Roger Halbheer

Job title:
Chief security advisor, Microsoft

Areas of expertise:
Policy, architecture, law enforcement, cybersecurity, processes

Biography:
Roger Halbheer joined Microsoft as Chief Security Advisor of Microsoft Switzerland in 2001 and was promoted to the role of Chief Security Advisor for Microsoft Europe, the Middle East and Africa (EMEA) in February 2007. Roger leads a team of national Chief Security Advisors across EMEA who work with organizations in the commercial and public sectors - including national governments, law enforcement and intelligence agencies - on information technology issues and strategies. He is a trusted advisor to C-level executives, governments and law enforcement agencies and has established relationships with security communities and government agencies across the region. Roger is a regular speaker at industry events and has worked with national and international print and broadcast media both to represent Microsoft and to provide expert comment on broader security issues. A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP). Before joining Microsoft, he was responsible for e-Business Risk Management at PricewaterhouseCoopers in Switzerland. He lives in Zurich and is married with two sons.

Tag Cloud

Bloggers

Blog

Follow and talk to Infosecurity's bloggers.

Follow Infosecurity's bloggers as they share their thoughts on the industry, technology, and much more. Our bloggers have been selected for their industry expertise. They welcome interaction, so we encourage you to add your opinions to theirs.

All Bloggers » Roger Halbheer
0
comments
Stuxnet talks – do we listen?
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it,  what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out ...
Posted 12 October 2010 by Roger Halbheer
0
comments
Last week, when I was in South Africa, a partner of us pointed me to a very interesting paper by KPMG called Cloud computing: Australian lessons and experiences. What I like is, that a lot of the items I was recently raising, where actually reflected in quotes by customers of Cloud providers as well ...
Posted 28 September 2010 by Roger Halbheer
0
comments
The Risks of Unofficial Patches
This is quite a normal scenario: A zero-day pops up on the Internet by a security researcher. Immediately afterwards we see the first exploits appearing and being integrated into the different attack tools. Now, the race has started: The vendor has to develop a security update, the criminals try to ...
Posted 17 September 2010 by Roger Halbheer
0
comments
The Importance of Application Security
I think I told this story thousands of times, and everybody knows it, but I will do it for the 1001st time now. When I joined Microsoft and became what is the Chief Security Advisor for Switzerland today, we had an airlift for Windows Server 2003. The Product Manager in Switzerland asked me to keyno ...
Posted 24 August 2010 by Roger Halbheer
1
comment
I blog often about it: Blocking certain websites today can fire back in different ways. The CIO published an article called Workarounds: 5 Ways Employees Try to Access Restricted Sites – and they say: "Some workarounds can be dangerous because they might create a channel that data can ...
Posted 14 August 2010 by Roger Halbheer
0
comments
You know my opinion on collaboration between countries, on public-private-partnerships, as well as on collaboration between companies. For quite a while we have been running a program called MAPP – the Microsoft Active Protections Program – where we share vulnerability in ...
Posted 28 July 2010 by Roger Halbheer
0
comments
July 1st: Scott Charney, Corporate Vice President Trustworthy Computing was testifying at a hearing of the House Committee on Oversight and Government Reform. Basically the hearing was on the benefits and risk of Cloud adoption for the US government. If you are interested in reading his full testimo ...
Posted 06 July 2010 by Roger Halbheer
1
comment
Raid against Piracy
There seem to be policy organizations that are serious about fighting piracy! Hungary, actually with 41% pirated software “not even that bad”, seems to be really serious. But first, let me just take those 41% up for a second: This means that 41% of the work you do is stolen. I ...
Posted 22 June 2010 by Roger Halbheer
0
comments
One of the biggest challenges in Critical Infrastructure Protection or Incident Response is collaboration. Collaboration between the public and the private sector as the private sector is most often running the critical infrastructure; collaboration between different governments as well, as incident ...
Posted 16 June 2010 by Roger Halbheer
0
comments
This is actually an interesting question. A lot of governments enforce rules and regulations on how you have to run your car, how often you have to check it, in which condition you have to keep your tires, etc. The same is true for a lot of other devices we are using. Now, it seems that the US just ...
Posted 12 June 2010 by Roger Halbheer
0
comments
Open Source and Hackers
The debate is probably as old as the Open Source software development model – Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the value of such d ...
Posted 08 June 2010 by Roger Halbheer
0
comments
Hacking the human body
Years ago I was sitting in a healthcare event, when a researcher was talking (very excited) about the idea of having a pacemaker with Bluetooth access to fine-tune the system and read information from the sensors. Even though this might medically be a great idea, I would be fairly reluctant having s ...
Posted 27 May 2010 by Roger Halbheer
0
comments
Identity in the Cloud
Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's pres ...
Posted 25 May 2010 by Roger Halbheer
0
comments
As you know from my postings on Cloud and security and the paper on the Cloud Security Considerations we wrote, I am convinced that there are five areas you should look at when you try to migrate to the Cloud: Compliance and Risk Management Identity and Access Management Service Int ...
Posted 19 May 2010 by Roger Halbheer
0
comments
I recently came across a paper called Shadows in the Cloud, which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network, an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had th ...
Posted 21 April 2010 by Roger Halbheer
0
comments
I blogged on Day 1 and Day 2 but as I expected, I was unable to blog yesterday on the conference. However, let me just briefly give you my impression of the final day: The core part of this last day was a whole block on Cloud Computing. There were different presentations on the subject and then a p ...
Posted 26 March 2010 by Roger Halbheer
1
comment
And the second day starts. I just met with Jeremy Kirk from IDG and it is great to see that the press is actually interested in such a conference as well. The day today started with a long session on different initiatives against cybercrime. A lot of good information: Interpol offers quite s ...
Posted 24 March 2010 by Roger Halbheer
0
comments
As you saw from previous posts, I am at the Octopus Conference on Cooperation against Cybercrime at the moment. We had yesterday the Deputy Secretary General of the Council of Europe and one of her key statements was that different bodies (like the Council of Europe, UN etc.) should not compete. The ...
Posted 24 March 2010 by Roger Halbheer
0
comments
A few years ago, the Budapest Convention on Cybercrime was signed within the Council of Europe. Since then it was ratified all across the globe by a lot of countries or at least used as the base for legislation. The Council of Europe is organising a conference on Cooperation against Cybercrime, call ...
Posted 23 March 2010 by Roger Halbheer
0
comments
Results of Operation b49 (Botnet Takedown)
On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets. Now it is time to look back and try to understand what we learned so far. Sudosecure traces the Waledac infection and gives a good view of new infect ...
Posted 20 March 2010 by Roger Halbheer
Showing 21 - 40 of 74 blogs
View the RSS feed for this blog »
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×