Ping: Karen Worstell

Karen Worstell

This article can also be found in the Premium Editorial Download: Information Security magazine: Why business managers are a breed of security professional:
As Karen Worstell decoded her final encryption exam, it became clear to the then-biology/chemistry student that her true calling was information security. Nearly 20 years later, the recently appointed Microsoft CISO is charged not only with securing what is arguably the biggest target on the Internet, but also with ensuring Microsoft's products meet high security standards.

How do you keep Microsoft and its internal architecture secure? The thing that's cool about security is that it's

such a complicated problem, and it touches every single part of IT. We use some very standard approaches that anyone would recognize—we have a defense-in-depth strategy. We run a pretty much perimeterless environment that's very focused on security at the host and application layers, as opposed to security out in the network.

You also have a role in product quality control. What security checks do Microsoft products have to pass? Our product group has a security team that checks with its own security design lifecycles. Then, the product moves to the IT department in beta form. We deploy it in our production environment, and we have to sign off on it before it can be released to customers.

What's it like having to be Microsoft's best customer? I think that it's an accepted part of the job. Working at Microsoft is intense, and our security checks are an expected part of what we do. It would be hard to work here as just part of the operations security team and not be part of the final product.

Do you take it as a personal challenge that hackers zero in on Windows and Internet Explorer? No, I don't take it personally. If you look at the numbers, the actual statistics of Windows flaws relative to other platforms isn't out of proportion. Microsoft has demonstrated that it's one of the most responsive platform providers—when we find a flaw, we fix it. And, hey, when you have the whole world looking at it, what more could you ask for?

For the full text of this interview, visit www.searchsecurity.com/ismag.

This was first published in June 2005

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close