At #BluehatIL I spoke about how innovators are improving security on data by using data to improve security. More and more security controls are using data/telemetry as the heart of their insight.
A data-centric approach changes the R&D equation from:
Product + IP = Customer
to:
Product + Customers = IP
And since customers are sources of signal that build intellectual property, it aligns both sales and engineering on the importance of acquiring new customers.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I talked about how incidents can teach powerful lessons and contain important truths for defenders.
I talked about while it is often romanced that offense has a richer toolset compared to the singular metaphor for defense ("the shield"). Defense has many creative ideas within it as well.
I've had a lot of neat employee moments at Microsoft. here's one of them.
👇
It was Feb 4, 2014. The board had just named @satyanadella as CEO.
📎news.microsoft.com/2014/02/04/mic…
An email said he was going to make some remarks in a building across campus in like 30 minutes. I jumped in my car.
The crowd filled all available space. Ballmer was high energy as usual. It was 2014 so, you know, I had my Windows Phone with me.
Found one of my Microsoft notebooks 📔 from 2005. Here are a few pages on what was on my mind then.
The Longhorn (aka Windows Vista) security plan.
Parsers were having many issues. I put this slide together to create awareness about the pattern we were seeing in MSRC at the time.
Occasionally I printed small versions of my slides and inserted them into my notebooks so I could easily socialize to people in 1-1 conversations.