One of the fellows who is publically out front of the MSRC team a lot in blogs, webcasts, the press and such used to be our TAM(Christopher Budd).
Your description nails him to a T. One of the things that impresses me most about the brightest folks I have met over the years at MS is their genuine humility. He was a fantastic TAM and always striving for improvement. Disappointing part of that was that he wasn't a TAM that long before moving on to bigger and better things. I also find it really remarkable how many people I've met over the years in this industry who impressed me enormously end up working at MS. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, December 02, 2010 5:57 PM To: NT System Admin Issues Subject: RE: Behind the Curtain of Second Tuesdays One of the key take aways - for me - was that regardless of how smart their people are - they don't know everything. But they KNOW that and they continue to have a passion for learning and improving. But the pure SCALE of their operations - that blew me away. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> ________________________________ From: Ziots, Edward [ezi...@lifespan.org] Sent: Thursday, December 02, 2010 8:50 PM To: NT System Admin Issues Subject: RE: Behind the Curtain of Second Tuesdays Honestly, I just watched the video, and it was enriching from a security prespective accordingly. It's a very good example of Risk Assessment at the highest levels affecting basically a global scope, so as the presenter said a lot, the decisions and there raminfications are not to be taken lightly. Also something that the presenter talked about a lot, is communication, ( Of course his quit worrying and call everyone was quite hilarious, until you actually realize on some of these vulnerabilities ( Especially the ATL Templates) you basically have to notify and call EVERYONE... Plus there was a lot of good insight on just how much work is done behind the scenes from the time the security researchers notify M$ there is a vulnerability it is verified and how much work it does take in certain situations to turn around a quality security fix to the customers. ( Although I didn't know they couldn't reproduce the BSOD ( AKA Rootkited Servers, PC's otherwise, either Auerlon or TDS, or otherwise) to the point they needed to buy someones PC/Server to find out it was ROOTED, then added that logic into the patching process, which is now apart of all there Kernel patching processes now, because it was pretty effective. Again a good presentation, and very enlightening. Pray for a low patch count this month, and less chaos in Yr 2011. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] Sent: Thursday, December 02, 2010 5:16 PM To: NT System Admin Issues Subject: RE: Behind the Curtain of Second Tuesdays Michael, Thanks for sharing this. I'm actually surprised no one else has commented. I say it all the time, "perspective is an interesting thing". The article and the video really puts into perspective the behemoth of a task that Microsoft has in researching, writing, testing, and rolling out patches and updates for all of their applications and operating systems over the course of their 10 year security support lifecycle. I particularly chuckled over Dustin's comment, "What were you doing in 2000? How many of you were in college? Using dial-up? In high school?" It is REALLY easy for those of us in the trenches to criticize Microsoft for doing a bad job of x, y, and z, but most of us really have very little real idea of what is involved (or we don't take the time to think about it because we're stuck in our own little world with our own problems). Releasing an update that will force the reboot of 600+ MILLION PCs across the globe is just mind boggling. I can't say that I love Microsoft, but I have gained a newfound respect for people like Dustin that seem to really be passionate about what they do and how it impacts the rest of the world. Cheers, Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<https://owa.smithcons.com/owa/UrlBlockedError.aspx> www.eaglemds.com<https://owa.smithcons.com/owa/UrlBlockedError.aspx> ________________________________ From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, December 02, 2010 10:16 AM To: NT System Admin Issues Subject: FW: Behind the Curtain of Second Tuesdays Thanks to Susan Bradley for pointing this one out... this is worth watching (IMO). Even though it can be summarized in one sentence: "...but most people have little understanding of the massive amount of coordination and work it takes to release five new lines of code across 22 platforms in 36 languages." Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Susan Bradley Sent: Thursday, December 02, 2010 12:11 AM Subject: [mvpsectalk] Behind the Curtain of Second Tuesdays Behind the Curtain of Second Tuesdays - MSRC Ecosystem Strategy Team - Site Home - TechNet Blogs: http://blogs.technet.com/b/ecostrat/archive/2010/12/01/behind-the-curtain-of-second-tuesdays.aspx TechNet Blogs > MSRC Ecosystem Strategy Team > Behind the Curtain of Second Tuesdays Behind the Curtain of Second Tuesdays Hello All, I enjoy telling stories. Perhaps, in a former life, I spent time as a bard telling stories of Robin Hood and Maid Marian as I travelled from town to town. Perhaps I just spent too much time playing The Bard's Tale on my Tandy 1000 back in the day. Either way, I enjoy telling stories to people. It's even better when I get to tell stories that relate to my job. Recently, I was given the opportunity to tell some stories at BlueHat V10<http://www.microsoft.com/bluehat>, and that presentation is now online for the world to see. One area of my job that always piques people's interest is the challenges we face on a day-to-day basis. These are the stories I chose to highlight in the Bluehat V10 presentation<http://technet.microsoft.com/en-us/security/ff967505.aspx>, and unlike most old bard's tales, these stories actually happened. Of course, stories always have a greater impact when they make a point. In each of the case studies I talk about, something went wrong. And let's face it, if I'm involved, it means something has already gone wrong. That doesn't mean that someone was at fault, just that things did not go exactly as we expected. When I was originally approached about presenting something, I immediately thought of a few themes I wanted to highlight about what goes on in MSRC. First, few people understand the scope that we deal with every day. I may joke about rebooting countries (just watch the video of the presentation<http://technet.microsoft.com/en-us/security/gg469853.aspx>), but it's really not much of a hyperbole to say that. The actions I take and decisions we make have far reaching consequences, so we take them seriously. I also hoped to highlight the number of moving parts we have in any given security update. In addition to all of the work I do, there are developers, testers, engineers, product groups, communications people, security gnomes, operations personnel, release partners, independent security researchers, and the list just keeps on going (sorry if I left you off). My job is to ensure all of these folks work together toward the common goal of addressing each issue and protecting our customers. I'm not asking for your sympathy here (though I'll gladly take it), but most people have little understanding of the massive amount of coordination and work it takes to release five new lines of code across 22 platforms in 36 languages. So how do we manage to make all of this happen the second Tuesday of every month? Well, there are 3 P's that exist here that really drive us to success: * Passion - Everyone I work with is very passionate about security and protecting customers. Let's face it, if we weren't passionate about this, we wouldn't last long in the sixth worst job in science<http://www.popsci.com/scitech/article/2007-06/worst-jobs-science-2007?page=4>. And hey, we actually did buy a customer's laptop just to get repro (and that wasn't the first time). * Process - We've done this before. And each time we do it, we learn more and apply those lessons toward doing it better the next time. * Pragmatism - Although we might not get everything 100% perfect 100% of the time, we realize we can go back to those first two P's to cover us when something goes a bit askew. Release Tuesday is huge for us, but it's not the end of anything; just a major milestone. We actively monitor the ecosystem to make sure everything is behaving the way it should. Well, I hope you enjoy the presentation and the stories I tell in it. If nothing else, it provides a framework for understanding what's behind that little bundle of joy we deliver every second Tuesday. And if you happen to find me wandering in Skara Brae and would like to hear any more stories, we can head over to ye old tavern where I will spin a few yarns for you. I might even be the one buying. :-] Cheers! Dustin MSRC ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin