Manager, Security Incident Management & Pentesting Services, MicrosoftRuss McRee, GIAC+, CSIH, CISSP manages the Security Incident Management & Penetration Testing Services team for Microsoft’s Online Services Security & Compliance organization. McRee writes toolsmith, a monthly column for the ISSA Journal, and has written for numerous other publications including Information Security, (IN)SECURE, SysAdmin, Linux Magazine, and OWASP. He speaks regularly at events such as DEFCON, Black Hat, RSA, FIRST, and RAID, amongst others. He conducts constant vulnerability and malware research, wrestling with the challenges of web application security and new ways to interpret malicious network traffic. He advocates a holistic approach to the practice of information assurance and, as such, maintains holisticinfosec.org. IBM's ISS X-Force cited Russ as the 6th ranked Top Vulnerability Discoverers of 2009.