Yesterday, Steve Lipner was inducted into the ISSA Hall of Fame. A couple of us who know him and have worked with him are talking about Steve’s impact in our endeavors, sharing professional or personal stories. My story about Steve is a little of both.
Steve Lipner and I are security opposites in a lot of ways. Steve Lipner came from the DoD; I came from 2600 meetings, and later, @stake. Steve Lipner built A-1 systems to be provably secure; I spent several years as an application penetration tester routinely disproving supposed security.
Despite coming from different security backgrounds, we do have more in common than one might think. We both hail from MIT, his alma mater, and my first professional employer. Those experiences molded (warped?) us both, at formative moments in our professional lives. Working together at Microsoft, Steve and I found quickly that we both were fans of security and truly awful puns. And just recently, we also realized we were both fans of Star Trek, the original series. Oh and in case it wasn’t obvious, we’re also both geeks.
Steve has been an incredible Sherpa leading me up some craggy climbs in this mountain of a company, helping me understand not just how this company operates, but also how to drive major initiatives that require acceptance and work across more than just our own security-focused group. What has surprised me most about working with Steve over the past nearly four years is how many times we actually agree on what to do in terms of security – perhaps for different reasons, given our different backgrounds. The times when we have disagreed on the best approach, Steve always has very thoughtful reasons, based on his deep experiences and awareness of what has worked historically and what died on the vine. If nothing else, Steve is the litmus test I use to bounce all my craziest of crazy ideas (internally, these are affectionately known as “Katie’s cockamamie schemes”). If I can convince Steve, I have a very good chance of convincing everyone else to make it happen.
The creation of the Microsoft Vulnerability Research (MSVR) program was one such mountain that Steve’s support helped me summit. While many were involved and critical to the process of getting MSVR off the ground, Steve’s belief in me, as manifested by his support (because he knew I could do it), constructive criticism (because he knew I could take it and use it to strengthen my position), and the opening of the right doors to the right approvers within the company, were all key to the launch of the MSVR program.
Steve continues to open those doors for me, and helps me hone my arguments to turn my security dreams into reality here at Microsoft and in the larger security ecosystem. I hope he continues to do this for me, even though I recently may have gotten on his bad side for sending him the video for the song “Star Trekkin”. He can never un-hear it, and for that I will surely pay. I have a feeling he’ll come back with some dreadful pun that I will never be able to un-read. Totally worth it. ;-)
Steve Lipner has changed the security world himself so much in such lasting and positive ways. His legacy will live on not just in ISSA’s Hall of Fame, but in the progressive evolution of security through his influence and guidance for those like myself, who are filling in the ranks of the newer recruits here at Microsoft.
I’ve been lucky to have had a few very supportive mentors in my life. Steve Lipner, an unlikely ally on paper, has proven to be one of the very best.
Thanks and congrats, Steve. I owe you n+1.