ABOUT THE BLOG
The Microsoft Ecosystem Strategy (EcoStrat) team, part of Microsoft's Security Response Center (MSRC), operates at the intersection of technology and people. Our virtual team of security experts strives to understand how vulnerabilities affect the Internet as a whole. Part of Microsoft's Trustworthy Computing Group, the EcoStrat team is one of the groups responsible for securing Microsoft's current and future products. This blog is our opportunity to talk about our work within some of these ecosystems, from the front lines.
A lot of what drives us is our aspirations – our hopes, if you will. Our hope that by bringing together people and policy within different organizations, we can increase trust, better defend our ecosystems and ultimately help secure our planet from malicious software threats. Our hope is that by being more transparent about our work in various security ecosystems and regions around the world, a message will be heard: Nobody alone can “secure the planet”. No one product, no one company.
ABOUT THE BLOGGERS
ANDREW CUSHMAN: Senior Director, MSRC
Andrew Cushman wears many hats, and goes by many names, as the senior director in the TwC Security Group. “The Cush” works closely with the MSRC Ops Team which is responsible for all things related to vulnerability reports and the company’s monthly security updates; and with the MSRC EcoStrat team which drives security ecosystem evolution through collaboration with security researchers, security companies and organizations and CERTs.
Cushman was introduced to security during his stint on Microsoft Money in the early ‘90s. He earned his apprentice security badge on the Internet Information Services team – where he helped ship IIS4.0, IIS5.0 and eventually IIS 6.0 the first “poster child” of Microsoft’s commitment to security engineering and Trustworthy Computing.
Since joining the MSRC in 2004 he has been a driving force behind the company’s security outreach and security update strategies. He is often heard to remark that he has the best job at the company and perhaps even the best job in the industry. He is often seen handing out business cards and spreading the religion of Microsoft Security at conferences and events around the world.
STEPHEN (STEVE) ADEGBITE: Sr. Security Program Mgr Lead
Stephen aka “Cap’n Steve” Adegbite is a Sr. Security Program Mgr Lead in the Microsoft Security Response Center(MSRC) , working in the group that is responsible for securing current and future Microsoft products.
Steve started off in the computer field as a scared 10-year old who discovered his father's TRS-80 and proceeded to take apart to see how it worked. He then couldn’t put it back together. He later discovered the early NYC hometown BBS and the kind people on it, who took pity on him and helped him to put it back together and learn the early art of “hacking” (not the bad kind of course :-).
Steve went on to hone his chi on vulnerability intelligence, application security and Information assurance through many years in the Marine Corps’ Communication and signal Intelligence community. While there, he founded the first ever Information Assurance red team charged with adversarial testing of the Marine Corps Enterprises Network (MCEN). He also at time was the officer in charge of the Marine’s Corps’ Emergency Response Team (MAR-CERT) component to the Joint Task Force Global Network Operation Center (JTF-GNO). Following that, he worked as an Information Operations specialist for various “light” and “dark” places within the US government.
SARAH BLANKINSHIP: Senior Security Strategist - Lead
Sarah Blankinship fights the good fight at Microsoft as a Senior Security Strategist, working with hackers and InfoSec sellouts alike, one continent at a time. On good days, she battles the asymmetry between attacker and defender together with the world's best security response team, the Microsoft Security Response Center. On other days, her diplomacy and firefighting skills are applied to some of the world's most challenging security problems. She dreams of a day when people, passion and policy unite to combat evil and secure the planet.
MIKE REAVEY: Director, MSRC
As Director of the MSRC within Trustworty Comuting Security, Mike Reavey works with security teams to proactively identify and communicate critical software vulnerabilities to customers. Building on Microsoft’s commitment to Trustworthy Computing, Mike’s responsibilities include responding to vulnerability reports, engaging with the security community, and collaborating with internal product groups to provide updates to customers and help protect them from computing security threats.
Part of a collective initiative to better protect software users from such threats, Mike’s team is constantly evolving its response capabilities. Mike was deeply involved in Microsoft’s work combating the Zotob, Sasser, and Blaster outbreaks, and has helped MSRC continually prove its ability to respond to attacks and blended threats. His goal for the group is to continue to evolve in the wake of new threats and serve as the first and best source of information for customers and internal teams.
Mike joined Microsoft in June 2003 as part of the MSRC team focused on vulnerability response initiatives for Microsoft Internet Explorer. Before that, he served in the U.S. Air Force as team leader for the Air Force Communications Agency and 92nd Information Warfare Squadron, responsible for securing and optimizing global air force networks.
CELENE TEMKIN: [Unofficial ‘MSRC COO’ &] BlueHat Project Manager
Celene Temkin deftly navigates a variety of disciplines within the Security Engineering department at Microsoft; such as operations, communications, and high-profile event project management. Focusing on security researcher outreach, Celene manages worldwide conference co-sponsorships while simultaneously shipping Microsoft’s own hacker conference, the BlueHat Security Briefings. She believes that bringing understanding about the current threat landscape is the best way to better educate our own defenders and help secure the platform, and works tirelessly towards such security information exchange. Her past experience in the entertainment industry helps her socialize the MSRC EcoStrat team initiatives while keeping them innovative and each one better than the last.
ADRIAN STONE: Senior Security Program Manager Lead
Adrian Stone (or “Stonez!” as referred to by his friends and colleagues) is a Senior Security Program Manager Lead in the MSRC. He is responsible for managing a component of the MSRC's Ops team that handles the organization’s analytics, infrastructure, bulletin publication and overall risk management responsibilities. Simply put, if it deals with data, infrastructure, bulletins, or tough decisions impacting the security of Microsoft’s customers, Adrian and his team are definitely in the mix.
Adrian’s security background encompasses over 15 years in securing and breaching networks, hosts and applications. His security indoctrination originally started when he protected a West Texas ISP built on Microsoft Windows NT4 from the actions of its former and then very rogue Architect. Afterwards, Adrian went on to become responsible for the Security Operations and Architecture to several early dot-com ventures that focused on Mobile Communications and e-commerce technologies. Adrian later served as a Security Analyst for one of the nation’s largest critical infrastructure nuclear energy providers at Florida Power & Light (FPL).
Adrian signed up for MSRC duty in 2005, driving security investigations that impacted the multitude of Windows Operating Systems and Microsoft Office application suites. Adrian is also the regular voice of the MSRC's TechNet Monthly Security Bulletin Webcast Series. He also occasionally posts and speaks his mind on his TechNet blog.
KATIE
MOUSSOURIS: Senior Security Program Manager
Katie Moussouris is a Senior Security Program Manager in the Secure Development Lifecycle (SDL) team, working to bring Microsoft’s SDL to third party software vendors in order to improve the security of the Internet as a whole.
Katie primarily posts on the SDL blog, but look for her to guest post here on the EcoStrat blog.
ZOT O’CONNOR: Program Manager 2
Zot O'Connor is a Program Manager in Core windows network security. Look for Zot in other blogs more focused on the development of security software by ISVs along with future guest posts on the EcoStrat blog where he'll be adding his virtual voice.
All-Star Guest Bloggers
The TwC Security All-Stars work to build and strengthen relationships within the security community and bring this information home to help build and strengthen Microsoft products. Look for them on and off stage at security conferences near you.
