. Russia taxonomy for cyber collaboration and a review of the applicability of The Hague and Geneva Conventions on cyberspace. In 2007, he helped to establish the Software Assurance Forum for Excellence in Code (SAFECode), a multi-company effort to advance industry best practices for software security and integrity.
Prior to joining the Microsoft, Paul spent over eight years in the U.S. Government, focusing on emerging threats to economic and national security. From 2002-2004, he served as White House Director of Cybersecurity and Critical Infrastructure Protection. In that role, he coordinated the National Strategy to Secure Cyberspace and Homeland Security Presidential Decision Directive 7. Paul also served in the legislative branch, working as a senior policy advisor for U.S. Senator Robert F. Bennett and as a staff member of the Judiciary Subcommittee on Technology, Terrorism and Government Information. He has also served as an Assistant Director at the U.S. Government Accountability Office, and as an analyst for the U.S. Department of Defense.
Paul earned a B.A. from Indiana University, an M.A. from Georgetown University, and is a Certified Information Systems Security Professional.
Patrick Arnold is the General Manager responsible for the Microsoft Services cybersecurity mission within the Americas and public sector, worldwide. Arnold leads a team of security professionals who possess a deep technical understanding of cyber threats with decades of collective experience in the protection, detection, response and recovery of complex government and commercial industry information and communication technology systems. The team also consists of malware researchers and software developers who develop specialized tools to assist in investigative, forensics, and remediation efforts.
Prior to this role, Pat was the Chief Technical Officer in Trustworthy Computing (TwC) at Microsoft. Based in Washington DC, his responsibilities included providing technology and policy thought leadership on the core TwC tenants of security, privacy, reliability and business practices. In this role, Arnold also collaborated with government principals on emerging technical and policy issues. He worked closely with the TwC teams responsible for Common Criteria and the advancement of software assurance reform as well as the Security Development Lifecycle (SDL) and supply chain interests of the company.
Pat Arnold is a twenty-one year employee of Microsoft and has held a number of engineering and management roles throughout his cyber, INFOSEC, and engineering career. Prior to Microsoft he held positions at Unisys and Sperry Defense Systems in a number of systems engineering roles in the development and support of mission critical hardware and software systems.
Kevin Sullivan is a Senior Security Strategist with Microsoft’s Global Security Strategy and Diplomacy team, which focuses on driving strategic change, both within Microsoft and externally, to advance infrastructure security and resiliency. His team addresses global challenges related to risk management, incident response, emergency communications, and information sharing.
Kevin leads the group’s efforts on internet threat reduction, smart grid and critical infrastructure security. Kevin participates in several industry committees focused on technology and policy issues and is a frequent speaker at conferences. In a previous role at Microsoft Kevin led information security assessments for the company’s network security group. Prior to joining Microsoft, Kevin specialized in system and network design for government, academic and private sector organizations.
Kevin earned a Bachelor of Science in Information Science from Northeastern University and a Certificate in Strategic Planning for Critical Infrastructures from the University of Washington. He also holds the MCSE: Security, CISSP, CCSK, and ITIL Foundation certifications.
Bruce Cowper is a Senior Security Strategist in Trustworthy Computing at Microsoft Corp. In this role, he is responsible for driving security strategy communications for Microsoft and until recently was the driving force behind the Microsoft Cloud Incident Response team covering Online Security, Privacy and Reliability.
Bruce joined Microsoft in 2004, and held several positions at Microsoft Canada before moving to the United States, including cloud response communications manager, virtualization lead, Chief Security Advisor, Security and Privacy lead and IT Pro advisor.
Before joining Microsoft, Bruce served on the board of directors of several IT companies, where he specialized in Internet-based and communication services, secure system design, and served as a consultant for Law Enforcement communities around the world.
Bruce is a founding member of the Security Education Conference Toronto (SecTor), the Toronto Area Security Klatch (TASK), the Ottawa Area Security Klatch (OASK) and an active member of numerous organizations across North America, including the Seattle Cloud Security Alliance chapter.
Bruce earned a Bachelor of Engineering in Computer Systems Enginnering from University of Sussex in England and holds a number of industry certifications.