As a now former co-worker stopped by my office to say farewell on his last day before joining Microsoft as a Security Program Manager, I thought to myself, "Should I tell him?" Should I let him know the sheer stature of his pending position? Should I advise him of the esteem held for his security staff peers in the Redmond ranks? After all, Popular Science's July 2007 edition had just put it all in perspective. Number 6 on the list of 2007's Worst Jobs in Science is Microsoft Security Grunt, described as "Like wearing a big sign that reads 'Hack Me'." You just can't win with press like that. For your consideration:
The people manning secure@microsoft .com receive approximately 100,000 dings a year, each one a message that something in the Microsoft empire may have gone terribly wrong. Teams of Microsoft Security Response Center employees toil 365 days a year to fix the kinks in Windows, Internet Explorer, Office and all the behemoth’s other products. It’s tedious work. Each product can have multiple versions in multiple languages, and each needs its own repairs (by one estimate, Explorer alone has 300 different configurations). Plus, to most hackers, crippling Microsoft is the geek equivalent of taking down the Death Star, so the assault is relentless. According to the SANS Institute, a security research group, Microsoft products are among the top five targets of online attack. Meanwhile, faith in Microsoft security is ever-shakier—according to one estimate, 30 percent of corporate chief information officers have moved away from some Windows platforms in recent years. “Microsoft is between a rock and a hard place,” says Marcus Sachs, the director of the SANS Internet Storm Center. “They have to patch so much software on a case-by-case basis. And all in a world that just doesn’t have time to wait.”
But after all, workplace etiquette got the best of me, and I simply wished my departing teammate best wishes and good luck. Both of which he'll need in his new endeavor. The worst job in science indeed...
Subscribe to:
Post Comments (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
No comments:
Post a Comment