I'm Shawn Veney, a Technologist with Microsoft and a soldier in the U.S. Army. Fortunately for me the 2 occupations have a lot in common. At Microsoft my team does security assessments, threat modeling, design reviews and various forms of risk management for the line-of-business space. This means my focus is on the IT Enterprise (internal and external). It also means my focus is not Server, SQL, VSTS etc. rather how these technologies are implemented to fulfill business objectives. In the military I serve in an Information Operations Group; there I get to assist and execute various tech missions that complement what I do at Microsoft.

I'm a bit new to the blog space; I'm actually one of those old-school types who is a bit more comfortable with a journal that involves a pen in hand and paper but I can adapt ;)

I'm going to be focusing on sharing knowledge about process and methodology and plenty of opinion on the following areas:

  • Application Security
  • Threat Modeling
  • Security Assessment Methodology
  • Compliance Activities

I will try to synthesize the lessons I am learning and have observed from all my experience. One of the challenges I have observed in most organizations is how to strategically implement a common sense approach to application security, or for that matter IT security in general. There are a lot of great blogs out there on the subject and I will not link to all of them but will point to them as needed to support various opinions :)

I hope in the months and years to come that some of the material that I end up posting here is useful to someone out there and helps them avoid some of the pain points I have seen in various security evolutions.

Look forward to blogging! And may you all fine some enjoyment or reward in your efforts (all of you trying to improve the trustworthiness of networks, hosts and applications!)