The Microsoft Security Response Center podcast. Hear from cyber security researchers, responders, hackers, and engineers from within and outside of Microsoft working to make the world a safer place for all.
Ryen Macababbad, Principal Security Program Manager at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Ryen discusses their career journey, including the return to Microsoft after working in security architecture and customer trust engineering. Ryen shares insights from their time at Hacker Summer Camp 2024 in Las Vegas, emphasizing the importance of creating frictionless security measures that don't hinder productivity. They explain that when security becomes a barrier, users will find workarounds, potentially compromising security. The conversation touches on the evolving relationship between security and productivity teams, highlighting the need for security to be an enabler rather than an obstacle.
View Ryen Macababbad on LinkedIn
View Nic Fillingham on LinkedIn
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations.
View Michael Howard on LinkedIn
View Nic Fillingham on LinkedIn
The Microsoft Azure Security Podcast
Michael Howard (@michael_howard) on X (twitter.com)
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.
View Yonatan Zunger on LinkedIn
View Nic Fillingham on LinkedIn
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions.
View Nic Fillingham on LinkedIn
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Dmitrijs Trizna, Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive AI models. Dmitrijs highlights the multidisciplinary approach required for effective AI security, combining AI expertise with rigorous security practices. He also discusses the resilience of gradient-boosted decision trees against such attacks and shares insights from his recent presentation at Blue Hat India, where he noted a strong interest in AI security.
View Dmitrijs Trizna on LinkedIn
View Nic Fillingham on LinkedIn
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
Shawn Hernan, Partner Security Engineering Group Manager at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Shawn leads Microsoft Cloud & AI Security Assurance, overseeing an international team of security professionals dedicated to proactively addressing security challenges through vulnerability research, penetration testing, and threat modeling. Drawing from his extensive experience in early cybersecurity, Shawn shares valuable insights into the evolving landscape, stressing the significance of academic knowledge and practical experience. From navigating intricate technical terrains to fostering a growth mindset, this episode provides a compelling glimpse into the ongoing pursuit of security excellence in today's digital era.
In This Episode You Will Learn:
Some Questions We Ask:
Resources:
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hosted on Acast. See acast.com/privacy for more information.
Tom Gallagher, VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an intern working on Internet Explorer's rendering engine to key roles in Office and eventually MSRC. Through Tom's experiences, you’ll gain a unique perspective on Microsoft's cybersecurity evolution and the broader industry landscape.
In This Episode You Will Learn:
Some Questions We Ask:
Resources:
View Tom Gallagher on LinkedIn
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hosted on Acast. See acast.com/privacy for more information.
Aaron Tng, a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity. Aaron is also passionate about the impact of Cybersecurity on society and actively promoting K-12 Cybersecurity Awareness and Education. He unveils his comprehensive four-point plan, which encompasses fundamental courses, advanced studies, educator training, and real-life internship opportunities. Aaron emphasizes the importance of moving beyond surface-level internet safety education, advocating for a deeper understanding of secure coding and threat modeling.
In This Episode You Will Learn:
Some Questions We Ask:
Resources:
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hosted on Acast. See acast.com/privacy for more information.
Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities.
In This Episode You Will Learn:
Some Questions We Ask:
Resources:
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hosted on Acast. See acast.com/privacy for more information.
Cyber Security Content Creator, Speaker & Ethical Hacker, Katie Paxton-Fear, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Katie holds a PhD in defense and security AI plus cybersecurity and works as an academic, teaching undergraduate students cybersecurity topics. She also runs a popular YouTube channel focused on bug bounty hunting, hacking, and pen testing. Katie shares her journey into cybersecurity, reflects on her initial interest in undeciphered languages and how it parallels her approach to cybersecurity, both involving a fascination with solving mysteries and uncovering hidden meanings.
In This Episode You Will Learn:
Some Questions We Ask:
Resources:
View Katie Paxton-Fear on LinkedIn
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hosted on Acast. See acast.com/privacy for more information.
Luke Jennings, VP of Research & Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations.
In This Episode You Will Learn:
Some Questions We Ask:
Resources:
View Luke Jennings on LinkedIn
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hosted on Acast. See acast.com/privacy for more information.
Your feedback is valuable to us. Should you encounter any bugs, glitches, lack of functionality or other problems, please email us on [email protected] or join Moon.FM Telegram Group where you can talk directly to the dev team who are happy to answer any queries.