MSDN Webcast Review: Computer Crime and Security

This morning I sat in the MSDN LiveMeeting Webcast "Computer Crime and Security". Sitting might be a generous term. I was bored. I just couldn't stay focused.

It started with a presenter basically regurgitating the 2003 CSI/FBI Computer Crime and Security Survey. Pretty slides and all... but I already read them in the report. And went through them in depth during the CSI seminar. I am sure for people that knew nothing about computer security, this would be interesting stuff. And I don't knock the presenter for that... that was his target audience. (Note to self, do not attend any more Level 100 seminars)

One thing I think was TOTALLY missed was that about threat modeling. During the presentation it was talked about in one bullet. I questioned them on this, and I was told that it could be done as part of the technical and risk assessment. That’s true, and they are right. But I think that really should have been expanded on.

MSDN would do well to actually provide a webcast dedicated to threat modeling. Hell, Michael Howard could do an excellent job presenting STRIDE threat modeling to all the developers out there. And if he doesn't have the time to do it, I would be more than happy to.

Anyways, with that part of the presentation finished we moved onto a new presentor that really knew his stuff. Although he knew his stuff, I don't think that knowledge really got passed on. He did all the traditional "no-no's" when it comes to speaking. He spoke to quietly, to quickly and assumed we caught it all. The technology didn't help either, as Live Meeting just couldn't keep up with the app sharing on my end; in some cases dialog boxes and windows flashed like mad without us being able to follow it as it wouldn’t redraw before he would close it, or scroll by.

Another thing that made it difficult was his accent. Combined with the soft speaking and the speed of his presentation, his accent made it difficult to follow his thoughts. There wasn't much that could be done about that.

The final presenter surprised me. I walked into the presentation expecting Microsoft focused tools and technologies. During the introduction we were told that a gentleman from Sanctum would present AppScan Developer Edition. I thought to myself "oh god a sales pitch… not good." I was pleasantly wrong. Although he did show the tool, it wasn't shoved down our throats. Looked like a pretty good tool too. Of course, I don't do ASP.NET coding, so its pretty much useless to me... but it could really help some of you web code monkeys out there.

In the next few days the presentation will be online on-demand which you can check out here, which will let you check it out for yourself. In the meantime, I kept a copy of the power point slides of the presentation, which you can get here.