Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

About : Microsoft Security Blog

About : Microsoft Security Blog


The official Microsoft Security Blog provides in-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance. Each week you’ll hear from Microsoft security experts who share insights and report on research and our collaborative work internally and with industry and governments around the world to build more secure software and services; to advance the IT ecosystem; and collective efforts to build a safer, more trusted Internet for everyone.

Meet the contributors to the Microsoft Security Blog – each one of them would love to hear your comments and feedback, so leave a comment or reach out to them on @msftsecurity.

Jeff Jones
Jeff Jones
Director | Trustworthy Computing

Recently listed as one of 25 Most Powerful Voices in Security, Jeff Jones is a 25-year security industry professional that has spent the last several years at Microsoft helping drive security progress as part of the Trustworthy Computing initiative. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft's internal security teams to drive practical and measurable security improvements into Microsoft process and products.  Among other activities, Jeff contributes research and analysis to the Microsoft Security Intelligence Report.

Prior to Microsoft, Jeff was the vice president of product management for security products at Network Associates where his responsibilities included PGP, Gauntlet and Cybercop product lines (and formerly managed the McAfee corporate antivirus product line). These latest positions cap a career focused on security, managing risk, building custom firewalls and being involved in DARPA security research projects while part of Trusted Information Systems.

Jeff is a frequent global speaker and writer on security topics ranging from the very technical to more high level, CxO-focused topics such as Security TCO and metrics. In addition to the Microsoft Security Blog, Jeff is also a contributor on the Trustworthy Computing Blog and The Security Decode blog on CSOOnline.

Jeff earned a Masters in Computer Engineering at the University of Southern California and a Bachelor of Science in Computer and Electrical Engineering at Purdue University.

Tim Rains
Director | Trustworthy Computing

Tim Rains is a Director in Microsoft’s Trustworthy Computing group where he is responsible for managing marketing and corporate communications that span Microsoft’s products and cloud services as they relate to security, privacy and reliability. His expertise ranges across security incident response (engineering and communications), threat intelligence, malware protection, security strategy, operations and development. Among other efforts, his team manages the Microsoft Security Intelligence Report which provides an in-depth analysis on the global threat landscape.

In his early years at Microsoft, Tim served in several roles including Program Manager on the Windows Networking team in Microsoft’s Core Operating Systems Division, and the Technical Lead on both Microsoft’s customer facing Security Incident Response team and Enterprise Networking team.

Tim frequently speaks at industry conferences around the world including RSA conferences in the US and Europe, Cloud Security Alliance Congress, NIST Cybersecurity Innovation Forum, ISACA’s World Congress Insights, InfraGard Regional Conference, Security Education Conference Toronto (SECTor), TechEd and many others. Tim is regularly quoted in the press as a security industry expert, and has participated in international, national and local broadcast television and radio interviews, including the BBC. Tim is a frequent contributor on several blogs including Microsoft’s Official Security Blog, the Trustworthy Computing Blog, Microsoft on the Issues, The Official Microsoft Blog, and the Microsoft Europe On the Issues blog.

Tim earned an MBA at Seattle University and a BA at the University of Alberta. Tim also holds several technical certifications including CISSP, MCSE, as well as a Computer Systems Technology diploma from the Northern Alberta Institute of Technology.

Paul Nicholas
Senior Director | Trustworthy Computing

Paul Nicholas leads Microsoft’s Global Security Strategy and Diplomacy Team, which focuses on driving strategic change, both within Microsoft and externally, to advance infrastructure security and resiliency. His team addresses global challenges related to risk management, incident response, emergency communications, and information sharing.

Paul recently served as subject matter expert for the East West Institute’s 2011 publications, including the first U.S. Russia taxonomy for cyber collaboration and a review of the applicability of The Hague and Geneva Conventions on cyberspace. In 2007, he helped to establish the Software Assurance Forum for Excellence in Code (SAFECode), a multi-company effort to advance industry best practices for software security and integrity.

Prior to joining the Microsoft, Paul spent over eight years in the U.S. Government, focusing on emerging threats to economic and national security. From 2002-2004, he served as White House Director of Cybersecurity and Critical Infrastructure Protection. In that role, he coordinated the National Strategy to Secure Cyberspace and Homeland Security Presidential Decision Directive 7. Paul also served in the legislative branch, working as a senior policy advisor for U.S. Senator Robert F. Bennett and as a staff member of the Judiciary Subcommittee on Technology, Terrorism and Government Information. He has also served as an Assistant Director at the U.S. Government Accountability Office, and as an analyst for the U.S. Department of Defense. 

Paul earned a B.A. from Indiana University, an M.A. from Georgetown University, and is a Certified Information Systems Security Professional.

Patrick Arnold
Patrick Arnold
General Manager | Microsoft Services

Patrick Arnold is the General Manager responsible for the Microsoft Services cybersecurity mission within the Americas and public sector, worldwide. Arnold leads a team of security professionals who possess a deep technical understanding of cyber threats with decades of collective experience in the protection, detection, response and recovery of complex government and commercial industry information and communication technology systems. The team also consists of malware researchers and software developers who develop specialized tools to assist in investigative, forensics, and remediation efforts.

Prior to this role, Pat was the Chief Technical Officer in Trustworthy Computing (TwC) at Microsoft. Based in Washington DC, his responsibilities included providing technology and policy thought leadership on the core TwC tenants of security, privacy, reliability and business practices. In this role, Arnold also collaborated with government principals on emerging technical and policy issues. He worked closely with the TwC teams responsible for Common Criteria and the advancement of software assurance reform as well as the Security Development Lifecycle (SDL) and supply chain interests of the company.

Pat Arnold is a twenty-one year employee of Microsoft and has held a number of engineering and management roles throughout his cyber, INFOSEC, and engineering career. Prior to Microsoft he held positions at Unisys and Sperry Defense Systems in a number of systems engineering roles in the development and support of mission critical hardware and software systems.

Kevin Sullivan
Kevin Sullivan
Senior Security Strategist | Trustworthy Computing

Kevin Sullivan is a Principal Security Strategist with Microsoft’s Global Security Strategy and Diplomacy team, part of Trustworthy Computing, which focuses on driving strategic change to advance security and resiliency, both within Microsoft and externally. Kevin leads the group’s efforts on the future of cybersecurity, identifying and analyzing strategic issues on the horizon, and forecasting the required technology and policy shifts.

Kevin participates in several industry committees focused on technology and policy issues and is a frequent speaker at industry conferences. Recently, Kevin helped create the U.S. Anti-Botnet Code of Conduct and is the principal author of the Internet Health Model for Cybersecurity report from the East West Institute. In a previous role at Microsoft, Kevin led information security assessments for the company’s network security group. Prior to joining Microsoft, Kevin specialized in system and network design for government, academic and private sector organizations.

Kevin earned a Bachelor of Science in Information Science from Northeastern University and an MBA from the University of Washington. He also holds the MCSE: Security, CISSP, CCSK, and ITIL Foundation certifications.