Microsoft Threat Intelligence Podcast

Live from New York it’s Microsoft Secure

Mar 27, 2024

Reflecting on experiences with L0pht, Chris discusses bug bounty programs in cybersecurity. Chip explains Copilot for Security's role in threat hunting and script analysis. Torrell discusses advancements in their security program and transitioning to cybersecurity.

47:48

Creator website

Episode guests

Torrell Funderburk

Chip Calhoun

Chris Wysopal

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Bug bounty programs dominate cybersecurity but have both benefits and drawbacks

Copilot for Security enhances threat hunting and script analysis capabilities

Transitioning from software engineering to cybersecurity requires curiosity and problem-solving skills

Deep dives

AI and Security Program Improvement

Leveraging AI like Security Co-Pilot to enhance overall security programs by analyzing alerts and incidents to identify program-level issues. This approach allows for insightful feedback loops and improved program effectiveness.

Introduction

2min

Exploring Flight Simulator Popularity and Being a 'Think Tank'

2min

Evolution of Vulnerability Disclosure and Open Source Security

14min

Understanding the Divergence Between Developer and Security Personas

2min

AI in Daily Life and Security Enhancement

9min

Securing Industrial Systems and Transitioning to Cybersecurity Roles

11min

Empowering Security Programs with Co-Pilot AI

7min

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Times Square at Microsoft Secure and is joined by Chris Wysopal, Chip Calhoun, and Torrell Funderburk. Chris (aka Weld Pond) reflects on his experiences with L0pht, the evolution of bug bounty programs and their dominance in the cybersecurity space, highlighting both the benefits and drawbacks. Chip explains how Copilot for Security assists with threat hunting and script analysis, enhancing analysts' capabilities in identifying threats and malicious activities. He also touches on the prevalent threat actor profiles, highlighting the prevalence of e-crime and the potential impact of nation-state actors. Terrell expresses excitement about the advancements in their security program and the ability to detect and respond at scale. He also discusses his transition from software engineering to cybersecurity and encourages others to consider the move due to the foundational similarities between the fields.

In this episode you’ll learn:

Complications from vulnerabilities discovered in open-source software
Practical applications of Copilot in incident response and threat intelligence
The importance of curiosity and problem-solving skills when building a security team.

Some questions we ask:

How do you view the role of AI and machine learning in security, and bug bounties?
What do you think is unique about securing critical infrastructure targets?
Will AI influence security practices in organizations and industries going forward?