Michael Howard on Secure by Design vs Secure by Default

Aug 27, 2024

Michael Howard, Principal Security Program Manager at Microsoft, shares his impressive journey in cybersecurity, starting in a small New Zealand team. He emphasizes the enduring importance of foundational security principles, discussing insights gained from vulnerabilities that improved SQL Server. The conversation highlights the difference between 'Secure by Design' and 'Secure by Default', and how collaboration at events like the Blue Hat conference has shaped Microsoft's culture. Michael also reflects on his influential works and the ongoing need for effective security practices among developers.

Ask episode

Chapters

Transcript

Episode notes

Intro

00:00 • 2min

An Insightful Journey Through Microsoft's Security Landscape

01:40 • 2min

Navigating Security: Lessons from a Veteran Author

03:34 • 10min

Reflections on the Early Days of the Blue Hat Conference

13:41 • 1min

Enhancing Software Security Practices

15:01 • 27min

Celebrating 100 Episodes

42:10 • 5min

Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations.

In This Episode You Will Learn:

Critical aspects of secure software development and pivotal moments in Microsoft's security
The importance of using specific coding constructs and libraries to improve security
Findings on vulnerabilities that spurred significant security improvements in SQL Server

Some Questions We Ask:

How do you deploy security patches effectively while minimizing disruptions?
What coding constructs and compiler flags did you recommend for better security?
How did external researchers at Blue Hat conferences impact Microsoft's culture?

Resources:

View Michael Howard on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

The Microsoft Azure Security Podcast

Michael Howard (@michael_howard) on X (twitter.com)

Latest book: Designing and Developing Secure Azure Solutions (Developer Best Practices): Howard, Michael, Simone, Curzi, Heinrich, Gantenbein: 9780137908752: Amazon.com: Books

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.