The BlueHat Podcast

Michael Howard on Secure by Design vs Secure by Default

Aug 27, 2024

Michael Howard, Principal Security Program Manager at Microsoft, shares his impressive journey in cybersecurity, starting in a small New Zealand team. He emphasizes the enduring importance of foundational security principles, discussing insights gained from vulnerabilities that improved SQL Server. The conversation highlights the difference between 'Secure by Design' and 'Secure by Default', and how collaboration at events like the Blue Hat conference has shaped Microsoft's culture. Michael also reflects on his influential works and the ongoing need for effective security practices among developers.

48:14

Creator website

Episode guests

Michael Howard

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Michael Howard emphasizes the critical need for secure coding practices, highlighting his contributions to foundational texts on software security.

The cultural shift initiated by the Blue Hat Conference marked a significant change in how Microsoft approached external feedback on security vulnerabilities.

Ongoing challenges in software security necessitate continuous updates and education to mitigate emerging threats and human error effectively.

Deep dives

Michael Howard's Journey at Microsoft

Michael Howard has been with Microsoft for over three decades, reflecting on his journey that began in New Zealand supporting early Windows products. His enthusiasm for technology and security remains unwavering since joining as one of a small team, highlighting the evolution of cybersecurity within the organization. Currently, he transitions from a role focused on Azure Data security to John's Mystic team, where he will apply his extensive knowledge of security engineering. Howard's long-standing tenure illustrates the depth of experience that exists in Microsoft’s cybersecurity landscape.

Intro

2min

An Insightful Journey Through Microsoft's Security Landscape

2min

Navigating Security: Lessons from a Veteran Author

10min

Reflections on the Early Days of the Blue Hat Conference

1min

Enhancing Software Security Practices

27min

Celebrating 100 Episodes

5min

Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations.

In This Episode You Will Learn:

Critical aspects of secure software development and pivotal moments in Microsoft's security
The importance of using specific coding constructs and libraries to improve security
Findings on vulnerabilities that spurred significant security improvements in SQL Server

Some Questions We Ask:

How do you deploy security patches effectively while minimizing disruptions?
What coding constructs and compiler flags did you recommend for better security?
How did external researchers at Blue Hat conferences impact Microsoft's culture?

Resources:

View Michael Howard on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

The Microsoft Azure Security Podcast

Michael Howard (@michael_howard) on X (twitter.com)

Latest book: Designing and Developing Secure Azure Solutions (Developer Best Practices): Howard, Michael, Simone, Curzi, Heinrich, Gantenbein: 9780137908752: Amazon.com: Books

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

The BlueHat Podcast

Michael Howard on Secure by Design vs Secure by Default

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Michael Howard's Journey at Microsoft

The Impact of Security Books

Cultural Shift Through Blue Hat Conferences

Secure by Default Principles

Feedback and Collaboration in Security Research

In This Episode You Will Learn:

Some Questions We Ask:

Resources:

Related Microsoft Podcasts:

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

The BlueHat Podcast

Michael Howard on Secure by Design vs Secure by Default

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Michael Howard's Journey at Microsoft

The Impact of Security Books

Cultural Shift Through Blue Hat Conferences

Secure by Default Principles

Feedback and Collaboration in Security Research

In This Episode You Will Learn:

Some Questions We Ask:

Resources:

Related Microsoft Podcasts:

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights