Introducing Steve Lipner

Several weeks ago we started a 30 second profile series that looks at some of the members of the Trustworthy Computing team and what they do both in and out of work. In the first profile you got to know a bit more about Adrienne Hall. Today we’ll introduce you to Steve Lipner, partner director of program management for the Security Development Lifecycle.

– What do you do in TwC and how long have you been doing it?

My primary responsibility in TwC is the Security Development Lifecycle (SDL) – Microsoft’s process for improving the security of the software and services we release to customers. I also work on protecting the integrity of Microsoft’s product development process and supply chain, and on government evaluations of Microsoft products and online services. I’ve been responsible for the SDL and its predecessors for almost eleven years.

– What’s the first thing you do every day at work?

I check email from home every morning to see if any “hot issues” have come up overnight. That’s a practice I started when I was responsible for the Microsoft Security Response Center from 1999 to 2003.

– What’s the biggest security challenge facing the industry?

I think the biggest challenge facing the industry today is providing systems that are easy to use securely.  We’ve done a lot in the last ten years to make products “secure by default” but we still have a lot to do on usable security. And of course new technologies come up that may not have been designed with security in mind, and it’s often a challenge to get those benefits to users without jeopardizing security.

– What’s the biggest contribution you or your team have delivered in the last 10 years?

That’s an easy question – the SDL. It has changed the way that Microsoft builds software and been adopted by a large number of organizations around the world.

– What do you do to unwind?

I like to hang out and work in the yard of our cabin on a little island north of Seattle.

– Favorite band?

That’s a tough one – either the National Symphony Orchestra or the US Marine Band.

– Your work in security – was that by accident or design?

Very much by accident. I was asked to take on security as a project when I worked for a US government contractor. I initially thought “what is this about and how do I get out of it?” but I pretty quickly discovered it was fun and interesting.

– You win the lottery. What’s the first thing you buy?

Probably a clean rust-free Porsche 914 2.0 liter to replace the one I shouldn’t have sold back in the 1970s.

– Favorite film / TV show

Tinker, Tailor, Soldier, Spy. The BBC original version – I haven’t seen the new movie version yet.

About the Author

Director, Trustworthy Computing

Richard Saunders is a director in Trustworthy Computing (TwC) and is responsible for the group’s international public relations activities. A 30 year veteran of the communications industry, Saunders has spent his entire career as a journalist and PR man. Since Read more »