Jeff Jones is a 24-year security industry professional that has spent the last several years at Microsoft helping drive security and privacy progress as part of the Trustworthy Computing group. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft's internal security teams to drive practical and measurable security improvements into Microsoft process and products. Prior to Microsoft, Jeff was the vice president of product management for security products at Network Associates where his responsibilities included PGP, Gauntlet and Cybercop products, and several improvements in the McAfee product line. These latest positions cap a career focused on security, managing risk, building custom firewalls and being involved in Darpa security research projects while part of Trusted Information Systems. Jeff is a frequent global speaker and writer on security topics ranging from the very technical to more high level, CxO-focused topics such as Security TCO and metrics. Jeff is also a contributor the Microsoft Security Blog ( and writes on a wide range of personal interests (e.g. books, poker, gaming) at

5 Top Trends Redefining CSO Priorities

The CSO carries a heavy load, as the person responsible for overall direction of security functions associated with IT applications, communications, and computing services and security within the enterprise. Part of what makes the...

Protecting the Supply Chain傍he CSO Rides Shotgun

When I was a teenager and a group of us headed to the car for some fun, someone would inevitably yell “I’ve got shotgun,” kicking off a race to the car and a round of “discussions” before seating arrangements were finally settled –...

Career Advice? One Word. Are You Listening? … Cybersecurity

Advice on what a young person should choose for a future is as old as civilization. In the United States the classic satirical take on such advice was in the 1967 movie “The Graduate”, when Dustin Hoffman playing an overwhelmed...

Scrutiny of Mozilla Security Claims

One particular vendor claims they are the "safest web browser" - but are they really? Follow this series of articles to see if the claims can stand up to close scrutiny.

Which Desktop OS Had the Most Vulns in Q1 2008?

2007, who cares? What have you done for me lately? Let's take a look at some Client/Desktop/Workstation operating systems and see which users had the most ... and the least pain from vulnerabilities and patching from January through...

Windows XP SP2 or Windows Vista - Which Did Better in 2007?

You've been hearing the stories about how people just want to stick with Windows XP SP2, but Windows Vista security is supposed to be better. Do you wonder how many vulnerabilities and patches each one had in 2007? Read on...

SQL Server : The Real Security Story

SQL Server has come a long way in the past 5 years, though the history seems to linger. Let's look at the recent history and see what the story is with database vulnerabilities.

Windows Server 2008 Launch Security Highlights

Building upon the progress made in Windows Server 2003, SQL Server 2005 and Visual Studio 2005, Microsoft today launched the new generation of each of these products.

Jesper Johannsen Does Some Windows Vista Analysis

Okay, so you had some further questions after reading my Windows Vista One Year Vulnerability Analysis. So, did Jesper Johannson, but he decided to do the analysis and find some answers. Read here to see what questions he asked ......

Windows Vista One Year Vulnerability Report

Having published a Windows Vista vulnerability report after 90-days and six-months, I am sure it will come as no surprise to folks that I have been working on a one year analysis as well. Take a look at this post to see some...

Internet Explorer and Firefox Vulnerability Analysis Report

Internet Explorer or Firefox - Which way should you go? If I asked you which browser had the better record in terms of security vulnerabilities, I know what your guess might be, but do you know for sure? Want to find out?

Load More