RSS Alerts

Roger Halbheer

Job title:
Chief security advisor, Microsoft

Areas of expertise:
Policy, architecture, law enforcement, cybersecurity, processes

Biography:
Roger Halbheer joined Microsoft as Chief Security Advisor of Microsoft Switzerland in 2001 and was promoted to the role of Chief Security Advisor for Microsoft Europe, the Middle East and Africa (EMEA) in February 2007. Roger leads a team of national Chief Security Advisors across EMEA who work with organizations in the commercial and public sectors - including national governments, law enforcement and intelligence agencies - on information technology issues and strategies. He is a trusted advisor to C-level executives, governments and law enforcement agencies and has established relationships with security communities and government agencies across the region. Roger is a regular speaker at industry events and has worked with national and international print and broadcast media both to represent Microsoft and to provide expert comment on broader security issues. A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP). Before joining Microsoft, he was responsible for e-Business Risk Management at PricewaterhouseCoopers in Switzerland. He lives in Zurich and is married with two sons.

Tag Cloud

Business Value Cybercrime Malware Web Security Compliance Rogue AV security Compromised Sites

Bloggers

Blog

Follow and talk to Infosecurity's bloggers.

Follow Infosecurity's bloggers as they share their thoughts on the industry, technology, and much more. Our bloggers have been selected for their industry expertise. They welcome interaction, so we encourage you to add your opinions to theirs.

All Bloggers » Roger Halbheer
0
comments
Strong Authentication and Privacy – A Contradiction in Terms?
You know that I am not a big fan of the requirement for having all Internet users authenticate strongly. There are people in the security arena who think that this is the only way to fight cybercrime – and in parallel accept that they would kill freedom of speech. I recently had a good discus ...
Posted 17 March 2010 by Roger Halbheer
tags: Privacy , Identity Management
1
comment
Insider Threat of Cloud Computing
Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You're missing the real threat. David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real problem as the insider threat is ...
Posted 11 March 2010 by Roger Halbheer
tags: Cloud
0
comments
Data Protection Heat Map
I was looking at some research done by Forrester, which could be interesting for you as well. They try to lay out the landscape with regards to data protection for you and it looks fairly compelling. So if you are interested in the situation of the different Privacy laws across the globe and how For ...
Posted 09 March 2010 by Roger Halbheer
tags: not tagged.
1
comment
Why it pays to be secure – Chapter 5 – I need tools!
Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. So far, in the first 4 chapters, we have addressed the usual excuses for not Managing Your IT ...
Posted 06 March 2010 by Roger Halbheer
tags: not tagged.
0
comments
Making the Management of Security Compliance Easier!
As you all know, I have two main pet themes: Risk Management and Compliance Management as I see very often that there is room for improvement when it comes to such processes within our customers. Internally, we often think about how we can make it easier for our customers to manage compliance in the ...
Posted 18 February 2010 by Roger Halbheer
tags: Compliance , Policy
2
comments
SANS Top 25 Most Dangerous Programming Errors – the same as very often…
I just worked my way through the list SANS published. Looking at the list it is not surprising but scary to see which errors made it to the top of the list: Cross-site Scripting SQL Injection Classic Buffer Overflow Cross-Site Request Forgery Improper Access Control It ...
Posted 17 February 2010 by Roger Halbheer
tags: Cybercrime , Secure Development
0
comments
Children – A Threat For Corporate Security?
I read this article this morning: Safer Internet Day: How children can undermine corporate security and it actually reminds me of all the PCs I looked at in my private environment. When I see a heavily infected PC, the parents always keep telling me that the Peer-to-Peer network software on the PC w ...
Posted 10 February 2010 by Roger Halbheer
tags: Cybercrime , Family
2
comments
Use Music to Fight Cybercrime: ‘Maga No Need Pay’
When I travel through Africa, the high piracy rate is often something we address. Not necessarily from a commercial perspective but much more from a security angle. We know that pirated software is often infected with malware and therefore used for criminal activities. However, the discussion is a d ...
Posted 09 February 2010 by Roger Halbheer
tags: Cybercrime , Piracy
1
comment
Targeted Attacks – the “Real” Problem
When I talk to customers, the different attacks are often something we discuss (obviously). I often mention that Virus and Worm attacks on a broad scale (like Conficker, etc.) are a serious problem, but at least they are ones we see, understand, and can fight (because we see and understand it). How ...
Posted 05 February 2010 by Roger Halbheer
tags: Incidents , Cybercrime
0
comments
Cloud Security Paper: Looking for Feedback
As most of you well know, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers, but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. Th ...
Posted 30 January 2010 by Roger Halbheer
tags: Cloud
0
comments
Data Protection Day: An Interesting Study
As you might know, it was time for the Data Protection Day in Europe again. Unfortunately I did not find the videos from this year’s competition, yet but I guess we will find them later on the page and on YouTube. However, we released a study on Privacy that is pretty interesting. Find t ...
Posted 29 January 2010 by Roger Halbheer
tags: Privacy
0
comments
MTaS: Malware Testing as a Service
Well, in my last post I wrote about the prices for malware. Today I read the next evolution of this: The possibility of having malware tested against anti-malware tools – not to make sure malware is really recognised, no, the other way round: To make sure it is not recognised. I read this art ...
Posted 05 January 2010 by Roger Halbheer
tags: not tagged.
0
comments
The Cybercriminal’s Wish List
I know that Christmas is over and I know how my kids actually compile a Wish List: They take most of the ads (which are targeted to them) and glue them onto a piece of paper for mum and dad to make sure that everything can be found under the Christmas tree… I guess you know the drill. If you ...
Posted 01 January 2010 by Roger Halbheer
tags: not tagged.
0
comments
Algeria: Conference on Certification (eID)
When I tweeted last week that I am on my way to Algeria, I got quite some reactions and questions that I should report how it was. So, let me try to briefly summarise my impressions. I was invited to speak at a conference on certification in Algiers. Well, initially I pushed back as I did not under ...
Posted 17 December 2009 by Roger Halbheer
tags: certification , certificates , eid
0
comments
Get Safe Online: Don’t be a Money Mule
You know, there are people who blog late, there are people who blog very late and then there is me… I actually missed that one even though I was triggered: Mid November there was the Get Safe Online Week 2009 in the UK. Usually they do really good stuff and this is the reason I usually blog ...
Posted 04 December 2009 by Roger Halbheer
tags: Consumer
0
comments
“Black Screen of Death” Reports
Oh, wow – sometimes the power of social media, the blogs and the internet can backfire. I guess in the meantime you have seen the claims by Prevx that approx. 80 million of PCs are affected by the Black Screen of Death problems supposedly caused by our November Security Updates. This caused (a ...
Posted 01 December 2009 by Roger Halbheer
tags: microsoft , malware , black screen
0
comments
Questions to Ask your (Security) Vendor
You know that I am a big fan of Security Development Lifecycles as we run it internally to build code which is more resilient against attacks. And I recently blogged on Security - A Feature Discussion? Some Thoughts on Google's Chrome OS as I am convinced that it is much more important to look into ...
Posted 01 December 2009 by Roger Halbheer
tags: Process
0
comments
Security and Usability
It is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex to fulfill th ...
Posted 26 November 2009 by Roger Halbheer
tags: Usability , security
0
comments
Security – A feature discussion? Some thoughts on Google’s Chrome OS
To be clear upfront: This is not a 'Microsoft versus Google' post. I cannot even judge how far Google pushed security with the Chrome OS. But the following article raised quite some questions how we look at security: Inside the Google Chrome OS security model. This article, like so many when securi ...
Posted 19 November 2009 by Roger Halbheer
tags: Security Processes , google , chrome
0
comments
Why it pays to be secure – Chapter 4 – I want to learn!
Use these Learning Paths to find a range of Microsoft training references and resources on information security threats and appropriate countermeasures. Learning resources are organised by level (from basic to expert) and provide information on the planning, prevention, detection, and response phase ...
Posted 13 November 2009 by Roger Halbheer
tags: information security , microsoft
0
comments
International Collaboration on Policies for Cybersecurity and Data Protection
For a few years we have been working with the Council of Europe in a partnership to help to drive a Cybersecurity treaty. We realise that a problem a lot of law enforcement agencies have is inconsistent legislation, which makes it unbelievably hard to catch cybercriminals. The Co ...
Posted 05 November 2009 by Roger Halbheer
tags: Cybercrime , Policies , cybersecurity
0
comments
Power of Knowledge: Security Intelligence Report v7
It has been a good tradition for quite a while that we make the intelligence we (Microsoft) have available accessible to the broad public. This will help our customers to protect themselves much better. The Security Intelligence Report (SIR) is built on a unparalleled set of sensors out there on the ...
Posted 02 November 2009 by Roger Halbheer
tags: Security Intelligence , Trends
0
comments
Could Microsoft solve the scareware problem?
This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-list all the legitimate security software within the OS in order to make it harder to trick the user. Well, would this work? I am not so sure: ...
Posted 22 October 2009 by Roger Halbheer
tags: scareware , consumer
0
comments
Why it pays to be secure – Chapter 3 – But how do I?
Security — you hear about it every day. Being responsible for information security can be a daunting task, so where do you begin? From the design of acceptable use policies to preventing insiders from stealing data, the job can be a challenging one. Join Senior Security Strategist with the Mi ...
Posted 18 October 2009 by Roger Halbheer
tags: Business Value
0
comments
Software Piracy – A Threat to Security!
Beginning of this year, I tried to understand, whether we can show a collaboration between Piracy (stolen software) and Malware Infections. I played a little bit with the data I had available and came to the conclusion, that there most probably is: Is there a Correlation between Stolen Software (Pir ...
Posted 14 October 2009 by Roger Halbheer
tags: Compliance , Piracy
0
comments
The Africa Cable – A Chance for Africa! – A Threat for the Internet?
The development in Africa especially with the new broadband services to me is a huge chance for the whole continent. I just found a map (Image 1) on the next two years. Even though I have not been in Africa over the last few months, I heard that in different cities fiber is brought directly to the ...
Posted 07 October 2009 by Roger Halbheer
tags: Trends , Broadband
0
comments
Thoughts on the registered traveler programmes at airports
When I entered the US this time, I got a brochure on how I could avoid the line at immigration and just get a fast track by registering with the Global Entry Program, a programme, which would pre-screen me and then I just have to register with a machine by entering the US. As I understand, this is a ...
Posted 30 September 2009 by Roger Halbheer
tags: Privacy , Processes
0
comments
Hey, You, Get Off of My Cloud
I recently had different discussions with different customers and we were looking into the key questions to ask, when you plan to move to the cloud (yes, I am working on a corresponding blog post). I was then asked whether we have an answer to these questions – well no. For sure not for a ...
Posted 27 September 2009 by Roger Halbheer
tags: Cloud Computing
0
comments
Why it pays to be secure - Chapter 2 - Vulnerabilities
The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. http://www.microsoft.com/security/portal/sir.aspx Updatin ...
Posted 23 September 2009 by Roger Halbheer
tags: Business Value
0
comments
Moving to the Cloud: Where it worked and where I was challenged
I am running a whole environment at home to experience our technology. However, up to now it was all “on premise”, no Cloud integration. This has to change. Therefore I was more than happy to join our internal  Hosted Exchange 14 beta program. We are offering the hosted Exchange pro ...
Posted 21 September 2009 by Roger Halbheer
tags: Cloud Computing
0
comments
Microsoft SDL Team Releases New Security Testing Tools
I often mention that we try to give you all the tools we have as long as it makes sense form a risk perspective. The risk perspective is a simple one: If we give it to you as our customer, we give it as well to the criminals. There are two new tools which just made the bar and which are now release ...
Posted 16 September 2009 by Roger Halbheer
tags: Development
3
comments
H1N1 (Swine) Flu Preparedness - Guide for Critical Infrastructure and Key Resources
This morning I stumbled across a guide by the US Health & Human Services with regards to H1N1. Even though it did not catch much news lately I am not sure whether it is really over. Staying prepared it definitely not a bad thing. Even though it is US-centric, you should probably look into it: ht ...
Posted 16 September 2009 by Roger Halbheer
tags: Incident Response
0
comments
Why it pays to be secure - Chapter 1 - Data Breaches
In my first post here, I opened the field for a series on “Why it pays to be secure”. As I told you there, Henk van Roest, our Security Support Program Manager in EMEA kicked this off for internal training. Let’s return to the theme of deploying security updates once more, we need ...
Posted 14 September 2009 by Roger Halbheer
tags: Compliance , Policies , Business Value , Processes
0
comments
Why it pays to be secure
You might all know that feeling: You need money to finance security activities and you are asked why this money shall be invested. And then we start to argue that if we do not do it – bad things happen. These are questions that myself and our support get often. That was the reason why we start ...
Posted 11 September 2009 by Roger Halbheer
tags: Processes , Policies , Business Value , Compliance
View the RSS feed for this blog »
Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water