About Us

Arjuna Shunn

Principal Security Program Manager, Security Development Lifecycle Team

Arjuna Shunn is principal security program manager in the Microsoft Corp.’s Trustworthy Computing (TwC) Group. He is a cyber-security professional with extensive experience across a wide range of cyber-security practices, industry verticals, regulatory regimes and environments, focusing on development lifecycle security, regulatory guidance and cyber-security training. Arjuna currently manages the SDL Pro Network pilot program and helps evangelize SDL adoption across the software development ecosystem.


David Ladd

Principal Security Program Manager, Security Development Lifecycle Team

David Ladd is principal security program manager in Microsoft Corp.’s Trustworthy Computing (TwC) Group. As a member of Microsoft’s Security Development Lifecycle (SDL) team, he is responsible for evangelizing the security development processes, tools and training of Microsoft’s SDL with the developer community. Additionally, he manages proactive security relationships with SDL partners, including independent software vendors, Web service providers and original equipment manufacturers. David is the co-founder of the Trustworthy Computing Academic Advisory Board, a group created to expand the interactions among Microsoft and the academic security and privacy research communities. He serves on a number of external advisory boards and committees and is an associate editor of IEEE Security and Privacy Magazine.


Douglas Cavit

Security Development Lifecycle Team

Douglas Cavit helps protect and secure global critical information infrastructure through technology innovation and collaborative efforts with others in industry and government. Specifically, he drives forward the SDL process as a methodology to improve development and implementation of technology in critical infrastructures working with employees, partners, customers, and governments. Douglas has over 25 years of experience in the technology arena and is widely recognized as an industry thought leader on application security, privacy and cloud computing serving on numerous boards and advisory groups. Before joining Microsoft, Douglas was CIO of McAfee for 8 years and is a published author on technology innovation.


Jeremy Dallman

Senior Security Program Manager, Security Development Lifecycle Team

Jeremy Dallman is a senior security program manager in Microsoft’s Trustworthy Computing Group. He has been at Microsoft since 2002 in a variety of security roles spanning Windows Security for XP SP2, Vista, Internet Explorer security response, the IE7 security program management, and IE8 security planning and design. In his current role, Jeremy evangelizes adoption of the SDL security best practices to organizations outside of Microsoft by publishing practical implementation guidance and security tools, as well as advising companies across a variety of industries on how to customize and accelerate their adoption of SDL practices. Jeremy has more than 13 years of experience in technology business management spanning IT consulting, mobile, web/online services, and application development.


Michael Howard

Principal Security Program Manager, Security Development Lifecycle Team

Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Security team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Michael is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsoft’s software, and is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle and his most recent release, Writing Secure Code for Windows Vista.


Monty LaRue

Senior Security Program Manager, Security Development Lifecycle Team

Monty LaRue is a senior security program manager in Microsoft’s Trustworthy Computing (TwC) Group. He joined TwC in early 2011, but has worked with Microsoft since 2003 as a developer and program manager in the Windows, Automotive, Surface Computing, and Xbox product teams. He is currently part of the SDL team with responsibilities to address application security issues via the SDL by managing the SDL requirements and determining how the SDL is applied to the various software development processes. Monty’s focus is on SDL as it applies to web technologies and “agile” development environments as well as contributing to the security tools strategy within Microsoft and outward into the external developer community.


Steve Lipner

Senior Director of Security Engineering Strategy

Steve Lipner is senior director of Security Engineering Strategy at Microsoft Corp. Steve leads Microsoft’s Security Development Lifecycle (SDL) team and is responsible for the definition of Microsoft’s SDL and for programs to make the SDL available to organizations beyond Microsoft. He’s also responsible for Microsoft’s corporate strategies related to government security evaluation of Microsoft products. Steve has more than 35 years experience in IT security and is coauthor with Michael Howard of The Security Development Lifecycle (Microsoft Press, 2006). Steve is named as inventor on twelve U.S. patents in the field of computer and network security.

About the Author
SDL Team

Trustworthy Computing, Microsoft