Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Rebecca Norlander: Security and Success at Microsoft

Download

Right click “Save as…”

Hackers aren’t the only people who think about holes in security.  Get to know Rebecca Norlander, the general manager of system protection technologies as she talks about the group she leads who work on the firewall, security components, anti-virus, anti-spyware, anti-malware technologies and security incubation.  Rebecca started as a developer and is now a GM; hear her story about the last 14 years at Microsoft and why she loves working here.  You guessed it; this is another episode of our sizzling new series, WM_IN.

Tags:

Follow the Discussion

  • Why does every C9 video with a female employee in it turn into a pro women debate? I can't, off the top of my head, think of a video in which women have been treated like their male counterparts that you interview.
     
    When was the last time we had a C9 video with male employee talking about getting more men into Microsoft? We haven't. And as that's the case then why can't we have a video with a women in where she just discusses her project, the project's future and what that means to customers? 

    Don't misunderstand me, I have nothing against getting women into IT and or Microsoft's position. But come on, if you do a search in the video forum for "women" "female" "she" you'd be hard pushed to find a video NOT about this very subject.

  • CharlesCharles Welcome Change

    Uhm, this is part of the WM_IN show. Go read about it, Manip. Then perhaps you'll gain some understanding of why were doing this. If you watch the videos in this series, you will notice that we always talk about what project they are working on, etc.

    We don't have enough women working in this company or this industry and Channel 9 wants to do what we can to help change this. It should be immediately obvious why we wouldn't ask men working at MS how to get more men to work at MS... 

    C

  • LostInSpacebarAdityaG OMG VISTA FTW LOLZ!!1one
    How about a WM_IN video where the subject does the demos and talks about Vista, O12 or Going Deep stuff... eh? eh? Tongue Out

    Back on topic, I like watching these videos. More women in the field is a good thing for us men too. Not in the silly "oooh.. more women to date" way, but I feel that if we make computer science not so men-dominated, people will slowly go away from the "nerdy geek CS guy who cant do anything else in life" stereotype.

    I did miss scoble's laugh though. Maybe charles should emulate him just for kicks Big Smile I have sometimes imagined scoble acting like charles and charles acting like scoble. It's kind of fun Tongue Out (yes, I was very bored waiting for hl2 to compile on a not so beefy machine).
  • ZeoZeo Channel 9 :)
    Charles.... I completely understand where your coming from and you have a valid point.  However, the C9 videos of late have been dominated by the WM_IN series(or atleast the conversations about getting more women into the tech field).....at least it feels that way.

    It seems that the amount of WM_IN videos are becoming the main focus on the site.

    Frankly, I want more Going Deep Videos, more Vista Videos, More O12 videos.
     
    I don't care if the videos are of women employees talking about the deep technical details....in fact I'd love to see really technical women be highlighted....not the PM, GM, marketing, legal, or HR women employees....but the real hardcore SDET, SD, and DL women employees.

    Make the WM_IN focused videos be released like once a month.

    I could understand if C9 was a website dominated by women hence the need to cater to that audience....but as I've asked over the last few months in the coffeehouse forum for women members to identify themselves....none have responded.

    Sadly Channel 9 is primary visted by men, and by constantly releasing WM_In videos....I fear that Channel 9 may be alienating its core audience.

    Thanks for listening.
  • rjdohnertrjdohnert You will never know success until you know failure
    I like the female videos.  Its nice to see women that its possible to have a decent conversation with  minus the skull wrenching migraines.  I hired a female a few months ago for IT and she has done a phenomenal job.
  • CharlesCharles Welcome Change
    Zeo,

    Thanks for the feedback. This is only the 8th WM_IN episode we have released. I'm not sure I see how this equates to alienating viewers who prefer the more technical content.

    We are experimenting with how we conduct WM_IN interviews, so you will see more variety, but the core issues will continue to be addressed.

    Plenty more Going Deep on the horizon (and LOTS of Vista). More WM_IN coming too!

    C
  • ATAT

    Charles,
    Can you also consider publishing transcripts for all videos ?
    It's pretty much easier to read instead of listen for some people.

  • rjdohnertrjdohnert You will never know success until you know failure
    Are there any women who work on the Windows Kernel that we will be hearing from?

    Charles wrote:
    Zeo,

    Thanks for the feedback. This is only the 8th WM_IN episode we have released. I'm not sure I see how this equates to alienating viewers who prefer the more technical content.

    We are experimenting with how we conduct WM_IN interviews, so you will see more variety, but the core issues will continue to be addressed.

    Plenty more Going Deep on the horizon (and LOTS of Vista). More WM_IN coming too!

    C
  • CharlesCharles Welcome Change
    rjdohnert wrote:
    Are there any women who work on the Windows Kernel that we will be hearing from?

    Charles wrote: Zeo,

    Thanks for the feedback. This is only the 8th WM_IN episode we have released. I'm not sure I see how this equates to alienating viewers who prefer the more technical content.

    We are experimenting with how we conduct WM_IN interviews, so you will see more variety, but the core issues will continue to be addressed.

    Plenty more Going Deep on the horizon (and LOTS of Vista). More WM_IN coming too!

    C


    http://channel9.msdn.com/ShowPost.aspx?PostID=59936

    http://channel9.msdn.com/ShowPost.aspx?PostID=60627
  • Minh, that's a very good point. In fact, this is one of THE main questions people keep asking of Microsoft.

    Will Vista be the first Microsoft OS, where Microsoft says to its customers, "no longer can we chop and change things in our OS to suit specific products or development methods. From now on you will all need to pay close attention on how to write your apps for Vista, otherwise they will not work". Or something similar.

    How is Microsoft going to force developers to adhere to using secure interfaces into the OS?


    I just came off /.
    They love Microsoft there. However, there is some hint of truth in amongst all the sledging and trolling. Microsoft has a sorded history and I think the Vista timeframe is gonna be fairly critical in proving these trolls wrong and really giving people faith that their PC will help them with security. I hope Vista will prove them wrong.
  • I have one question about the two teams, the incubation team and the production team:  do you rotate people from the production team through the incubation team?
  • I used to be one of those persons who would rant about the security-issues from old DOS-days on (knowing Unix). I stopped blaming Microsoft when I realized how "stupid" users behave and how they don't want to be bothered with things like "passwords", "profiles" or "security".

    They want to do "everything" with their PCs without knowing what this means and without any sense of "problems" that might evolve.

    You don't have to be a dev or prog to understand the sensitive concept of exchanging information between total strangers. Every click is an execution, is a decision on the presumption that it will be "ok". Unless people start thinking about what they do before they do things, we will have to deal with pain.

    BTW: Another great vid. Interesting people make interesting vidcasts.

  • why the big debate about all this anyway, it dont matter whether its men or women in the videos as long as the vids get made and published for us all to see.
  • Thanks for the video Charles.  A handful of videos about women in tech, and people start complaining that this site has gone in the tank? Give me a break. There will be plenty of noise/videos when Vista is rolled out (or right before). Big Smile

    Now, when can we see some videos of the little people of Microsoft? For instance, Microsoft from the eyes of a janitor.

    Call it the "Behind the Broom" series.
  • MinhMinh WOOH!  WOOH!
    As a developer, I totally understand that everyline of code is a potential point of failure and what a monumental task "security" is .... on the other hand, post-SP2, we're supposed to have the security of the /GS switch that protects us from buffer overflows, and multi-million dollars (has to be high 8in the 9-figures) efforts to provide security for us users....

    ...then you've got the WMF exploit. If I see another "buffer overflow that would allow remote code execution", it'd be too soon. What will Vista bring me security-wise? What would a XP SP3 bring me?

    Is there such a thing as a security utopia where I COULD go to ANY web site (even those I don't trust)? It's like I can only trust MS as far as the next security issue. I'm just ranting here ... but at least I'm not raving, right?

    Just a user so tired of the endless stream of security warnings.
  • Minh wrote:
    ...then you've got the WMF exploit. If I see another "buffer overflow that would allow remote code execution", it'd be too soon.


    Actually, I believe that the WMF hole wasn't the result of a buffer overflow, it was "broken by design" in that the security hole was actually a documented WMF feature.
  • Black RatchetBlack Ratchet Just another Phone Phreak from Boston
    pusher_robot wrote:
    Minh wrote:...then you've got the WMF exploit. If I see another "buffer overflow that would allow remote code execution", it'd be too soon.


    Actually, I believe that the WMF hole wasn't the result of a buffer overflow, it was "broken by design" in that the security hole was actually a documented WMF feature.


    You are correct. But, on the other hand, the fact that it was a documented feature makes the exploit MORE creepy, not less.
  • William Staceystaceyw Before C# there was darkness...
    "I did miss scoble's laugh though. Maybe charles should emulate him just for kicks "

    Smiley) Maybe we can submit mp3s for a "Imitate Scoble" contest?
  • William Staceystaceyw Before C# there was darkness...
    I think just by showing them they are being represented the best way - as equals.  Not sure it needs to be a special point all the time.  Could be wrong. 
  • Wink I would like to have more going deep vedio for CS mania like us.
    But I think WM_IN is still good for us to understand the big picture of the future of Microsoft and encourage that women can success in Software as well.

    It is funny that Rebecca has so many supplemental bottles on table.
  • News Flash:
     
    To most citizens (meaning paying MS customers) a computer is a life accessory, not a life. To blame Windows security problems on "stupid users" is exactly why it's 2006, every other day brings a new MS security scary story and MS blindly celebrates its GM of Security with a glory video while lost-faith stupid-users are grasping at anywhere for an alternative (e.g. the "why in the world" proliferation of Firefox, Linux (plus the endless Saturday radio talk shows dedicated to "fixing" Windows PC's that always give the same advice... reinstall Windows or wait until the next version)). Alternatives will never supplant Windows but they do give a big fat clue that folks are year after year frustrated that computers are still such a basic rub your head, pat your tummy, wish for luck gizmo. And MS adding more and more high tech features is where Detroit was when each year brought more chrome and bigger fins. As they say in Sunday school, the wise man builds his house upon the stone, the foolish man builds his house upon the sand. Given a choice between Vista with all its new cool Robert Fripp action noises and a no-fripps tank of a Windows version called Hi-Rel/Hi-Sec (MS code name "Mess With This Machine And Die") which one would you... well, what a silly, obvious question (to users, not "but I want a challenge" developers). Look, I like MS. I root for MS. Every classroom should have a picture of Bill Gates, the true symbol of the American Dream. Seriously. But MS has become like a big rich uncle who does goofy, out of touch things that you put up with because he's rich and successful, the only game in town and you hope something nice will trickle down someday. Could someone at MS at least make us feel a little better by admitting that the masses have lost faith in MS Security because of, maybe, something to do with MS?

    Larbedo the Dog

    P.S. Re: Supplement Bottles... A video on a Security Boss who is evidently somewhat fragile with 6 bottles of vitamins in the background plus a dead plant, a stuffed happy tiger and a Mr. Rogers sweater doesn't give me comfort that this is the tip of the spear in the WAR against the hordes of serious techno-spetsnaz-warrior hackers and mobsters preying on the net. At least she wasn't crying. Forget the politically correct Seattle-type stuff! A security video reel featuring a 300 pound bull-d%ke gal with a soccer coach crew cut and a ripped T-shirt that says "See Me for an Attitude Adjustment!"... howdy howdy, OK, I would feel better. That there is hope out there. I'm sure Ms. Norlander is a wonderful and sensitive person, infinitely credentialed with all the right tickets punched who would actually be great to sit at Starbucks with and muse about mean old Mr. Virus issues but, come on MS people, there's a WAR going on out here!! Help Us!!! We need reinforcements and firepower not a new issue of Stars and Stripes and a USO Show!!!! 
  • I have a mixed reaction to the video, especially after reading the bitter comments of "Larbedo the Dog".  Dog, your ad hominem attack on her perceived fragility is quite a low blow.  She's drinking water and perhaps takes vitamins (like many others who actually care about their health and don't wish to be 300 lbs), but she is definitely energetic and very motivated, so stop the personal attacks!

    At the same time, I couldn't disagree with her more on the cost of mistakes.  I very much appreciate her outsider's perspective for the Security team, especially if this has played a part in making SP2 one of the easiest to use and one of the most secure patches to date (despite some designed-in flaws that date back to Windows 95, like the WMF vulnerabilites).  At the same time, I've seen that you need a high level of paranoia when you are designing for security, and it IS a life and death thing for your customers.  A virus that takes out an Internet-based medical system based on the Win XP/2000/ME/98/95 codebase hodgepodge and potentially harms or kills patients is definitely a possibility.  Or that same virus costs your customers billions of dollars of data loss, down time, and all that.  I work in the financial industry in NYC (developer on a Foreign Exchange platform) and I know down-time is NOT an option when millions/billions are being traded daily.  So please don't try to downplay the seriousness of Security, especially at Microsoft!!!

    Furthermore, I'm a 22 years old white male, so please classify me an over-priveleged and under-qualified CS graduate.  Or perhaps, you might want to know I'm the oldest of 8 children, I attended a private college without a penny of $$ support from my parents and am currently paying off my loans, and I went for the Masters because I could squeeze it in the 4 years for no extra cost (via the accelerated route) and saw a good deal.  Why all this info?  Well, I'd just say you can't pigeonhole geek white males into a group either, Ms. Norlander.  And as far as diversity in the workplace, I find the discussion somewhat tiresome and pedantic, especially as I consider the work environment where I am.  I can definitely say I'm the dumbest of the smart people in my dev. group, but interestingly enough (for the statisticians out there), I'm the only developer who's a Caucasian.  The rest include: 4 from Indian background, 3 from Asian background (1 woman), and 1 Hispanic (Columbian to be specific).  So that's my development group, so would that make me the underrepresented Caucasian white male?  I don't think in those terms really - my boss has been adament in saying he will pick the best qualified person for the job regardless of their background and I think it's more common out there than 10 years ago...

    Dan L
    P.S. Larbedo, next time think before you post and display your flamebait for the world to see.  And perhaps use a grammar checker (like MS Word for instance).
    P.P.S. I'd really like it if Charles or whoever shoots the video would include a synopsis/summary of the video so we can choose the salient bits if we're running short on time.

  • I must say this is the best WM_IN video I've seen; I can't believe people are complaining! I realise its more about the number of them then this one specific... Yes its not very technical but I enjoyed it and got some motivation from it. I'm a white guy tho so no brownie points... Perplexed

    Edit: that last sentence is suppose to be funny in case people missed the smiley.

  • dantheman82 wrote:
    So please don't try to downplay the seriousness of Security, especially at Microsoft!!!

    I don't believe she downplayed security at all. I believe what you're referring to is when she was talking about employees making mistakes and planning for worst case scenarios which she said was about motivating her team.

    As someone that has also had experience with a manager that doesn’t value leadership I can relate completely.

    In addition I’ve also suffered from some insecurity about making constant choices while developing and system administration.  Specifically when looking at security it seems there’s always new best practices coming out & with clichés like ‘the more lines of code, the more bugs’ you must start to think ‘do I really want to risk writing/exposing a new webapp?’

    If you’re so sure of yourself, your coding & your computing skills I’d say either you haven’t read enough or you should teach others because you’re very talented.

  • Larbedo wrote:
    P.S. Re: Supplement Bottles... A video on a Security Boss who is evidently somewhat fragile with 6 bottles of vitamins in the background plus a dead plant, a stuffed happy tiger and a Mr. Rogers sweater doesn't give me comfort that this is the tip of the spear in the WAR against the hordes of serious techno-spetsnaz-warrior hackers and mobsters preying on the net.  


    A dead plant is a good thing.  Consider this study.  All plants must go NOW. New policy. The plants are trying to destroy us all.

    BBC wrote:
    Scientists in Germany have discovered that ordinary plants produce significant amounts of methane, a powerful greenhouse gas which helps trap the sun's energy in the atmosphere.

    The findings, reported in the journal Nature, have been described as "startling", and may force a rethink of the role played by forests in holding back the pace of global warming.

    And the BBC News Website has learned that the research, based on observations in the laboratory, appears to be corroborated by unpublished observations of methane levels in the Brazilian Amazon.

    The amount of the gas produced increased when the air was warmer, and when there was more sunlight. The paper estimates that this unexplained phenomenon could account for 10-30% of the world's methane emissions.



  • deedubb wrote:

    I don't believe she downplayed security at all. I believe what you're referring to is when she was talking about employees making mistakes and planning for worst case scenarios which she said was about motivating her team.

    As someone that has also had experience with a manager that doesn’t value leadership I can relate completely.

    In addition I’ve also suffered from some insecurity about making constant choices while developing and system administration.  Specifically when looking at security it seems there’s always new best practices coming out & with clichés like ‘the more lines of code, the more bugs’ you must start to think ‘do I really want to risk writing/exposing a new webapp?’

    If you’re so sure of yourself, your coding & your computing skills I’d say either you haven’t read enough or you should teach others because you’re very talented.



    I believe she downplayed worst case scenarios in security.  If you think the thinks hackers have dished up is indicative of the future, I think you'll be surprised.  MS has to seriously think about the consequences of bluetooth, wireless, and other interfaces to cars, household appliances, etc. which will be more and more commonplace.  Basically, the worst-case scenarios will be a lot more than loss of money or time in the future...considering the integration of technology with satisfaction of our basic transportation and other needs.

    I do agree with her stress on the importance of leadership, but in the back of my mind, I'd question whether someone with simply COM/Avalon experience is best suited making important decisions governing security of Windows XP (service packs).  Someone who's had a hacking background and/or who has the gravity for this type of position would strike me as best suited.  I would think she's a great leader, but I don't buy the idea that you can swap leaders of various segments of a company without regard to their technical expertise and background.

    I apologize if I have given the impression that I'm some great security guru.  I've simply observed that the best security people are paranoid about security/privacy and have a background where they have been eager to "break stuff", but in a legitimate context.  I'm not a big fan of "best practices" and have found that sometimes common sense dictates a totally different course than the "best practice" and some creativity is required.
  • Cornelius Ellsonpeter wrote:

    A dead plant is a good thing.  Consider this study.  All plants must go NOW. New policy. The plants are trying to destroy us all.



    So should I cut down a tree for every tree I've planted?  I suppose our scientists really don't have an idea of how to control global warming (or even if we can).
  • Rebecca has to be one of the smarter and most convincing people i've ever know of.

     

  • dantheman82 wrote:
    MS has to seriously think about the consequences of bluetooth, wireless, and other interfaces to cars, household appliances, etc. which will be more and more commonplace.  Basically, the worst-case scenarios will be a lot more than loss of money or time in the future...

     
    Well that's exactly where - after 2 decades - I am shifting from Microsoft's responsibility towards the responsibility of the Customer/User. Let's face it: Users want the USB-everywhere-into-everything-Plug-me-in! They themselves have the responsibility to know that you cannot protect yourself if you allow unprotected access everywhere into everything. Of course, there are security issues within apps. But there are also improved scenarios how to protect your business-environment. The Security-issues are less technical (although we dev's have to improve there too) but are rather generally ideological. The question ultimatly comes down to the CEO (not CIO) to say: "OK. I want security in my company. It will cost me lot's of money+time+training_the_employees etc... without any investment return whatsoever!". If CEOs are willing to do this instead of quarterly profit annoucements, there's hope.
  • Women, on average, have 3 BILLION less brain cells than men. I wouldn't ever hire women for anything technical. They will destroy your company, and if elected, your nation.

    For more information about the differences between the human male and female please visit: http://www.exn.ca/brain
    EXN is an online extension of the Discovery Channel.
  • hello medam


    I am radha form indian.


    i have 100 user in windows 2003.how restricted the virus and spayware.i dont have any firewall.please give best advise.


    radha


Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.