The BlueHat Podcast

Microsoft

3.2 (6)
TECHNOLOGY
UPDATED BIWEEKLY

Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.

4 DAYS AGO

Ryen Macababbad on How Security Can Empower Productivity

Ryen Macababbad, Principal Security Program Manager at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Ryen discusses their career journey, including the return to Microsoft after working in security architecture and customer trust engineering. Ryen shares insights from their time at Hacker Summer Camp 2024 in Las Vegas, emphasizing the importance of creating frictionless security measures that don't hinder productivity. They explain that when security becomes a barrier, users will find workarounds, potentially compromising security. The conversation touches on the evolving relationship between security and productivity teams, highlighting the need for security to be an enabler rather than an obstacle. In This Episode You Will Learn: How investing in security helps maintain customer trust and protects revenue Why security should be built-in by default so users don't need to be security experts The importance of incorporating feedback and diverse viewpoints to enhance security Some Questions We Ask: How is a seamless security and productivity experience provided for end users? Can security researchers contribute to identifying gaps and improving product security? What motivated the shift from a focus on identity and program management to defensive security? Resources: View Ryen Macababbad on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts

41 min
AUG 27

Michael Howard on Secure by Design vs Secure by Default

Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations. In This Episode You Will Learn: Critical aspects of secure software development and pivotal moments in Microsoft's security The importance of using specific coding constructs and libraries to improve security Findings on vulnerabilities that spurred significant security improvements in SQL Server Some Questions We Ask: How do you deploy security patches effectively while minimizing disruptions? What coding constructs and compiler flags did you recommend for better security? How did external researchers at Blue Hat conferences impact Microsoft's culture? Resources: View Michael Howard on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn The Microsoft Azure Security Podcast Michael Howard (@michael_howard) on X (twitter.com) Latest book: Designing and Developing Secure Azure Solutions (Developer Best Practices): Howard, Michael, Simone, Curzi, Heinrich, Gantenbein: 9780137908752: Amazon.com: Books Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

48 min
AUG 7

Navigating AI Safety and Security Challenges with Yonatan Zunger

Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses. In This Episode You Will Learn: How predictive AI anticipates outcomes based on historical data The difficulties and strategies involved in making AI systems safe and secure from misuse How role-playing exercises help developers understand the behavior of AI systems Some Questions We Ask: What distinguishes predictive AI from generative AI? Can generative AI be used to improve decision-making processes? What is the role of unit testing and test cases in policy and AI system development? Resources: View Yonatan Zunger on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts

54 min
JUL 24

Craig Nelson on Simulating Attacks with Microsoft’s Red Team

Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions. In This Episode You Will Learn: The need for early detection of vulnerabilities during the development lifecycle Why a mix of technical and persuasive skill build successful red teams Significance of internal security education and training initiatives Some Questions We Ask: What projects are you pursuing in AI and security? How do you have conversations with engineers to influence their security decisions? What skills are important for someone aspiring to join the Red Team? Resources: View Craig Nelson on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts

38 min
JUL 10

Unlocking Backdoor AI Poisoning with Dmitrijs Trizna

Dmitrijs Trizna, Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive AI models. Dmitrijs highlights the multidisciplinary approach required for effective AI security, combining AI expertise with rigorous security practices. He also discusses the resilience of gradient-boosted decision trees against such attacks and shares insights from his recent presentation at Blue Hat India, where he noted a strong interest in AI security. In This Episode You Will Learn: The concept of Trustworthy AI and its importance in today's technology landscape How threat actors exploit AI vulnerabilities using backdoor poisoning techniques The role of frequency and unusual inputs in compromising AI model integrity Some Questions We Ask: Could you elaborate on the resilience of gradient-boosted decision trees in AI security? What interdisciplinary approaches are necessary for effective AI security? How do we determine acceptable thresholds for AI model degradation in security contexts? Resources: View Dmitrijs Trizna on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.

47 min
JUN 26

From Morris to Azure: Shawn Hernan’s Three Decades in Security

Shawn Hernan, Partner Security Engineering Group Manager at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Shawn leads Microsoft Cloud & AI Security Assurance, overseeing an international team of security professionals dedicated to proactively addressing security challenges through vulnerability research, penetration testing, and threat modeling. Drawing from his extensive experience in early cybersecurity, Shawn shares valuable insights into the evolving landscape, stressing the significance of academic knowledge and practical experience. From navigating intricate technical terrains to fostering a growth mindset, this episode provides a compelling glimpse into the ongoing pursuit of security excellence in today's digital era. In This Episode You Will Learn: Addressing root causes of vulnerabilities reported by third parties or found internally Developing tools and a deep understanding of specific classes of vulnerabilities Research on areas like crypto hygiene and missing integrity vulnerabilities Some Questions We Ask: How does your team handle variant hunting for critical cases? When researchers find issues in Azure, how does your team get involved? How do you foster a security culture within Microsoft and your team? Resources: View Shawn Hernan on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

44 min
JUN 12

MSRC VP Tom Gallagher on 25 Years of Security at Microsoft

Tom Gallagher, VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an intern working on Internet Explorer's rendering engine to key roles in Office and eventually MSRC. Through Tom's experiences, you’ll gain a unique perspective on Microsoft's cybersecurity evolution and the broader industry landscape. In This Episode You Will Learn: A Clippy vulnerability that exemplifies the importance of external insights How you can support teams when they find vulnerabilities in their code Tom's experiences attending early Black Hat and DEFCON conferences Some Questions We Ask: How does your experience as a bug hunter influence your role at MSRC? Can you elaborate on the process of mitigating vulnerabilities quickly within SFI? Will you explain Trustworthy Computing and its significance in Microsoft's history? Resources: View Tom Gallagher on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

32 min
MAY 29

Educating the Future: Aaron Tng's Cybersecurity Blueprint

Aaron Tng, a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity. Aaron is also passionate about the impact of Cybersecurity on society and actively promoting K-12 Cybersecurity Awareness and Education. He unveils his comprehensive four-point plan, which encompasses fundamental courses, advanced studies, educator training, and real-life internship opportunities. Aaron emphasizes the importance of moving beyond surface-level internet safety education, advocating for a deeper understanding of secure coding and threat modeling. In This Episode You Will Learn: The different resources utilized for Aaron’s cybersecurity education Aspirations for the future of cybersecurity education How Aaron founded a student-led nonprofit called Cyber Secure it Some Questions We Ask: What challenges did you face presenting to the Washington State Board of Education? How did you earn multiple cybersecurity certifications while still in high school? Why do you believe it's crucial to move beyond surface-level internet safety? Resources: View Aaron Tng on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

33 min

See All (37)

05/15/2023

The BlueHat Podcast

Get ready for The BlueHat Podcast - A new security research-focused podcast from Microsoft featuring conversations with security researchers and industry leaders, both inside and outside of Microsoft. Hosted on Acast. See acast.com/privacy for more information.

05/15/2023

•

1 min

3.2

out of 5

6 Ratings

Kind of boring

Mar 4

Donatello Picasso

Nick fillingham you can tell is very knowledgeable. Wendy just seems out of place in this podcast.gave it a try.

Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.

Creator

Microsoft
Years Active

2023 - 2024
Episodes

37
Rating

Clean
Show Website

The BlueHat Podcast

The BlueHat Podcast

Ryen Macababbad on How Security Can Empower Productivity

Michael Howard on Secure by Design vs Secure by Default

Navigating AI Safety and Security Challenges with Yonatan Zunger

Craig Nelson on Simulating Attacks with Microsoft’s Red Team

Unlocking Backdoor AI Poisoning with Dmitrijs Trizna

From Morris to Azure: Shawn Hernan’s Three Decades in Security

MSRC VP Tom Gallagher on 25 Years of Security at Microsoft

Educating the Future: Aaron Tng's Cybersecurity Blueprint

Trailer