MVP Profile – Dana Epp

Microsoft Most Valuable Professionals (MVPs) are exceptional technical community leaders from around the world who are awarded for voluntarily sharing their high quality, real world expertise in offline and online technical communities. Microsoft MVPs are a highly select group of experts that represents the technical community's best and brightest, and they share a deep commitment to community and a willingness to help others.

Working with our Canadian MVP Lead, Sasha Krsmanovic, we are going to be highlighting a Canadian MVP on the CanITPro blog every month.  Jean-Luc will also be highlighting an MVP on the CanDevs blog every month as well.


Dana Epp researches software security and sets the corporate vision in the convergence of information security principles and practices with digital information asset protection at Scorpion Software. As a computer security software architect, Dana has spent the last 15 years focusing on computer programming with a particular emphasis on security engineering to offer a safer computing environment for small business.

Dana has been an instructor in the Computer Information Systems department at the University College of the Fraser Valley and British Columbia Institute of Technology, teaching students about computer programming and information security. He has brought to market various computer security products including secure operating systems, firewalls, VPNs, authentication devices and intrusion prevention systems (IPS). His latest research has been on identity and access control for Windows-based environments, focusing on two-factor authentication solutions for small business.

What does being an MVP mean to you?
To me, “being” an MVP is not the point. The meaning is far deeper than an entity or a bi-line on a business card. It’s a decree and award of distinction that the valuable efforts that I provide to the Windows community about information security and secure software engineering are recognized by Microsoft. I am honoured and humbled to receive such a designation, and when I was first awarded it a couple of years ago I was surprised, especially with how critical I can be of Microsoft from time to time. But the fact is, I will continue to do this work with or without the designation. And I think that attitude is true of most MVPs that I’ve had the pleasure to meet and work with. We do it for the community. And that’s what “being” an MVP is about.

If you could ask Steve Ballmer one question about Microsoft, what would it be?
I would be curious to know if the executive team at Microsoft eat their own dogfood when it comes to business intelligence software. Do they actually use Microsoft CRM within the organization, and do they measure their key performance indicators (KPI) through PerformancePoint? Seems like a weird question for a security geek to ask, but as a CEO of a small software company myself, I would be curious to know how they measure and track their business. I could learn something from that.

What do you think the best software ever written was?
Logo. For a self serving reason though. As a child I was first taught computer programming concepts through Logo. The “turtle graphics” interested me enough to get me to look into computers as something more than a toy, which started me down the path to where I am now. Looking back, I think that was the first functional programming language I was exposed to… and that sucker never crashed, died or acting in any way other than expected. These days I hold my breath when I open an IDE or stress out a compiler. It’s just not the same any more.

If you were the manager of Visual Studio, what would you change?
I would make the unit testing, code coverage and test-driven development framework in Team System available in all Visual Studio products (except Express). I think it’s wrong to hold back such integrated functionality that makes a code base so much more stable and resilient to attack from small teams that simply do not have the budget for the software, and are forced to graft 3rd party solutions onto an otherwise amazing framework. I know Microsoft has to be fiscally responsible to its shareholders and provide revenue streams through its dev tools; I also know that if we had more small ISVs USING test-driven development we wouldn’t have so much unstable software on the Windows platform that makes Microsoft look bad in the first place.

What are the best features/improvements of Visual Studio?
For me it’s remote debugging and deployment. It seems like a small thing, but there have been HUGE strides over the last 5 years on just how much easier life is when we moved to msvsmon.exe and can directly publish stuff from the IDE.

What was the last book you read?
I am currently in the middle of “Secure Programming with Static Analysis” by Brian Chess and Jacob West. (ISBN: 0321424778). It is an excellent text on how you can apply static source code analysis techniques in your software development lifecycle to build more stable and resilient code, and how you can automate much of this to provide a stronger baseline. I only wish it covered more things like FxCop and .NET than Java. Of course, the principles are still the same across any language barrier.

What music CD do you recommend?
Chris Botti’s Night Sessions or Diana Krall’s Love Scenes. Excellent smooth jazz that transcends music boundaries.

What makes you a great MVP?
I think it would be rather arrogant of me to believe I am a “great” MVP when you consider the company I keep in my circle of influence when it comes to other MVPs. I definitely can hold my own and provide insights and a belief system when it comes to security that offers me a higher-level mindset than most when it comes to information security. I think that “higher-level” of thought gives me an edge that helps me to communicate more effectively with the community on a number of security topics, and offers a refreshing look at how we should be approaching risk. Which is all security is about anyways…. mitigating risk.

What is in your computer bag?
An Acer TravelMate C110 Tablet PC with an awesome TabletPC “Cross Pen”. A Dell Latitude D620 laptop with full TPM support and all the trimmings (runs plenty of virtual machines simultaneous on a private loopback network like a dream). A 4GB ready-boost USB key. Various networking and power cables. A customized Knoppix-STD Live CD and various security and forensic analysis tools software CDs I have personally written and built. A 100GB external laptop drive with special VMs and ISOs to isolate and test untrusted code (and to blow up trusted code). An AuthAnvil two-factor authentication token (if it’s not around my neck) to allow me to logon to my personal and corporate servers. A stereo headset with mic in case I wish to do VoIP or listen to music. Various analog instruments (pens, paper, business cards etc). Some lint. Its good lint though.

What is the best thing that has happened since you have become an MVP?
I have gained access to Microsoft resources like never before. With the MVP NDA many opportunities open up to see and work with technology and people way before the rest of the world even knows they exist. And my feedback (which isn’t always the kindest) is respected, listened to, and acted upon. That has benefited me both in my personal life and my professional career. And the friendships I have made with fellow MVPs and Microsoft employees have been amazing. I wouldn’t trade that for all the alpha code in the world.

What is your motto?
I have two mottos:
Business: Security is about risk mitigation, NOT risk avoidance.
Personal: Live life with passion!

Who is your hero?
The sandwich. No wait. Ok… bad inside joke. I have many influences that have been a beacon in my journey in life. Sun Tzu was a brilliant strategist that understood what security was really about, and his writings have influenced me in various ways. The Art of War is deeper than just military strategy and many people don’t realize that. On a more practical note, it would have to be all the men and women who put their lives on the line for us each and every day. Soldiers. Police. Firemen. Search and Rescue. You know… the people that go out each and every day so we don’t have to. I am very proud of those people… and proud to get to associate with them on many levels.

What does success mean to you?
Well first off I believe a clarification on the definition is in order. Many people associate success with accomplishment. I don’t. To achieve a result is not success to me. It’s not about money, materialistic things or fame. Those are just measuring sticks to accomplishment. Anyone can get those if they apply themselves. To me success is deeper than that. It is an emotional and mental state on the self-worth of WHO you are and WHAT you do and believe in. It’s about the passion in your heart. The fire in your belly. It’s the feeling you get when you wake up each morning knowing you love to be alive, and love who you are and what you do. It’s looking forward to the positive influences you will give and receive that day, and the challenges you can look forward to conquering. If you haven’t personally experienced these feelings yet, you just don’t understand what success really is to me. And that’s ok. I think everyone measures success in their own way.

To find out more about the MVP program, or to find MVPs in your area, visit the Microsoft MVP Portal.

Comments (1)

  1. Graham Jones says:

    I am very pleased to see Dana profiled here. I have the honour of knowing Dana and can atest to how much he exemplifies the MVP award. For example, he is a terrific supporter of the UG’s in the Vancouver area despite the fact that he lives 80 km’s outside of the city. If you ever have the opportunity to hear Dana speak you should take it. Not only does he really know his stuff but he genuinely wants to pass on his knowledge to help others. He definitely isn’t shy about telling you what he believes is right or wrong but he invariably has some good arguments to support his position. He and Charlie Russel, MVP do a great double act which is also worth the price of admission.

Skip to main content