Monday, March 2, 2009

Security is a never ending journey

I'm at the 2009 Microsoft MVP Summit. Around 2000 MVP's descend on Microsoft's Redmond Campus for four days of sessions with various product teams. The sessions include a lot of two way feedback, which can be brutal from both sides. It's a lot of fun. Today I went to several security sessions. I got to hear Steve Riley talk and then answer questions from an audience that included Jesper Johansson. It was amazing. At one session Ziv Mador and Steve Adegbite were talking about the Conficker worm and Microsoft's response to the vulnerability the worm initially used to spread itself. It was fascinating to hear the process they went through to identify the vulnerability and patch it then have to wait and see the exploits developed when the bad guys reverse engineer the patch. During the session Steve Adegbite said something that really resonated with me. He said "Security is like a never ending marathon." I think that is one of the best statements I've heard regarding security. Security is hard work. You have to give it 100% all the time. There are no shortcuts. You will never be finished. To some that sounds depressing. Steve Adegbite said it was a challenge he and his team relished. I got the sense that almost everyone in the room agreed. I realised I was sitting in room full of the cream of the crop in the Windows security world. It was fun hobnobbing with the cream of the crop. Thank you Microsoft.

1 comment:

Ian Samson's Blog said...

Kerry, thanks for the feedback from the conference. Yes, it is a never ending journey and let's hope that the "cream of the crop", who are not infallible, will be thorough in their fascinating work. It's nice to see an updated picture, but I prefer the other one.
Best regards, Ian Samson, Johannesburg, South Africa