Software Security at Microsoft: ACE Team Tour, Part 2

Download this episode

Download Video

Description

The Application Consulting & Engineering team (ACE Team) is chartered to assess all Microsoft line of business applications for security and privacy vulnerabilities. Security Technologist manager Shawn Veney, speaks eloquently about what it takes to conduct security assessments, and what’s behind our security philosophy. Robert Scoble conducts the interview.

Part 1
Part 3

Tag:

Security

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      shawn_acete​am
      Thanks Jason; I thought it might be interesting. I taught martial arts for a few years and studied for more than a few years. There are a great many parallels or simularities between what I learned in the martial arts and the military that lend themselves to security (even in the IT centric security world). Perhaps even more importantly in IT because over the years I have noticed how easy it is for IT folk to over focus on the technology and forget about the people and process that utilize said technology. A lot of simple, low cost tactics get overlooked when we focus too heavily on the technology; now granted, some of those low cost techniques can often be riskier to the attacker... but overall? Still pretty easy in most cases to break the people before the technology for a targeted attack.

      I have seen many investments in technology that were not equally supported by commensurate investments in the people or processes associated to that technology. In such scenarios you end up with a very unbalance triad.

      Wink

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.