Black Hat 2008: What it Means, What to Expect

The Crushman

Andrew Cushman

Security Director

Cranberry juice (thanks Jay!)

Super helpful hotel desk clerks (thanks Raoul?)

Hey Andrew Cushman here…

It’s that time of year, August in Vegas, time for the big show, it’s Black Hat time… Along with the vivid memories of crowded briefing rooms, the critical mass of security talent, great side conversations, and the ever present “ching-ching” of slot machines – this year, it brings up thoughts of where Microsoft, the Microsoft Security Response Center (MSRC) and our commitment to Trustworthy Computing (TwC) have been and keen anticipation of where we’re going.

I read the headlines about online threats evolving and get a firsthand look at that evolution and the scope of what we’re facing. As attacks become more complex, stealthier, and increasingly targeted, the security industry is forced to adapt and to innovate in step. We can and will continue to develop new technologies, new best practices, and educational offerings (check out “Defend the Flag”). Even with these investments and changes, the reality is that security is not a problem that can be solved, and it’s a problem where the complexity often leads to more insecurity.

The industry is reaching a point where delivering an acceptable level of security today is beyond what one company can do alone. There’s real merit in the cliché “It takes a village….” It’s time that we approached this problem collectively—industry, partners, customers, and public organizations—acting together to improve the broader security ecosystem. Think of it as Community-Based Defense, where we commit our skills and strengths to defend beyond our boundaries to protect our common customers.

In that spirit, look for several announcements from Microsoft this week that reflect the growing importance industry collaboration and information sharing play as we shift to Community-Based Defense. It’s time for the industry to come together—researchers, vendors, and the like—to take security innovation and defense to the next level.

I’m excited to be in Vegas and be a part of the announcements this week. This is a fundamental shift for Microsoft and the ecosystem. This is one case where ‘what happens in Vegas’ doesn’t apply.

– Andrew Cushman

*Postings are provided “AS IS” with no warranties, and confers no rights.*