The BlueHat Podcast https://bluehatpodcast.com en ©2025 Microsoft Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.  https://megaphone.imgix.net/podcasts/b3d6df64-33fd-11ef-a630-7bb26b1fdd26/image/0520e2e154dd21ce630dc4078baf2a62.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress The BlueHat Podcast https://bluehatpodcast.com no episodic The Microsoft Security Response Center podcast. Hear from cyber security researchers, responders, hackers, and engineers from within and outside of Microsoft working to make the world a safer place for all. Microsoft Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.  Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all. 

]]> Bruce Bracken bbrack@microsoft.com Hunting Variants: Finding the Bugs Behind the Bug In this episode of The BlueHat Podcast, host Nic Fillingham is joined by George Hughey from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover additional security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like CodeQL assist variant hunting, and why collaborating with the security research community is key to improving Windows security.    In This Episode You Will Learn:   How hacking competitions help find real-world Windows vulnerabilities  The role of MSRC in hunting variants beyond submitted vulnerabilities  Why fuzzing is not always effective for modern edge cases    Some Questions We Ask:  How do you decide which cases to pursue for variant hunting?  What advice do you have for researchers submitting variants?  How does the CodeQL team collaborate with your team?      Resources:       View George Hughey on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Wed, 09 Jul 2025 07:05:00 -0000 full 1 57 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham is joined by George Hughey from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover additional security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like CodeQL assist variant hunting, and why collaborating with the security research community is key to improving Windows security.    In This Episode You Will Learn:   How hacking competitions help find real-world Windows vulnerabilities  The role of MSRC in hunting variants beyond submitted vulnerabilities  Why fuzzing is not always effective for modern edge cases    Some Questions We Ask:  How do you decide which cases to pursue for variant hunting?  What advice do you have for researchers submitting variants?  How does the CodeQL team collaborate with your team?      Resources:       View George Hughey on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   In this episode of The BlueHat Podcast, host Nic Fillingham is joined by George Hughey from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover additional security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like CodeQL assist variant hunting, and why collaborating with the security research community is key to improving Windows security. 

 


In This Episode You Will Learn:  

  • How hacking competitions help find real-world Windows vulnerabilities 

  • The role of MSRC in hunting variants beyond submitted vulnerabilities 

  • Why fuzzing is not always effective for modern edge cases 

 

Some Questions We Ask: 

  • How do you decide which cases to pursue for variant hunting? 

  • What advice do you have for researchers submitting variants? 

  • How does the CodeQL team collaborate with your team? 

   

Resources:      

View George Hughey on LinkedIn     

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

Related Microsoft Podcasts:   

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

]]> 2340 no Securing Redirections with Mike Macelletti https://thecyberwire.com/podcasts/the-bluehat-podcast/56/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft’s MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also explains how the feature works, why it's impactful, and what developers can do to adopt it. Plus, a few fun detours into Solitaire hacking, skiing, and protein powder.     In This Episode You Will Learn:   What Redirection Guard is and how it helps prevent file system vulnerabilities  How Microsoft identifies and addresses common bug classes across their ecosystem  Why some vulnerabilities still slip past Redirection Guard and what’s out of scope    Some Questions We Ask:  What is a junction and how is it different from other redirects?  How does Redirection Guard decide which shortcuts to block?  Are there vulnerabilities Redirection Guard doesn’t cover?      Resources:       View Mike Macelletti on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Wed, 25 Jun 2025 07:05:00 -0000 Securing Redirections with Mike Macelletti full 1 56 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft’s MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also explains how the feature works, why it's impactful, and what developers can do to adopt it. Plus, a few fun detours into Solitaire hacking, skiing, and protein powder.     In This Episode You Will Learn:   What Redirection Guard is and how it helps prevent file system vulnerabilities  How Microsoft identifies and addresses common bug classes across their ecosystem  Why some vulnerabilities still slip past Redirection Guard and what’s out of scope    Some Questions We Ask:  What is a junction and how is it different from other redirects?  How does Redirection Guard decide which shortcuts to block?  Are there vulnerabilities Redirection Guard doesn’t cover?      Resources:       View Mike Macelletti on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft’s MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also explains how the feature works, why it's impactful, and what developers can do to adopt it. Plus, a few fun detours into Solitaire hacking, skiing, and protein powder. 

 

 In This Episode You Will Learn:  

  • What Redirection Guard is and how it helps prevent file system vulnerabilities 

  • How Microsoft identifies and addresses common bug classes across their ecosystem 

  • Why some vulnerabilities still slip past Redirection Guard and what’s out of scope 

 

Some Questions We Ask: 

  • What is a junction and how is it different from other redirects? 

  • How does Redirection Guard decide which shortcuts to block? 

  • Are there vulnerabilities Redirection Guard doesn’t cover? 

   

Resources:      

View Mike Macelletti on LinkedIn     

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

Related Microsoft Podcasts:   

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

]]> 2522 no Ignore Ram Shankar Siva Kumar’s Previous Directions https://thecyberwire.com/podcasts/the-bluehat-podcast/55/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share Ram Shankar Siva Kumar’s dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, content safety violations, and memory poisoning in AI agents. Ram underscores the urgent need for robust red teaming practices to secure AI systems against traditional security flaws and emerging threats across images, text, audio, and autonomous agents.    In This Episode You Will Learn:   Why old-school security flaws still break modern AI systems  Real-world AI red teaming in action, from scams to memory hacks  How small input tweaks can fool AI across images, audio, and text  Some Questions We Ask:  Can attackers fool AI using just slight image changes?  Are generative AI systems vulnerable to prompt manipulation?  Do you need to be an expert to break an AI model?      Resources:       Watch Ram’s BlueHat India 2025 Keynote: BlueHat India 2025 Day 2 Keynote - Ram Shankar Siva Kumar  Listen to Ram’s Previous Appearance on The BlueHat Podcast: Not with a Bug but with a Sticker    View Ram Shankar Siva Kumar on LinkedIn     View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Wed, 11 Jun 2025 07:05:00 -0000 Ignore Ram Shankar Siva Kumar’s Previous Directions full 1 55 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share Ram Shankar Siva Kumar’s dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, content safety violations, and memory poisoning in AI agents. Ram underscores the urgent need for robust red teaming practices to secure AI systems against traditional security flaws and emerging threats across images, text, audio, and autonomous agents.    In This Episode You Will Learn:   Why old-school security flaws still break modern AI systems  Real-world AI red teaming in action, from scams to memory hacks  How small input tweaks can fool AI across images, audio, and text  Some Questions We Ask:  Can attackers fool AI using just slight image changes?  Are generative AI systems vulnerable to prompt manipulation?  Do you need to be an expert to break an AI model?      Resources:       Watch Ram’s BlueHat India 2025 Keynote: BlueHat India 2025 Day 2 Keynote - Ram Shankar Siva Kumar  Listen to Ram’s Previous Appearance on The BlueHat Podcast: Not with a Bug but with a Sticker    View Ram Shankar Siva Kumar on LinkedIn     View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share Ram Shankar Siva Kumar’s dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, content safety violations, and memory poisoning in AI agents. Ram underscores the urgent need for robust red teaming practices to secure AI systems against traditional security flaws and emerging threats across images, text, audio, and autonomous agents. 

 

In This Episode You Will Learn:  

  • Why old-school security flaws still break modern AI systems 

  • Real-world AI red teaming in action, from scams to memory hacks 

  • How small input tweaks can fool AI across images, audio, and text 

Some Questions We Ask: 

  • Can attackers fool AI using just slight image changes? 

  • Are generative AI systems vulnerable to prompt manipulation? 

  • Do you need to be an expert to break an AI model? 

   

Resources:      

Watch Ram’s BlueHat India 2025 Keynote: BlueHat India 2025 Day 2 Keynote - Ram Shankar Siva Kumar 

Listen to Ram’s Previous Appearance on The BlueHat Podcast: Not with a Bug but with a Sticker 

 

View Ram Shankar Siva Kumar on LinkedIn    

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

Related Microsoft Podcasts:   

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

]]> 2394 no Protecting AI at the Edge with David Weston https://thecyberwire.com/podcasts/the-bluehat-podcast/54/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share David Weston’s keynote from BlueHat India 2025. David explores the growing role of on-device AI in Windows, the security risks it introduces, and how Microsoft is rethinking architecture to defend against new threats like model tampering, data exfiltration, and AI-powered malware. He also shares insights on innovations like Windows Recall, biometric protection, and the future of secure, agentic operating systems.     In This Episode You Will Learn:   How AI integration in Windows (like Windows Recall and MS Paint) is evolving  Emerging threats from protocols like MCP and CUAs  What a “confused deputy” attack is, and how Microsoft is protecting users  Some Questions We Ask:  What are the biggest security threats in on-device AI—data, model, or runtime?  Can AI be used to accelerate post-compromise attacks?  What will it take to bring Azure-level confidential computing to the consumer device?      Resources:       View David Weston on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn        Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Wed, 28 May 2025 07:05:00 -0000 Protecting AI at the Edge with David Weston full 1 54 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share David Weston’s keynote from BlueHat India 2025. David explores the growing role of on-device AI in Windows, the security risks it introduces, and how Microsoft is rethinking architecture to defend against new threats like model tampering, data exfiltration, and AI-powered malware. He also shares insights on innovations like Windows Recall, biometric protection, and the future of secure, agentic operating systems.     In This Episode You Will Learn:   How AI integration in Windows (like Windows Recall and MS Paint) is evolving  Emerging threats from protocols like MCP and CUAs  What a “confused deputy” attack is, and how Microsoft is protecting users  Some Questions We Ask:  What are the biggest security threats in on-device AI—data, model, or runtime?  Can AI be used to accelerate post-compromise attacks?  What will it take to bring Azure-level confidential computing to the consumer device?      Resources:       View David Weston on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn        Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share David Weston’s keynote from BlueHat India 2025. David explores the growing role of on-device AI in Windows, the security risks it introduces, and how Microsoft is rethinking architecture to defend against new threats like model tampering, data exfiltration, and AI-powered malware. He also shares insights on innovations like Windows Recall, biometric protection, and the future of secure, agentic operating systems. 


  

In This Episode You Will Learn:  

  • How AI integration in Windows (like Windows Recall and MS Paint) is evolving 

  • Emerging threats from protocols like MCP and CUAs 

  • What a “confused deputy” attack is, and how Microsoft is protecting users 

Some Questions We Ask: 

  • What are the biggest security threats in on-device AI—data, model, or runtime? 

  • Can AI be used to accelerate post-compromise attacks? 

  • What will it take to bring Azure-level confidential computing to the consumer device? 

   

Resources:      

View David Weston on LinkedIn   

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

  

Related Microsoft Podcasts:   

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   


The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

]]> 2355 no Hacking at the Weeds with Felix Boulet https://thecyberwire.com/podcasts/the-bluehat-podcast/53/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Felix Boulet fresh off his participation in Zero Day Quest. Felix talks about his unique journey from industrial maintenance to becoming a full-time vulnerability researcher, and how that background fuels his passion for hacking and bug bounty work. He explains his method for finding bugs in Microsoft products—particularly in identity systems—and why identity is such a valuable target for attackers. Felix also shares highlights from the Zero Day Quest event, where he focused on building connections, learning from Microsoft engineers, and experiencing the collaborative side of the security community.     In This Episode You Will Learn:   Why identity-based bugs are especially valuable and dangerous in the security world  When breaking identity controls can be the key to pivoting through an entire system  How SharePoint's concept of "virtual files" impacts vulnerability validation  Some Questions We Ask:  What was your first bug bounty experience?  Can you explain what the flash challenges were and what your experience was like?  Do you think sharing bug ideas could cost you a bounty?      Resources:       View Felix Boulet on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Wed, 14 May 2025 07:05:00 -0000 Hacking at the Weeds with Felix Boulet full 1 53 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Felix Boulet fresh off his participation in Zero Day Quest. Felix talks about his unique journey from industrial maintenance to becoming a full-time vulnerability researcher, and how that background fuels his passion for hacking and bug bounty work. He explains his method for finding bugs in Microsoft products—particularly in identity systems—and why identity is such a valuable target for attackers. Felix also shares highlights from the Zero Day Quest event, where he focused on building connections, learning from Microsoft engineers, and experiencing the collaborative side of the security community.     In This Episode You Will Learn:   Why identity-based bugs are especially valuable and dangerous in the security world  When breaking identity controls can be the key to pivoting through an entire system  How SharePoint's concept of "virtual files" impacts vulnerability validation  Some Questions We Ask:  What was your first bug bounty experience?  Can you explain what the flash challenges were and what your experience was like?  Do you think sharing bug ideas could cost you a bounty?      Resources:       View Felix Boulet on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Felix Boulet fresh off his participation in Zero Day Quest. Felix talks about his unique journey from industrial maintenance to becoming a full-time vulnerability researcher, and how that background fuels his passion for hacking and bug bounty work. He explains his method for finding bugs in Microsoft products—particularly in identity systems—and why identity is such a valuable target for attackers. Felix also shares highlights from the Zero Day Quest event, where he focused on building connections, learning from Microsoft engineers, and experiencing the collaborative side of the security community. 

  

In This Episode You Will Learn:  

  • Why identity-based bugs are especially valuable and dangerous in the security world 

  • When breaking identity controls can be the key to pivoting through an entire system 

  • How SharePoint's concept of "virtual files" impacts vulnerability validation 


Some Questions We Ask: 

  • What was your first bug bounty experience? 

  • Can you explain what the flash challenges were and what your experience was like? 

  • Do you think sharing bug ideas could cost you a bounty? 

   

Resources:      

View Felix Boulet on LinkedIn  

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

Related Microsoft Podcasts:   

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

]]> 1999 no Evolutions in Hacking with Marco Ivaldi https://thecyberwire.com/podcasts/the-bluehat-podcast/52/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS.  In This Episode You Will Learn:  How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries Why mentorship and positive leadership can catapult your cybersecurity career When measuring network response times can unintentionally leak valuable info Some Questions We Ask: Do you remember the first time you made code do something unexpected? What was your experience like in the Zero Day Quest building for those three days? How are you thinking of approaching fuzzing after Zero Day Quest?      Resources:      View Marco Ivaldi on LinkedIn    View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  HN SECURITY Learn More About Marco   Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 30 Apr 2025 07:05:00 -0000 Evolutions in Hacking with Marco Ivaldi full 1 52 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS.  In This Episode You Will Learn:  How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries Why mentorship and positive leadership can catapult your cybersecurity career When measuring network response times can unintentionally leak valuable info Some Questions We Ask: Do you remember the first time you made code do something unexpected? What was your experience like in the Zero Day Quest building for those three days? How are you thinking of approaching fuzzing after Zero Day Quest?      Resources:      View Marco Ivaldi on LinkedIn    View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  HN SECURITY Learn More About Marco   Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi, co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlighting vulnerabilities that continue to pose significant risks today. He recounts his unexpected path into bug bounty hunting, including his involvement in Microsoft's Zero Day Quest and his passion for auditing real-time operating systems like Azure RTOS. 



In This Episode You Will Learn


  • How Marco taught himself BASIC and assembly through cassette tapes and trips to local libraries
  • Why mentorship and positive leadership can catapult your cybersecurity career
  • When measuring network response times can unintentionally leak valuable info


Some Questions We Ask:


  • Do you remember the first time you made code do something unexpected?
  • What was your experience like in the Zero Day Quest building for those three days?
  • How are you thinking of approaching fuzzing after Zero Day Quest?

  

 

Resources:     

View Marco Ivaldi on LinkedIn   

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 


HN SECURITY

Learn More About Marco

 

Related Microsoft Podcasts:  

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  



The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2960 no From Facebook-phished to MVR Top 5 with Dhiral Patel https://thecyberwire.com/podcasts/the-bluehat-podcast/51/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Dhiral Patel, Senior Security Engineer at ZoomInfo and one of MSRC’s Most Valuable Researchers (MVR). Dhiral shares how a hacked Facebook account sparked his passion for ethical hacking. From web development to penetration testing, Dhiral has become a top bug hunter, landing multiple spots on the MSRC leaderboards. Dhiral reflects on his early MSRC submissions and lessons learned. He also discusses the importance of mastering web security basics, practicing on platforms like TryHackMe and Hack the Box, and staying connected with the bug bounty community.  In This Episode You Will Learn:  The importance of mastering web security basics before diving into bug bounty hunting Why hands-on platforms like TryHackMe and Hack the Box are perfect for beginners Dhiral’s journey from blogging to freelancing and security research Some Questions We Ask: How do you balance competition and collaboration in the bug bounty community? Can you explain what clickjacking is and if it still works today? Why did you start with Power BI, and how did it lead to your journey in security?    Resources:      View Dhiral Patel on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 16 Apr 2025 07:05:00 -0000 From Facebook-phished to MVR Top 5 with Dhiral Patel full 1 51 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Dhiral Patel, Senior Security Engineer at ZoomInfo and one of MSRC’s Most Valuable Researchers (MVR). Dhiral shares how a hacked Facebook account sparked his passion for ethical hacking. From web development to penetration testing, Dhiral has become a top bug hunter, landing multiple spots on the MSRC leaderboards. Dhiral reflects on his early MSRC submissions and lessons learned. He also discusses the importance of mastering web security basics, practicing on platforms like TryHackMe and Hack the Box, and staying connected with the bug bounty community.  In This Episode You Will Learn:  The importance of mastering web security basics before diving into bug bounty hunting Why hands-on platforms like TryHackMe and Hack the Box are perfect for beginners Dhiral’s journey from blogging to freelancing and security research Some Questions We Ask: How do you balance competition and collaboration in the bug bounty community? Can you explain what clickjacking is and if it still works today? Why did you start with Power BI, and how did it lead to your journey in security?    Resources:      View Dhiral Patel on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Dhiral Patel, Senior Security Engineer at ZoomInfo and one of MSRC’s Most Valuable Researchers (MVR). Dhiral shares how a hacked Facebook account sparked his passion for ethical hacking. From web development to penetration testing, Dhiral has become a top bug hunter, landing multiple spots on the MSRC leaderboards. Dhiral reflects on his early MSRC submissions and lessons learned. He also discusses the importance of mastering web security basics, practicing on platforms like TryHackMe and Hack the Box, and staying connected with the bug bounty community. 



In This Episode You Will Learn


  • The importance of mastering web security basics before diving into bug bounty hunting
  • Why hands-on platforms like TryHackMe and Hack the Box are perfect for beginners
  • Dhiral’s journey from blogging to freelancing and security research


Some Questions We Ask:


  • How do you balance competition and collaboration in the bug bounty community?
  • Can you explain what clickjacking is and if it still works today?
  • Why did you start with Power BI, and how did it lead to your journey in security?

  


Resources:     

View Dhiral Patel on LinkedIn  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  



The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2505 no AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl https://thecyberwire.com/podcasts/the-bluehat-podcast/50/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research.  In This Episode You Will Learn:  Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure The importance of user prompts to prevent unintended application behavior Key vulnerabilities Tobias looks for when researching Microsoft products Some Questions We Ask: Have you submitted any AI-related findings to Microsoft or other bug bounty programs? How does the lack of visibility into AI models impact the research process? Has your approach to security research changed when working with AI versus traditional systems?    Resources:      View Tobias Diehl on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 02 Apr 2025 07:10:00 -0000 AI & the Hunt for Hidden Vulnerabilities with Tobias Diehl full 1 50 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research.  In This Episode You Will Learn:  Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure The importance of user prompts to prevent unintended application behavior Key vulnerabilities Tobias looks for when researching Microsoft products Some Questions We Ask: Have you submitted any AI-related findings to Microsoft or other bug bounty programs? How does the lack of visibility into AI models impact the research process? Has your approach to security research changed when working with AI versus traditional systems?    Resources:      View Tobias Diehl on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research. 



In This Episode You Will Learn


  • Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure
  • The importance of user prompts to prevent unintended application behavior
  • Key vulnerabilities Tobias looks for when researching Microsoft products


Some Questions We Ask:


  • Have you submitted any AI-related findings to Microsoft or other bug bounty programs?
  • How does the lack of visibility into AI models impact the research process?
  • Has your approach to security research changed when working with AI versus traditional systems?

  

Resources:     

View Tobias Diehl on LinkedIn  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 



Related Microsoft Podcasts:  

 



Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2125 no Bug Hunting from the Beach with Brad Schlintz https://thecyberwire.com/podcasts/the-bluehat-podcast/49/notes In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Brad Schlintz, independent security researcher and bug bounty hunter. Brad shares how he transitioned from a decade-long career as a software engineer to hacking Microsoft products while traveling the world with his wife. He recounts his early days tinkering with RuneScape bots, his experience working in SharePoint and Azure at Microsoft, and the moment he first encountered a real-world cybersecurity incident. He also discusses his journey into ethical hacking and his qualification for the upcoming Zero Day Quest, showcasing how he turned bug hunting into a lifestyle that allows him to work from anywhere—including a stunning island in Brazil.      In This Episode You Will Learn:     How a single discovered bug can lead to finding multiple vulnerabilities in the same area  The importance of exploring app integrations when searching for security vulnerabilities  Why building on prior discoveries can make it easier to uncover more hidden security issues    Some Questions We Ask:    What guidance can you share with other researchers and hackers on how to find vulnerabilities?  Why did your background in software engineering help you in your bug bounty work?  How did you transition from working on the website incident to more full-time security research?      Resources:       View Brad Schlintz on LinkedIn     View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Wed, 19 Mar 2025 07:10:00 -0000 Bug Hunting from the Beach with Brad Schlintz full 1 49 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Brad Schlintz, independent security researcher and bug bounty hunter. Brad shares how he transitioned from a decade-long career as a software engineer to hacking Microsoft products while traveling the world with his wife. He recounts his early days tinkering with RuneScape bots, his experience working in SharePoint and Azure at Microsoft, and the moment he first encountered a real-world cybersecurity incident. He also discusses his journey into ethical hacking and his qualification for the upcoming Zero Day Quest, showcasing how he turned bug hunting into a lifestyle that allows him to work from anywhere—including a stunning island in Brazil.      In This Episode You Will Learn:     How a single discovered bug can lead to finding multiple vulnerabilities in the same area  The importance of exploring app integrations when searching for security vulnerabilities  Why building on prior discoveries can make it easier to uncover more hidden security issues    Some Questions We Ask:    What guidance can you share with other researchers and hackers on how to find vulnerabilities?  Why did your background in software engineering help you in your bug bounty work?  How did you transition from working on the website incident to more full-time security research?      Resources:       View Brad Schlintz on LinkedIn     View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts      The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Brad Schlintz, independent security researcher and bug bounty hunter. Brad shares how he transitioned from a decade-long career as a software engineer to hacking Microsoft products while traveling the world with his wife. He recounts his early days tinkering with RuneScape bots, his experience working in SharePoint and Azure at Microsoft, and the moment he first encountered a real-world cybersecurity incident. He also discusses his journey into ethical hacking and his qualification for the upcoming Zero Day Quest, showcasing how he turned bug hunting into a lifestyle that allows him to work from anywhere—including a stunning island in Brazil. 

 

 

In This Episode You Will Learn:  

 

  • How a single discovered bug can lead to finding multiple vulnerabilities in the same area 
  • The importance of exploring app integrations when searching for security vulnerabilities 
  • Why building on prior discoveries can make it easier to uncover more hidden security issues 

 

Some Questions We Ask: 

 

  • What guidance can you share with other researchers and hackers on how to find vulnerabilities? 
  • Why did your background in software engineering help you in your bug bounty work? 
  • How did you transition from working on the website incident to more full-time security research? 

   

Resources:      

View Brad Schlintz on LinkedIn    

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

  

Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

]]> 2323 no PoCs, Patching and Zero Day Quest Participation with Michael Gorelik https://thecyberwire.com/podcasts/the-bluehat-podcast/48/notes In this episode of The BlueHat Podcast, Nic and Wendy are joined by seasoned security researcher, and CTO of Morphisec, Michael Gorelik. Michael discusses his approach to security research, which often begins by exploring PoCs released by other researcher groups and continues through to the release and validation of – sometimes multiple rounds of – fixes. Michael also provides an overview of this BlueHat 2024 presentation from last October and discusses his upcoming participation in the Zero Day Quest Onsite Hacking Challenge.      In This Episode You Will Learn:     How Michael Gorelik transitioned from security researcher to company founder  Deeper motivations driving ethical hackers like Michael Gorelik beyond money  The importance of identifying incomplete security patches before attackers do    Some Questions We Ask:    What are you looking forward to with Zero Day Quest?  Did you have a moral dilemma about hacking when you were younger?  What was your experience like at Deutsche Telekom Laboratories?      Resources:       View Michael Gorelik on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 05 Mar 2025 08:10:00 -0000 PoCs, Patching and Zero Day Quest Participation with Michael Gorelik full 1 48 Microsoft In this episode of The BlueHat Podcast, Nic and Wendy are joined by seasoned security researcher, and CTO of Morphisec, Michael Gorelik. Michael discusses his approach to security research, which often begins by exploring PoCs released by other researcher groups and continues through to the release and validation of – sometimes multiple rounds of – fixes. Michael also provides an overview of this BlueHat 2024 presentation from last October and discusses his upcoming participation in the Zero Day Quest Onsite Hacking Challenge.      In This Episode You Will Learn:     How Michael Gorelik transitioned from security researcher to company founder  Deeper motivations driving ethical hackers like Michael Gorelik beyond money  The importance of identifying incomplete security patches before attackers do    Some Questions We Ask:    What are you looking forward to with Zero Day Quest?  Did you have a moral dilemma about hacking when you were younger?  What was your experience like at Deutsche Telekom Laboratories?      Resources:       View Michael Gorelik on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  In this episode of The BlueHat Podcast, Nic and Wendy are joined by seasoned security researcher, and CTO of Morphisec, Michael Gorelik. Michael discusses his approach to security research, which often begins by exploring PoCs released by other researcher groups and continues through to the release and validation of – sometimes multiple rounds of – fixes. Michael also provides an overview of this BlueHat 2024 presentation from last October and discusses his upcoming participation in the Zero Day Quest Onsite Hacking Challenge. 

 

 

In This Episode You Will Learn:  

 

  • How Michael Gorelik transitioned from security researcher to company founder 
  • Deeper motivations driving ethical hackers like Michael Gorelik beyond money 
  • The importance of identifying incomplete security patches before attackers do 

 

Some Questions We Ask: 

 

  • What are you looking forward to with Zero Day Quest? 
  • Did you have a moral dilemma about hacking when you were younger? 
  • What was your experience like at Deutsche Telekom Laboratories? 

   

Resources:      

View Michael Gorelik on LinkedIn   

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

  

Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   


The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2785 no Secret Herbs, Spices and Hacking Copilot Studio https://thecyberwire.com/podcasts/the-bluehat-podcast/47/notes In this episode of The BlueHat Podcast, host Nic Fillingham is joined by Scott Gorlick, Security Architect for Power Platform at Microsoft. Scott shares his unconventional journey into cybersecurity, from managing a KFC to driving big rigs before landing in tech. He dives into security research in Copilot Studio, discussing how AI models interact with security frameworks and how researchers can approach testing these systems. We also explore his recent training video on YouTube, which provides guidance for security researchers looking to engage with Microsoft’s bug bounty program.    In This Episode You Will Learn:     What Scott does to ensure Power Platform applications remain governable and secure  Why security and software quality go hand in hand in modern development.  How security researchers can explore vulnerabilities in Microsoft's low-code AI development platform    Some Questions We Ask:    What kinds of security issues should researchers focus on in Copilot Studio?  Can Copilot help researchers write better reports, especially in different languages?  How can researchers get access to Copilot Studio? Is there a free version?         Resources:       View Scott Gorlick on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Security Research in Copilot Studio Overview and Training on YouTube    Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    Wed, 19 Feb 2025 08:10:00 -0000 Secret Herbs, Spices and Hacking Copilot Studio full 1 47 Microsoft In this episode of The BlueHat Podcast, host Nic Fillingham is joined by Scott Gorlick, Security Architect for Power Platform at Microsoft. Scott shares his unconventional journey into cybersecurity, from managing a KFC to driving big rigs before landing in tech. He dives into security research in Copilot Studio, discussing how AI models interact with security frameworks and how researchers can approach testing these systems. We also explore his recent training video on YouTube, which provides guidance for security researchers looking to engage with Microsoft’s bug bounty program.    In This Episode You Will Learn:     What Scott does to ensure Power Platform applications remain governable and secure  Why security and software quality go hand in hand in modern development.  How security researchers can explore vulnerabilities in Microsoft's low-code AI development platform    Some Questions We Ask:    What kinds of security issues should researchers focus on in Copilot Studio?  Can Copilot help researchers write better reports, especially in different languages?  How can researchers get access to Copilot Studio? Is there a free version?         Resources:       View Scott Gorlick on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Security Research in Copilot Studio Overview and Training on YouTube    Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    In this episode of The BlueHat Podcast, host Nic Fillingham is joined by Scott Gorlick, Security Architect for Power Platform at Microsoft. Scott shares his unconventional journey into cybersecurity, from managing a KFC to driving big rigs before landing in tech. He dives into security research in Copilot Studio, discussing how AI models interact with security frameworks and how researchers can approach testing these systems. We also explore his recent training video on YouTube, which provides guidance for security researchers looking to engage with Microsoft’s bug bounty program. 

 


In This Episode You Will Learn:  

 

  • What Scott does to ensure Power Platform applications remain governable and secure 
  • Why security and software quality go hand in hand in modern development. 
  • How security researchers can explore vulnerabilities in Microsoft's low-code AI development platform 

 

Some Questions We Ask: 

 

  • What kinds of security issues should researchers focus on in Copilot Studio? 
  • Can Copilot help researchers write better reports, especially in different languages? 
  • How can researchers get access to Copilot Studio? Is there a free version? 

   

  

Resources:      

View Scott Gorlick on LinkedIn   

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

Security Research in Copilot Studio Overview and Training on YouTube 

 


Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

]]> 2638 no Automating Dynamic Application Security Testing at Scale https://thecyberwire.com/podcasts/the-bluehat-podcast/46/notes In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner, Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session, and outlined in this MSRC blog post, Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft’s enterprise level, detailing how automation eliminates manual configuration and improves efficiency for web service testing.     In This Episode You Will Learn:     Overcoming the challenges of authenticated requests for DAST tools  The importance of API specs for DAST and how automation streamlines the process  Insights into how Microsoft uses DAST to protect its vast array of web services    Some Questions We Ask:    What's a lesson from this work that you can share with those without Microsoft's resources?  Can you explain what the transparent auth protocol is that you mentioned in the blog post?  How is your work reducing the manual effort needed to configure DAST system services?     Resources:       View Jason Geffner on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Blog Post: Scaling Dynamic Application Security Testing (DAST) | MSRC Blog  Related BlueHat Session Recording: BlueHat 2024: S10: How Microsoft is Scaling DAST     Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    Wed, 05 Feb 2025 08:10:00 -0000 Automating Dynamic Application Security Testing at Scale full 1 46 Microsoft In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner, Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session, and outlined in this MSRC blog post, Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft’s enterprise level, detailing how automation eliminates manual configuration and improves efficiency for web service testing.     In This Episode You Will Learn:     Overcoming the challenges of authenticated requests for DAST tools  The importance of API specs for DAST and how automation streamlines the process  Insights into how Microsoft uses DAST to protect its vast array of web services    Some Questions We Ask:    What's a lesson from this work that you can share with those without Microsoft's resources?  Can you explain what the transparent auth protocol is that you mentioned in the blog post?  How is your work reducing the manual effort needed to configure DAST system services?     Resources:       View Jason Geffner on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Blog Post: Scaling Dynamic Application Security Testing (DAST) | MSRC Blog  Related BlueHat Session Recording: BlueHat 2024: S10: How Microsoft is Scaling DAST     Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner, Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session, and outlined in this MSRC blog post, Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft’s enterprise level, detailing how automation eliminates manual configuration and improves efficiency for web service testing.  

 

In This Episode You Will Learn:  

 

  • Overcoming the challenges of authenticated requests for DAST tools 
  • The importance of API specs for DAST and how automation streamlines the process 
  • Insights into how Microsoft uses DAST to protect its vast array of web services 

 

Some Questions We Ask: 

 

  • What's a lesson from this work that you can share with those without Microsoft's resources? 
  • Can you explain what the transparent auth protocol is that you mentioned in the blog post? 
  • How is your work reducing the manual effort needed to configure DAST system services? 

  

Resources:      

View Jason Geffner on LinkedIn   

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

Related Blog Post: Scaling Dynamic Application Security Testing (DAST) | MSRC Blog 

Related BlueHat Session Recording: BlueHat 2024: S10: How Microsoft is Scaling DAST 

 

 Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

]]> 2756 no Refactoring the Windows Kernel with Joe Bialek https://thecyberwire.com/podcasts/the-bluehat-podcast/45/notes In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by BlueHat 2024 presenter Joe Bialek, a security engineer at Microsoft with over 13 years of experience. Joe shares his fascinating journey from intern to red team pioneer, recounting how he helped establish the Office 365 Red Team and pushed the boundaries of ethical hacking within Microsoft. He discusses his formative years building sneaky hacking tools, navigating the controversial beginnings of red teaming, and transitioning to the Windows Security Team to focus on low-level security and mitigations. Joe reflects on the challenges of internal hacking, the human reactions to being "hacked," and the value of strengthening defenses before external threats arise.    In This Episode You Will Learn:     How Microsoft is developing tooling to identify and address bad programming patterns  Why kernel-related discussions are primarily focused on Windows and driver developers  The challenges developers face when reading and writing through pointers in C or C++    Some Questions We Ask:    How does working with the Windows kernel impact system security and performance?  What sets Windows kernel and driver development apart from other types of development?  Why should internal teams test systems for vulnerabilities before external hackers?      Resources:       View Joe Bialek on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     BlueHat 2024 Session: Pointer Problems – Why We’re Refactoring the Windows Kernel    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 22 Jan 2025 08:10:00 -0000 Refactoring the Windows Kernel with Joe Bialek full 1 45 Microsoft In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by BlueHat 2024 presenter Joe Bialek, a security engineer at Microsoft with over 13 years of experience. Joe shares his fascinating journey from intern to red team pioneer, recounting how he helped establish the Office 365 Red Team and pushed the boundaries of ethical hacking within Microsoft. He discusses his formative years building sneaky hacking tools, navigating the controversial beginnings of red teaming, and transitioning to the Windows Security Team to focus on low-level security and mitigations. Joe reflects on the challenges of internal hacking, the human reactions to being "hacked," and the value of strengthening defenses before external threats arise.    In This Episode You Will Learn:     How Microsoft is developing tooling to identify and address bad programming patterns  Why kernel-related discussions are primarily focused on Windows and driver developers  The challenges developers face when reading and writing through pointers in C or C++    Some Questions We Ask:    How does working with the Windows kernel impact system security and performance?  What sets Windows kernel and driver development apart from other types of development?  Why should internal teams test systems for vulnerabilities before external hackers?      Resources:       View Joe Bialek on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     BlueHat 2024 Session: Pointer Problems – Why We’re Refactoring the Windows Kernel    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by BlueHat 2024 presenter Joe Bialek, a security engineer at Microsoft with over 13 years of experience. Joe shares his fascinating journey from intern to red team pioneer, recounting how he helped establish the Office 365 Red Team and pushed the boundaries of ethical hacking within Microsoft. He discusses his formative years building sneaky hacking tools, navigating the controversial beginnings of red teaming, and transitioning to the Windows Security Team to focus on low-level security and mitigations. Joe reflects on the challenges of internal hacking, the human reactions to being "hacked," and the value of strengthening defenses before external threats arise. 

 

In This Episode You Will Learn:  

 

  • How Microsoft is developing tooling to identify and address bad programming patterns 
  • Why kernel-related discussions are primarily focused on Windows and driver developers 
  • The challenges developers face when reading and writing through pointers in C or C++ 

 

Some Questions We Ask: 

 

  • How does working with the Windows kernel impact system security and performance? 
  • What sets Windows kernel and driver development apart from other types of development? 
  • Why should internal teams test systems for vulnerabilities before external hackers? 

   


Resources:      

View Joe Bialek on LinkedIn  

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

BlueHat 2024 Session: Pointer Problems – Why We’re Refactoring the Windows Kernel 

 


Related Microsoft Podcasts:    



  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   


The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2834 no Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey https://thecyberwire.com/podcasts/the-bluehat-podcast/44/notes In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP.     In This Episode You Will Learn:     Steps users can take to enhance security in their environments  Why legacy protocols remain a challenge and what the future might hold  The challenges and successes of improving authentication security      Some Questions We Ask:  What is an NTLM relay attack, and how does it work?  Can you explain channel binding and its role in preventing NTLM relay attacks?  What challenges arise from modernizing authentication in complex environments?         Resources:       View George Hughey on LinkedIn   View Rohit Mothe on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Wed, 08 Jan 2025 08:20:00 -0000 Defending Against NTLM Relay Attacks with Rohit Mothe and George Hughey full 1 44 Microsoft In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP.     In This Episode You Will Learn:     Steps users can take to enhance security in their environments  Why legacy protocols remain a challenge and what the future might hold  The challenges and successes of improving authentication security      Some Questions We Ask:  What is an NTLM relay attack, and how does it work?  Can you explain channel binding and its role in preventing NTLM relay attacks?  What challenges arise from modernizing authentication in complex environments?         Resources:       View George Hughey on LinkedIn   View Rohit Mothe on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts      In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highlight Microsoft's move to a "secure by default" approach, ensuring mitigations like channel binding are enabled automatically, providing stronger protections across services like Exchange, Active Directory Certificate Services (ADCS), and LDAP.  

 


In This Episode You Will Learn:  

 

  • Steps users can take to enhance security in their environments 
  • Why legacy protocols remain a challenge and what the future might hold 
  • The challenges and successes of improving authentication security 

 

 

Some Questions We Ask: 

  • What is an NTLM relay attack, and how does it work? 
  • Can you explain channel binding and its role in preventing NTLM relay attacks? 
  • What challenges arise from modernizing authentication in complex environments? 

   

  

Resources:      

View George Hughey on LinkedIn  

View Rohit Mothe on LinkedIn  

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

  

Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

 

]]> 2408 no Navigating AI Safety and Security Challenges with Yonatan Zunger [Encore] https://thecyberwire.com/podcasts/the-bluehat-podcast/34/notes Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.      In This Episode You Will Learn:       How predictive AI anticipates outcomes based on historical data  The difficulties and strategies involved in making AI systems safe and secure from misuse  How role-playing exercises help developers understand the behavior of AI systems    Some Questions We Ask:        What distinguishes predictive AI from generative AI?  Can generative AI be used to improve decision-making processes?  What is the role of unit testing and test cases in policy and AI system development?    Resources:   View Yonatan Zunger on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Wed, 25 Dec 2024 08:10:00 -0000 Navigating AI Safety and Security Challenges with Yonatan Zunger [Encore] full 1 34 Microsoft Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.      In This Episode You Will Learn:       How predictive AI anticipates outcomes based on historical data  The difficulties and strategies involved in making AI systems safe and secure from misuse  How role-playing exercises help developers understand the behavior of AI systems    Some Questions We Ask:        What distinguishes predictive AI from generative AI?  Can generative AI be used to improve decision-making processes?  What is the role of unit testing and test cases in policy and AI system development?    Resources:   View Yonatan Zunger on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses. 

 

 

In This Episode You Will Learn:    

 

  • How predictive AI anticipates outcomes based on historical data 
  • The difficulties and strategies involved in making AI systems safe and secure from misuse 
  • How role-playing exercises help developers understand the behavior of AI systems 

 

Some Questions We Ask:     

 

  • What distinguishes predictive AI from generative AI? 
  • Can generative AI be used to improve decision-making processes? 
  • What is the role of unit testing and test cases in policy and AI system development? 


 

Resources:  

View Yonatan Zunger on LinkedIn     

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 


 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

]]> 3214 no Johann Rehberger on Researching AI & LLM Attacks https://thecyberwire.com/podcasts/the-bluehat-podcast/43/notes In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Johann Rehberger, security expert and Red Team director at Electronic Arts. Johann shares his career journey through roles at Microsoft, Uber, and EA, highlighting his expertise in red teaming and cybersecurity. Johann shares the inspiration behind his book on Red Team strategies and discusses his BlueHat 2024 talk on prompt injection vulnerabilities, a critical and evolving AI security challenge. Johann breaks down the distinction between prompt injection and jailbreaking, offering insights into the potential risks, including data exfiltration and system unavailability, and emphasizes the importance of securing Red Teams themselves.      In This Episode You Will Learn:     Why AI tools should have stricter default settings to control what kind of outputs they generate  The importance of reading technical documentation to understand how AI systems are built  Why developers should implement stronger filters for what tokens are allowed to be emitted by LLMs    Some Questions We Ask:    How are prompt injection and SQL injection similar, and how are they different?  What is AI spyware, and how does it exploit memory tools in ChatGPT?  Does AI jailbreaking access the LLM’s core system like iPhone jailbreaking does the OS?         Resources:       View Johann Rehberger on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    Wed, 11 Dec 2024 08:10:00 -0000 Johann Rehberger on Researching AI & LLM Attacks full 1 43 Microsoft In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Johann Rehberger, security expert and Red Team director at Electronic Arts. Johann shares his career journey through roles at Microsoft, Uber, and EA, highlighting his expertise in red teaming and cybersecurity. Johann shares the inspiration behind his book on Red Team strategies and discusses his BlueHat 2024 talk on prompt injection vulnerabilities, a critical and evolving AI security challenge. Johann breaks down the distinction between prompt injection and jailbreaking, offering insights into the potential risks, including data exfiltration and system unavailability, and emphasizes the importance of securing Red Teams themselves.      In This Episode You Will Learn:     Why AI tools should have stricter default settings to control what kind of outputs they generate  The importance of reading technical documentation to understand how AI systems are built  Why developers should implement stronger filters for what tokens are allowed to be emitted by LLMs    Some Questions We Ask:    How are prompt injection and SQL injection similar, and how are they different?  What is AI spyware, and how does it exploit memory tools in ChatGPT?  Does AI jailbreaking access the LLM’s core system like iPhone jailbreaking does the OS?         Resources:       View Johann Rehberger on LinkedIn   View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Johann Rehberger, security expert and Red Team director at Electronic Arts. Johann shares his career journey through roles at Microsoft, Uber, and EA, highlighting his expertise in red teaming and cybersecurity. Johann shares the inspiration behind his book on Red Team strategies and discusses his BlueHat 2024 talk on prompt injection vulnerabilities, a critical and evolving AI security challenge. Johann breaks down the distinction between prompt injection and jailbreaking, offering insights into the potential risks, including data exfiltration and system unavailability, and emphasizes the importance of securing Red Teams themselves. 

 

 

In This Episode You Will Learn:  

 

  • Why AI tools should have stricter default settings to control what kind of outputs they generate 
  • The importance of reading technical documentation to understand how AI systems are built 
  • Why developers should implement stronger filters for what tokens are allowed to be emitted by LLMs 

 

Some Questions We Ask: 

 

  • How are prompt injection and SQL injection similar, and how are they different? 
  • What is AI spyware, and how does it exploit memory tools in ChatGPT? 
  • Does AI jailbreaking access the LLM’s core system like iPhone jailbreaking does the OS? 

   

  

Resources:      

View Johann Rehberger on LinkedIn  

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

  

Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

]]> 2960 no BlueHat 2024 Day 2 Keynote: Amanda Silver, CVP Microsoft Developer Division https://thecyberwire.com/podcasts/the-bluehat-podcast/42/notes In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone present an insightful address by Corporate Vice President and Head of Product for Microsoft's Developer Division, Amanda Silver. Amanda discusses the importance of securing the software supply chain and Microsoft's efforts to protect the open-source ecosystem. She introduces the Secure Software Supply Chain Consumption Framework (S2C2F), a model for tracking and defending against vulnerabilities in open-source dependencies. Silver highlights tools like Dependabot and improvements in NuGet to help developers address security issues seamlessly. She also shares a case study on the "XZ" supply chain attack, underscoring the need for a security mindset in tech culture. Silver closes by urging listeners to adopt a proactive approach to cybersecurity, emphasizing that attacks are inevitable.       Resources:    View Amanda Silver on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. Wed, 27 Nov 2024 08:10:00 -0000 BlueHat 2024 Day 2 Keynote: Amanda Silver, CVP Microsoft Developer Division full 1 42 Microsoft In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone present an insightful address by Corporate Vice President and Head of Product for Microsoft's Developer Division, Amanda Silver. Amanda discusses the importance of securing the software supply chain and Microsoft's efforts to protect the open-source ecosystem. She introduces the Secure Software Supply Chain Consumption Framework (S2C2F), a model for tracking and defending against vulnerabilities in open-source dependencies. Silver highlights tools like Dependabot and improvements in NuGet to help developers address security issues seamlessly. She also shares a case study on the "XZ" supply chain attack, underscoring the need for a security mindset in tech culture. Silver closes by urging listeners to adopt a proactive approach to cybersecurity, emphasizing that attacks are inevitable.       Resources:    View Amanda Silver on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone present an insightful address by Corporate Vice President and Head of Product for Microsoft's Developer Division, Amanda Silver. Amanda discusses the importance of securing the software supply chain and Microsoft's efforts to protect the open-source ecosystem. She introduces the Secure Software Supply Chain Consumption Framework (S2C2F), a model for tracking and defending against vulnerabilities in open-source dependencies. Silver highlights tools like Dependabot and improvements in NuGet to help developers address security issues seamlessly. She also shares a case study on the "XZ" supply chain attack, underscoring the need for a security mindset in tech culture. Silver closes by urging listeners to adopt a proactive approach to cybersecurity, emphasizing that attacks are inevitable. 

 

  

Resources:   

View Amanda Silver on LinkedIn     

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

  

Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   


The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

]]> 2742 no BlueHat 2024 Day 1 Keynote: Chris Wysopal AKA Weld Pond https://thecyberwire.com/podcasts/the-bluehat-podcast/41/notes In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal, also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht.     Chris’ talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure.    Chris presentation provides a fascinating reflection on a tumultuous period for Microsoft around 2001, marked by significant vulnerability discoveries, which ultimately led to the establishment of the Organization for Internet Safety and the consultancy AtStake, transforming the security landscape and professionalizing the role of hackers. Watch Chris’ BlueHat 2024 Day 1 Keynote here: https://youtu.be/w6SAqT4ZQik    Resources:    View Chris Wysopal on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    Wed, 13 Nov 2024 08:10:00 -0000 BlueHat 2024 Day 1 Keynote: Chris Wysopal AKA Weld Pond full 1 41 Microsoft In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal, also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht.     Chris’ talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure.    Chris presentation provides a fascinating reflection on a tumultuous period for Microsoft around 2001, marked by significant vulnerability discoveries, which ultimately led to the establishment of the Organization for Internet Safety and the consultancy AtStake, transforming the security landscape and professionalizing the role of hackers. Watch Chris’ BlueHat 2024 Day 1 Keynote here: https://youtu.be/w6SAqT4ZQik    Resources:    View Chris Wysopal on LinkedIn      View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts    In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal, also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht.  

 

Chris’ talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure. 

 

Chris presentation provides a fascinating reflection on a tumultuous period for Microsoft around 2001, marked by significant vulnerability discoveries, which ultimately led to the establishment of the Organization for Internet Safety and the consultancy AtStake, transforming the security landscape and professionalizing the role of hackers. Watch Chris’ BlueHat 2024 Day 1 Keynote here: https://youtu.be/w6SAqT4ZQik

  

Resources:   

View Chris Wysopal on LinkedIn     

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

  

Related Microsoft Podcasts:   

  

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

]]> 2870 no From Software to Security: Arjun Gopalakrishna’s Journey at Microsoft https://thecyberwire.com/podcasts/the-bluehat-podcast/40/notes In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Arjun Gopalakrishna, a security engineer at Microsoft, to discuss his fascinating journey from software engineer to security leader. Arjun reflects on his 11-year tenure at Microsoft, including how a childhood experience with a computer virus sparked his curiosity in cybersecurity. He talks about his early exposure to security issues while working in Windows and his eventual transition to Azure security. Arjun also shares insights into how he began presenting security talks internally through Microsoft's Strike program and how he continues to use storytelling to make complex security concepts approachable for colleagues across the company.    In This Episode You Will Learn:       The importance of empathy and accessibility when discussing technical vulnerabilities  Why Arjun honed his focus on cloud security, application security, and offensive security.  How Microsoft's internal Strike platform helps employees build a deeper understanding of cybersecurity  Some Questions We Ask:        Can you walk us through how you honed in on a specific area of security?  What are your tips for bringing non-security professionals into a security mindset?  Is there anything you're specifically working on within SFI?     Resources:   View Arjun Gopalakrishna on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 30 Oct 2024 07:10:00 -0000 From Software to Security: Arjun Gopalakrishna’s Journey at Microsoft full 1 40 Microsoft In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Arjun Gopalakrishna, a security engineer at Microsoft, to discuss his fascinating journey from software engineer to security leader. Arjun reflects on his 11-year tenure at Microsoft, including how a childhood experience with a computer virus sparked his curiosity in cybersecurity. He talks about his early exposure to security issues while working in Windows and his eventual transition to Azure security. Arjun also shares insights into how he began presenting security talks internally through Microsoft's Strike program and how he continues to use storytelling to make complex security concepts approachable for colleagues across the company.    In This Episode You Will Learn:       The importance of empathy and accessibility when discussing technical vulnerabilities  Why Arjun honed his focus on cloud security, application security, and offensive security.  How Microsoft's internal Strike platform helps employees build a deeper understanding of cybersecurity  Some Questions We Ask:        Can you walk us through how you honed in on a specific area of security?  What are your tips for bringing non-security professionals into a security mindset?  Is there anything you're specifically working on within SFI?     Resources:   View Arjun Gopalakrishna on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Arjun Gopalakrishna, a security engineer at Microsoft, to discuss his fascinating journey from software engineer to security leader. Arjun reflects on his 11-year tenure at Microsoft, including how a childhood experience with a computer virus sparked his curiosity in cybersecurity. He talks about his early exposure to security issues while working in Windows and his eventual transition to Azure security. Arjun also shares insights into how he began presenting security talks internally through Microsoft's Strike program and how he continues to use storytelling to make complex security concepts approachable for colleagues across the company. 

 

In This Episode You Will Learn:    

 

  • The importance of empathy and accessibility when discussing technical vulnerabilities 
  • Why Arjun honed his focus on cloud security, application security, and offensive security. 
  • How Microsoft's internal Strike platform helps employees build a deeper understanding of cybersecurity 


Some Questions We Ask:     

 

  • Can you walk us through how you honed in on a specific area of security? 
  • What are your tips for bringing non-security professionals into a security mindset? 
  • Is there anything you're specifically working on within SFI? 

  

Resources:  

View Arjun Gopalakrishna on LinkedIn  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  



The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2581 no Host vs Host: Get to Know Nic and Wendy https://thecyberwire.com/podcasts/the-bluehat-podcast/39/notes In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone interview each other to give listeners insight into their personal and professional backgrounds. Nic recounts his unique career journey, which began with jobs like working as a chicken butcher and selling CDs, before joining Microsoft as an Xbox demo specialist. His career with Microsoft spanned various roles, ultimately leading him to work on the Blue Hat program, where he was captivated by the concept of ethical hacking. Wendy, on the other hand, shares her transition from PR into security, with stops at Netflix and Salesforce, and her current role at Microsoft leading the Strike program.    In This Episode You Will Learn:      Wendy’s experience buying chicken from a stranger in a parking lot  Nic’s encounter with The Rock during a wrestling game demo  Wendy starting in public relations before transitioning to the security world    Some Questions We Ask:       How did attending an all-women’s software engineering school influence your career shift?  What do you enjoy most about working in the security field?  What advice do you have for women looking to enter the security industry?     Resources:   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 16 Oct 2024 07:10:00 -0000 Host vs Host: Get to Know Nic and Wendy full 1 39 Microsoft In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone interview each other to give listeners insight into their personal and professional backgrounds. Nic recounts his unique career journey, which began with jobs like working as a chicken butcher and selling CDs, before joining Microsoft as an Xbox demo specialist. His career with Microsoft spanned various roles, ultimately leading him to work on the Blue Hat program, where he was captivated by the concept of ethical hacking. Wendy, on the other hand, shares her transition from PR into security, with stops at Netflix and Salesforce, and her current role at Microsoft leading the Strike program.    In This Episode You Will Learn:      Wendy’s experience buying chicken from a stranger in a parking lot  Nic’s encounter with The Rock during a wrestling game demo  Wendy starting in public relations before transitioning to the security world    Some Questions We Ask:       How did attending an all-women’s software engineering school influence your career shift?  What do you enjoy most about working in the security field?  What advice do you have for women looking to enter the security industry?     Resources:   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone interview each other to give listeners insight into their personal and professional backgrounds. Nic recounts his unique career journey, which began with jobs like working as a chicken butcher and selling CDs, before joining Microsoft as an Xbox demo specialist. His career with Microsoft spanned various roles, ultimately leading him to work on the Blue Hat program, where he was captivated by the concept of ethical hacking. Wendy, on the other hand, shares her transition from PR into security, with stops at Netflix and Salesforce, and her current role at Microsoft leading the Strike program. 

 

In This Episode You Will Learn:     

  • Wendy’s experience buying chicken from a stranger in a parking lot 
  • Nic’s encounter with The Rock during a wrestling game demo 
  • Wendy starting in public relations before transitioning to the security world 

 

Some Questions We Ask:      

  • How did attending an all-women’s software engineering school influence your career shift? 
  • What do you enjoy most about working in the security field? 
  • What advice do you have for women looking to enter the security industry?  

 

Resources:  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 


Related Microsoft Podcasts:  

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2152 no Behind the Scenes and Best Practices for Submitting to MSRC with Jim Hull https://thecyberwire.com/podcasts/the-bluehat-podcast/38/notes Jim Hull, Program Manager at MSRC joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast to share insights into his role in reviewing vulnerability reports and managing cases. They dive into the submission process, detailing the types of reports accepted by MSRC and what happens after a researcher submits a potential vulnerability. The conversation also highlights the accessibility of the portal for anyone interested in identifying security issues, whether they are professionals or hobbyists. Jim explains the importance of providing clear proof of concept when submitting a vulnerability and walks through the steps MSRC takes to triage, reproduce, and resolve reports.    In This Episode You Will Learn:       Why a detailed proof of concept is essential when submitting a vulnerability  How the MSRC collaborates with engineers at Microsoft to resolve vulnerabilities  The importance of including video or image documentation to support reports    Some Questions We Ask:        What is the vulnerability triage process at MSRC?  How long does it take to fix a vulnerability after it’s been reported?  Why is it important to use the researcher portal instead of email or social media?     Resources:   Microsoft Security Response Center     View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 02 Oct 2024 07:10:00 -0000 Behind the Scenes and Best Practices for Submitting to MSRC with Jim Hull full 1 38 Microsoft Jim Hull, Program Manager at MSRC joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast to share insights into his role in reviewing vulnerability reports and managing cases. They dive into the submission process, detailing the types of reports accepted by MSRC and what happens after a researcher submits a potential vulnerability. The conversation also highlights the accessibility of the portal for anyone interested in identifying security issues, whether they are professionals or hobbyists. Jim explains the importance of providing clear proof of concept when submitting a vulnerability and walks through the steps MSRC takes to triage, reproduce, and resolve reports.    In This Episode You Will Learn:       Why a detailed proof of concept is essential when submitting a vulnerability  How the MSRC collaborates with engineers at Microsoft to resolve vulnerabilities  The importance of including video or image documentation to support reports    Some Questions We Ask:        What is the vulnerability triage process at MSRC?  How long does it take to fix a vulnerability after it’s been reported?  Why is it important to use the researcher portal instead of email or social media?     Resources:   Microsoft Security Response Center     View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Jim Hull, Program Manager at MSRC joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast to share insights into his role in reviewing vulnerability reports and managing cases. They dive into the submission process, detailing the types of reports accepted by MSRC and what happens after a researcher submits a potential vulnerability. The conversation also highlights the accessibility of the portal for anyone interested in identifying security issues, whether they are professionals or hobbyists. Jim explains the importance of providing clear proof of concept when submitting a vulnerability and walks through the steps MSRC takes to triage, reproduce, and resolve reports. 

 

In This Episode You Will Learn:    

 

  • Why a detailed proof of concept is essential when submitting a vulnerability 
  • How the MSRC collaborates with engineers at Microsoft to resolve vulnerabilities 
  • The importance of including video or image documentation to support reports 

 

Some Questions We Ask:     

 

  • What is the vulnerability triage process at MSRC? 
  • How long does it take to fix a vulnerability after it’s been reported? 
  • Why is it important to use the researcher portal instead of email or social media? 

  

Resources:  

Microsoft Security Response Center  

 

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2339 no Guy Arazi on the Art and Science of Variant Hunting https://thecyberwire.com/podcasts/the-bluehat-podcast/37/notes Guy Arazi, a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and services. Guy explains that while static analysis tools are useful, they often require more complex, tailored approaches to detect these recurring issues. He emphasizes the importance of understanding the root cause of vulnerabilities and using both human insight and automated tools to address them across the vast codebase of Microsoft's offerings.    In This Episode You Will Learn:      The challenges of variant hunting and its significant impact on improving overall security  Growing complexity of variant hunting and the necessity of thorough documentation  What is important to consider when approaching a security vulnerability    Some Questions We Ask:       Are there industry tools or publicly available resources you recommend for variant hunting?  How can you identify the security boundary a vulnerability affects?  Is variant hunting something only humans can do, or can tools and automation help?    Resources:   View Guy Arazi on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Wed, 18 Sep 2024 07:10:00 -0000 Guy Arazi on the Art and Science of Variant Hunting full 1 37 Microsoft Guy Arazi, a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and services. Guy explains that while static analysis tools are useful, they often require more complex, tailored approaches to detect these recurring issues. He emphasizes the importance of understanding the root cause of vulnerabilities and using both human insight and automated tools to address them across the vast codebase of Microsoft's offerings.    In This Episode You Will Learn:      The challenges of variant hunting and its significant impact on improving overall security  Growing complexity of variant hunting and the necessity of thorough documentation  What is important to consider when approaching a security vulnerability    Some Questions We Ask:       Are there industry tools or publicly available resources you recommend for variant hunting?  How can you identify the security boundary a vulnerability affects?  Is variant hunting something only humans can do, or can tools and automation help?    Resources:   View Guy Arazi on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts     The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  Guy Arazi, a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and services. Guy explains that while static analysis tools are useful, they often require more complex, tailored approaches to detect these recurring issues. He emphasizes the importance of understanding the root cause of vulnerabilities and using both human insight and automated tools to address them across the vast codebase of Microsoft's offerings. 

 

In This Episode You Will Learn:     

  • The challenges of variant hunting and its significant impact on improving overall security 
  • Growing complexity of variant hunting and the necessity of thorough documentation 
  • What is important to consider when approaching a security vulnerability 

 

Some Questions We Ask:      

  • Are there industry tools or publicly available resources you recommend for variant hunting? 
  • How can you identify the security boundary a vulnerability affects? 
  • Is variant hunting something only humans can do, or can tools and automation help? 

 

Resources:  

View Guy Arazi on LinkedIn     

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:   

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. 

]]> 2641 no Ryen Macababbad on How Security Can Empower Productivity https://thecyberwire.com/podcasts/the-bluehat-podcast/36/notes Ryen Macababbad, Principal Security Program Manager at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Ryen discusses their career journey, including the return to Microsoft after working in security architecture and customer trust engineering. Ryen shares insights from their time at Hacker Summer Camp 2024 in Las Vegas, emphasizing the importance of creating frictionless security measures that don't hinder productivity. They explain that when security becomes a barrier, users will find workarounds, potentially compromising security. The conversation touches on the evolving relationship between security and productivity teams, highlighting the need for security to be an enabler rather than an obstacle.      In This Episode You Will Learn:       How investing in security helps maintain customer trust and protects revenue  Why security should be built-in by default so users don't need to be security experts  The importance of incorporating feedback and diverse viewpoints to enhance security      Some Questions We Ask:        How is a seamless security and productivity experience provided for end users?  Can security researchers contribute to identifying gaps and improving product security?  What motivated the shift from a focus on identity and program management to defensive security?    Resources:   View Ryen Macababbad on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Wed, 04 Sep 2024 07:10:00 -0000 Ryen Macababbad on How Security Can Empower Productivity full 1 36 Microsoft Ryen Macababbad, Principal Security Program Manager at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Ryen discusses their career journey, including the return to Microsoft after working in security architecture and customer trust engineering. Ryen shares insights from their time at Hacker Summer Camp 2024 in Las Vegas, emphasizing the importance of creating frictionless security measures that don't hinder productivity. They explain that when security becomes a barrier, users will find workarounds, potentially compromising security. The conversation touches on the evolving relationship between security and productivity teams, highlighting the need for security to be an enabler rather than an obstacle.      In This Episode You Will Learn:       How investing in security helps maintain customer trust and protects revenue  Why security should be built-in by default so users don't need to be security experts  The importance of incorporating feedback and diverse viewpoints to enhance security      Some Questions We Ask:        How is a seamless security and productivity experience provided for end users?  Can security researchers contribute to identifying gaps and improving product security?  What motivated the shift from a focus on identity and program management to defensive security?    Resources:   View Ryen Macababbad on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Ryen Macababbad, Principal Security Program Manager at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Ryen discusses their career journey, including the return to Microsoft after working in security architecture and customer trust engineering. Ryen shares insights from their time at Hacker Summer Camp 2024 in Las Vegas, emphasizing the importance of creating frictionless security measures that don't hinder productivity. They explain that when security becomes a barrier, users will find workarounds, potentially compromising security. The conversation touches on the evolving relationship between security and productivity teams, highlighting the need for security to be an enabler rather than an obstacle. 

 

 

In This Episode You Will Learn:    

 

  • How investing in security helps maintain customer trust and protects revenue 
  • Why security should be built-in by default so users don't need to be security experts 
  • The importance of incorporating feedback and diverse viewpoints to enhance security 

 

 

Some Questions We Ask:     

 

  • How is a seamless security and productivity experience provided for end users? 
  • Can security researchers contribute to identifying gaps and improving product security? 
  • What motivated the shift from a focus on identity and program management to defensive security? 

 

Resources:  

View Ryen Macababbad on LinkedIn     

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

]]> 2442 no Michael Howard on Secure by Design vs Secure by Default https://thecyberwire.com/podcasts/the-bluehat-podcast/35/notes Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations.      In This Episode You Will Learn:     Critical aspects of secure software development and pivotal moments in Microsoft's security  The importance of using specific coding constructs and libraries to improve security  Findings on vulnerabilities that spurred significant security improvements in SQL Server    Some Questions We Ask:       How do you deploy security patches effectively while minimizing disruptions?  What coding constructs and compiler flags did you recommend for better security?  How did external researchers at Blue Hat conferences impact Microsoft's culture?    Resources:   View Michael Howard on LinkedIn     View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    The Microsoft Azure Security Podcast   Michael Howard (@michael_howard) on X (twitter.com)  Latest book: Designing and Developing Secure Azure Solutions (Developer Best Practices): Howard, Michael, Simone, Curzi, Heinrich, Gantenbein: 9780137908752: Amazon.com: Books    Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. Tue, 27 Aug 2024 22:29:00 -0000 Michael Howard on Secure by Design vs Secure by Default full 1 35 Microsoft Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations.      In This Episode You Will Learn:     Critical aspects of secure software development and pivotal moments in Microsoft's security  The importance of using specific coding constructs and libraries to improve security  Findings on vulnerabilities that spurred significant security improvements in SQL Server    Some Questions We Ask:       How do you deploy security patches effectively while minimizing disruptions?  What coding constructs and compiler flags did you recommend for better security?  How did external researchers at Blue Hat conferences impact Microsoft's culture?    Resources:   View Michael Howard on LinkedIn     View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    The Microsoft Azure Security Podcast   Michael Howard (@michael_howard) on X (twitter.com)  Latest book: Designing and Developing Secure Azure Solutions (Developer Best Practices): Howard, Michael, Simone, Curzi, Heinrich, Gantenbein: 9780137908752: Amazon.com: Books    Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network. Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations. 

 

 

In This Episode You Will Learn:    

  • Critical aspects of secure software development and pivotal moments in Microsoft's security 
  • The importance of using specific coding constructs and libraries to improve security 
  • Findings on vulnerabilities that spurred significant security improvements in SQL Server 

 

Some Questions We Ask:      

  • How do you deploy security patches effectively while minimizing disruptions? 
  • What coding constructs and compiler flags did you recommend for better security? 
  • How did external researchers at Blue Hat conferences impact Microsoft's culture? 

 

Resources:  

View Michael Howard on LinkedIn    

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

 

The Microsoft Azure Security Podcast  

Michael Howard (@michael_howard) on X (twitter.com) 

Latest book: Designing and Developing Secure Azure Solutions (Developer Best Practices): Howard, Michael, Simone, Curzi, Heinrich, Gantenbein: 9780137908752: Amazon.com: Books 

 

Related Microsoft Podcasts:   

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

]]> 2894 no Navigating AI Safety and Security Challenges with Yonatan Zunger https://thecyberwire.com/podcasts/the-bluehat-podcast/34/notes Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.      In This Episode You Will Learn:       How predictive AI anticipates outcomes based on historical data  The difficulties and strategies involved in making AI systems safe and secure from misuse  How role-playing exercises help developers understand the behavior of AI systems    Some Questions We Ask:        What distinguishes predictive AI from generative AI?  Can generative AI be used to improve decision-making processes?  What is the role of unit testing and test cases in policy and AI system development?    Resources:   View Yonatan Zunger on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Wed, 07 Aug 2024 07:10:00 -0000 Navigating AI Safety and Security Challenges with Yonatan Zunger full 1 34 Microsoft Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.      In This Episode You Will Learn:       How predictive AI anticipates outcomes based on historical data  The difficulties and strategies involved in making AI systems safe and secure from misuse  How role-playing exercises help developers understand the behavior of AI systems    Some Questions We Ask:        What distinguishes predictive AI from generative AI?  Can generative AI be used to improve decision-making processes?  What is the role of unit testing and test cases in policy and AI system development?    Resources:   View Yonatan Zunger on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses. 

 

 

In This Episode You Will Learn:    

 

  • How predictive AI anticipates outcomes based on historical data 
  • The difficulties and strategies involved in making AI systems safe and secure from misuse 
  • How role-playing exercises help developers understand the behavior of AI systems 

 

Some Questions We Ask:     

 

  • What distinguishes predictive AI from generative AI? 
  • Can generative AI be used to improve decision-making processes? 
  • What is the role of unit testing and test cases in policy and AI system development? 


 

Resources:  

View Yonatan Zunger on LinkedIn     

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 


 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

]]> 3214 no Craig Nelson on Simulating Attacks with Microsoft’s Red Team https://thecyberwire.com/podcasts/the-bluehat-podcast/33/notes Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions.    In This Episode You Will Learn:     The need for early detection of vulnerabilities during the development lifecycle  Why a mix of technical and persuasive skill build successful red teams  Significance of internal security education and training initiatives    Some Questions We Ask:      What projects are you pursuing in AI and security?  How do you have conversations with engineers to influence their security decisions?  What skills are important for someone aspiring to join the Red Team?     Resources:   View Craig Nelson on LinkedIn    View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Wed, 24 Jul 2024 07:10:00 -0000 Craig Nelson on Simulating Attacks with Microsoft’s Red Team full 1 33 Microsoft Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions.    In This Episode You Will Learn:     The need for early detection of vulnerabilities during the development lifecycle  Why a mix of technical and persuasive skill build successful red teams  Significance of internal security education and training initiatives    Some Questions We Ask:      What projects are you pursuing in AI and security?  How do you have conversations with engineers to influence their security decisions?  What skills are important for someone aspiring to join the Red Team?     Resources:   View Craig Nelson on LinkedIn    View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions. 

 

In This Episode You Will Learn:    

  • The need for early detection of vulnerabilities during the development lifecycle 
  • Why a mix of technical and persuasive skill build successful red teams 
  • Significance of internal security education and training initiatives 

 

Some Questions We Ask:     

  • What projects are you pursuing in AI and security? 
  • How do you have conversations with engineers to influence their security decisions? 
  • What skills are important for someone aspiring to join the Red Team? 

  

Resources:  

View Craig Nelson on LinkedIn   

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 



Related Microsoft Podcasts:   

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

]]> 2269 no Unlocking Backdoor AI Poisoning with Dmitrijs Trizna https://thecyberwire.com/podcasts/the-bluehat-podcast/32/notes Dmitrijs Trizna, Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive AI models. Dmitrijs highlights the multidisciplinary approach required for effective AI security, combining AI expertise with rigorous security practices. He also discusses the resilience of gradient-boosted decision trees against such attacks and shares insights from his recent presentation at Blue Hat India, where he noted a strong interest in AI security.       In This Episode You Will Learn:       The concept of Trustworthy AI and its importance in today's technology landscape  How threat actors exploit AI vulnerabilities using backdoor poisoning techniques  The role of frequency and unusual inputs in compromising AI model integrity      Some Questions We Ask:        Could you elaborate on the resilience of gradient-boosted decision trees in AI security?  What interdisciplinary approaches are necessary for effective AI security?  How do we determine acceptable thresholds for AI model degradation in security contexts?       Resources:   View Dmitrijs Trizna on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Wed, 10 Jul 2024 07:10:00 -0000 Unlocking Backdoor AI Poisoning with Dmitrijs Trizna full 1 32 Microsoft Dmitrijs Trizna, Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive AI models. Dmitrijs highlights the multidisciplinary approach required for effective AI security, combining AI expertise with rigorous security practices. He also discusses the resilience of gradient-boosted decision trees against such attacks and shares insights from his recent presentation at Blue Hat India, where he noted a strong interest in AI security.       In This Episode You Will Learn:       The concept of Trustworthy AI and its importance in today's technology landscape  How threat actors exploit AI vulnerabilities using backdoor poisoning techniques  The role of frequency and unusual inputs in compromising AI model integrity      Some Questions We Ask:        Could you elaborate on the resilience of gradient-boosted decision trees in AI security?  What interdisciplinary approaches are necessary for effective AI security?  How do we determine acceptable thresholds for AI model degradation in security contexts?       Resources:   View Dmitrijs Trizna on LinkedIn   View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.   Dmitrijs Trizna, Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive AI models. Dmitrijs highlights the multidisciplinary approach required for effective AI security, combining AI expertise with rigorous security practices. He also discusses the resilience of gradient-boosted decision trees against such attacks and shares insights from his recent presentation at Blue Hat India, where he noted a strong interest in AI security.  

 

 

In This Episode You Will Learn:    

 

  • The concept of Trustworthy AI and its importance in today's technology landscape 
  • How threat actors exploit AI vulnerabilities using backdoor poisoning techniques 
  • The role of frequency and unusual inputs in compromising AI model integrity 

 

 

Some Questions We Ask:     

 

  • Could you elaborate on the resilience of gradient-boosted decision trees in AI security? 
  • What interdisciplinary approaches are necessary for effective AI security? 
  • How do we determine acceptable thresholds for AI model degradation in security contexts? 

  

 

Resources:  

View Dmitrijs Trizna on LinkedIn  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.  

]]> 2813 no From Morris to Azure: Shawn Hernan’s Three Decades in Security https://shows.acast.com/the-bluehat-podcast/episodes/from-morris-to-azure-shawn-hernans-three-decades-in-security Shawn Hernan, Partner Security Engineering Group Manager at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Shawn leads Microsoft Cloud & AI Security Assurance, overseeing an international team of security professionals dedicated to proactively addressing security challenges through vulnerability research, penetration testing, and threat modeling. Drawing from his extensive experience in early cybersecurity, Shawn shares valuable insights into the evolving landscape, stressing the significance of academic knowledge and practical experience. From navigating intricate technical terrains to fostering a growth mindset, this episode provides a compelling glimpse into the ongoing pursuit of security excellence in today's digital era.      In This Episode You Will Learn:       Addressing root causes of vulnerabilities reported by third parties or found internally  Developing tools and a deep understanding of specific classes of vulnerabilities  Research on areas like crypto hygiene and missing integrity vulnerabilities    Some Questions We Ask:        How does your team handle variant hunting for critical cases?  When researchers find issues in Azure, how does your team get involved?  How do you foster a security culture within Microsoft and your team?    Resources:   View Shawn Hernan on LinkedIn      View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 26 Jun 2024 07:10:00 -0000 From Morris to Azure: Shawn Hernan’s Three Decades in Security full 1 31 Microsoft <p><a href="https://www.linkedin.com/in/shawnhernan/" rel="noopener noreferrer" target="_blank">Shawn Hernan</a>, Partner Security Engineering Group Manager at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Shawn leads Microsoft Cloud &amp; AI Security Assurance, overseeing an international team of security professionals dedicated to proactively addressing security challenges through vulnerability research, penetration testing, and threat modeling. Drawing from his extensive experience in early cybersecurity, Shawn shares valuable insights into the evolving landscape, stressing the significance of academic knowledge and practical experience. From navigating intricate technical terrains to fostering a growth mindset, this episode provides a compelling glimpse into the ongoing pursuit of security excellence in today's digital era.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Addressing root causes of vulnerabilities reported by third parties or found internally&nbsp;</li><li>Developing tools and a deep understanding of specific classes of vulnerabilities&nbsp;</li><li>Research on areas like crypto hygiene and missing integrity vulnerabilities&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How does your team handle variant hunting for critical cases?&nbsp;</li><li>When researchers find issues in Azure, how does your team get involved?&nbsp;</li><li>How do you foster a security culture within Microsoft and your team?&nbsp;</li></ul><p>&nbsp;</p><br><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/shawnhernan/" rel="noopener noreferrer" target="_blank">View Shawn Hernan on LinkedIn</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><br><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><br><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Shawn Hernan, Partner Security Engineering Group Manager at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Shawn leads Microsoft Cloud & AI Security Assurance, overseeing an international team of security professionals dedicated to proactively addressing security challenges through vulnerability research, penetration testing, and threat modeling. Drawing from his extensive experience in early cybersecurity, Shawn shares valuable insights into the evolving landscape, stressing the significance of academic knowledge and practical experience. From navigating intricate technical terrains to fostering a growth mindset, this episode provides a compelling glimpse into the ongoing pursuit of security excellence in today's digital era.      In This Episode You Will Learn:       Addressing root causes of vulnerabilities reported by third parties or found internally  Developing tools and a deep understanding of specific classes of vulnerabilities  Research on areas like crypto hygiene and missing integrity vulnerabilities    Some Questions We Ask:        How does your team handle variant hunting for critical cases?  When researchers find issues in Azure, how does your team get involved?  How do you foster a security culture within Microsoft and your team?    Resources:   View Shawn Hernan on LinkedIn      View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Shawn Hernan, Partner Security Engineering Group Manager at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Shawn leads Microsoft Cloud & AI Security Assurance, overseeing an international team of security professionals dedicated to proactively addressing security challenges through vulnerability research, penetration testing, and threat modeling. Drawing from his extensive experience in early cybersecurity, Shawn shares valuable insights into the evolving landscape, stressing the significance of academic knowledge and practical experience. From navigating intricate technical terrains to fostering a growth mindset, this episode provides a compelling glimpse into the ongoing pursuit of security excellence in today's digital era. 

 

 

In This Episode You Will Learn:    

 

  • Addressing root causes of vulnerabilities reported by third parties or found internally 
  • Developing tools and a deep understanding of specific classes of vulnerabilities 
  • Research on areas like crypto hygiene and missing integrity vulnerabilities 

 

Some Questions We Ask:     

 

  • How does your team handle variant hunting for critical cases? 
  • When researchers find issues in Azure, how does your team get involved? 
  • How do you foster a security culture within Microsoft and your team? 

 


Resources:  

View Shawn Hernan on LinkedIn     

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 


Related Microsoft Podcasts:  

 

 


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2629 no MSRC VP Tom Gallagher on 25 Years of Security at Microsoft https://shows.acast.com/the-bluehat-podcast/episodes/msrc-vp-tom-gallagher-on-25-years-of-security-at-microsoft Tom Gallagher, VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an intern working on Internet Explorer's rendering engine to key roles in Office and eventually MSRC. Through Tom's experiences, you’ll gain a unique perspective on Microsoft's cybersecurity evolution and the broader industry landscape.       In This Episode You Will Learn:       A Clippy vulnerability that exemplifies the importance of external insights  How you can support teams when they find vulnerabilities in their code  Tom's experiences attending early Black Hat and DEFCON conferences      Some Questions We Ask:        How does your experience as a bug hunter influence your role at MSRC?  Can you elaborate on the process of mitigating vulnerabilities quickly within SFI?  Will you explain Trustworthy Computing and its significance in Microsoft's history?     Resources:   View Tom Gallagher on LinkedIn       View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 12 Jun 2024 07:10:00 -0000 MSRC VP Tom Gallagher on 25 Years of Security at Microsoft full 1 30 Microsoft <p><a href="https://www.linkedin.com/in/togallagher/" rel="noopener noreferrer" target="_blank">Tom Gallagher</a>, VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an intern working on Internet Explorer's rendering engine to key roles in Office and eventually MSRC. Through Tom's experiences, you’ll gain a unique perspective on Microsoft's cybersecurity evolution and the broader industry landscape.&nbsp;&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>A Clippy vulnerability that exemplifies the importance of external insights&nbsp;</li><li>How you can support teams when they find vulnerabilities in their code&nbsp;</li><li>Tom's experiences attending early Black Hat and DEFCON conferences&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How does your experience as a bug hunter influence your role at MSRC?&nbsp;</li><li>Can you elaborate on the process of mitigating vulnerabilities quickly within SFI?&nbsp;</li><li>Will you explain Trustworthy Computing and its significance in Microsoft's history?&nbsp;</li></ul><p>&nbsp;&nbsp;</p><br><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/togallagher/" rel="noopener noreferrer" target="_blank">View Tom Gallagher on LinkedIn</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Tom Gallagher, VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an intern working on Internet Explorer's rendering engine to key roles in Office and eventually MSRC. Through Tom's experiences, you’ll gain a unique perspective on Microsoft's cybersecurity evolution and the broader industry landscape.       In This Episode You Will Learn:       A Clippy vulnerability that exemplifies the importance of external insights  How you can support teams when they find vulnerabilities in their code  Tom's experiences attending early Black Hat and DEFCON conferences      Some Questions We Ask:        How does your experience as a bug hunter influence your role at MSRC?  Can you elaborate on the process of mitigating vulnerabilities quickly within SFI?  Will you explain Trustworthy Computing and its significance in Microsoft's history?     Resources:   View Tom Gallagher on LinkedIn       View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Tom Gallagher, VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an intern working on Internet Explorer's rendering engine to key roles in Office and eventually MSRC. Through Tom's experiences, you’ll gain a unique perspective on Microsoft's cybersecurity evolution and the broader industry landscape.  

 

 

In This Episode You Will Learn:    

 

  • A Clippy vulnerability that exemplifies the importance of external insights 
  • How you can support teams when they find vulnerabilities in their code 
  • Tom's experiences attending early Black Hat and DEFCON conferences 

 

 

Some Questions We Ask:     

 

  • How does your experience as a bug hunter influence your role at MSRC? 
  • Can you elaborate on the process of mitigating vulnerabilities quickly within SFI? 
  • Will you explain Trustworthy Computing and its significance in Microsoft's history? 

  


Resources:  

View Tom Gallagher on LinkedIn      

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 1900 no Educating the Future: Aaron Tng's Cybersecurity Blueprint https://shows.acast.com/the-bluehat-podcast/episodes/educating-the-future-aaron-tngs-cybersecurity-blueprint Aaron Tng, a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity.  Aaron is also passionate about the impact of Cybersecurity on society and actively promoting K-12 Cybersecurity Awareness and Education. He unveils his comprehensive four-point plan, which encompasses fundamental courses, advanced studies, educator training, and real-life internship opportunities. Aaron emphasizes the importance of moving beyond surface-level internet safety education, advocating for a deeper understanding of secure coding and threat modeling.       In This Episode You Will Learn:       The different resources utilized for Aaron’s cybersecurity education  Aspirations for the future of cybersecurity education  How Aaron founded a student-led nonprofit called Cyber Secure it      Some Questions We Ask:        What challenges did you face presenting to the Washington State Board of Education?  How did you earn multiple cybersecurity certifications while still in high school?  Why do you believe it's crucial to move beyond surface-level internet safety?      Resources:   View Aaron Tng on LinkedIn     View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 29 May 2024 07:10:00 -0000 Educating the Future: Aaron Tng's Cybersecurity Blueprint full 1 29 Microsoft <p><a href="https://www.linkedin.com/in/aaron-tng-80825722a/" rel="noopener noreferrer" target="_blank">Aaron Tng</a>, a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity.&nbsp; Aaron is also passionate about the impact of Cybersecurity on society and actively promoting K-12 Cybersecurity Awareness and Education. He unveils his comprehensive four-point plan, which encompasses fundamental courses, advanced studies, educator training, and real-life internship opportunities. Aaron emphasizes the importance of moving beyond surface-level internet safety education, advocating for a deeper understanding of secure coding and threat modeling.&nbsp;&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The different resources utilized for Aaron’s cybersecurity education&nbsp;</li><li>Aspirations for the future of cybersecurity education&nbsp;</li><li>How Aaron founded a student-led nonprofit called Cyber Secure it&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What challenges did you face presenting to the Washington State Board of Education?&nbsp;</li><li>How did you earn multiple cybersecurity certifications while still in high school?&nbsp;</li><li>Why do you believe it's crucial to move beyond surface-level internet safety?&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/aaron-tng-80825722a/" rel="noopener noreferrer" target="_blank">View Aaron Tng on LinkedIn</a>&nbsp;&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Aaron Tng, a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity.  Aaron is also passionate about the impact of Cybersecurity on society and actively promoting K-12 Cybersecurity Awareness and Education. He unveils his comprehensive four-point plan, which encompasses fundamental courses, advanced studies, educator training, and real-life internship opportunities. Aaron emphasizes the importance of moving beyond surface-level internet safety education, advocating for a deeper understanding of secure coding and threat modeling.       In This Episode You Will Learn:       The different resources utilized for Aaron’s cybersecurity education  Aspirations for the future of cybersecurity education  How Aaron founded a student-led nonprofit called Cyber Secure it      Some Questions We Ask:        What challenges did you face presenting to the Washington State Board of Education?  How did you earn multiple cybersecurity certifications while still in high school?  Why do you believe it's crucial to move beyond surface-level internet safety?      Resources:   View Aaron Tng on LinkedIn     View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Aaron Tng, a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity.  Aaron is also passionate about the impact of Cybersecurity on society and actively promoting K-12 Cybersecurity Awareness and Education. He unveils his comprehensive four-point plan, which encompasses fundamental courses, advanced studies, educator training, and real-life internship opportunities. Aaron emphasizes the importance of moving beyond surface-level internet safety education, advocating for a deeper understanding of secure coding and threat modeling.  

 

 

In This Episode You Will Learn:    

 

  • The different resources utilized for Aaron’s cybersecurity education 
  • Aspirations for the future of cybersecurity education 
  • How Aaron founded a student-led nonprofit called Cyber Secure it 

 

 

Some Questions We Ask:     

 

  • What challenges did you face presenting to the Washington State Board of Education? 
  • How did you earn multiple cybersecurity certifications while still in high school? 
  • Why do you believe it's crucial to move beyond surface-level internet safety? 

 

 

Resources:  

View Aaron Tng on LinkedIn    

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 1973 no From Specs to Security https://shows.acast.com/the-bluehat-podcast/episodes/from-specs-to-security Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities.      In This Episode You Will Learn:       The unique perspective Dor has with RDP security research  How to approach security research when following the protocol specifications  The importance of clear documentation in preventing security vulnerabilities      Some Questions We Ask:        How did you design and build the Capture the Flag event?  Did you face any unexpected hurdles while researching the RDP protocol's security?  Have you found other security vulnerabilities by closely adhering to protocol specifications?      Resources:   View Dor Dali on LinkedIn    View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 15 May 2024 07:10:00 -0000 From Specs to Security full 1 28 Microsoft <p><a href="https://www.linkedin.com/in/dordali/" rel="noopener noreferrer" target="_blank">Dor Dali</a>, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The unique perspective Dor has with RDP security research&nbsp;</li><li>How to approach security research when following the protocol specifications&nbsp;</li><li>The importance of clear documentation in preventing security vulnerabilities&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How did you design and build the Capture the Flag event?&nbsp;</li><li>Did you face any unexpected hurdles while researching the RDP protocol's security?&nbsp;</li><li>Have you found other security vulnerabilities by closely adhering to protocol specifications?&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/dordali/" rel="noopener noreferrer" target="_blank">View Dor Dali on LinkedIn</a>&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities.      In This Episode You Will Learn:       The unique perspective Dor has with RDP security research  How to approach security research when following the protocol specifications  The importance of clear documentation in preventing security vulnerabilities      Some Questions We Ask:        How did you design and build the Capture the Flag event?  Did you face any unexpected hurdles while researching the RDP protocol's security?  Have you found other security vulnerabilities by closely adhering to protocol specifications?      Resources:   View Dor Dali on LinkedIn    View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities. 

 

 

In This Episode You Will Learn:    

 

  • The unique perspective Dor has with RDP security research 
  • How to approach security research when following the protocol specifications 
  • The importance of clear documentation in preventing security vulnerabilities 

 

 

Some Questions We Ask:     

 

  • How did you design and build the Capture the Flag event? 
  • Did you face any unexpected hurdles while researching the RDP protocol's security? 
  • Have you found other security vulnerabilities by closely adhering to protocol specifications? 

 

 

Resources:  

View Dor Dali on LinkedIn   

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2020 no Beyond the Code: Ethics and AI with Katie Paxton-Fear https://shows.acast.com/the-bluehat-podcast/episodes/beyond-the-code-ethics-and-ai-with-katie-paxton-fear Cyber Security Content Creator, Speaker & Ethical Hacker, Katie Paxton-Fear, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Katie holds a PhD in defense and security AI plus cybersecurity and works as an academic, teaching undergraduate students cybersecurity topics. She also runs a popular YouTube channel focused on bug bounty hunting, hacking, and pen testing. Katie shares her journey into cybersecurity, reflects on her initial interest in undeciphered languages and how it parallels her approach to cybersecurity, both involving a fascination with solving mysteries and uncovering hidden meanings.     In This Episode You Will Learn:       Approaching AI systems with caution when translating less-documented languages  Concerns surrounding the use of copyrighted training data in AI systems  Recognizing and addressing AI system limitations and biases in real-world deployments.    Some Questions We Ask:        Can fine-tuning AI models prevent degradation and improve performance?  What are the ethical implications of putting sensitive information into AI systems  How does relying on niche or obscure training data impact AI models?    Resources:   View Katie Paxton-Fear on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 01 May 2024 07:10:00 -0000 Beyond the Code: Ethics and AI with Katie Paxton-Fear full 1 27 Microsoft <p>Cyber Security Content Creator, Speaker &amp; Ethical Hacker, <a href="https://www.linkedin.com/in/katiepf/?originalSubdomain=uk" rel="noopener noreferrer" target="_blank">Katie Paxton-Fear</a>, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Katie holds a PhD in defense and security AI plus cybersecurity and works as an academic, teaching undergraduate students cybersecurity topics. She also runs a popular YouTube channel focused on bug bounty hunting, hacking, and pen testing. Katie shares her journey into cybersecurity, reflects on her initial interest in undeciphered languages and how it parallels her approach to cybersecurity, both involving a fascination with solving mysteries and uncovering hidden meanings.&nbsp;&nbsp;</p><p>&nbsp;</p><br><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Approaching AI systems with caution when translating less-documented languages&nbsp;</li><li>Concerns surrounding the use of copyrighted training data in AI systems&nbsp;</li><li>Recognizing and addressing AI system limitations and biases in real-world deployments.&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Can fine-tuning AI models prevent degradation and improve performance?&nbsp;</li><li>What are the ethical implications of putting sensitive information into AI systems&nbsp;</li><li>How does relying on niche or obscure training data impact AI models?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/katiepf/?originalSubdomain=uk" rel="noopener noreferrer" target="_blank">View Katie Paxton-Fear on LinkedIn</a>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Cyber Security Content Creator, Speaker & Ethical Hacker, Katie Paxton-Fear, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Katie holds a PhD in defense and security AI plus cybersecurity and works as an academic, teaching undergraduate students cybersecurity topics. She also runs a popular YouTube channel focused on bug bounty hunting, hacking, and pen testing. Katie shares her journey into cybersecurity, reflects on her initial interest in undeciphered languages and how it parallels her approach to cybersecurity, both involving a fascination with solving mysteries and uncovering hidden meanings.     In This Episode You Will Learn:       Approaching AI systems with caution when translating less-documented languages  Concerns surrounding the use of copyrighted training data in AI systems  Recognizing and addressing AI system limitations and biases in real-world deployments.    Some Questions We Ask:        Can fine-tuning AI models prevent degradation and improve performance?  What are the ethical implications of putting sensitive information into AI systems  How does relying on niche or obscure training data impact AI models?    Resources:   View Katie Paxton-Fear on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Cyber Security Content Creator, Speaker & Ethical Hacker, Katie Paxton-Fear, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Katie holds a PhD in defense and security AI plus cybersecurity and works as an academic, teaching undergraduate students cybersecurity topics. She also runs a popular YouTube channel focused on bug bounty hunting, hacking, and pen testing. Katie shares her journey into cybersecurity, reflects on her initial interest in undeciphered languages and how it parallels her approach to cybersecurity, both involving a fascination with solving mysteries and uncovering hidden meanings.  

 


In This Episode You Will Learn:    

 

  • Approaching AI systems with caution when translating less-documented languages 
  • Concerns surrounding the use of copyrighted training data in AI systems 
  • Recognizing and addressing AI system limitations and biases in real-world deployments. 

 

Some Questions We Ask:     

 

  • Can fine-tuning AI models prevent degradation and improve performance? 
  • What are the ethical implications of putting sensitive information into AI systems 
  • How does relying on niche or obscure training data impact AI models? 

 

Resources:  

View Katie Paxton-Fear on LinkedIn  

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2625 no SaaS Exposed: Unmasking Cyber Risks in Cloud Integrations https://shows.acast.com/the-bluehat-podcast/episodes/saas-exposed-unmasking-cyber-risks-in-cloud-integrations Luke Jennings, VP of Research & Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations.       In This Episode You Will Learn:       Identifying malicious activities and understanding normal application behavior  The importance of having structured methodologies for approving SaaS app usage  Challenges organizations face in detecting and preventing SaaS application threats      Some Questions We Ask:        How can an organization create alerts for new, unknown SaaS app integrations?  What happens when a SaaS app integration is duplicated by an attacker?  Would having a structured methodology for SaaS app usage help minimize risk?    Resources:   View Luke Jennings on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 17 Apr 2024 07:05:00 -0000 SaaS Exposed: Unmasking Cyber Risks in Cloud Integrations full 1 26 Microsoft <p><a href="https://www.linkedin.com/in/luke-jennings-042b5619b/?originalSubdomain=uk" rel="noopener noreferrer" target="_blank">Luke Jennings</a>, VP of Research &amp; Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations.&nbsp;</p><p>&nbsp;&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Identifying malicious activities and understanding normal application behavior&nbsp;</li><li>The importance of having structured methodologies for approving SaaS app usage&nbsp;</li><li>Challenges organizations face in detecting and preventing SaaS application threats&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How can an organization create alerts for new, unknown SaaS app integrations?&nbsp;</li><li>What happens when a SaaS app integration is duplicated by an attacker?&nbsp;</li><li>Would having a structured methodology for SaaS app usage help minimize risk?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/luke-jennings-042b5619b/?originalSubdomain=uk" rel="noopener noreferrer" target="_blank">View Luke Jennings on LinkedIn</a>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;&nbsp;&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Luke Jennings, VP of Research & Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations.       In This Episode You Will Learn:       Identifying malicious activities and understanding normal application behavior  The importance of having structured methodologies for approving SaaS app usage  Challenges organizations face in detecting and preventing SaaS application threats      Some Questions We Ask:        How can an organization create alerts for new, unknown SaaS app integrations?  What happens when a SaaS app integration is duplicated by an attacker?  Would having a structured methodology for SaaS app usage help minimize risk?    Resources:   View Luke Jennings on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Luke Jennings, VP of Research & Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations. 

  

 

In This Episode You Will Learn:    

 

  • Identifying malicious activities and understanding normal application behavior 
  • The importance of having structured methodologies for approving SaaS app usage 
  • Challenges organizations face in detecting and preventing SaaS application threats 

 

 

Some Questions We Ask:     

 

  • How can an organization create alerts for new, unknown SaaS app integrations? 
  • What happens when a SaaS app integration is duplicated by an attacker? 
  • Would having a structured methodology for SaaS app usage help minimize risk? 

 

Resources:  

View Luke Jennings on LinkedIn  

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

 

Related Microsoft Podcasts:  

 

 

   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2358 no Decoding Conference Proposals with Lea Snyder https://shows.acast.com/the-bluehat-podcast/episodes/decoding-conference-proposals Lea Snyder, Principal Security Engineer at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Lea is a security leader focused on security strategy and helping organizations mature their security posture and security programs, focusing on areas including IAM, product security, and risk management. Lea explains her unique role as a security architect, highlighting problem-solving across various domains within Microsoft. She shares her unconventional path to cybersecurity, starting with a background in economics and an MBA, and how she transitioned from IT roles to security. Lea, Wendy, and Nic discuss the importance of diverse backgrounds in the industry and offer advice on entering the cybersecurity field. Lea also discusses her involvement in community-driven conferences, particularly B-sides, highlighting their diverse and unique content.       In This Episode You Will Learn:       Tips for submitting conference proposals  Challenges when balancing anonymity during a submission  The importance of a supportive approach in the conference submission process    Some Questions We Ask:        Is there a typical anonymization process to ensure fairness and inclusivity?  What are some challenges when selecting talks that resonate with an audience?  Can you elaborate on the value behind B-sides conferences and the unique atmosphere?     Resources:   View Lea Snyder on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 03 Apr 2024 07:10:00 -0000 Decoding Conference Proposals with Lea Snyder full 1 25 Microsoft <p><a href="https://www.linkedin.com/in/leasnyder/" rel="noopener noreferrer" target="_blank">Lea Snyder</a>, Principal Security Engineer at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Lea is a security leader focused on security strategy and helping organizations mature their security posture and security programs, focusing on areas including IAM, product security, and risk management. Lea explains her unique role as a security architect, highlighting problem-solving across various domains within Microsoft. She shares her unconventional path to cybersecurity, starting with a background in economics and an MBA, and how she transitioned from IT roles to security. Lea, Wendy, and Nic discuss the importance of diverse backgrounds in the industry and offer advice on entering the cybersecurity field. Lea also discusses her involvement in community-driven conferences, particularly B-sides, highlighting their diverse and unique content.&nbsp;</p><p>&nbsp;&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Tips for submitting conference proposals&nbsp;</li><li>Challenges when balancing anonymity during a submission&nbsp;</li><li>The importance of a supportive approach in the conference submission process&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Is there a typical anonymization process to ensure fairness and inclusivity?&nbsp;</li><li>What are some challenges when selecting talks that resonate with an audience?&nbsp;</li><li>Can you elaborate on the value behind B-sides conferences and the unique atmosphere?&nbsp;&nbsp;</li></ul><p>&nbsp;</p><br><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/leasnyder/" rel="noopener noreferrer" target="_blank">View Lea Snyder on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;&nbsp;&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Lea Snyder, Principal Security Engineer at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Lea is a security leader focused on security strategy and helping organizations mature their security posture and security programs, focusing on areas including IAM, product security, and risk management. Lea explains her unique role as a security architect, highlighting problem-solving across various domains within Microsoft. She shares her unconventional path to cybersecurity, starting with a background in economics and an MBA, and how she transitioned from IT roles to security. Lea, Wendy, and Nic discuss the importance of diverse backgrounds in the industry and offer advice on entering the cybersecurity field. Lea also discusses her involvement in community-driven conferences, particularly B-sides, highlighting their diverse and unique content.       In This Episode You Will Learn:       Tips for submitting conference proposals  Challenges when balancing anonymity during a submission  The importance of a supportive approach in the conference submission process    Some Questions We Ask:        Is there a typical anonymization process to ensure fairness and inclusivity?  What are some challenges when selecting talks that resonate with an audience?  Can you elaborate on the value behind B-sides conferences and the unique atmosphere?     Resources:   View Lea Snyder on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Lea Snyder, Principal Security Engineer at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Lea is a security leader focused on security strategy and helping organizations mature their security posture and security programs, focusing on areas including IAM, product security, and risk management. Lea explains her unique role as a security architect, highlighting problem-solving across various domains within Microsoft. She shares her unconventional path to cybersecurity, starting with a background in economics and an MBA, and how she transitioned from IT roles to security. Lea, Wendy, and Nic discuss the importance of diverse backgrounds in the industry and offer advice on entering the cybersecurity field. Lea also discusses her involvement in community-driven conferences, particularly B-sides, highlighting their diverse and unique content. 

  

 

In This Episode You Will Learn:    

 

  • Tips for submitting conference proposals 
  • Challenges when balancing anonymity during a submission 
  • The importance of a supportive approach in the conference submission process 

 

Some Questions We Ask:     

 

  • Is there a typical anonymization process to ensure fairness and inclusivity? 
  • What are some challenges when selecting talks that resonate with an audience? 
  • Can you elaborate on the value behind B-sides conferences and the unique atmosphere?  

 


Resources:  

View Lea Snyder on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

 

Related Microsoft Podcasts:  

 

 

   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2877 no Securing the Past with Dustin Heywood https://shows.acast.com/the-bluehat-podcast/episodes/securing-the-past-with-dustin-heywood Dustin Heywood, Hacker, Researcher, and Senior Leader at IBM, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Dustin provided a live demonstration of cracking NTLM version 1 during his BlueHat presentation, showcasing the process of responding to challenges, using coercion techniques, and ultimately extracting and cracking the NTLM hash. Dustin, Nic, and Wendy discuss checking group policies, auditing every object, ensuring relevant systems, and managing IT assets effectively. They emphasize the importance of IT asset management and recommend quarantining legacy systems with restricted access.       In This Episode You Will Learn:       Why security professionals need business skills for effective communication  Advice for auditing legacy systems with vulnerable protocols   Extracting DPAPI keys and decrypting browser session history      Some Questions We Ask:        How do you manage risk for legacy systems deemed necessary for business?  Can you discuss some of the outdated protocols in current IT environments?  What guidance would you offer to IT professionals looking to audit their systems?    Resources:   View Dustin Heywood on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 20 Mar 2024 07:05:00 -0000 Securing the Past with Dustin Heywood full 1 24 Microsoft <p><a href="https://www.linkedin.com/in/evilmog/?originalSubdomain=ca" rel="noopener noreferrer" target="_blank">Dustin Heywood</a>, Hacker, Researcher, and Senior Leader at IBM, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Dustin provided a live demonstration of cracking NTLM version 1 during his BlueHat presentation, showcasing the process of responding to challenges, using coercion techniques, and ultimately extracting and cracking the NTLM hash. Dustin, Nic, and Wendy discuss checking group policies, auditing every object, ensuring relevant systems, and managing IT assets effectively. They emphasize the importance of IT asset management and recommend quarantining legacy systems with restricted access.&nbsp;</p><p>&nbsp;&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Why security professionals need business skills for effective communication&nbsp;</li><li>Advice for auditing legacy systems with vulnerable protocols&nbsp;&nbsp;</li><li>Extracting DPAPI keys and decrypting browser session history&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How do you manage risk for legacy systems deemed necessary for business?&nbsp;</li><li>Can you discuss some of the outdated protocols in current IT environments?&nbsp;</li><li>What guidance would you offer to IT professionals looking to audit their systems?&nbsp;</li></ul><p><br></p><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/evilmog/?originalSubdomain=ca" rel="noopener noreferrer" target="_blank">View Dustin Heywood on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><br><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Dustin Heywood, Hacker, Researcher, and Senior Leader at IBM, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Dustin provided a live demonstration of cracking NTLM version 1 during his BlueHat presentation, showcasing the process of responding to challenges, using coercion techniques, and ultimately extracting and cracking the NTLM hash. Dustin, Nic, and Wendy discuss checking group policies, auditing every object, ensuring relevant systems, and managing IT assets effectively. They emphasize the importance of IT asset management and recommend quarantining legacy systems with restricted access.       In This Episode You Will Learn:       Why security professionals need business skills for effective communication  Advice for auditing legacy systems with vulnerable protocols   Extracting DPAPI keys and decrypting browser session history      Some Questions We Ask:        How do you manage risk for legacy systems deemed necessary for business?  Can you discuss some of the outdated protocols in current IT environments?  What guidance would you offer to IT professionals looking to audit their systems?    Resources:   View Dustin Heywood on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks     Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Dustin Heywood, Hacker, Researcher, and Senior Leader at IBM, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Dustin provided a live demonstration of cracking NTLM version 1 during his BlueHat presentation, showcasing the process of responding to challenges, using coercion techniques, and ultimately extracting and cracking the NTLM hash. Dustin, Nic, and Wendy discuss checking group policies, auditing every object, ensuring relevant systems, and managing IT assets effectively. They emphasize the importance of IT asset management and recommend quarantining legacy systems with restricted access. 

  

 

In This Episode You Will Learn:    

 

  • Why security professionals need business skills for effective communication 
  • Advice for auditing legacy systems with vulnerable protocols  
  • Extracting DPAPI keys and decrypting browser session history 

 

 

Some Questions We Ask:     

 

  • How do you manage risk for legacy systems deemed necessary for business? 
  • Can you discuss some of the outdated protocols in current IT environments? 
  • What guidance would you offer to IT professionals looking to audit their systems? 


 

Resources:  

View Dustin Heywood on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

 

Related Microsoft Podcasts:  

 

 


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2516 no Breaking Bias: Tera Joyce and Tina Zhang-Powell on Celebrating Women in Cybersecurity https://shows.acast.com/the-bluehat-podcast/episodes/breaking-bias-tera-joyce-and-tina-zhang-powell-on-celebratin Microsoft Principal Security Engineering, Tera Joyce and Senior Security Program Manager at Microsoft, Tina Zhang-Powell join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. As we celebrate International Women's Day and Women's History Month, Tina and Tera join the show to discuss the importance of allies in promoting inclusivity and diversity within the industry. They both  provide valuable perspectives on assumptions made about women in cybersecurity and offer guidance on fostering an inclusive environment. They highlight the importance of leaders being aware of representation and ensuring diverse perspectives are considered in the decision-making processes and share internal resources like mentoring programs and external opportunities such as conferences to support women in the field. Tina and Tera also offer advice to allies, encouraging them to actively include diverse voices and how they can contribute to creating a more inclusive cybersecurity community.      In This Episode You Will Learn:       The significance of allies in promoting diversity and inclusivity  How we can address small instances of unconscious bias  The importance of discovering one's calling within the security field      Some Questions We Ask:        Can you share any resources or ways to support women in cybersecurity?  How can allies better support women in the cybersecurity industry?  Any advice for women or individuals interested in entering the tech and cybersecurity field?    Resources:   View Tera Joyce on LinkedIn  View Tina Zhang-Powell on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Fri, 08 Mar 2024 07:05:00 -0000 Breaking Bias: Tera Joyce and Tina Zhang-Powell on Celebrating Women in Cybersecurity full 1 23 Microsoft <p>Microsoft Principal Security Engineering, <a href="https://www.linkedin.com/in/terajoyce/" rel="noopener noreferrer" target="_blank">Tera Joyce</a> and Senior Security Program Manager at Microsoft, <a href="https://www.linkedin.com/in/tina-zhang-powell/" rel="noopener noreferrer" target="_blank">Tina Zhang-Powell</a> join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. As we celebrate International Women's Day and Women's History Month, Tina and Tera join the show to discuss the importance of allies in promoting inclusivity and diversity within the industry. They both&nbsp; provide valuable perspectives on assumptions made about women in cybersecurity and offer guidance on fostering an inclusive environment. They highlight the importance of leaders being aware of representation and ensuring diverse perspectives are considered in the decision-making processes and share internal resources like mentoring programs and external opportunities such as conferences to support women in the field. Tina and Tera also offer advice to allies, encouraging them to actively include diverse voices and how they can contribute to creating a more inclusive cybersecurity community.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The significance of allies in promoting diversity and inclusivity&nbsp;</li><li>How we can address small instances of unconscious bias&nbsp;</li><li>The importance of discovering one's calling within the security field&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Can you share any resources or ways to support women in cybersecurity?&nbsp;</li><li>How can allies better support women in the cybersecurity industry?&nbsp;</li><li>Any advice for women or individuals interested in entering the tech and cybersecurity field?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/terajoyce/" rel="noopener noreferrer" target="_blank">View Tera Joyce on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/tina-zhang-powell/" rel="noopener noreferrer" target="_blank">View Tina Zhang-Powell on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Microsoft Principal Security Engineering, Tera Joyce and Senior Security Program Manager at Microsoft, Tina Zhang-Powell join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. As we celebrate International Women's Day and Women's History Month, Tina and Tera join the show to discuss the importance of allies in promoting inclusivity and diversity within the industry. They both  provide valuable perspectives on assumptions made about women in cybersecurity and offer guidance on fostering an inclusive environment. They highlight the importance of leaders being aware of representation and ensuring diverse perspectives are considered in the decision-making processes and share internal resources like mentoring programs and external opportunities such as conferences to support women in the field. Tina and Tera also offer advice to allies, encouraging them to actively include diverse voices and how they can contribute to creating a more inclusive cybersecurity community.      In This Episode You Will Learn:       The significance of allies in promoting diversity and inclusivity  How we can address small instances of unconscious bias  The importance of discovering one's calling within the security field      Some Questions We Ask:        Can you share any resources or ways to support women in cybersecurity?  How can allies better support women in the cybersecurity industry?  Any advice for women or individuals interested in entering the tech and cybersecurity field?    Resources:   View Tera Joyce on LinkedIn  View Tina Zhang-Powell on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Microsoft Principal Security Engineering, Tera Joyce and Senior Security Program Manager at Microsoft, Tina Zhang-Powell join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. As we celebrate International Women's Day and Women's History Month, Tina and Tera join the show to discuss the importance of allies in promoting inclusivity and diversity within the industry. They both  provide valuable perspectives on assumptions made about women in cybersecurity and offer guidance on fostering an inclusive environment. They highlight the importance of leaders being aware of representation and ensuring diverse perspectives are considered in the decision-making processes and share internal resources like mentoring programs and external opportunities such as conferences to support women in the field. Tina and Tera also offer advice to allies, encouraging them to actively include diverse voices and how they can contribute to creating a more inclusive cybersecurity community. 

 

 

In This Episode You Will Learn:    

 

  • The significance of allies in promoting diversity and inclusivity 
  • How we can address small instances of unconscious bias 
  • The importance of discovering one's calling within the security field 

 

 

Some Questions We Ask:     

 

  • Can you share any resources or ways to support women in cybersecurity? 
  • How can allies better support women in the cybersecurity industry? 
  • Any advice for women or individuals interested in entering the tech and cybersecurity field? 

 

Resources:  

View Tera Joyce on LinkedIn 

View Tina Zhang-Powell on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 3080 no Black Voices Matter: The Role of Allyship in Cybersecurity with Devin Price and Derrick Love https://shows.acast.com/the-bluehat-podcast/episodes/black-voices-matter-the-role-of-allyship-in-cybersecurity-wi Microsoft Security Technical Program Manager Devin Price and Sr. Program Manager Derrick Love join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. The discussion delves into the experience of being Black in the cybersecurity field. Derrick and Devin share their thoughts on the representation of Black individuals in tech, noting the underrepresentation in the field. The significance of representation and allyship is also discussed while emphasizing the importance of paying it forward, mentoring others, and highlighting the responsibility to support those coming up in the field. Devin and Derrick share the importance of involvement with events that promote the black community, black businesses, and black-led nonprofits. These events aim to create a supportive network within the community, particularly for those working in the technology sector. It underlines the significance of adopting a growth mindset, fostering a sense of community, and actively contributing to the empowerment of individuals within the cybersecurity landscape.       In This Episode You Will Learn:       How mentorship can help the growth of underrepresented individuals in security  Actionable advice for fostering diversity in the industry  Why representation and allyship is so vital for Cybersecurity    Some Questions We Ask:        What challenges and rewards come with working in cybersecurity?  How can we positively affect and support the Black community in tech?  Can you share actionable advice for fostering diversity in the industry?    Resources:   View Devin Price on LinkedIn   View Derrick Love on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn  Beam Foundation   Sync Seattle     The Talking Tech Podcast   BAM Scholarship    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Wed, 21 Feb 2024 07:05:00 -0000 Black Voices Matter: The Role of Allyship in Cybersecurity with Devin Price and Derrick Love full 1 22 Microsoft <p>Microsoft Security Technical Program Manager <a href="https://www.linkedin.com/in/pricedevin/" rel="noopener noreferrer" target="_blank">Devin Price</a> and Sr. Program Manager <a href="https://www.linkedin.com/in/derricklove/" rel="noopener noreferrer" target="_blank">Derrick Love</a> join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. The discussion delves into the experience of being Black in the cybersecurity field. Derrick and Devin share their thoughts on the representation of Black individuals in tech, noting the underrepresentation in the field. The significance of representation and allyship is also discussed while emphasizing the importance of paying it forward, mentoring others, and highlighting the responsibility to support those coming up in the field. Devin and Derrick share the importance of involvement with events that promote the black community, black businesses, and black-led nonprofits. These events aim to create a supportive network within the community, particularly for those working in the technology sector. It underlines the significance of adopting a growth mindset, fostering a sense of community, and actively contributing to the empowerment of individuals within the cybersecurity landscape.&nbsp;&nbsp;</p><p>&nbsp;&nbsp;&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How mentorship can help the growth of underrepresented individuals in security&nbsp;</li><li>Actionable advice for fostering diversity in the industry&nbsp;</li><li>Why representation and allyship is so vital for Cybersecurity&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What challenges and rewards come with working in cybersecurity?&nbsp;</li><li>How can we positively affect and support the Black community in tech?&nbsp;</li><li>Can you share actionable advice for fostering diversity in the industry?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/pricedevin/" rel="noopener noreferrer" target="_blank">View Devin Price on LinkedIn</a>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/derricklove/" rel="noopener noreferrer" target="_blank">View Derrick Love on LinkedIn</a>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><br><p><a href="https://beamfoundationcharlotte.org/codingacademy/" rel="noopener noreferrer" target="_blank">Beam Foundation&nbsp;</a>&nbsp;</p><p><a href="https://syncseattle.com/" rel="noopener noreferrer" target="_blank">Sync Seattle&nbsp;</a>&nbsp;</p><p>&nbsp;</p><p><a href="https://www.youtube.com/channel/UCuNEzfzu2Q2g1aQ3mqvr0eQ" rel="noopener noreferrer" target="_blank">The Talking Tech Podcast&nbsp;</a>&nbsp;</p><p><a href="https://www.microsoft.com/en-us/diversity/programs/bam-scholarship.aspx" rel="noopener noreferrer" target="_blank">BAM Scholarship</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a></p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Microsoft Security Technical Program Manager Devin Price and Sr. Program Manager Derrick Love join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. The discussion delves into the experience of being Black in the cybersecurity field. Derrick and Devin share their thoughts on the representation of Black individuals in tech, noting the underrepresentation in the field. The significance of representation and allyship is also discussed while emphasizing the importance of paying it forward, mentoring others, and highlighting the responsibility to support those coming up in the field. Devin and Derrick share the importance of involvement with events that promote the black community, black businesses, and black-led nonprofits. These events aim to create a supportive network within the community, particularly for those working in the technology sector. It underlines the significance of adopting a growth mindset, fostering a sense of community, and actively contributing to the empowerment of individuals within the cybersecurity landscape.       In This Episode You Will Learn:       How mentorship can help the growth of underrepresented individuals in security  Actionable advice for fostering diversity in the industry  Why representation and allyship is so vital for Cybersecurity    Some Questions We Ask:        What challenges and rewards come with working in cybersecurity?  How can we positively affect and support the Black community in tech?  Can you share actionable advice for fostering diversity in the industry?    Resources:   View Devin Price on LinkedIn   View Derrick Love on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn  Beam Foundation   Sync Seattle     The Talking Tech Podcast   BAM Scholarship    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Microsoft Security Technical Program Manager Devin Price and Sr. Program Manager Derrick Love join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. The discussion delves into the experience of being Black in the cybersecurity field. Derrick and Devin share their thoughts on the representation of Black individuals in tech, noting the underrepresentation in the field. The significance of representation and allyship is also discussed while emphasizing the importance of paying it forward, mentoring others, and highlighting the responsibility to support those coming up in the field. Devin and Derrick share the importance of involvement with events that promote the black community, black businesses, and black-led nonprofits. These events aim to create a supportive network within the community, particularly for those working in the technology sector. It underlines the significance of adopting a growth mindset, fostering a sense of community, and actively contributing to the empowerment of individuals within the cybersecurity landscape.  

   

In This Episode You Will Learn:    

 

  • How mentorship can help the growth of underrepresented individuals in security 
  • Actionable advice for fostering diversity in the industry 
  • Why representation and allyship is so vital for Cybersecurity 

 

Some Questions We Ask:     

 

  • What challenges and rewards come with working in cybersecurity? 
  • How can we positively affect and support the Black community in tech? 
  • Can you share actionable advice for fostering diversity in the industry? 

 

Resources:  

View Devin Price on LinkedIn  

View Derrick Love on LinkedIn  

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 


Beam Foundation  

Sync Seattle  

 

The Talking Tech Podcast  

BAM Scholarship 

 

Related Microsoft Podcasts:  

 

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts


Hosted on Acast. See acast.com/privacy for more information.

]]> 3504 no No Women; No Problem: Katelyn Falk on Creating an ERG for Women in Security https://shows.acast.com/the-bluehat-podcast/episodes/no-women-no-problem-katelyn-falk-on-creating-an-erg-for-wome Katelyn Falk, Principal Security TPM at Zoom, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Katelyn is a security technical program manager with 11+ years of experience across IT and security, both cyber and physical, and is also co-founder of Zoom's Women in Security group. Katelyn, Wendy, and Nic discuss the growth of Zoom, the challenges of fostering a sense of community in a rapidly expanding organization, and the importance of diversity and representation in the cybersecurity industry. Katelyn explains the inspiration behind her Blue Hat conference lightning talk, "No Women in Security Group, No Problem," and her role in creating the Women in Security Group.  In This Episode You Will Learn:   Practical steps for starting a Women in Security employee resource group Advice on overcoming self-doubt when considering a leadership role Examples of allyship, offering resources and support in meetings Some Questions We Ask:    How important is executive sponsorship, and how did you navigate securing it? Can you outline the process of establishing a group leadership team? How do you keep the members engaged and connected in a virtual setting? Resources:  View Katelyn Falk on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn katelynfalk.com Related Microsoft Podcasts:  Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks  Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Hosted on Acast. See acast.com/privacy for more information. Wed, 07 Feb 2024 07:05:00 -0000 No Women; No Problem: Katelyn Falk on Creating an ERG for Women in Security full 1 21 Microsoft <p><a href="https://www.linkedin.com/in/katelyn-falk/" rel="noopener noreferrer" target="_blank">Katelyn Falk</a>, Principal Security TPM at Zoom, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Katelyn is a security technical program manager with 11+ years of experience across IT and security, both cyber and physical, and is also co-founder of Zoom's Women in Security group. Katelyn, Wendy, and Nic discuss the growth of Zoom, the challenges of fostering a sense of community in a rapidly expanding organization, and the importance of diversity and representation in the cybersecurity industry. Katelyn explains the inspiration behind her Blue Hat conference lightning talk, "No Women in Security Group, No Problem," and her role in creating the Women in Security Group.&nbsp;</p><br><p><br></p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;</p><p><br></p><ul><li>Practical steps for starting a Women in Security employee resource group</li><li>Advice on overcoming self-doubt when considering a leadership role</li><li>Examples of allyship, offering resources and support in meetings</li></ul><p><br></p><br><p><strong>Some Questions We Ask: </strong>&nbsp;&nbsp;</p><p><br></p><ul><li>How important is executive sponsorship, and how did you navigate securing it?</li><li>Can you outline the process of establishing a group leadership team?</li><li>How do you keep the members engaged and connected in a virtual setting?</li></ul><p><br></p><br><p><strong>Resources:</strong>&nbsp;</p><p><a href="https://www.linkedin.com/in/katelyn-falk/" rel="noopener noreferrer" target="_blank">View Katelyn Falk on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a></p><br><p><a href="https://katelynfalk.com" rel="noopener noreferrer" target="_blank">katelynfalk.com</a></p><br><p><strong>Related Microsoft Podcasts:</strong>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;</li></ul><p><br></p><br><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Katelyn Falk, Principal Security TPM at Zoom, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Katelyn is a security technical program manager with 11+ years of experience across IT and security, both cyber and physical, and is also co-founder of Zoom's Women in Security group. Katelyn, Wendy, and Nic discuss the growth of Zoom, the challenges of fostering a sense of community in a rapidly expanding organization, and the importance of diversity and representation in the cybersecurity industry. Katelyn explains the inspiration behind her Blue Hat conference lightning talk, "No Women in Security Group, No Problem," and her role in creating the Women in Security Group.  In This Episode You Will Learn:   Practical steps for starting a Women in Security employee resource group Advice on overcoming self-doubt when considering a leadership role Examples of allyship, offering resources and support in meetings Some Questions We Ask:    How important is executive sponsorship, and how did you navigate securing it? Can you outline the process of establishing a group leadership team? How do you keep the members engaged and connected in a virtual setting? Resources:  View Katelyn Falk on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn katelynfalk.com Related Microsoft Podcasts:  Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks  Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Hosted on Acast. See acast.com/privacy for more information. Katelyn Falk, Principal Security TPM at Zoom, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Katelyn is a security technical program manager with 11+ years of experience across IT and security, both cyber and physical, and is also co-founder of Zoom's Women in Security group. Katelyn, Wendy, and Nic discuss the growth of Zoom, the challenges of fostering a sense of community in a rapidly expanding organization, and the importance of diversity and representation in the cybersecurity industry. Katelyn explains the inspiration behind her Blue Hat conference lightning talk, "No Women in Security Group, No Problem," and her role in creating the Women in Security Group. 



In This Episode You Will Learn:  


  • Practical steps for starting a Women in Security employee resource group
  • Advice on overcoming self-doubt when considering a leadership role
  • Examples of allyship, offering resources and support in meetings



Some Questions We Ask:   


  • How important is executive sponsorship, and how did you navigate securing it?
  • Can you outline the process of establishing a group leadership team?
  • How do you keep the members engaged and connected in a virtual setting?



Resources: 

View Katelyn Falk on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn


katelynfalk.com


Related Microsoft Podcasts: 



Discover and follow other Microsoft podcasts at microsoft.com/podcasts 


Hosted on Acast. See acast.com/privacy for more information.

]]> 2681 no Harnessing the Power of Community in Cybersecurity with Darren Spruell https://shows.acast.com/the-bluehat-podcast/episodes/harnessing-the-power-of-community-in-cybersecurity-with-darr Leading Threat Intelligence at InQuest, Darren Spruell joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Darren explains InQuest's focus on Deep File Inspection® technology to identify malicious traits in files and talks about their role in serving public and private sector companies. Darren shares his cybersecurity journey, passion for combating malware and criminal activities, and his presentation at BlueHat. Wendy, Nic, and Darren highlight the evolution of threat information sharing over the years and the value of intelligence advantage over adversaries. The conversation delves into the significance of threat indicators such as IP addresses, file hashes, domain names, and much more!     In This Episode You Will Learn:       The challenges of exchanging threat intelligence and person-to-person sharing  Balancing technical expertise and leadership responsibilities  The importance of evolving manual threat intelligence sharing practices    Some Questions We Ask:       How can practitioners enhance the effectiveness of threat intelligence?  What types of security roles are sharing IOCs back and forth?  Why is community engagement in the cybersecurity industry so necessary?    Resources:   View Darren Spruell on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 24 Jan 2024 07:05:00 -0000 Harnessing the Power of Community in Cybersecurity with Darren Spruell full 1 20 Microsoft <p>Leading Threat Intelligence at InQuest, <a href="https://www.linkedin.com/in/dspruell/" rel="noopener noreferrer" target="_blank">Darren Spruell</a> joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Darren explains InQuest's focus on Deep File Inspection® technology to identify malicious traits in files and talks about their role in serving public and private sector companies. Darren shares his cybersecurity journey, passion for combating malware and criminal activities, and his presentation at BlueHat. Wendy, Nic, and Darren highlight the evolution of threat information sharing over the years and the value of intelligence advantage over adversaries. The conversation delves into the significance of threat indicators such as IP addresses, file hashes, domain names, and much more!&nbsp;&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The challenges of exchanging threat intelligence and person-to-person sharing&nbsp;</li><li>Balancing technical expertise and leadership responsibilities&nbsp;</li><li>The importance of evolving manual threat intelligence sharing practices&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How can practitioners enhance the effectiveness of threat intelligence?&nbsp;</li><li>What types of security roles are sharing IOCs back and forth?&nbsp;</li><li>Why is community engagement in the cybersecurity industry so necessary?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/dspruell/" rel="noopener noreferrer" target="_blank">View Darren Spruell on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Leading Threat Intelligence at InQuest, Darren Spruell joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Darren explains InQuest's focus on Deep File Inspection® technology to identify malicious traits in files and talks about their role in serving public and private sector companies. Darren shares his cybersecurity journey, passion for combating malware and criminal activities, and his presentation at BlueHat. Wendy, Nic, and Darren highlight the evolution of threat information sharing over the years and the value of intelligence advantage over adversaries. The conversation delves into the significance of threat indicators such as IP addresses, file hashes, domain names, and much more!     In This Episode You Will Learn:       The challenges of exchanging threat intelligence and person-to-person sharing  Balancing technical expertise and leadership responsibilities  The importance of evolving manual threat intelligence sharing practices    Some Questions We Ask:       How can practitioners enhance the effectiveness of threat intelligence?  What types of security roles are sharing IOCs back and forth?  Why is community engagement in the cybersecurity industry so necessary?    Resources:   View Darren Spruell on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Leading Threat Intelligence at InQuest, Darren Spruell joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Darren explains InQuest's focus on Deep File Inspection® technology to identify malicious traits in files and talks about their role in serving public and private sector companies. Darren shares his cybersecurity journey, passion for combating malware and criminal activities, and his presentation at BlueHat. Wendy, Nic, and Darren highlight the evolution of threat information sharing over the years and the value of intelligence advantage over adversaries. The conversation delves into the significance of threat indicators such as IP addresses, file hashes, domain names, and much more!  

 

In This Episode You Will Learn:    

 

  • The challenges of exchanging threat intelligence and person-to-person sharing 
  • Balancing technical expertise and leadership responsibilities 
  • The importance of evolving manual threat intelligence sharing practices 

 

Some Questions We Ask:    

 

  • How can practitioners enhance the effectiveness of threat intelligence? 
  • What types of security roles are sharing IOCs back and forth? 
  • Why is community engagement in the cybersecurity industry so necessary? 

 

Resources:  

View Darren Spruell on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2542 no Canary (Tokens) in the Code Mine with Casey Smith https://shows.acast.com/the-bluehat-podcast/episodes/canary-tokens-in-the-code-mine-with-casey-smith Thinkst Canary, Cyber Security Researcher Casey Smith joins Nic Fillingham on this week's episode of The BlueHat Podcast. Nic and Casey discuss his background in security, his experience presenting at Blue Hat, and his session on building a Canary token to monitor Windows process execution. The Canary token project is an open-source initiative that creates artifacts on a network to alert defenders when an attacker interacts with them. The tokens can take various forms, such as documents, cloud credentials, QR codes, or executables, providing an early warning system for potential breaches. They also cover the importance of failure in the research process and the evolution of the canary token project to adapt to new attack techniques.      In This Episode You Will Learn:       The need for defenders to explore new features in the Windows operating system  Challenges of keeping ahead of more sophisticated adversaries  The use of legitimate binaries for malicious activities      Some Questions We Ask:       How do you balance curiosity-driven research with practical security concerns?  What challenges do you see in the current state of endpoint security?  How do you navigate working with customers and using what you learn for research?    Resources:   View Casey Smith on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     The Microsoft Threat Intelligence Podcast       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 10 Jan 2024 07:05:00 -0000 Canary (Tokens) in the Code Mine with Casey Smith full 1 19 Microsoft <p>Thinkst Canary, Cyber Security Researcher Casey Smith joins Nic Fillingham on this week's episode of The BlueHat Podcast. Nic and Casey discuss his background in security, his experience presenting at Blue Hat, and his session on building a Canary token to monitor Windows process execution. The Canary token project is an open-source initiative that creates artifacts on a network to alert defenders when an attacker interacts with them. The tokens can take various forms, such as documents, cloud credentials, QR codes, or executables, providing an early warning system for potential breaches. They also cover the importance of failure in the research process and the evolution of the canary token project to adapt to new attack techniques.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The need for defenders to explore new features in the Windows operating system&nbsp;</li><li>Challenges of keeping ahead of more sophisticated adversaries&nbsp;</li><li>The use of legitimate binaries for malicious activities&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How do you balance curiosity-driven research with practical security concerns?&nbsp;</li><li>What challenges do you see in the current state of endpoint security?&nbsp;</li><li>How do you navigate working with customers and using what you learn for research?&nbsp;</li></ul><p>&nbsp;</p><br><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/casey-smith-066702282/" rel="noopener noreferrer" target="_blank">View Casey Smith on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><ul><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/uncovering-hidden-risks" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/microsoft-threat-intelligence" rel="noopener noreferrer" target="_blank">The Microsoft Threat Intelligence Podcast&nbsp;</a>&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Thinkst Canary, Cyber Security Researcher Casey Smith joins Nic Fillingham on this week's episode of The BlueHat Podcast. Nic and Casey discuss his background in security, his experience presenting at Blue Hat, and his session on building a Canary token to monitor Windows process execution. The Canary token project is an open-source initiative that creates artifacts on a network to alert defenders when an attacker interacts with them. The tokens can take various forms, such as documents, cloud credentials, QR codes, or executables, providing an early warning system for potential breaches. They also cover the importance of failure in the research process and the evolution of the canary token project to adapt to new attack techniques.      In This Episode You Will Learn:       The need for defenders to explore new features in the Windows operating system  Challenges of keeping ahead of more sophisticated adversaries  The use of legitimate binaries for malicious activities      Some Questions We Ask:       How do you balance curiosity-driven research with practical security concerns?  What challenges do you see in the current state of endpoint security?  How do you navigate working with customers and using what you learn for research?    Resources:   View Casey Smith on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     The Microsoft Threat Intelligence Podcast       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Thinkst Canary, Cyber Security Researcher Casey Smith joins Nic Fillingham on this week's episode of The BlueHat Podcast. Nic and Casey discuss his background in security, his experience presenting at Blue Hat, and his session on building a Canary token to monitor Windows process execution. The Canary token project is an open-source initiative that creates artifacts on a network to alert defenders when an attacker interacts with them. The tokens can take various forms, such as documents, cloud credentials, QR codes, or executables, providing an early warning system for potential breaches. They also cover the importance of failure in the research process and the evolution of the canary token project to adapt to new attack techniques. 

 

 

In This Episode You Will Learn:    

 

  • The need for defenders to explore new features in the Windows operating system 
  • Challenges of keeping ahead of more sophisticated adversaries 
  • The use of legitimate binaries for malicious activities 

 

 

Some Questions We Ask:    

 

  • How do you balance curiosity-driven research with practical security concerns? 
  • What challenges do you see in the current state of endpoint security? 
  • How do you navigate working with customers and using what you learn for research? 

 


Resources:  

View Casey Smith on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:                 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2243 no Mastering the Bug Hunt: Insights and Ethics with Nestori Syynimaa https://shows.acast.com/the-bluehat-podcast/episodes/mastering-the-bug-hunt-insights-and-ethics-with-nestori-syyn Senior Principal Security Researcher Nestori Syynimaa joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Nestori is an ICT professional with a strong practical and academic background. Since April 2021, Nestori has worked as a Senior Principal Security Researcher at Secureworks' Counter Threat Unit. Before joining Secureworks, he worked as a joint CIO for eight cities and municipalities surrounding Tampere, the largest inland city in Scandinavia. Nestori, Wendy, and Nic discuss the importance of understanding the dynamics between researchers and organizations in addressing security concerns, Nestori's journey as a researcher, his academic background, and his experiences speaking at various conferences worldwide.      In This Episode You Will Learn:       Challenges and successes in the bug bounty process  The importance of researchers confirming fixes to make the process more efficient   Ethical considerations for researchers and motivations within the hacking community      Some Questions We Ask:       What challenges do many organizations face running bug bounty programs?  How can you find a trustworthy peer or seasoned researcher to get feedback on your work?  Has encountering different cases shaped your understanding of bug bounty programs?     Resources:   View Nestori Syynimaa on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     The Microsoft Threat Intelligence Podcast         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 13 Dec 2023 07:05:00 -0000 Mastering the Bug Hunt: Insights and Ethics with Nestori Syynimaa full 1 18 Microsoft <p>Senior Principal Security Researcher <a href="https://www.linkedin.com/in/nestori/?originalSubdomain=fi" rel="noopener noreferrer" target="_blank">Nestori Syynimaa</a> joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Nestori is an ICT professional with a strong practical and academic background. Since April 2021, Nestori has worked as a Senior Principal Security Researcher at Secureworks' Counter Threat Unit. Before joining Secureworks, he worked as a joint CIO for eight cities and municipalities surrounding Tampere, the largest inland city in Scandinavia. Nestori, Wendy, and Nic discuss the importance of understanding the dynamics between researchers and organizations in addressing security concerns, Nestori's journey as a researcher, his academic background, and his experiences speaking at various conferences worldwide.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Challenges and successes in the bug bounty process&nbsp;</li><li>The importance of researchers confirming fixes to make the process more efficient&nbsp;&nbsp;</li><li>Ethical considerations for researchers and motivations within the hacking community&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What challenges do many organizations face running bug bounty programs?&nbsp;</li><li>How can you find a trustworthy peer or seasoned researcher to get feedback on your work?&nbsp;</li><li>Has encountering different cases shaped your understanding of bug bounty programs?&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/nestori/?originalSubdomain=fi" rel="noopener noreferrer" target="_blank">View Nestori Syynimaa on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><ul><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/uncovering-hidden-risks" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/microsoft-threat-intelligence" rel="noopener noreferrer" target="_blank">The Microsoft Threat Intelligence Podcast&nbsp;</a>&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;&nbsp;&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Senior Principal Security Researcher Nestori Syynimaa joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Nestori is an ICT professional with a strong practical and academic background. Since April 2021, Nestori has worked as a Senior Principal Security Researcher at Secureworks' Counter Threat Unit. Before joining Secureworks, he worked as a joint CIO for eight cities and municipalities surrounding Tampere, the largest inland city in Scandinavia. Nestori, Wendy, and Nic discuss the importance of understanding the dynamics between researchers and organizations in addressing security concerns, Nestori's journey as a researcher, his academic background, and his experiences speaking at various conferences worldwide.      In This Episode You Will Learn:       Challenges and successes in the bug bounty process  The importance of researchers confirming fixes to make the process more efficient   Ethical considerations for researchers and motivations within the hacking community      Some Questions We Ask:       What challenges do many organizations face running bug bounty programs?  How can you find a trustworthy peer or seasoned researcher to get feedback on your work?  Has encountering different cases shaped your understanding of bug bounty programs?     Resources:   View Nestori Syynimaa on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     The Microsoft Threat Intelligence Podcast         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Senior Principal Security Researcher Nestori Syynimaa joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Nestori is an ICT professional with a strong practical and academic background. Since April 2021, Nestori has worked as a Senior Principal Security Researcher at Secureworks' Counter Threat Unit. Before joining Secureworks, he worked as a joint CIO for eight cities and municipalities surrounding Tampere, the largest inland city in Scandinavia. Nestori, Wendy, and Nic discuss the importance of understanding the dynamics between researchers and organizations in addressing security concerns, Nestori's journey as a researcher, his academic background, and his experiences speaking at various conferences worldwide. 

 

 

In This Episode You Will Learn:    

 

  • Challenges and successes in the bug bounty process 
  • The importance of researchers confirming fixes to make the process more efficient  
  • Ethical considerations for researchers and motivations within the hacking community 

 

 

Some Questions We Ask:    

 

  • What challenges do many organizations face running bug bounty programs? 
  • How can you find a trustworthy peer or seasoned researcher to get feedback on your work? 
  • Has encountering different cases shaped your understanding of bug bounty programs?  

 

Resources:  

View Nestori Syynimaa on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:                 

 

   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2384 no Service Principles in the Spotlight: Insights from Microsoft’s Security Experts https://shows.acast.com/the-bluehat-podcast/episodes/service-principles-in-the-spotlight-insights-from-microsofts Senior Data Scientist Emily Yale and Senior Threat Hunt Analyst at Microsoft Chris Bukavich join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Chris focuses on incident response, investigation, and detection of major incidents, while Emily works on developing and improving detections for Microsoft's internal security. Emily and Chris were co-presenters at this year's BlueHat conference. They discussed unmasking Azure-based adversaries with an emphasis on monitoring service principles,  how their respective expertise in data science and cybersecurity contributed to the session, and the challenges of monitoring service principles in Azure. This concept has evolved from traditional service accounts.      In This Episode You Will Learn:       The importance of monitoring spikes in activity  Criteria for identifying malicious behavior targeting service principles  Historical context of service principles and their increasing relevance    Some Questions We Ask:       How can you proactively monitor and detect anomalies related to service principles?  What challenges arise when profiling service principles based on past behavior?  When can service principles be tied to user authentication?    Resources:   View Emily Yale on LinkedIn  View Chris Bukavich on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:  Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Hosted on Acast. See acast.com/privacy for more information. Wed, 29 Nov 2023 07:05:00 -0000 Service Principles in the Spotlight: Insights from Microsoft’s Security Experts full 1 17 Microsoft <p>Senior Data Scientist <a href="https://www.linkedin.com/in/emilyyale2a2516182/" rel="noopener noreferrer" target="_blank">Emily Yale</a> and Senior Threat Hunt Analyst at Microsoft <a href="https://www.linkedin.com/in/christopher-bukavich-7534b09b/" rel="noopener noreferrer" target="_blank">Chris Bukavich</a> join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Chris focuses on incident response, investigation, and detection of major incidents, while Emily works on developing and improving detections for Microsoft's internal security. Emily and Chris were co-presenters at this year's BlueHat conference. They discussed unmasking Azure-based adversaries with an emphasis on monitoring service principles,&nbsp; how their respective expertise in data science and cybersecurity contributed to the session, and the challenges of monitoring service principles in Azure. This concept has evolved from traditional service accounts.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The importance of monitoring spikes in activity&nbsp;</li><li>Criteria for identifying malicious behavior targeting service principles&nbsp;</li><li>Historical context of service principles and their increasing relevance&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How can you proactively monitor and detect anomalies related to service principles?&nbsp;</li><li>What challenges arise when profiling service principles based on past behavior?&nbsp;</li><li>When can service principles be tied to user authentication?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/emilyyale2a2516182/" rel="noopener noreferrer" target="_blank">View Emily Yale on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/christopher-bukavich-7534b09b/" rel="noopener noreferrer" target="_blank">View Chris Bukavich on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:</strong>&nbsp;</p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a>&nbsp;</li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;</li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;</li></ul><p><br></p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Senior Data Scientist Emily Yale and Senior Threat Hunt Analyst at Microsoft Chris Bukavich join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Chris focuses on incident response, investigation, and detection of major incidents, while Emily works on developing and improving detections for Microsoft's internal security. Emily and Chris were co-presenters at this year's BlueHat conference. They discussed unmasking Azure-based adversaries with an emphasis on monitoring service principles,  how their respective expertise in data science and cybersecurity contributed to the session, and the challenges of monitoring service principles in Azure. This concept has evolved from traditional service accounts.      In This Episode You Will Learn:       The importance of monitoring spikes in activity  Criteria for identifying malicious behavior targeting service principles  Historical context of service principles and their increasing relevance    Some Questions We Ask:       How can you proactively monitor and detect anomalies related to service principles?  What challenges arise when profiling service principles based on past behavior?  When can service principles be tied to user authentication?    Resources:   View Emily Yale on LinkedIn  View Chris Bukavich on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:  Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Hosted on Acast. See acast.com/privacy for more information. Senior Data Scientist Emily Yale and Senior Threat Hunt Analyst at Microsoft Chris Bukavich join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Chris focuses on incident response, investigation, and detection of major incidents, while Emily works on developing and improving detections for Microsoft's internal security. Emily and Chris were co-presenters at this year's BlueHat conference. They discussed unmasking Azure-based adversaries with an emphasis on monitoring service principles,  how their respective expertise in data science and cybersecurity contributed to the session, and the challenges of monitoring service principles in Azure. This concept has evolved from traditional service accounts. 

 

 

In This Episode You Will Learn:    

 

  • The importance of monitoring spikes in activity 
  • Criteria for identifying malicious behavior targeting service principles 
  • Historical context of service principles and their increasing relevance 

 

Some Questions We Ask:    

 

  • How can you proactively monitor and detect anomalies related to service principles? 
  • What challenges arise when profiling service principles based on past behavior? 
  • When can service principles be tied to user authentication? 

 

Resources:  

View Emily Yale on LinkedIn 

View Chris Bukavich on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts: 


      

Discover and follow other Microsoft podcasts at microsoft.com/podcasts 


Hosted on Acast. See acast.com/privacy for more information.

]]> 2635 no Kaileigh McCrea: Navigating the Privacy Maze: Insights from the Yandex Controversy https://shows.acast.com/the-bluehat-podcast/episodes/kaileigh-mccrea-navigating-the-privacy-maze-insights-from-th Kaileigh McCrea, Lead Privacy Engineer at Confiant, joins Wendy Zenone on this week's episode of The BlueHat Podcast. Kaileigh explains her journey into privacy engineering, the ever-evolving nature of privacy regulations, and the challenges of defining protected data. Wendy and Kaileigh also delve into Yandex's extensive reach, connections to the Netherlands, and the complexities surrounding its ownership and compliance in the face of global sanctions. Overall, the discussion emphasizes the importance of protecting personal data and being aware of potential risks, even if one believes they have nothing to hide.      In This Episode You Will Learn:       The importance of protecting personal data, even with nothing to hide  Implications of the Yandex data leak  Challenges Yandex faces in trying to sell off its assets      Some Questions We Ask:       What kind of analytics data was involved in the Yandex leak?  How could this data be misused from a national security perspective?  Why is protecting one's data so tricky due to the scale of data collection?     Resources:   View Kaileigh McCrea on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security  The Microsoft Threat Intelligence Podcast         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 15 Nov 2023 07:05:00 -0000 Kaileigh McCrea: Navigating the Privacy Maze: Insights from the Yandex Controversy full 1 16 Microsoft <p>Kaileigh McCrea, Lead Privacy Engineer at Confiant, joins Wendy Zenone on this week's episode of The BlueHat Podcast. Kaileigh explains her journey into privacy engineering, the ever-evolving nature of privacy regulations, and the challenges of defining protected data. Wendy and Kaileigh also delve into Yandex's extensive reach, connections to the Netherlands, and the complexities surrounding its ownership and compliance in the face of global sanctions. Overall, the discussion emphasizes the importance of protecting personal data and being aware of potential risks, even if one believes they have nothing to hide.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The importance of protecting personal data, even with nothing to hide&nbsp;</li><li>Implications of the Yandex data leak&nbsp;</li><li>Challenges Yandex faces in trying to sell off its assets&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What kind of analytics data was involved in the Yandex leak?&nbsp;</li><li>How could this data be misused from a national security perspective?&nbsp;</li><li>Why is protecting one's data so tricky due to the scale of data collection?&nbsp;&nbsp;</li></ul><p>&nbsp;</p><br><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/kaileighmccrea/" rel="noopener noreferrer" target="_blank">View Kaileigh McCrea on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><br><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><ul><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/uncovering-hidden-risks" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://securityunlockedpodcast.com/" rel="noopener noreferrer" target="_blank">Security Unlocked</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://securityunlockedcisoseries.com/" rel="noopener noreferrer" target="_blank">Security Unlocked: CISO Series with Bret Arsenault</a>&nbsp;</li><li><a href="https://shows.acast.com/secure-the-job-breaking-into-security" rel="noopener noreferrer" target="_blank">Secure the Job: Breaking into Security</a>&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/microsoft-threat-intelligence" rel="noopener noreferrer" target="_blank">The Microsoft Threat Intelligence Podcast&nbsp;</a>&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;&nbsp;&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Kaileigh McCrea, Lead Privacy Engineer at Confiant, joins Wendy Zenone on this week's episode of The BlueHat Podcast. Kaileigh explains her journey into privacy engineering, the ever-evolving nature of privacy regulations, and the challenges of defining protected data. Wendy and Kaileigh also delve into Yandex's extensive reach, connections to the Netherlands, and the complexities surrounding its ownership and compliance in the face of global sanctions. Overall, the discussion emphasizes the importance of protecting personal data and being aware of potential risks, even if one believes they have nothing to hide.      In This Episode You Will Learn:       The importance of protecting personal data, even with nothing to hide  Implications of the Yandex data leak  Challenges Yandex faces in trying to sell off its assets      Some Questions We Ask:       What kind of analytics data was involved in the Yandex leak?  How could this data be misused from a national security perspective?  Why is protecting one's data so tricky due to the scale of data collection?     Resources:   View Kaileigh McCrea on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security  The Microsoft Threat Intelligence Podcast         Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Kaileigh McCrea, Lead Privacy Engineer at Confiant, joins Wendy Zenone on this week's episode of The BlueHat Podcast. Kaileigh explains her journey into privacy engineering, the ever-evolving nature of privacy regulations, and the challenges of defining protected data. Wendy and Kaileigh also delve into Yandex's extensive reach, connections to the Netherlands, and the complexities surrounding its ownership and compliance in the face of global sanctions. Overall, the discussion emphasizes the importance of protecting personal data and being aware of potential risks, even if one believes they have nothing to hide. 

 

 

In This Episode You Will Learn:    

 

  • The importance of protecting personal data, even with nothing to hide 
  • Implications of the Yandex data leak 
  • Challenges Yandex faces in trying to sell off its assets 

 

 

Some Questions We Ask:    

 

  • What kind of analytics data was involved in the Yandex leak? 
  • How could this data be misused from a national security perspective? 
  • Why is protecting one's data so tricky due to the scale of data collection?  

 


Resources:  

View Kaileigh McCrea on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 


 

Related Microsoft Podcasts:                 

 

   

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2736 no Deprecating NTLM is Easy and Other Lies We Tell Ourselves with Steve Syfuhs https://shows.acast.com/the-bluehat-podcast/episodes/deprecating-ntlm-is-easy-and-other-lies-we-tell-ourselves-wi Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements.      In This Episode You Will Learn:       Technical and security aspects of password-based authentication protocols  Why passwords should not be the primary authentication mechanism   The challenges of making significant changes to long-standing systems    Some Questions We Ask:       Why explore secure and user-friendly alternatives like biometrics or hardware keys?  How quickly can you guess an 8-character password using specialized hardware?  Will audits within Microsoft help understand and improve NTLM usage and security?    Resources:   View Steve Syfuhs on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security  The Microsoft Threat Intelligence Podcast       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 01 Nov 2023 07:05:00 -0000 Deprecating NTLM is Easy and Other Lies We Tell Ourselves with Steve Syfuhs full 1 15 Microsoft <p>Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Technical and security aspects of password-based authentication protocols&nbsp;</li><li>Why passwords should not be the primary authentication mechanism&nbsp;&nbsp;</li><li>The challenges of making significant changes to long-standing systems&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Why explore secure and user-friendly alternatives like biometrics or hardware keys?&nbsp;</li><li>How quickly can you guess an 8-character password using specialized hardware?&nbsp;</li><li>Will audits within Microsoft help understand and improve NTLM usage and security?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/syfuhs/" rel="noopener noreferrer" target="_blank">View Steve Syfuhs on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p><strong>Related Microsoft Podcasts:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><ul><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/uncovering-hidden-risks" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://securityunlockedpodcast.com/" rel="noopener noreferrer" target="_blank">Security Unlocked</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://securityunlockedcisoseries.com/" rel="noopener noreferrer" target="_blank">Security Unlocked: CISO Series with Bret Arsenault</a>&nbsp;</li><li><a href="https://shows.acast.com/secure-the-job-breaking-into-security" rel="noopener noreferrer" target="_blank">Secure the Job: Breaking into Security</a>&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/microsoft-threat-intelligence" rel="noopener noreferrer" target="_blank">The Microsoft Threat Intelligence Podcast&nbsp;</a>&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements.      In This Episode You Will Learn:       Technical and security aspects of password-based authentication protocols  Why passwords should not be the primary authentication mechanism   The challenges of making significant changes to long-standing systems    Some Questions We Ask:       Why explore secure and user-friendly alternatives like biometrics or hardware keys?  How quickly can you guess an 8-character password using specialized hardware?  Will audits within Microsoft help understand and improve NTLM usage and security?    Resources:   View Steve Syfuhs on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security  The Microsoft Threat Intelligence Podcast       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements. 

 

 

In This Episode You Will Learn:    

 

  • Technical and security aspects of password-based authentication protocols 
  • Why passwords should not be the primary authentication mechanism  
  • The challenges of making significant changes to long-standing systems 

 

Some Questions We Ask:    

 

  • Why explore secure and user-friendly alternatives like biometrics or hardware keys? 
  • How quickly can you guess an 8-character password using specialized hardware? 
  • Will audits within Microsoft help understand and improve NTLM usage and security? 

 

Resources:  

View Steve Syfuhs on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:                 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2614 no BlueHat Oct 23 Day 1 Keynote: John Lambert https://shows.acast.com/the-bluehat-podcast/episodes/bluehat-oct-23-day-1-keynote-john-lambert In this week’s special episode, we bring you the BlueHat Oct 23, day 1 keynote delivered by John Lambert, Microsoft Corporate Vice President and Security Fellow. In his BlueHat Oct day 1 keynote, John discusses the importance of incidents in the security field, strategies for finding security incidents, and the importance of looking beyond traditional defense measures to discover attackers and traces outside of one's network. John introduces the idea of "hunting until closure," which involves systematically investigating various attacker actions to learn more about their activities. He also mentions the concept of "time travel breach detection," which uses historical logs to trace and identify previous attacker actions.      In This Episode You Will Learn:       The importance of security incidents in shaping the cybersecurity field  Why logs and telemetry data in cybersecurity are essential when tracking attacker actions  How valuable mutual respect is in the security community    Some Questions We Ask:       How do escalating conflicts within teams affect productivity?  What role did trust and collaboration play in responding to the SolarWinds incident?  Why must the security community work together to protect customers?    Resources:   View John Lambert on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 18 Oct 2023 16:55:36 -0000 BlueHat Oct 23 Day 1 Keynote: John Lambert full 1 14 Microsoft <p>In this week’s special episode, we bring you the BlueHat Oct 23, day 1 keynote delivered by John Lambert, Microsoft Corporate Vice President and Security Fellow. In his BlueHat Oct day 1 keynote, John discusses the importance of incidents in the security field, strategies for finding security incidents, and the importance of looking beyond traditional defense measures to discover attackers and traces outside of one's network. John introduces the idea of "hunting until closure," which involves systematically investigating various attacker actions to learn more about their activities. He also mentions the concept of "time travel breach detection," which uses historical logs to trace and identify previous attacker actions.&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The importance of security incidents in shaping the cybersecurity field&nbsp;</li><li>Why logs and telemetry data in cybersecurity are essential when tracking attacker actions&nbsp;</li><li>How valuable mutual respect is in the security community&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How do escalating conflicts within teams affect productivity?&nbsp;</li><li>What role did trust and collaboration play in responding to the SolarWinds incident?&nbsp;</li><li>Why must the security community work together to protect customers?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/johnjlambert/" rel="noopener noreferrer" target="_blank">View John Lambert on LinkedIn</a>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><br><p><strong>Related Microsoft Podcasts:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><ul><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a>&nbsp;</li><li><a href="https://thecyberwire.com/podcasts/uncovering-hidden-risks" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://securityunlockedpodcast.com/" rel="noopener noreferrer" target="_blank">Security Unlocked</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</li><li><a href="https://securityunlockedcisoseries.com/" rel="noopener noreferrer" target="_blank">Security Unlocked: CISO Series with Bret Arsenault</a>&nbsp;</li><li><a href="https://shows.acast.com/secure-the-job-breaking-into-security" rel="noopener noreferrer" target="_blank">Secure the Job: Breaking into Security</a>&nbsp;</li></ul><p>&nbsp;&nbsp;&nbsp;</p><br><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><p><br></p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> In this week’s special episode, we bring you the BlueHat Oct 23, day 1 keynote delivered by John Lambert, Microsoft Corporate Vice President and Security Fellow. In his BlueHat Oct day 1 keynote, John discusses the importance of incidents in the security field, strategies for finding security incidents, and the importance of looking beyond traditional defense measures to discover attackers and traces outside of one's network. John introduces the idea of "hunting until closure," which involves systematically investigating various attacker actions to learn more about their activities. He also mentions the concept of "time travel breach detection," which uses historical logs to trace and identify previous attacker actions.      In This Episode You Will Learn:       The importance of security incidents in shaping the cybersecurity field  Why logs and telemetry data in cybersecurity are essential when tracking attacker actions  How valuable mutual respect is in the security community    Some Questions We Ask:       How do escalating conflicts within teams affect productivity?  What role did trust and collaboration play in responding to the SolarWinds incident?  Why must the security community work together to protect customers?    Resources:   View John Lambert on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. In this week’s special episode, we bring you the BlueHat Oct 23, day 1 keynote delivered by John Lambert, Microsoft Corporate Vice President and Security Fellow. In his BlueHat Oct day 1 keynote, John discusses the importance of incidents in the security field, strategies for finding security incidents, and the importance of looking beyond traditional defense measures to discover attackers and traces outside of one's network. John introduces the idea of "hunting until closure," which involves systematically investigating various attacker actions to learn more about their activities. He also mentions the concept of "time travel breach detection," which uses historical logs to trace and identify previous attacker actions. 

 

 

In This Episode You Will Learn:    

 

  • The importance of security incidents in shaping the cybersecurity field 
  • Why logs and telemetry data in cybersecurity are essential when tracking attacker actions 
  • How valuable mutual respect is in the security community 

 

Some Questions We Ask:    

 

  • How do escalating conflicts within teams affect productivity? 
  • What role did trust and collaboration play in responding to the SolarWinds incident? 
  • Why must the security community work together to protect customers? 

 

Resources:  

View John Lambert on LinkedIn  

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 


Related Microsoft Podcasts:                 

   


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  



Hosted on Acast. See acast.com/privacy for more information.

]]> 2967 no Bluehat Oct 23 Preview with Jessica Payne https://shows.acast.com/the-bluehat-podcast/episodes/bluehat-oct-23-preview-with-jessica-payne Microsoft Threat Intelligence Analyst Jessica Payne joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Nic, Wendy, and Jessica discuss Jessica's background in cybersecurity, her journey to Microsoft, her passion for making security more accessible, and the importance of diversity in the field. Jessica also emphasizes the need to focus on actionable threat intelligence and how ransomware has changed the security landscape while also providing insights into the process of submitting a presentation for The BlueHat Conference.        In This Episode You Will Learn:       Jessica's contributions to the Threat Intelligence Village  Sessions and keynotes scheduled for the bluehat conference  The importance of diversity and inclusion in the conference's selection process    Some Questions We Ask:       What makes BlueHat unique compared to other conferences?  Why does BlueHat avoid marketing and encourage a research-focused atmosphere?  What interactive activities does BlueHat have planned for the Threat Intelligence Village?    Resources:    View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 04 Oct 2023 07:05:00 -0000 Bluehat Oct 23 Preview with Jessica Payne full 1 13 Microsoft <p>Microsoft Threat Intelligence Analyst Jessica Payne joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Nic, Wendy, and Jessica discuss Jessica's background in cybersecurity, her journey to Microsoft, her passion for making security more accessible, and the importance of diversity in the field. Jessica also emphasizes the need to focus on actionable threat intelligence and how ransomware has changed the security landscape while also providing insights into the process of submitting a presentation for The BlueHat Conference.&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Jessica's contributions to the Threat Intelligence Village&nbsp;</li><li>Sessions and keynotes scheduled for the bluehat conference&nbsp;</li><li>The importance of diversity and inclusion in the conference's selection process&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What makes BlueHat unique compared to other conferences?&nbsp;</li><li>Why does BlueHat avoid marketing and encourage a research-focused atmosphere?&nbsp;</li><li>What interactive activities does BlueHat have planned for the Threat Intelligence Village?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Microsoft Threat Intelligence Analyst Jessica Payne joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Nic, Wendy, and Jessica discuss Jessica's background in cybersecurity, her journey to Microsoft, her passion for making security more accessible, and the importance of diversity in the field. Jessica also emphasizes the need to focus on actionable threat intelligence and how ransomware has changed the security landscape while also providing insights into the process of submitting a presentation for The BlueHat Conference.        In This Episode You Will Learn:       Jessica's contributions to the Threat Intelligence Village  Sessions and keynotes scheduled for the bluehat conference  The importance of diversity and inclusion in the conference's selection process    Some Questions We Ask:       What makes BlueHat unique compared to other conferences?  Why does BlueHat avoid marketing and encourage a research-focused atmosphere?  What interactive activities does BlueHat have planned for the Threat Intelligence Village?    Resources:    View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Microsoft Threat Intelligence Analyst Jessica Payne joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Nic, Wendy, and Jessica discuss Jessica's background in cybersecurity, her journey to Microsoft, her passion for making security more accessible, and the importance of diversity in the field. Jessica also emphasizes the need to focus on actionable threat intelligence and how ransomware has changed the security landscape while also providing insights into the process of submitting a presentation for The BlueHat Conference.   

 

 

In This Episode You Will Learn:    

 

  • Jessica's contributions to the Threat Intelligence Village 
  • Sessions and keynotes scheduled for the bluehat conference 
  • The importance of diversity and inclusion in the conference's selection process 

 

Some Questions We Ask:    

 

  • What makes BlueHat unique compared to other conferences? 
  • Why does BlueHat avoid marketing and encourage a research-focused atmosphere? 
  • What interactive activities does BlueHat have planned for the Threat Intelligence Village? 

 

Resources:   

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2486 no Sherrod DeGrippo on Why She Loves Cyber Crime https://shows.acast.com/the-bluehat-podcast/episodes/sherrod-derippo-on-why-she-loves-cyber-crime Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft and Host of The Microsoft Threat Intelligence Podcast, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Sherrod is a frequently cited threat intelligence expert in media, including televised appearances on the BBC news and commentary in the Wall Street Journal, CNN, New York Times, and more. She is a well-known public speaker, having presented at Black Hat, RSA Conference, RMISC, BrunchCon, and others. Sherrod and Nic discuss various topics, including different types of threat actors, the overlap between nation-state actors and cybercrime, and Sherrod's fascination with cybercrime, emphasizing cybercriminals' creativity and ingenuity, particularly those who use social engineering techniques.       In This Episode You Will Learn:       Why many cybercriminals don't believe they are engaging in criminal activity  How understanding a threat actor's psychology is essential to creating detection methods  The importance of maintaining proper security hygiene    Some Questions We Ask:       How can threat actors operate with impunity?  Should individuals and small businesses worry about nation-state threat actors?  Can we reform and convince cybercrime groups to use their talents for good?    Resources:    View Sherrod DeGrippo on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 20 Sep 2023 19:05:43 -0000 Sherrod DeGrippo on Why She Loves Cyber Crime full 1 12 Microsoft <p>Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft and Host of The Microsoft Threat Intelligence Podcast, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Sherrod is a frequently cited threat intelligence expert in media, including televised appearances on the BBC news and commentary in the Wall Street Journal, CNN, New York Times, and more. She is a well-known public speaker, having presented at Black Hat, RSA Conference, RMISC, BrunchCon, and others. Sherrod and Nic discuss various topics, including different types of threat actors, the overlap between nation-state actors and cybercrime, and Sherrod's fascination with cybercrime,&nbsp;emphasizing cybercriminals' creativity and ingenuity, particularly those who use social engineering techniques.&nbsp;&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Why many cybercriminals don't believe they are engaging in criminal activity&nbsp;</li><li>How understanding a threat actor's psychology is essential to creating detection methods&nbsp;</li><li>The importance of maintaining proper security hygiene&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How can threat actors operate with impunity?&nbsp;</li><li>Should individuals and small businesses worry about nation-state threat actors?&nbsp;</li><li>Can we reform and convince cybercrime groups to use their talents for good?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/sherroddegrippo/" rel="noopener noreferrer" target="_blank">View Sherrod DeGrippo on LinkedIn&nbsp;</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft and Host of The Microsoft Threat Intelligence Podcast, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Sherrod is a frequently cited threat intelligence expert in media, including televised appearances on the BBC news and commentary in the Wall Street Journal, CNN, New York Times, and more. She is a well-known public speaker, having presented at Black Hat, RSA Conference, RMISC, BrunchCon, and others. Sherrod and Nic discuss various topics, including different types of threat actors, the overlap between nation-state actors and cybercrime, and Sherrod's fascination with cybercrime, emphasizing cybercriminals' creativity and ingenuity, particularly those who use social engineering techniques.       In This Episode You Will Learn:       Why many cybercriminals don't believe they are engaging in criminal activity  How understanding a threat actor's psychology is essential to creating detection methods  The importance of maintaining proper security hygiene    Some Questions We Ask:       How can threat actors operate with impunity?  Should individuals and small businesses worry about nation-state threat actors?  Can we reform and convince cybercrime groups to use their talents for good?    Resources:    View Sherrod DeGrippo on LinkedIn   View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft and Host of The Microsoft Threat Intelligence Podcast, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Sherrod is a frequently cited threat intelligence expert in media, including televised appearances on the BBC news and commentary in the Wall Street Journal, CNN, New York Times, and more. She is a well-known public speaker, having presented at Black Hat, RSA Conference, RMISC, BrunchCon, and others. Sherrod and Nic discuss various topics, including different types of threat actors, the overlap between nation-state actors and cybercrime, and Sherrod's fascination with cybercrime, emphasizing cybercriminals' creativity and ingenuity, particularly those who use social engineering techniques.  

 

 

In This Episode You Will Learn:    

 

  • Why many cybercriminals don't believe they are engaging in criminal activity 
  • How understanding a threat actor's psychology is essential to creating detection methods 
  • The importance of maintaining proper security hygiene 

 

Some Questions We Ask:    

 

  • How can threat actors operate with impunity? 
  • Should individuals and small businesses worry about nation-state threat actors? 
  • Can we reform and convince cybercrime groups to use their talents for good? 

 

Resources:   

View Sherrod DeGrippo on LinkedIn  

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2451 no Deciphering Privacy in the Age of AI: An Expert Discussion https://shows.acast.com/the-bluehat-podcast/episodes/deciphering-privacy-in-the-age-of-ai-an-expert-discussion Giovanni Cherubin and Ahmed Salem join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Giovanni is a Senior Researcher in Machine Learning and Security at Microsoft Research Cambridge, and Ahmed is a researcher in Confidential Computing at the Microsoft Research lab in Cambridge, UK. They're both interested in artificial intelligence and are researching the privacy, security, fairness, and accountability risks of the different machine learning settings. In this episode, they discuss how to identify and address privacy threats in machine learning models, the connection between privacy and information leakage, and how privacy is perceived in academia and industry. In This Episode You Will Learn:    Algorithmic procedures for describing threats and attacks The rapid growth of machine learning research in attacks and defense The framework for fostering collaboration and understanding within the field Some Questions We Ask:    What are the main threats you are currently focused on?  Who will benefit from this research besides academics and researchers? Can you explain the concept of privacy as it relates to information leakage? Resources:   View Giovanni Cherubin on LinkedIn View Ahmed Salem on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Wed, 06 Sep 2023 07:05:00 -0000 Deciphering Privacy in the Age of AI: An Expert Discussion full 1 11 Microsoft <p>Giovanni Cherubin and Ahmed Salem join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Giovanni is a Senior Researcher in Machine Learning and Security at Microsoft Research Cambridge, and Ahmed is a researcher in Confidential Computing at the Microsoft Research lab in Cambridge, UK. They're both interested in artificial intelligence and are researching the privacy, security, fairness, and accountability risks of the different machine learning settings. In this episode, they discuss how to identify and address privacy threats in machine learning models, the connection between privacy and information leakage, and how privacy is perceived in academia and industry.</p><br><p><br></p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;</p><p><br></p><ul><li>Algorithmic procedures for describing threats and attacks</li><li>The rapid growth of machine learning research in attacks and defense</li><li>The framework for fostering collaboration and understanding within the field</li></ul><p><br></p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;</p><p><br></p><ul><li>What are the main threats you are currently focused on?&nbsp;</li><li>Who will benefit from this research besides academics and researchers?</li><li>Can you explain the concept of privacy as it relates to information leakage?</li></ul><p><br></p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/giovanni-cherubin/?originalSubdomain=uk" rel="noopener noreferrer" target="_blank">View Giovanni Cherubin on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/ahmedgasalem/?originalSubdomain=de" rel="noopener noreferrer" target="_blank">View Ahmed Salem on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a></p><br><p><br></p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a> </p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Giovanni Cherubin and Ahmed Salem join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Giovanni is a Senior Researcher in Machine Learning and Security at Microsoft Research Cambridge, and Ahmed is a researcher in Confidential Computing at the Microsoft Research lab in Cambridge, UK. They're both interested in artificial intelligence and are researching the privacy, security, fairness, and accountability risks of the different machine learning settings. In this episode, they discuss how to identify and address privacy threats in machine learning models, the connection between privacy and information leakage, and how privacy is perceived in academia and industry. In This Episode You Will Learn:    Algorithmic procedures for describing threats and attacks The rapid growth of machine learning research in attacks and defense The framework for fostering collaboration and understanding within the field Some Questions We Ask:    What are the main threats you are currently focused on?  Who will benefit from this research besides academics and researchers? Can you explain the concept of privacy as it relates to information leakage? Resources:   View Giovanni Cherubin on LinkedIn View Ahmed Salem on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Giovanni Cherubin and Ahmed Salem join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Giovanni is a Senior Researcher in Machine Learning and Security at Microsoft Research Cambridge, and Ahmed is a researcher in Confidential Computing at the Microsoft Research lab in Cambridge, UK. They're both interested in artificial intelligence and are researching the privacy, security, fairness, and accountability risks of the different machine learning settings. In this episode, they discuss how to identify and address privacy threats in machine learning models, the connection between privacy and information leakage, and how privacy is perceived in academia and industry.



In This Episode You Will Learn:   


  • Algorithmic procedures for describing threats and attacks
  • The rapid growth of machine learning research in attacks and defense
  • The framework for fostering collaboration and understanding within the field


Some Questions We Ask:   


  • What are the main threats you are currently focused on? 
  • Who will benefit from this research besides academics and researchers?
  • Can you explain the concept of privacy as it relates to information leakage?


Resources:  

View Giovanni Cherubin on LinkedIn

View Ahmed Salem on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn



Discover and follow other Microsoft podcasts at microsoft.com/podcasts


Hosted on Acast. See acast.com/privacy for more information.

]]> 2563 no Not with a Bug but with a Sticker https://shows.acast.com/the-bluehat-podcast/episodes/not-with-a-bug-but-with-a-sticker Hyrum Anderson and Ram Shankar join Nic Fillingham and Wendy Zenone on this week’s episode of The BlueHat Podcast. Hyrum Anderson is a distinguished ML Engineer at Robust Intelligence. He received his Ph.D. in Electrical Engineering from the University of Washington, emphasizing signal processing and machine learning. Much of his technical career has focused on security, and he has directed research projects at MIT Lincoln Laboratory and Sandia National Laboratories. Ram Shankar works on the intersection of machine learning and security at Microsoft and founded the AI Red Team, bringing together an interdisciplinary group of researchers and engineers to proactively attack AI systems and defend them from attacks.  In This Episode You Will Learn:    The difference between AI and machine learning Why embracing a holistic, healthy AI development is to our advantage The security vulnerabilities and risks associated with AI and Machine Learning Some Questions We Ask:    Who did you write this book for, and what will the readers learn?  What type of vulnerabilities are you finding the most concerning currently?  How do adversarial attacks exploit vulnerabilities in AI algorithms? Resources:   View Hyrum Anderson on LinkedIn View Ram Shankar on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Not with a Bug, But with a Sticker is available here Follow Hyrum on Twitter Follow Ram on Twitter Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Wed, 23 Aug 2023 07:05:00 -0000 Not with a Bug but with a Sticker full 1 10 Microsoft <p>Hyrum Anderson and Ram Shankar join Nic Fillingham and Wendy Zenone on this week’s episode of The BlueHat Podcast. Hyrum Anderson is a distinguished ML Engineer at Robust Intelligence. He received his Ph.D. in Electrical Engineering from the University of Washington, emphasizing signal processing and machine learning. Much of his technical career has focused on security, and he has directed research projects at MIT Lincoln Laboratory and Sandia National Laboratories. Ram Shankar works on the intersection of machine learning and security at Microsoft and founded the AI Red Team, bringing together an interdisciplinary group of researchers and engineers to proactively attack AI systems and defend them from attacks.&nbsp;</p><br><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;</p><p><br></p><ul><li>The difference between AI and machine learning</li><li>Why embracing a holistic, healthy AI development is to our advantage</li><li>The security vulnerabilities and risks associated with AI and Machine Learning</li></ul><p><br></p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;</p><p><br></p><ul><li>Who did you write this book for, and what will the readers learn?&nbsp;</li><li>What type of vulnerabilities are you finding the most concerning currently?&nbsp;</li><li>How do adversarial attacks exploit vulnerabilities in AI algorithms?</li></ul><p><br></p><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/hyrumanderson/" rel="noopener noreferrer" target="_blank">View Hyrum Anderson on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/rssk/" rel="noopener noreferrer" target="_blank">View Ram Shankar on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a></p><br><p><strong><em>Not with a Bug, But with a Sticker</em></strong><em> </em>is available <a href="https://www.amazon.com/Not-Bug-But-Sticker-Learning/dp/1119883989" rel="noopener noreferrer" target="_blank">here</a></p><br><p>Follow Hyrum on <a href="https://twitter.com/drhyrum" rel="noopener noreferrer" target="_blank">Twitter</a></p><p>Follow Ram on <a href="https://twitter.com/ram_ssk" rel="noopener noreferrer" target="_blank">Twitter</a></p><br><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a> </p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Hyrum Anderson and Ram Shankar join Nic Fillingham and Wendy Zenone on this week’s episode of The BlueHat Podcast. Hyrum Anderson is a distinguished ML Engineer at Robust Intelligence. He received his Ph.D. in Electrical Engineering from the University of Washington, emphasizing signal processing and machine learning. Much of his technical career has focused on security, and he has directed research projects at MIT Lincoln Laboratory and Sandia National Laboratories. Ram Shankar works on the intersection of machine learning and security at Microsoft and founded the AI Red Team, bringing together an interdisciplinary group of researchers and engineers to proactively attack AI systems and defend them from attacks.  In This Episode You Will Learn:    The difference between AI and machine learning Why embracing a holistic, healthy AI development is to our advantage The security vulnerabilities and risks associated with AI and Machine Learning Some Questions We Ask:    Who did you write this book for, and what will the readers learn?  What type of vulnerabilities are you finding the most concerning currently?  How do adversarial attacks exploit vulnerabilities in AI algorithms? Resources:   View Hyrum Anderson on LinkedIn View Ram Shankar on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Not with a Bug, But with a Sticker is available here Follow Hyrum on Twitter Follow Ram on Twitter Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Hyrum Anderson and Ram Shankar join Nic Fillingham and Wendy Zenone on this week’s episode of The BlueHat Podcast. Hyrum Anderson is a distinguished ML Engineer at Robust Intelligence. He received his Ph.D. in Electrical Engineering from the University of Washington, emphasizing signal processing and machine learning. Much of his technical career has focused on security, and he has directed research projects at MIT Lincoln Laboratory and Sandia National Laboratories. Ram Shankar works on the intersection of machine learning and security at Microsoft and founded the AI Red Team, bringing together an interdisciplinary group of researchers and engineers to proactively attack AI systems and defend them from attacks. 


In This Episode You Will Learn:   


  • The difference between AI and machine learning
  • Why embracing a holistic, healthy AI development is to our advantage
  • The security vulnerabilities and risks associated with AI and Machine Learning


Some Questions We Ask:   


  • Who did you write this book for, and what will the readers learn? 
  • What type of vulnerabilities are you finding the most concerning currently? 
  • How do adversarial attacks exploit vulnerabilities in AI algorithms?


Resources:  

View Hyrum Anderson on LinkedIn

View Ram Shankar on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn


Not with a Bug, But with a Sticker is available here


Follow Hyrum on Twitter

Follow Ram on Twitter


Discover and follow other Microsoft podcasts at microsoft.com/podcasts


Hosted on Acast. See acast.com/privacy for more information.

]]> 2912 no Fuzzing, Forensics and Flowers with Amanda Rousseau AKA Malware Unicorn https://shows.acast.com/the-bluehat-podcast/episodes/fuzzing-forensics-and-flowers-with-amanda-rousseau-aka-malwa Amanda Rousseau, Offensive Security Engineer for the Microsoft Offensive Research and Security Engineering Team, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Amanda loves malware; she worked as an Offensive Security Engineer on the Red Team at Facebook, a Malware Researcher at Endgame, and the U.S. Department of Defense Cyber Crime Center. Amanda mainly focuses on vulnerability, research fuzzing, and security engineering and discusses with Nic and Wendy her time reviewing and analyzing offline digital devices, known as Dead-Box Forensics, reverse engineering malware, and how she finds success from her creative and artistic background.       In This Episode You Will Learn:       What "shift left" means as a security professional  How to learn more about fuzzing and understand some of the tooling  Why having a creative background helps when communicating with security teams     Some Questions We Ask:       How would you describe fuzzing for someone that's doesn't know the definition?    What is Dead-Box Forensics, and can you share the investigative process?  How can we make fuzzing and security more accessible and less intimidating for developers?    Resources:    View Amanda Rousseau on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Follow Amanda on Twitter and malwareunicorn.org   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 09 Aug 2023 07:05:00 -0000 Fuzzing, Forensics and Flowers with Amanda Rousseau AKA Malware Unicorn full 1 9 Microsoft <p>Amanda Rousseau, Offensive Security Engineer for the Microsoft Offensive Research and Security Engineering Team, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Amanda loves malware; she worked as an Offensive Security Engineer on the Red Team at Facebook, a Malware Researcher at Endgame, and the U.S. Department of Defense Cyber Crime Center. Amanda mainly focuses on vulnerability, research fuzzing, and security engineering and discusses with Nic and Wendy her time reviewing and analyzing offline digital devices, known as Dead-Box Forensics, reverse engineering malware, and how she finds success from her creative and artistic background.&nbsp;&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What "shift left" means as a security professional&nbsp;</li><li>How to learn more about fuzzing and understand some of the tooling&nbsp;</li><li>Why having a creative background helps when communicating with security teams&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How would you describe fuzzing for someone that's doesn't know the definition?&nbsp;&nbsp;&nbsp;</li><li>What is Dead-Box Forensics, and can you share the investigative process?&nbsp;</li><li>How can we make fuzzing and security more accessible and less intimidating for developers?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/malwareunicorn/" rel="noopener noreferrer" target="_blank">View Amanda Rousseau on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>Follow Amanda on <a href="https://twitter.com/malwareunicorn?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor" rel="noopener noreferrer" target="_blank">Twitter</a>&nbsp;and <a href="https://malwareunicorn.org/#/" rel="noopener noreferrer" target="_blank">malwareunicorn.org</a></p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Amanda Rousseau, Offensive Security Engineer for the Microsoft Offensive Research and Security Engineering Team, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Amanda loves malware; she worked as an Offensive Security Engineer on the Red Team at Facebook, a Malware Researcher at Endgame, and the U.S. Department of Defense Cyber Crime Center. Amanda mainly focuses on vulnerability, research fuzzing, and security engineering and discusses with Nic and Wendy her time reviewing and analyzing offline digital devices, known as Dead-Box Forensics, reverse engineering malware, and how she finds success from her creative and artistic background.       In This Episode You Will Learn:       What "shift left" means as a security professional  How to learn more about fuzzing and understand some of the tooling  Why having a creative background helps when communicating with security teams     Some Questions We Ask:       How would you describe fuzzing for someone that's doesn't know the definition?    What is Dead-Box Forensics, and can you share the investigative process?  How can we make fuzzing and security more accessible and less intimidating for developers?    Resources:    View Amanda Rousseau on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Follow Amanda on Twitter and malwareunicorn.org   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Amanda Rousseau, Offensive Security Engineer for the Microsoft Offensive Research and Security Engineering Team, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Amanda loves malware; she worked as an Offensive Security Engineer on the Red Team at Facebook, a Malware Researcher at Endgame, and the U.S. Department of Defense Cyber Crime Center. Amanda mainly focuses on vulnerability, research fuzzing, and security engineering and discusses with Nic and Wendy her time reviewing and analyzing offline digital devices, known as Dead-Box Forensics, reverse engineering malware, and how she finds success from her creative and artistic background.  

 

 

In This Episode You Will Learn:    

 

  • What "shift left" means as a security professional 
  • How to learn more about fuzzing and understand some of the tooling 
  • Why having a creative background helps when communicating with security teams  

 

Some Questions We Ask:    

 

  • How would you describe fuzzing for someone that's doesn't know the definition?   
  • What is Dead-Box Forensics, and can you share the investigative process? 
  • How can we make fuzzing and security more accessible and less intimidating for developers? 

 

Resources:   

View Amanda Rousseau on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Follow Amanda on Twitter and malwareunicorn.org

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2449 no You Are Eye: Why Understanding URIs is Critical to Security with Michael Hendrickx https://shows.acast.com/the-bluehat-podcast/episodes/wunderstanding-uris-is-critical-to-security-with-michael-hen Michael Hendrickx, Principal Security Engineering Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Michael works in Azure security at Microsoft and leads a team focused on conducting penetration tests on Azure services. The team draws inspiration from the bug bounty community and external sources, leveraging their insights and findings for their research. Michael also discusses the curiosity and exploration mindset needed for both engineers and researchers when it comes to investigating and discovering security vulnerabilities, how developers can effectively protect sensitive data transmitted over insecure networks, and the potential risks and challenges associated with third-party integrations in web applications.  In This Episode You Will Learn:    Server-side request forgery and its importance in the context of security Potential security vulnerabilities associated with different parts of a URI Importance of collaboration, knowledge sharing, and investigation among developers Some Questions We Ask:    What is the focus and target audience for "Shift Left?"  Should researchers engage in URL manipulation to identify potential vulnerabilities? What security vulnerabilities should developers be aware of when designing web applications? Resources:   View Michael Hendrickx on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Wed, 26 Jul 2023 07:05:00 -0000 You Are Eye: Why Understanding URIs is Critical to Security with Michael Hendrickx full 1 8 Microsoft <p>Michael Hendrickx, Principal Security Engineering Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Michael works in Azure security at Microsoft and leads a team focused on conducting penetration tests on Azure services. The team draws inspiration from the bug bounty community and external sources, leveraging their insights and findings for their research. Michael also discusses the curiosity and exploration mindset needed for both engineers and researchers when it comes to investigating and discovering security vulnerabilities, how developers can effectively protect sensitive data transmitted over insecure networks, and the potential risks and challenges associated with third-party integrations in web applications.&nbsp;</p><br><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;</p><p><br></p><ul><li>Server-side request forgery and its importance in the context of security</li><li>Potential security vulnerabilities associated with different parts of a URI</li><li>Importance of collaboration, knowledge sharing, and investigation among developers</li></ul><p><br></p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;</p><p><br></p><ul><li>What is the focus and target audience for "Shift Left?"&nbsp;</li><li>Should researchers engage in URL manipulation to identify potential vulnerabilities?</li><li>What security vulnerabilities should developers be aware of when designing web applications?</li></ul><p><br></p><br><p><strong>Resources:</strong>&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/ndrix/" rel="noopener noreferrer" target="_blank">View Michael Hendrickx on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a></p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a></p><br><p><br></p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a> </p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Michael Hendrickx, Principal Security Engineering Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Michael works in Azure security at Microsoft and leads a team focused on conducting penetration tests on Azure services. The team draws inspiration from the bug bounty community and external sources, leveraging their insights and findings for their research. Michael also discusses the curiosity and exploration mindset needed for both engineers and researchers when it comes to investigating and discovering security vulnerabilities, how developers can effectively protect sensitive data transmitted over insecure networks, and the potential risks and challenges associated with third-party integrations in web applications.  In This Episode You Will Learn:    Server-side request forgery and its importance in the context of security Potential security vulnerabilities associated with different parts of a URI Importance of collaboration, knowledge sharing, and investigation among developers Some Questions We Ask:    What is the focus and target audience for "Shift Left?"  Should researchers engage in URL manipulation to identify potential vulnerabilities? What security vulnerabilities should developers be aware of when designing web applications? Resources:   View Michael Hendrickx on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information. Michael Hendrickx, Principal Security Engineering Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Michael works in Azure security at Microsoft and leads a team focused on conducting penetration tests on Azure services. The team draws inspiration from the bug bounty community and external sources, leveraging their insights and findings for their research. Michael also discusses the curiosity and exploration mindset needed for both engineers and researchers when it comes to investigating and discovering security vulnerabilities, how developers can effectively protect sensitive data transmitted over insecure networks, and the potential risks and challenges associated with third-party integrations in web applications. 


In This Episode You Will Learn:   


  • Server-side request forgery and its importance in the context of security
  • Potential security vulnerabilities associated with different parts of a URI
  • Importance of collaboration, knowledge sharing, and investigation among developers


Some Questions We Ask:   


  • What is the focus and target audience for "Shift Left?" 
  • Should researchers engage in URL manipulation to identify potential vulnerabilities?
  • What security vulnerabilities should developers be aware of when designing web applications?



Resources:  

View Michael Hendrickx on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn



Discover and follow other Microsoft podcasts at microsoft.com/podcasts


Hosted on Acast. See acast.com/privacy for more information.

]]> 2071 no AAAAAAAAAAAAAAA! You Overflowed My Integer! with George Hughey and Rohit Mothe https://shows.acast.com/the-bluehat-podcast/episodes/aaaaaaaaaaaaaaa-you-overflowed-my-integer-with-george-hughey Rohit Mothe, Senior Security Researcher at Microsoft, and Windows Security professional George Hughey join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. In this episode, they discuss integer overflow bugs, how they can be nuanced and often confused with other bug categories, why accurately classifying these bugs is crucial for developing effective strategies to fix them at scale, and examples of high-profile vulnerabilities caused by integer overflow.     In This Episode You Will Learn:       The challenges of accurately identifying integer overflow bugs  How developers can proactively prevent integer overflow vulnerabilities in their code  Why not all integer overflows are malicious and also necessary for certain applications     Some Questions We Ask:       What is an integer overflow?  How can developers mitigate the risk of integer overflow vulnerabilities?  What are some examples of high-profile exploits based on integer overflow vulnerabilities?  Resources:    View Rohit Mothe on LinkedIn  View George Hughey on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Follow George on Twitter  Follow Rohit on Twitter    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 12 Jul 2023 07:05:00 -0000 AAAAAAAAAAAAAAA! You Overflowed My Integer! with George Hughey and Rohit Mothe full 1 7 Microsoft <p>Rohit Mothe, Senior Security Researcher at Microsoft, and Windows Security professional George Hughey join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. In this episode, they discuss integer overflow bugs, how they can be nuanced and often confused with other bug categories, why accurately classifying these bugs is crucial for developing effective strategies to fix them at scale, and examples of high-profile vulnerabilities caused by integer overflow.&nbsp;&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The challenges of accurately identifying integer overflow bugs&nbsp;</li><li>How developers can proactively prevent integer overflow vulnerabilities in their code&nbsp;</li><li>Why not all integer overflows are malicious and also necessary for certain applications&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What is an integer overflow?&nbsp;</li><li>How can developers mitigate the risk of integer overflow vulnerabilities?&nbsp;</li><li>What are some examples of high-profile exploits based on integer overflow vulnerabilities?&nbsp;</li></ul><p><br></p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/rohit-mothe-0a047728/" rel="noopener noreferrer" target="_blank">View Rohit Mothe on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/ghughey/" rel="noopener noreferrer" target="_blank">View George Hughey on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>Follow George on <a href="https://twitter.com/ecthr0s" rel="noopener noreferrer" target="_blank">Twitter</a>&nbsp;</p><p>Follow Rohit on <a href="https://twitter.com/rohitwas?lang=en" rel="noopener noreferrer" target="_blank">Twitter</a>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Rohit Mothe, Senior Security Researcher at Microsoft, and Windows Security professional George Hughey join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. In this episode, they discuss integer overflow bugs, how they can be nuanced and often confused with other bug categories, why accurately classifying these bugs is crucial for developing effective strategies to fix them at scale, and examples of high-profile vulnerabilities caused by integer overflow.     In This Episode You Will Learn:       The challenges of accurately identifying integer overflow bugs  How developers can proactively prevent integer overflow vulnerabilities in their code  Why not all integer overflows are malicious and also necessary for certain applications     Some Questions We Ask:       What is an integer overflow?  How can developers mitigate the risk of integer overflow vulnerabilities?  What are some examples of high-profile exploits based on integer overflow vulnerabilities?  Resources:    View Rohit Mothe on LinkedIn  View George Hughey on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Follow George on Twitter  Follow Rohit on Twitter    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Rohit Mothe, Senior Security Researcher at Microsoft, and Windows Security professional George Hughey join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. In this episode, they discuss integer overflow bugs, how they can be nuanced and often confused with other bug categories, why accurately classifying these bugs is crucial for developing effective strategies to fix them at scale, and examples of high-profile vulnerabilities caused by integer overflow.  

 

In This Episode You Will Learn:    

 

  • The challenges of accurately identifying integer overflow bugs 
  • How developers can proactively prevent integer overflow vulnerabilities in their code 
  • Why not all integer overflows are malicious and also necessary for certain applications  

 

Some Questions We Ask:    

 

  • What is an integer overflow? 
  • How can developers mitigate the risk of integer overflow vulnerabilities? 
  • What are some examples of high-profile exploits based on integer overflow vulnerabilities? 


Resources:   

View Rohit Mothe on LinkedIn 

View George Hughey on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Follow George on Twitter 

Follow Rohit on Twitter 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2708 no Rachel Giacobozzi on the Art of Threat Intelligence Storytelling https://shows.acast.com/the-bluehat-podcast/episodes/rachel-giacobozzi-on-the-art-of-threat-intelligence-storytel Rachel Giacobozzi, Principal Research Lead at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Rachel explains the importance of creating a cohesive story not only to convey what happened in an attack but also to explain its significance, why we need to start addressing phishing attacks through education and guidance, and how they make their content concise, clear, and understandable to a wide range of audiences.     In This Episode You Will Learn:       How threat intelligence be used to stay ahead of cyber attacks  Why being open to growth benefits both security candidates and employers  The concept of "telling stories" in threat intelligence    Some Questions We Ask:       What is the importance of actionable insights in threat intelligence?  How does the team behind threat intelligence stay updated with the latest trends?  What is the decision-making process for selecting which stories to tell?       Resources:    View Rachel Giacobozzi on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn    Send us feedback: bluehat@microsoft.com  Follow us on Twitter: @MSFTBlueHat    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 28 Jun 2023 07:05:00 -0000 Rachel Giacobozzi on the Art of Threat Intelligence Storytelling full 1 6 Microsoft <p>Rachel Giacobozzi, Principal Research Lead at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Rachel explains the importance of creating a cohesive story not only to convey what happened in an attack but also to explain its significance, why we need to start addressing phishing attacks through education and guidance, and how they make their content concise, clear, and understandable to a wide range of audiences.&nbsp;&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How threat intelligence be used to stay ahead of cyber attacks&nbsp;</li><li>Why being open to growth benefits both security candidates and employers&nbsp;</li><li>The concept of "telling stories" in threat intelligence&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>What is the importance of actionable insights in threat intelligence?&nbsp;</li><li>How does the team behind threat intelligence stay updated with the latest trends?&nbsp;</li><li>What is the decision-making process for selecting which stories to tell?&nbsp;</li></ul><p>&nbsp;</p><p>&nbsp;&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.linkedin.com/in/rachel-giacobozzi-5b6513131/" rel="noopener noreferrer" target="_blank">View Rachel Giacobozzi on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>Send us feedback: <a href="mailto:bluehat@microsoft.com" rel="noopener noreferrer" target="_blank">bluehat@microsoft.com</a>&nbsp;</p><p>Follow us on Twitter: <a href="https://twitter.com/MSFTBlueHat" rel="noopener noreferrer" target="_blank">@MSFTBlueHat</a>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Rachel Giacobozzi, Principal Research Lead at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Rachel explains the importance of creating a cohesive story not only to convey what happened in an attack but also to explain its significance, why we need to start addressing phishing attacks through education and guidance, and how they make their content concise, clear, and understandable to a wide range of audiences.     In This Episode You Will Learn:       How threat intelligence be used to stay ahead of cyber attacks  Why being open to growth benefits both security candidates and employers  The concept of "telling stories" in threat intelligence    Some Questions We Ask:       What is the importance of actionable insights in threat intelligence?  How does the team behind threat intelligence stay updated with the latest trends?  What is the decision-making process for selecting which stories to tell?       Resources:    View Rachel Giacobozzi on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn    Send us feedback: bluehat@microsoft.com  Follow us on Twitter: @MSFTBlueHat    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Rachel Giacobozzi, Principal Research Lead at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Rachel explains the importance of creating a cohesive story not only to convey what happened in an attack but also to explain its significance, why we need to start addressing phishing attacks through education and guidance, and how they make their content concise, clear, and understandable to a wide range of audiences.  

 

In This Episode You Will Learn:    

 

  • How threat intelligence be used to stay ahead of cyber attacks 
  • Why being open to growth benefits both security candidates and employers 
  • The concept of "telling stories" in threat intelligence 

 

Some Questions We Ask:    

 

  • What is the importance of actionable insights in threat intelligence? 
  • How does the team behind threat intelligence stay updated with the latest trends? 
  • What is the decision-making process for selecting which stories to tell? 

 

  

Resources:   

View Rachel Giacobozzi on LinkedIn 

View Nic Fillingham on LinkedIn 

View Wendy Zenone on LinkedIn 

 

Send us feedback: bluehat@microsoft.com 

Follow us on Twitter: @MSFTBlueHat 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2234 no Raul Rojas: Navigating the AI-infused Security Landscape https://shows.acast.com/the-bluehat-podcast/episodes/raul-rojas-navigating-the-ai-infused-security-landscape Raul Rojas, Principal Security Compliance Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Raul manages and leads a team of information security professionals across application security, incident response, remediation, security data science & engineering. Raul discusses the importance of AI in various fields, such as healthcare, finance, and cybersecurity, the impact AI will have on privacy, and the need for regulations and governance frameworks to ensure responsible AI development and deployment.     In This Episode You Will Learn:       How the field of AI and machine learning in security is evolving  The value of integrating security principles and seeking input from the security community   Why the security community needs to develop new tools and processes for  AI and Data.     Some Questions We Ask:       Can you share an example of a successful project transition from research to production?  Are there already existing fundamentals in machine learning and AI security?  What are the potential risks of attackers manipulating AI and machine learning models?    Resources:    View Raul Rojas on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn    Send us feedback: bluehat@microsoft.com  Follow us on Twitter: @MSFTBlueHat    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 14 Jun 2023 07:05:00 -0000 Raul Rojas: Navigating the AI-infused Security Landscape full 1 5 Microsoft <p>Raul Rojas, Principal Security Compliance Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Raul manages and leads a team of information security professionals across application security, incident response, remediation, security data science &amp; engineering. Raul discusses the importance of AI in various fields, such as healthcare, finance, and cybersecurity, the impact AI will have on privacy, and the need for regulations and governance frameworks to ensure responsible AI development and deployment.&nbsp;&nbsp;</p><p>&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How the field of AI and machine learning in security is evolving&nbsp;</li><li>The value of integrating security principles and seeking input from the security community&nbsp;&nbsp;</li><li>Why the security community needs to develop new tools and processes for&nbsp; AI and Data.&nbsp;&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Can you share an example of a successful project transition from research to production?&nbsp;</li><li>Are there already existing fundamentals in machine learning and AI security?&nbsp;</li><li>What are the potential risks of attackers manipulating AI and machine learning models?&nbsp;</li></ul><p>&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><br><p><a href="https://www.linkedin.com/in/eljefedsecurit/" rel="noopener noreferrer" target="_blank">View Raul Rojas on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>Send us feedback: <a href="mailto:bluehat@microsoft.com" rel="noopener noreferrer" target="_blank">bluehat@microsoft.com</a>&nbsp;</p><p>Follow us on Twitter: <a href="https://twitter.com/MSFTBlueHat" rel="noopener noreferrer" target="_blank">@MSFTBlueHat</a>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Raul Rojas, Principal Security Compliance Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Raul manages and leads a team of information security professionals across application security, incident response, remediation, security data science & engineering. Raul discusses the importance of AI in various fields, such as healthcare, finance, and cybersecurity, the impact AI will have on privacy, and the need for regulations and governance frameworks to ensure responsible AI development and deployment.     In This Episode You Will Learn:       How the field of AI and machine learning in security is evolving  The value of integrating security principles and seeking input from the security community   Why the security community needs to develop new tools and processes for  AI and Data.     Some Questions We Ask:       Can you share an example of a successful project transition from research to production?  Are there already existing fundamentals in machine learning and AI security?  What are the potential risks of attackers manipulating AI and machine learning models?    Resources:    View Raul Rojas on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn    Send us feedback: bluehat@microsoft.com  Follow us on Twitter: @MSFTBlueHat    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Raul Rojas, Principal Security Compliance Manager at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Raul manages and leads a team of information security professionals across application security, incident response, remediation, security data science & engineering. Raul discusses the importance of AI in various fields, such as healthcare, finance, and cybersecurity, the impact AI will have on privacy, and the need for regulations and governance frameworks to ensure responsible AI development and deployment.  

 

In This Episode You Will Learn:    

 

  • How the field of AI and machine learning in security is evolving 
  • The value of integrating security principles and seeking input from the security community  
  • Why the security community needs to develop new tools and processes for  AI and Data.  

 

Some Questions We Ask:    

 

  • Can you share an example of a successful project transition from research to production? 
  • Are there already existing fundamentals in machine learning and AI security? 
  • What are the potential risks of attackers manipulating AI and machine learning models? 

 

Resources:   


View Raul Rojas on LinkedIn 

View Nic Fillingham on LinkedIn 

View Wendy Zenone on LinkedIn 

 

Send us feedback: bluehat@microsoft.com 

Follow us on Twitter: @MSFTBlueHat 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 3186 no Dan Tentler on How the Old Ways Still Work https://shows.acast.com/the-bluehat-podcast/episodes/dan-tentler-on-how-the-old-ways-still-work Dan Tentler, Executive Founder and CTO of Phobos Group, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Dan has a wealth of defensive and adversarial knowledge and a strong background in systems, networking, architecture, and wireless networks. Dan discusses his time at BlueHat 2023, why you should put everything behind a VPN, and how a typo and Jeff Goldblum's movie Hideaway helped create his current online handle.        In This Episode You Will Learn:       Why it's important to hold onto old techniques and knowledge   The premise and thoughts behind Dan’s 2023 BlueHat presentation  How people can still protect themselves with old security tools    Some Questions We Ask:       How did your security career start and grow into speaking at BlueHat 2023?  What tools and techniques were available in the beginning of your career?   What were some big takeaways from your presentation at BlueHat?      Resources:      View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn    Send us feedback: bluehat@microsoft.com  Follow us on Twitter: @MSFTBlueHat    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 31 May 2023 07:05:00 -0000 Dan Tentler on How the Old Ways Still Work full 1 4 Microsoft <p>Dan Tentler, Executive Founder and CTO of Phobos Group, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Dan has a wealth of defensive and adversarial knowledge and a strong background in systems, networking, architecture, and wireless networks. Dan discusses his time at BlueHat 2023, why you should put everything behind a VPN, and how a typo and Jeff Goldblum's movie Hideaway helped create his current online handle.&nbsp;&nbsp;</p><p>&nbsp;</p><p>&nbsp;&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Why it's important to hold onto old techniques and knowledge&nbsp;&nbsp;</li><li>The premise and thoughts behind Dan’s 2023 BlueHat presentation&nbsp;</li><li>How people can still protect themselves with old security tools&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How did your security career start and grow into speaking at BlueHat 2023?&nbsp;</li><li>What tools and techniques were available in the beginning of your career?&nbsp;&nbsp;</li><li>What were some big takeaways from your presentation at BlueHat?&nbsp;&nbsp;</li></ul><p>&nbsp;&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><p>&nbsp;</p><p>Send us feedback: <a href="mailto:bluehat@microsoft.com" rel="noopener noreferrer" target="_blank">bluehat@microsoft.com</a>&nbsp;</p><p>Follow us on Twitter: <a href="https://twitter.com/MSFTBlueHat" rel="noopener noreferrer" target="_blank">@MSFTBlueHat</a>&nbsp;</p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Dan Tentler, Executive Founder and CTO of Phobos Group, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Dan has a wealth of defensive and adversarial knowledge and a strong background in systems, networking, architecture, and wireless networks. Dan discusses his time at BlueHat 2023, why you should put everything behind a VPN, and how a typo and Jeff Goldblum's movie Hideaway helped create his current online handle.        In This Episode You Will Learn:       Why it's important to hold onto old techniques and knowledge   The premise and thoughts behind Dan’s 2023 BlueHat presentation  How people can still protect themselves with old security tools    Some Questions We Ask:       How did your security career start and grow into speaking at BlueHat 2023?  What tools and techniques were available in the beginning of your career?   What were some big takeaways from your presentation at BlueHat?      Resources:      View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn    Send us feedback: bluehat@microsoft.com  Follow us on Twitter: @MSFTBlueHat    Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Dan Tentler, Executive Founder and CTO of Phobos Group, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Dan has a wealth of defensive and adversarial knowledge and a strong background in systems, networking, architecture, and wireless networks. Dan discusses his time at BlueHat 2023, why you should put everything behind a VPN, and how a typo and Jeff Goldblum's movie Hideaway helped create his current online handle.  

 

  

In This Episode You Will Learn:    

 

  • Why it's important to hold onto old techniques and knowledge  
  • The premise and thoughts behind Dan’s 2023 BlueHat presentation 
  • How people can still protect themselves with old security tools 

 

Some Questions We Ask:    

 

  • How did your security career start and grow into speaking at BlueHat 2023? 
  • What tools and techniques were available in the beginning of your career?  
  • What were some big takeaways from your presentation at BlueHat?  

  

Resources:   

 

View Nic Fillingham on LinkedIn 

View Wendy Zenone on LinkedIn 

 

Send us feedback: bluehat@microsoft.com 

Follow us on Twitter: @MSFTBlueHat 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2806 no Cameron Vincent on Both Sides of Bug Hunting https://shows.acast.com/the-bluehat-podcast/episodes/cameron-vincent-on-both-sides-of-bug-hunting Cameron Vincent, a security researcher at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Cameron has been one of the top researchers for both Microsoft and Google programs numerous times. He now works on the V&M team within the MSRC side, dealing with security issues internally. Cameron discusses with Nic and Wendy the importance of understanding your role and responsibilities in the workplace, the first bug he ever submitted, and his time presenting at BlueHat 2023.     In This Episode You Will Learn:       The benefits of face-to-face communication and how to balance it with technology.  Why you should build a supportive culture of communication  How to get involved in the world of bug bounty hunting    Some Questions We Ask:       How do you manage and deal with stress and burnout from your work?  What are some practical ways to provide feedback to team members?  How can we improve communication in a remote work environment?     Resources:    Follow Cameron Vincent on Twitter  Watch Cameron speak at BlueHat 2023    View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 17 May 2023 09:05:12 -0000 Cameron Vincent on Both Sides of Bug Hunting full 1 3 Microsoft <p>Cameron Vincent, a security researcher at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Cameron has been one of the top researchers for both Microsoft and Google programs numerous times. He now works on the V&amp;M team within the MSRC side, dealing with security issues internally. Cameron discusses with Nic and Wendy the importance of understanding your role and responsibilities in the workplace, the first bug he ever submitted, and his time presenting at BlueHat 2023.&nbsp;</p><p>&nbsp;&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>The benefits of face-to-face communication and how to balance it with technology.&nbsp;</li><li>Why you should build a supportive culture of communication&nbsp;</li><li>How to get involved in the world of bug bounty hunting&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How do you manage and deal with stress and burnout from your work?&nbsp;</li><li>What are some practical ways to provide feedback to team members?&nbsp;</li><li>How can we improve communication in a remote work environment?&nbsp;</li></ul><p>&nbsp;&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p><a href="https://twitter.com/secretlyhidden1?lang=en" rel="noopener noreferrer" target="_blank"><em>Follow Cameron Vincent on Twitter</em></a>&nbsp;</p><p><a href="https://www.youtube.com/watch?v=DlDONiCvtyE" rel="noopener noreferrer" target="_blank"><em>Watch Cameron speak at BlueHat 2023</em></a>&nbsp;</p><p>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><br><p>Send us feedback:&nbsp;<a href="mailto:bluehat@microsoft.com" rel="noopener noreferrer" target="_blank">bluehat@microsoft.com</a></p><p>Follow us on Twitter: <a href="https://twitter.com/MSFTBlueHat" rel="noopener noreferrer" target="_blank">@MSFTBlueHat</a></p><p>&nbsp;</p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> Cameron Vincent, a security researcher at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Cameron has been one of the top researchers for both Microsoft and Google programs numerous times. He now works on the V&M team within the MSRC side, dealing with security issues internally. Cameron discusses with Nic and Wendy the importance of understanding your role and responsibilities in the workplace, the first bug he ever submitted, and his time presenting at BlueHat 2023.     In This Episode You Will Learn:       The benefits of face-to-face communication and how to balance it with technology.  Why you should build a supportive culture of communication  How to get involved in the world of bug bounty hunting    Some Questions We Ask:       How do you manage and deal with stress and burnout from your work?  What are some practical ways to provide feedback to team members?  How can we improve communication in a remote work environment?     Resources:    Follow Cameron Vincent on Twitter  Watch Cameron speak at BlueHat 2023    View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat   Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Cameron Vincent, a security researcher at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Cameron has been one of the top researchers for both Microsoft and Google programs numerous times. He now works on the V&M team within the MSRC side, dealing with security issues internally. Cameron discusses with Nic and Wendy the importance of understanding your role and responsibilities in the workplace, the first bug he ever submitted, and his time presenting at BlueHat 2023. 

  

In This Episode You Will Learn:    

 

  • The benefits of face-to-face communication and how to balance it with technology. 
  • Why you should build a supportive culture of communication 
  • How to get involved in the world of bug bounty hunting 

 

Some Questions We Ask:    

 

  • How do you manage and deal with stress and burnout from your work? 
  • What are some practical ways to provide feedback to team members? 
  • How can we improve communication in a remote work environment? 

  

Resources:   

Follow Cameron Vincent on Twitter 

Watch Cameron speak at BlueHat 2023 

 

View Nic Fillingham on LinkedIn 

View Wendy Zenone on LinkedIn 


Send us feedback: bluehat@microsoft.com

Follow us on Twitter: @MSFTBlueHat

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2457 no James Forshaw on Writing Your Own Tools https://shows.acast.com/the-bluehat-podcast/episodes/james-forshaw-on-writing-your-own-tools James Forshaw, a security researcher at Google's Project Zero, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. James has been involved with computer hardware and software security for over ten years and has been listed as the number one researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. James is also the author of the book "Attacking Network Protocols" which is available from NoStarch Press. James discusses going after logic-based bugs, his time at BlueHat 2023, and how creativity and intuition help him while hunting for new bugs.       In This Episode You Will Learn:       Values and benefits of writing your own tooling  Why James decided on a high-level, call-to-action presentation for BlueHat 2023  The inspiration behind his new book “Attacking Network Protocols”    Some Questions We Ask:       Is there a sequence of events you follow when hunting for a logic vulnerability?  When should someone consider writing their own tools?  What advantages come to mind when writing your tooling for a new project?     Resources:    Watch James Forshaw at BlueHat 2023    View James Forshaw on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 17 May 2023 08:05:43 -0000 James Forshaw on Writing Your Own Tools full 1 2 Microsoft <p>James Forshaw, a security researcher at Google's Project Zero, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. James has been involved with computer hardware and software security for over ten years and has been listed as the number one researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. James is also the author of the book "Attacking Network Protocols" which is available from NoStarch Press. James discusses going after logic-based bugs, his time at BlueHat 2023, and how creativity and intuition help him while hunting for new bugs.&nbsp;&nbsp;&nbsp;</p><p>&nbsp;&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Values and benefits of writing your own tooling&nbsp;</li><li>Why James decided on a high-level, call-to-action presentation for BlueHat 2023&nbsp;</li><li>The inspiration behind his new book “Attacking Network Protocols”&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>Is there a sequence of events you follow when hunting for a logic vulnerability?&nbsp;</li><li>When should someone consider writing their own tools?&nbsp;</li><li>What advantages come to mind when writing your tooling for a new project?&nbsp;</li></ul><p>&nbsp;&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p><a href="https://www.youtube.com/watch?v=At-SWQyp-DY" rel="noopener noreferrer" target="_blank"><em>Watch James Forshaw at BlueHat 2023</em></a>&nbsp;</p><p>&nbsp;</p><p><a href="https://www.linkedin.com/in/james-forshaw-ab833725/" rel="noopener noreferrer" target="_blank">View James Forshaw on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><br><p>Send us feedback:&nbsp;<a href="mailto:bluehat@microsoft.com" rel="noopener noreferrer" target="_blank">bluehat@microsoft.com</a></p><p>Follow us on Twitter: <a href="https://twitter.com/MSFTBlueHat" rel="noopener noreferrer" target="_blank">@MSFTBlueHat</a></p><br><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> James Forshaw, a security researcher at Google's Project Zero, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. James has been involved with computer hardware and software security for over ten years and has been listed as the number one researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. James is also the author of the book "Attacking Network Protocols" which is available from NoStarch Press. James discusses going after logic-based bugs, his time at BlueHat 2023, and how creativity and intuition help him while hunting for new bugs.       In This Episode You Will Learn:       Values and benefits of writing your own tooling  Why James decided on a high-level, call-to-action presentation for BlueHat 2023  The inspiration behind his new book “Attacking Network Protocols”    Some Questions We Ask:       Is there a sequence of events you follow when hunting for a logic vulnerability?  When should someone consider writing their own tools?  What advantages come to mind when writing your tooling for a new project?     Resources:    Watch James Forshaw at BlueHat 2023    View James Forshaw on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. James Forshaw, a security researcher at Google's Project Zero, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. James has been involved with computer hardware and software security for over ten years and has been listed as the number one researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. James is also the author of the book "Attacking Network Protocols" which is available from NoStarch Press. James discusses going after logic-based bugs, his time at BlueHat 2023, and how creativity and intuition help him while hunting for new bugs.   

  

In This Episode You Will Learn:    

 

  • Values and benefits of writing your own tooling 
  • Why James decided on a high-level, call-to-action presentation for BlueHat 2023 
  • The inspiration behind his new book “Attacking Network Protocols” 

 

Some Questions We Ask:    

 

  • Is there a sequence of events you follow when hunting for a logic vulnerability? 
  • When should someone consider writing their own tools? 
  • What advantages come to mind when writing your tooling for a new project? 

  

Resources:   

Watch James Forshaw at BlueHat 2023 

 

View James Forshaw on LinkedIn 

View Nic Fillingham on LinkedIn 

View Wendy Zenone on LinkedIn 


Send us feedback: bluehat@microsoft.com

Follow us on Twitter: @MSFTBlueHat


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2833 no David Weston on the Importance of Security Research https://shows.acast.com/the-bluehat-podcast/episodes/david-weston-on-the-importance-of-security-research David Weston, Vice President of Enterprise and OS Security at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. With over twenty years of experience in the industry, David has a deep knowledge of cybersecurity best practices and has been recognized as a thought leader. In addition to his work in cybersecurity, David also advocates for diversity and inclusion in the tech industry. He has been actively involved in initiatives to promote diversity in cybersecurity and has spoken about the need for greater diversity in the industry. David discusses with Nic the importance of having a comprehensive cybersecurity strategy, the value of creating a culture of cybersecurity within organizations, and why we need regular software updates and investing in cybersecurity tools.       In This Episode You Will Learn:       How organizations can create a culture of cybersecurity among their employees  The most effective ways to train employees on cybersecurity best practices  Tools and technologies that organizations can use to protect themselves    Some Questions We Ask:       How can organizations overcome some of their biggest challenges in security?   Can you share some common mistakes that organizations make regarding cybersecurity?  How do you see the cybersecurity landscape evolving in the coming years?     Resources:      View David Weston on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. Wed, 17 May 2023 07:05:00 -0000 David Weston on the Importance of Security Research full 1 1 Microsoft <p>David Weston, Vice President of Enterprise and OS Security at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. With over twenty years of experience in the industry, David has a deep knowledge of cybersecurity best practices and has been recognized as a thought leader. In addition to his work in cybersecurity, David also advocates for diversity and inclusion in the tech industry. He has been actively involved in initiatives to promote diversity in cybersecurity and has spoken about the need for greater diversity in the industry. David discusses with Nic the importance of having a comprehensive cybersecurity strategy, the value of creating a culture of cybersecurity within organizations, and why we need regular software updates and investing in cybersecurity tools.&nbsp;</p><p>&nbsp;</p><p>&nbsp;&nbsp;</p><p><strong>In This Episode You Will Learn</strong>:&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How organizations can create a culture of cybersecurity among their employees&nbsp;</li><li>The most effective ways to train employees on cybersecurity best practices&nbsp;</li><li>Tools and technologies that organizations can use to protect themselves&nbsp;</li></ul><p>&nbsp;</p><p><strong>Some Questions We Ask:</strong>&nbsp;&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><ul><li>How can organizations overcome some of their biggest challenges in security?&nbsp;&nbsp;</li><li>Can you share some common mistakes that organizations make regarding cybersecurity?&nbsp;</li><li>How do you see the cybersecurity landscape evolving in the coming years?&nbsp;</li></ul><p>&nbsp;&nbsp;</p><p><strong>Resources:</strong>&nbsp;&nbsp;&nbsp;</p><p>&nbsp;</p><p><a href="https://www.linkedin.com/in/david-weston-ba87686/" rel="noopener noreferrer" target="_blank">View David Weston on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a>&nbsp;</p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a>&nbsp;</p><br><p>Send us feedback:&nbsp;<a href="mailto:bluehat@microsoft.com" rel="noopener noreferrer" target="_blank">bluehat@microsoft.com</a></p><p>Follow us on Twitter: <a href="https://twitter.com/MSFTBlueHat" rel="noopener noreferrer" target="_blank">@MSFTBlueHat</a></p><br><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>&nbsp;&nbsp;</p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p> David Weston, Vice President of Enterprise and OS Security at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. With over twenty years of experience in the industry, David has a deep knowledge of cybersecurity best practices and has been recognized as a thought leader. In addition to his work in cybersecurity, David also advocates for diversity and inclusion in the tech industry. He has been actively involved in initiatives to promote diversity in cybersecurity and has spoken about the need for greater diversity in the industry. David discusses with Nic the importance of having a comprehensive cybersecurity strategy, the value of creating a culture of cybersecurity within organizations, and why we need regular software updates and investing in cybersecurity tools.       In This Episode You Will Learn:       How organizations can create a culture of cybersecurity among their employees  The most effective ways to train employees on cybersecurity best practices  Tools and technologies that organizations can use to protect themselves    Some Questions We Ask:       How can organizations overcome some of their biggest challenges in security?   Can you share some common mistakes that organizations make regarding cybersecurity?  How do you see the cybersecurity landscape evolving in the coming years?     Resources:      View David Weston on LinkedIn  View Nic Fillingham on LinkedIn  View Wendy Zenone on LinkedIn  Send us feedback: bluehat@microsoft.com Follow us on Twitter: @MSFTBlueHat Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information. David Weston, Vice President of Enterprise and OS Security at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. With over twenty years of experience in the industry, David has a deep knowledge of cybersecurity best practices and has been recognized as a thought leader. In addition to his work in cybersecurity, David also advocates for diversity and inclusion in the tech industry. He has been actively involved in initiatives to promote diversity in cybersecurity and has spoken about the need for greater diversity in the industry. David discusses with Nic the importance of having a comprehensive cybersecurity strategy, the value of creating a culture of cybersecurity within organizations, and why we need regular software updates and investing in cybersecurity tools. 

 

  

In This Episode You Will Learn:    

 

  • How organizations can create a culture of cybersecurity among their employees 
  • The most effective ways to train employees on cybersecurity best practices 
  • Tools and technologies that organizations can use to protect themselves 

 

Some Questions We Ask:    

 

  • How can organizations overcome some of their biggest challenges in security?  
  • Can you share some common mistakes that organizations make regarding cybersecurity? 
  • How do you see the cybersecurity landscape evolving in the coming years? 

  

Resources:   

 

View David Weston on LinkedIn 

View Nic Fillingham on LinkedIn 

View Wendy Zenone on LinkedIn 


Send us feedback: bluehat@microsoft.com

Follow us on Twitter: @MSFTBlueHat


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


Hosted on Acast. See acast.com/privacy for more information.

]]> 2487 no The BlueHat Podcast https://shows.acast.com/the-bluehat-podcast/episodes/the-bluehat-podcast Get ready for The BlueHat Podcast - A new security research-focused podcast from Microsoft featuring conversations with security researchers and industry leaders, both inside and outside of Microsoft. Hosted on Acast. See acast.com/privacy for more information. Mon, 15 May 2023 22:16:20 -0000 The BlueHat Podcast trailer Microsoft The BlueHat Podcast Get ready for The BlueHat Podcast - A new security research-focused podcast from Microsoft featuring conversations with security researchers and industry leaders, both inside and outside of Microsoft. Hosted on Acast. See acast.com/privacy for more information.

Hosted on Acast. See acast.com/privacy for more information.

]]> 39 no