Video: Proven Practices for Security Engineering

This is an oldie but a goodie.  Alex (from our original team) walks through our patterns & practices Security Engineering Approach.   I knew the video exists, but I had a hard time finding it again so I’m posting the link here. Video MSDN Architecture Webcast: Proven Practices for Security Engineering (Level 300)  Key ChangesA few…

3

Three keys of a business case

If you have to compete for resources or budget or sell an idea, one of the keys is a business case.  One way to think of a business case is “how big is the pie” and “what’s your slice.”  You use the business case either to argue for your project or in argument against other…

2

The Five P’s

How do you design an org?  While there’s lots of approaches, one of my mentors shared the 5 Ps approach with me.  To think about the org, you need to enumerate the 5 Ps to define the organization, the type of talent you need, overall organizational competencies, culture, etc.  If you don’t know what you’re…

1

Framing Results

It’s one thing to get results.  It’s another to articulate them.   Having a way to frame results can help both for personal learning, as well as review time when you have to reflect on accomplishments. Commitment, Results, How, Evidence, Analysis I’ve found framing results by listing the commitment, the results, the how, the evidence and…

2

Iterate More, Plan Less

I’m always on the prowl for useful insights.  Alik sent me a link to Dustin Andrew’s post, Learn to Get Traction in Your Team.  I like the collection of tips, and I found myself using the phrase, iterate more, plan less a few times.  When I joined Microsoft, one of my rules was “avoid analysis paralysis.”  I…

3

How To Use Guidance Explorer to do a Security Code Inspection

One of the key experiences you get with Guidance Explorer (GE) is support for manual security inspections.   We call them inspections versus reviews because we inspect against specific criteria.   We supply you with a starter set of inspection questions, but you can tailor them or add your own.  Security Code InspectionWe use three distinct types of inspections:  design, code and…

7

New Release: Guidance Explorer is Now on MSDN

This is a significant release for Guidance Explorer (GE).  Our online “guidance store” is now hosted on MSDN.  To take advantage of this, you need to download the new version of Guidance Explorer (release 20071206) What Is the Guidance StoreOur guidance store is a catalog of reusable guidance nuggets for helping you build applications.  The catalog…

10

Outlook Reminder for Leadership Practices

I created a recurring appointment in Outlook for Fridays.  It’s a checklist of key leadership practices from The Leadership Challenge.  Each Friday, I scan this checklist and reflect on how well I’ve demonstrated the practices and where I need to tune for the upcoming week.  Leadership Checklist  Model Sets a personal example of what to expect? Makes certain that…

1