Andrew Cushman

As director of security response and outreach for the Microsoft® Security Response Center (MSRC), part of the Trustworthy Computing Group at Microsoft Corp., Andrew Cushman manages the teams responsible for the company’s monthly security updates and those focused on collaborating with researchers and companies to mitigate the effect of security vulnerabilities. Cushman and his teams lead emergency responses to security threats, define and enforce response policies, and monitor monthly update quality and timeliness. Cushman has expanded Microsoft’s outreach programs to cover security researchers as well as mainstream security organizations, companies and computer emergency response teams. Cushman joined the MSRC in 2004 as a member of the Security Engineering Group executive leadership team that made security processes an integral part of Microsoft’s engineering culture. Since then he has been a driving force behind the company’s security researcher outreach strategy and execution efforts, formulating the Responsible Disclosure Initiative strategy and initiating the BlueHat security conference franchise. Today he is director of the MSRC and a key influencer of Microsoft’s Security Development Lifecycle. Since joining Microsoft in January 1990, Cushman has held positions on the Microsoft International Product Group, the Microsoft Money team and the Internet Information Services (IIS) team. He led the IIS product team during the development of IIS 6.0 in Windows Server® 2003. IIS 6.0 was one of the first Microsoft products to fully adopt the security engineering processes that are today embodied in the SDL and remains a “poster child” of Microsoft’s commitment to security engineering and Trustworthy Computing. Cushman earned a bachelor’s degree in international studies from the University of Washington and a master of international business degree from Seattle University. Away from work, he is an avid skier and spectator of dressage, a form of competitive horse training.