An unexpected email was waiting for me when I got off the plane from a recent work trip to Thailand on Saturday:
Congratulations! We are pleased to present you with the 2011 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Developer Security technical communities during the past year.
Given this was sent out on April 1st, one could be forgiven for being a little sceptical. Being loaded up with healthy doses of overwork and jet lag when I read the email didn’t help make things any clearer but a couple of days on, after the dust has settled, it appears I am an MVP. I even have a very nice letter which they kindly offered to send to my boss:
Apparently the writing I’ve been doing around the application security space has resonated and somehow I’ve emerged with the award. I can honestly say that this came absolutely, positively out of the blue and was not something I expected nor set out to achieve.
In complete honesty, my writing on security – predominantly the OWASP Top 10 for .NET Developers series – was driven by two very simple objectives:
- I wanted to help those I work with understand how to actually deliver on the OWASP Top 10 at a practical level, specifically within the ASP.NET framework.
- I wanted to improve my own understanding of security in ASP.NET. I just seem to learn more efficiently when I push myself to articulate things clearly to other people.
So what next? Well, I get to use the shiny blue MVP badge over on the right side of my blog and have a couple of presents from Microsoft but other than that, nothing much changes, at least not as far as I know. I still need to work through the remainder of the OWASP Top 10 series (part 7 on crypto is mostly there) and perhaps I feel a little more driven now. Same deal with other app sec writing which again is as much about my own discovery process as it is anything else.
Ultimately the award is recognition for what the MVP has been doing and on that basis, I’ll mostly keep doing the same thing as its obviously working. In fact that’s what has always appealed to me about the MVP status; people achieve it not because they’ve rote learned some text books and paid for a certification, rather it’s because they’ve actually done something of substance which has helped other people. And that’s a very nice feeling indeed.
A few brief mentions before I sign off: Barry Dorrans (AKA @blowdart, AKA author of Beginning ASP.NET Security), who obviously had more than a bit of passing input in the MVP nomination. David Tchepak (AKA @davetchepak, AKA half the brains trust behind the very excellent NSubstitute), who I watched closely (from the next desk) as he began his blogging back in ‘06 and who encouraged and supported me to do the same. The very beautiful Mrs. Hunt for tolerating the frequent appearance and use of technology devices in each corner of the house and at all hours of the day. And to everyone else who commented, contributed, argued and generally encouraged me to write more. Thanks folks.