Chills and Thrills at FIRST

  • Article

Sveika! Hey Steve here, been a while since I posted on the EcoStrat blog. With all the security events that happened during the latter half of 2008, I have been very focused on working with the security update releases and Microsoft Active Protections Program (MAPP).

Handle:
Cap'n Steve

IRL:
Steve Adegbite

Rank:
Senior Security Program Manager Lead

Likes:
Reverse Engineering an obscene amount of code and ripping it up on a snowboard

Dislikes:
Not much but if you hear me growl…run

You are probably wondering what an EcoStrat guy has to do with security updates and other technical deliverables. Well, I want to take a moment to explain why this makes sense. Before taking on the role of working with the monthly security release team and the MAPP program team, I primarily worked with the partner outreach team, managing ecosystem changes through industry partnerships. The partner outreach team’s goals/focus, within the scope of the EcoStrat team, is to work with industry to establish partnerships and initiatives to protect consumers. One of the most visible results is the MAPP initiative. This is a program that works with the security industry ecosystem to create an effective conduit for inbound and outbound information flow.

This was a large effort to affect ecosystem change externally, but what about internally? Microsoft is a large company that has an interesting culture and ecosystem of its own with developers, technology evangelists, security engineers, program managers, marketers, etc...

It became very clear that external ecosystem changes weren’t going to be enough without an effort focused on internal ecosystem changes as well. We needed a number of ways to effectively drive internal change with information we were getting from the external ecosystem while still following one of our core tenets to focus primarily on efforts that protect customers. One way we can do that is by releasing monthly security updates. Within the Microsoft Security Response Center (MSRC), we have an exceptional security release team that manages this large and complex effort. The team’s main focus is to make sure quality security updates are delivered to customers in a consistent manner. We noticed that a way to accomplish this was to become what we call “change agents.” Change agents influence change on a large scale most of the time without the formal authority to do so. This made sense as the release team manages the monthly release via a process that doesn’t have them building/owning any binary packages for release. They effectively were driving ecosystem changes just internally. So it made sense to have someone bridge both the internal and external sides of ecosystem change efforts.

So I’m grateful, and excited, to be in a position to work on both sides of the coin to effect change.  And, I get to work with folks currently managing MAPP and the security release every month to help make these changes possible. Their good work also makes it possible for me leave Redmond and engage directly with the community in crucial industry events. Just recently, I had the chance to jump back into my partner outreach role within the EcoStrat team and had the chance to travel.

I am starting to really understand the need to be multicultural in the job we do here on the EcoStrat team. Many times it’s the cultural differences that sometime make or break the security messages we are trying to get across. This is one reason why this team travels a lot to target every place that Microsoft technologies are prevalent. It’s also the number one reason why I pick myself up and out of the day-to-day operations to understand these differences.

Last month, I got to put back on my FIRST Steering committee hat, and I traveled to the beautiful but cold city of Riga, Latvia. The FIRST Steering Committee has four meetings a year to get work done for its members. We usually use the technical colloquiums (TC) as good times to get together and partake in the great “watering hole” activities described in Andrew Cushman’s last blog.

The TC is organized by a local host. The local host for this one was Trans-European Research and Education Network Association (TERENA) computer security incident response team (TF-CSIRT). TERENA is an organization that focuses on offering a forum to collaborate, innovate and share knowledge in order to foster the development of internet technology, infrastructure and services for the research and education communities. They present and train at the TC server to educate security teams, highlighting new techniques to deal with relevant computer security issues. Usually I get to just sit back and enjoy the presentations but his time was a little different. The majority of the presentations were centered on the latest Conficker worm. Not familiar to you? Well, cruise on down to the following Microsoft Conficker page and relevant posts on the MSRC and MMPC blogs.

Being the lone Microsoft guy and a member of the Steering Committee was very interesting to say the least. After this conference, I personally know almost every European CERT or CSIRT contact after fielding some good and frank questions about Conficker.

Like I said, I spent most of the day fielding questions about Conficker and Microsoft’s actions to help security teams in their effort to protect consumers from this threat. Microsoft has a robust process when it comes to our response to issues so I was well prepared with information that went above and beyond the out-of-band security update that was released for this issue back in October (MS08-067)

Although the frank questioning felt like on-the-spot cavity cleaning, I was extremely happy to have the chance to clear up some of the myths and give some actionable information to these important security stakeholders. It also allowed me to understand information that the MSRC usually doesn’t get a chance to receive first hand. Also, having a response guy from Microsoft at FIRST allowed the security teams to understand that we are taking the problem seriously. One internal ecosystem change that was supported came about from feedback from this trip. One clear feedback item was to make sure that we had a single authoritative source/place for Microsoft efforts on Conficker. This information added more key data points to indicate that the teams in Microsoft managing the Conficker efforts were doing the right thing in moving forward with creating a single place for outlining Conficker resources. This is just one example of using external information to aid in driving change to help the greater ecosystem at large.

My Trip wasn’t all fun J

There was the 3 ½ days worth of Steering Committee (SC) meeting to decide various organizational things. One major topic was the 2009 Annual FIRST conference (AGM) in Kyoto, Japan. The AGM gives us the opportunity to meet and share presentation on a number of security topics. The logistics of putting on a large conference are mind boggling in my opinion. I am glad to say, I will enjoy watching our own Andrew Cushman figure out some of these issues firsthand as he was named the 2010 Program chair for the 2010 Annual First conference.

I love the fact that Microsoft makes a point to work with the security community at large and truly values community-based defense. Our consistency and trusted relationships make it much easier to have the conversations at the proverbial “watering holes” to get messages across to the security ecosystem that we do care and take the job of securing customers at all level as our main priority.

Now that I am settling back into a groove, I look forward to heading out and doing more in my EcoStrat role. Stay tuned for more from me as I travel to CanSecWest and Black Hat Europe.

Later...

Steve “Capt Steve” Adegbite

Share this post :

*Posting is provided "AS IS" with no warranties, and confers no rights.*