Welcome… My name is Todd Kutzke and I help lead the Information Security group within Microsoft. Organizationally, we sit inside Microsoft IT and together with our business partners, we help manage information security risk for Microsoft. The intent of starting up this blog is to share some of our practices and tools and hopefully engage in a dialogue around the information security discipline. Showcasing Microsoft IT internal practices isn’t anything new. In fact, it’s part of the larger initiative around showcasing how Microsoft does IT. And this certainly isn’t new to us in Information Security where our ACE team has been showcasing our practices and tools as well as providing services to our customers for many years.


Whether it be our threat modeling work or the more recently released CAT.NET and AntiXSS as well as neXpert, we’ve always believed that sharing our work with our customer and partners at large is not only a great way to give back to the community but it also provides us a venue to gather invaluable feedback.


In addition to the application layer, over the coming future, we plan to discuss our larger information security practices and engage in a dialogue over such items as our framework, priorities, challenges and how we’re looking to innovate in the area of information security.