Posted by Charles // Tue, Jan 10, 2006 8:55 PM
Hackers aren’t the only people who think about holes in security. Get to know Rebecca Norlander, the general manager of system protection technologies as she talks about the group she leads who work on the firewall, security components, anti-virus, anti-spyware, anti-malware technologies and security incubation. Rebecca started as a developer and is now a GM; hear her story about the last 14 years at Microsoft and why she loves working here. You guessed it; this is another episode of our sizzling new series, WM_IN.
Show: WM_IN
Tags: MS+Personalities, MS+Execs, Security
|
| Video Length: 00:32:20
|
|
Replies:
31
// Views:
32,303
|
 |
|
|
 |
Manip
Life's too short for chess.
|
|
|
|
Why does every C9 video with a female employee in it turn into a pro women debate? I can't, off the top of my head, think of a video in which women have been treated like their male counterparts that you interview.
When was the last time we had a C9 video with a male employee talking about getting more men into Microsoft? We haven't. And as that's the case then why can't we have a video with a women in where she just discusses her project, the project's future and what that means to customers?
Don't misunderstand me, I have nothing against getting women into IT and or Microsoft's position. But come on, if you do a search in the video forum for "women" "female" "she" you'd be hard pushed to find a video NOT about this very subject.
|
|
Uhm, this is part of the WM_IN show. Go read about it, Manip. Then perhaps you'll gain some understanding of why were doing this. If you watch the videos in this series, you will notice that we always talk about what project they are working on, etc.
We don't have enough women working in this company or this industry and Channel 9 wants to do what we can to help change this. It should be immediately obvious why we wouldn't ask men working at MS how to get more men to work at MS...
C
|
Charles.... I completely understand where your coming from and you have a valid point. However, the C9 videos of late have been dominated by the WM_IN series(or atleast the conversations about getting more women into the tech field).....at least it feels that way.
It seems that the amount of WM_IN videos are becoming the main focus on the site.
Frankly, I want more Going Deep Videos, more Vista Videos, More O12 videos.
I don't care if the videos are of women employees talking about the deep technical details....in fact I'd love to see really technical women be highlighted....not the PM, GM, marketing, legal, or HR women employees....but the real hardcore SDET, SD, and DL women employees.
Make the WM_IN focused videos be released like once a month.
I could understand if C9 was a website dominated by women hence the need to cater to that audience....but as I've asked over the last few months in the coffeehouse forum for women members to identify themselves....none have responded.
Sadly Channel 9 is primary visted by men, and by constantly releasing WM_In videos....I fear that Channel 9 may be alienating its core audience.
Thanks for listening.
|
How about a WM_IN video where the subject does the demos and talks about Vista, O12 or Going Deep stuff... eh? eh? 
Back on topic, I like watching these videos. More women in the field is
a good thing for us men too. Not in the silly "oooh.. more women to
date" way, but I feel that if we make computer science not so
men-dominated, people will slowly go away from the "nerdy geek CS guy
who cant do anything else in life" stereotype.
I did miss scoble's laugh though. Maybe charles should emulate him just
for kicks  I have sometimes imagined scoble acting like charles and
charles acting like scoble. It's kind of fun (yes, I was very bored
waiting for hl2 to compile on a not so beefy machine).
|
I like the female videos. Its nice to see women that its possible
to have a decent conversation with minus the skull wrenching
migraines. I hired a female a few months ago for IT and she has
done a phenomenal job.
|
Zeo,
Thanks for the feedback. This is only the 8th WM_IN episode we have released. I'm not sure I see how this equates to alienating viewers who prefer the more technical content.
We are experimenting with how we conduct WM_IN interviews, so you will see more variety, but the core issues will continue to be addressed.
Plenty more Going Deep on the horizon (and LOTS of Vista). More WM_IN coming too!
C
|
|
Charles,
Can you also consider publishing transcripts for all videos ?
It's pretty much easier to read instead of listen for some people.
|
Are there any women who work on the Windows Kernel that we will be hearing from?
 | Charles wrote:
Zeo,
Thanks for the feedback. This is
only the 8th WM_IN episode we have released. I'm not sure I see how
this equates to alienating viewers who prefer the more technical
content.
We are experimenting with how we conduct WM_IN
interviews, so you will see more variety, but the core issues will
continue to be addressed.
Plenty more Going Deep on the horizon (and LOTS of Vista). More WM_IN coming too!
C |
|
| rjdohnert wrote:
Are there any women who work on the Windows Kernel that we will be hearing from?
|
Charles wrote:
Zeo,
Thanks for the feedback. This is only the 8th WM_IN episode we have released. I'm not sure I see how this equates to alienating viewers who prefer the more technical content.
We are experimenting with how we conduct WM_IN interviews, so you will see more variety, but the core issues will continue to be addressed.
Plenty more Going Deep on the horizon (and LOTS of Vista). More WM_IN coming too!
C | |
http://channel9.msdn.com/ShowPost.aspx?PostID=59936
http://channel9.msdn.com/ShowPost.aspx?PostID=60627
|
 |
Minh
Does this make my head look fat?
|
|
|
As a developer, I totally understand that everyline of code is a potential point of failure and what a monumental task "security" is .... on the other hand, post-SP2, we're supposed to have the security of the /GS switch that protects us from buffer overflows, and multi-million dollars (has to be high 8in the 9-figures) efforts to provide security for us users....
...then you've got the WMF exploit. If I see another "buffer overflow that would allow remote code execution", it'd be too soon. What will Vista bring me security-wise? What would a XP SP3 bring me?
Is there such a thing as a security utopia where I COULD go to ANY web site (even those I don't trust)? It's like I can only trust MS as far as the next security issue. I'm just ranting here ... but at least I'm not raving, right?
Just a user so tired of the endless stream of security warnings.
|
Minh, that's a very good point. In fact, this is one of THE main questions people keep asking of Microsoft.
Will Vista be the first Microsoft OS, where Microsoft says to its customers, "no longer can we chop and change things in our OS to suit specific products or development methods. From now on you will all need to pay close attention on how to write your apps for Vista, otherwise they will not work". Or something similar.
How is Microsoft going to force developers to adhere to using secure interfaces into the OS?
I just came off /.
They love Microsoft there. However, there is some hint of truth in amongst all the sledging and trolling. Microsoft has a sorded history and I think the Vista timeframe is gonna be fairly critical in proving these trolls wrong and really giving people faith that their PC will help them with security. I hope Vista will prove them wrong.
|
I have one question about the two teams, the incubation team and the production team: do you rotate people from the production team through the incubation team?
|
|
I used to be one of those persons who would rant about the security-issues from old DOS-days on (knowing Unix). I stopped blaming Microsoft when I realized how "stupid" users behave and how they don't want to be bothered with things like "passwords", "profiles" or "security".
They want to do "everything" with their PCs without knowing what this means and without any sense of "problems" that might evolve.
You don't have to be a dev or prog to understand the sensitive concept of exchanging information between total strangers. Every click is an execution, is a decision on the presumption that it will be "ok". Unless people start thinking about what they do before they do things, we will have to deal with pain.
BTW: Another great vid. Interesting people make interesting vidcasts.
|
why the big debate about all this anyway, it dont matter whether its men or women in the videos as long as the vids get made and published for us all to see.
|
Thanks for the video Charles. A handful of videos about women in tech, and people start complaining that this site has gone in the tank? Give me a break. There will be plenty of noise/videos when Vista is rolled out (or right before).
Now, when can we see some videos of the little people of Microsoft? For instance, Microsoft from the eyes of a janitor.
Call it the "Behind the Broom" series.
|
| Minh wrote:
...then you've got the WMF exploit. If I see another "buffer overflow that would allow remote code execution", it'd be too soon. |
Actually, I believe that the WMF hole wasn't the result of a buffer overflow, it was "broken by design" in that the security hole was actually a documented WMF feature.
|
| pusher_robot wrote:
| Minh wrote:
...then you've got the WMF exploit. If I see another "buffer overflow that would allow remote code execution", it'd be too soon. |
Actually, I believe that the WMF hole wasn't the result of a buffer overflow, it was "broken by design" in that the security hole was actually a documented WMF feature.
|
You are correct. But, on the other hand, the fact that it was a documented feature makes the exploit MORE creepy, not less.
|
"I did miss scoble's laugh though. Maybe charles should emulate him just for kicks "
 ) Maybe we can submit mp3s for a "Imitate Scoble" contest?
|
I think just by showing them they are being represented the best way - as equals. Not sure it needs to be a special point all the time. Could be wrong.
|
|
I must say this is the best WM_IN video I've seen; I can't believe people are complaining! I realise its more about the number of them then this one specific... Yes its not very technical but I enjoyed it and got some motivation from it. I'm a white guy tho so no brownie points... 
Edit: that last sentence is suppose to be funny in case people missed the smiley.
|
 I would like to have more going deep vedio for CS mania like us.
But I think WM_IN is still good for us to understand the big picture of the future of Microsoft and encourage that women can success in Software as well.
It is funny that Rebecca has so many supplemental bottles on table.
|
News Flash:
To most citizens (meaning paying MS customers) a computer is a life accessory, not a life. To blame Windows security problems on "stupid users" is exactly why it's 2006, every other day brings a new MS security scary story and MS blindly celebrates its GM of Security with a glory video while lost-faith stupid-users are grasping at anywhere for an alternative (e.g. the "why in the world" proliferation of Firefox, Linux (plus the endless Saturday radio talk shows dedicated to "fixing" Windows PC's that always give the same advice... reinstall Windows or wait until the next version)). Alternatives will never supplant Windows but they do give a big fat clue that folks are year after year frustrated that computers are still such a basic rub your head, pat your tummy, wish for luck gizmo. And MS adding more and more high tech features is where Detroit was when each year brought more chrome and bigger fins. As they say in Sunday school, the wise man builds his house upon the stone, the foolish man builds his house upon the sand. Given a choice between Vista with all its new cool Robert Fripp action noises and a no-fripps tank of a Windows version called Hi-Rel/Hi-Sec (MS code name "Mess With This Machine And Die") which one would you... well, what a silly, obvious question (to users, not "but I want a challenge" developers). Look, I like MS. I root for MS. Every classroom should have a picture of Bill Gates, the true symbol of the American Dream. Seriously. But MS has become like a big rich uncle who does goofy, out of touch things that you put up with because he's rich and successful, the only game in town and you hope something nice will trickle down someday. Could someone at MS at least make us feel a little better by admitting that the masses have lost faith in MS Security because of, maybe, something to do with MS?
Larbedo the Dog
P.S. Re: Supplement Bottles... A video on a Security Boss who is evidently somewhat fragile with 6 bottles of vitamins in the background plus a dead plant, a stuffed happy tiger and a Mr. Rogers sweater doesn't give me comfort that this is the tip of the spear in the WAR against the hordes of serious techno-spetsnaz-warrior hackers and mobsters preying on the net. At least she wasn't crying. Forget the politically correct Seattle-type stuff! A security video reel featuring a 300 pound bull-d%ke gal with a soccer coach crew cut and a ripped T-shirt that says "See Me for an Attitude Adjustment!"... howdy howdy, OK, I would feel better. That there is hope out there. I'm sure Ms. Norlander is a wonderful and sensitive person, infinitely credentialed with all the right tickets punched who would actually be great to sit at Starbucks with and muse about mean old Mr. Virus issues but, come on MS people, there's a WAR going on out here!! Help Us!!! We need reinforcements and firepower not a new issue of Stars and Stripes and a USO Show!!!!
|
I have a mixed reaction to the video, especially after reading the bitter comments of "Larbedo the Dog". Dog, your ad hominem attack on her perceived fragility is quite a low blow. She's drinking water and perhaps takes vitamins (like many others who actually care about their health and don't wish to be 300 lbs), but she is definitely energetic and very motivated, so stop the personal attacks!
At the same time, I couldn't disagree with her more on the cost of mistakes. I very much appreciate her outsider's perspective for the Security team, especially if this has played a part in making SP2 one of the easiest to use and one of the most secure patches to date (despite some designed-in flaws that date back to Windows 95, like the WMF vulnerabilites). At the same time, I've seen that you need a high level of paranoia when you are designing for security, and it IS a life and death thing for your customers. A virus that takes out an Internet-based medical system based on the Win XP/2000/ME/98/95 codebase hodgepodge and potentially harms or kills patients is definitely a possibility. Or that same virus costs your customers billions of dollars of data loss, down time, and all that. I work in the financial industry in NYC (developer on a Foreign Exchange platform) and I know down-time is NOT an option when millions/billions are being traded daily. So please don't try to downplay the seriousness of Security, especially at Microsoft!!!
Furthermore, I'm a 22 years old white male, so please classify me an over-priveleged and under-qualified CS graduate. Or perhaps, you might want to know I'm the oldest of 8 children, I attended a private college without a penny of $$ support from my parents and am currently paying off my loans, and I went for the Masters because I could squeeze it in the 4 years for no extra cost (via the accelerated route) and saw a good deal. Why all this info? Well, I'd just say you can't pigeonhole geek white males into a group either, Ms. Norlander. And as far as diversity in the workplace, I find the discussion somewhat tiresome and pedantic, especially as I consider the work environment where I am. I can definitely say I'm the dumbest of the smart people in my dev. group, but interestingly enough (for the statisticians out there), I'm the only developer who's a Caucasian. The rest include: 4 from Indian background, 3 from Asian background (1 woman), and 1 Hispanic (Columbian to be specific). So that's my development group, so would that make me the underrepresented Caucasian white male? I don't think in those terms really - my boss has been adament in saying he will pick the best qualified person for the job regardless of their background and I think it's more common out there than 10 years ago...
Dan L
P.S. Larbedo, next time think before you post and display your flamebait for the world to see. And perhaps use a grammar checker (like MS Word for instance).
P.P.S. I'd really like it if Charles or whoever shoots the video would include a synopsis/summary of the video so we can choose the salient bits if we're running short on time.
|
| dantheman82 wrote:
So please don't try to downplay the seriousness of Security, especially at Microsoft!!! |
I don't believe she downplayed security at all. I believe what you're referring to is when she was talking about employees making mistakes and planning for worst case scenarios which she said was about motivating her team.
As someone that has also had experience with a manager that doesn’t value leadership I can relate completely.
In addition I’ve also suffered from some insecurity about making constant choices while developing and system administration. Specifically when looking at security it seems there’s always new best practices coming out & with clichés like ‘the more lines of code, the more bugs’ you must start to think ‘do I really want to risk writing/exposing a new webapp?’
If you’re so sure of yourself, your coding & your computing skills I’d say either you haven’t read enough or you should teach others because you’re very talented.
|
|
|