Cybersecurity leader @ Microsoft & Security Researcher

David Weston

Corporate VP at Microsoft leading Windows security and former DHS CISA Technical Advisory Council (TAC) member driving national cybersecurity policy on memory safety and open source security. Two decades of research at Black Hat, DEF CON, BlueHat, and CanSecWest on exploit mitigations and protecting billions of devices. Featured in WIRED, NBC's Today Show, New York Times, TIME, and ITV News. This site shares my work and ways to connect.

Explore research Contact Read the blog

Research & Presentations

Recent work and ongoing efforts.

Jan 15, 2025

AI at the Edge: Attacks and Defense

BlueHat India 2025 Day 1 Keynote covering AI security at the edge, including attack vectors and defensive strategies.

bluehat AI security edge computing keynote

Oct 11, 2024

CISA CSAC Technical Advisory Council: Open Source Security Recommendations

Recommendations on improving security in critical open source projects and advancing CISA's secure by design initiative, addressing unique challenges in open source software ecosystems.

CISA open source policy technical advisory secure by design

Oct 03, 2024

A sneak peek into Microsoft's Windows 2030 vision

A sneak peek into what's next for Windows and how AI is shaping the future of the OS.

windows future ai

Media & Podcasts

Expand to the full list of interviews and show appearances.

NBC's Today Show - Jul 04, 2018

NBC Today show segment

ITV News UK - Nov 25, 2017

ITV News UK segment

WIRED - Jun 26, 2025

So Long, Blue Screen of Death. Amazingly, You'll Be Missed

Writing

View all posts

February 12, 2025

Memory Safety at Cloud Scale

Lessons from shipping memory-safe components across Windows and Azure, and what it takes to harden legacy code paths.

January 28, 2025

AI Red Teaming for Defenders

Practical tactics for breaking your own AI systems before attackers do, drawn from security research and real-world incidents.

December 15, 2024

Building Secure Defaults for Billions of Devices

How we ship secure defaults in Windows without breaking the world, and why quiet guardrails are the most effective ones.

What to expect

Field notes on platform security, adversary tradecraft, and the mechanics of running resilient security programs.

About

I'm a security executive, researcher, and builder focused on keeping complex systems safe. At Microsoft I lead teams responsible for hardening Windows, defending firmware and hardware supply chains, and responding to sophisticated attackers. I share what we learn so the broader community can raise the bar together.

My background spans vulnerability research, exploit mitigations, red teaming, and building product security programs that survive contact with reality. If you're working on hard security problems, I'd love to compare notes.

Reach out Connect on LinkedIn
David Weston headshot