Microsoft Threat Intelligence Podcast

Throwing Darts in the Dark With Microsoft Incident Response

Feb 28, 2024

Exploring threat actors' techniques and incident response challenges. Insights into Octo Tempest. The dynamic nature of incident response work. Managing emotions in high-pressure situations. Teamwork and collaboration in cybersecurity. Importance of comprehensive data collection. Unpacking persistence and dwell time in cyber attacks. Personal narratives in the journey to cybersecurity. Promoting diversity in Microsoft's incident response team.

44:13

Creator website

Episode guests

Stella Aghakian

Holly Burmaster

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Threat actors' dwell times vary, with some favoring quick attacks and others opting for prolonged covert activities within networks.

Comprehensive event logs and data sets like scheduled tasks are crucial for reconstructing timelines and tracking threat actor activities in incident response work.

Deep dives

Dwell Time Variability Among Threat Actors

Threat actors exhibit varying dwell times, with some opting for quick smash-and-grab attacks, completing within 24 hours, while others prefer longer stays to explore high-value assets. The dichotomy in strategies results in either swift exits or prolonged covert activities within compromised networks.

Introduction

2min

Exploring Threat Actors and Incident Response Challenges

17min

Collaboration with Mystic Hunt Team and Casey 7 Cybersecurity Education Platform

6min

Importance of Comprehensive Data Collection for Incident Response

3min

Unpacking Persistence and Dwell Time in Cybersecurity Attacks

8min

Journey to Cybersecurity

5min

Promoting Diversity and Expertise in Microsoft's Incident Response Team

3min

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Stella Aghakian and Holly Burmaster. They explore the intrigue of watching threat actors and their techniques and walk through these techniques and how they are educational and critical in threat intelligence work. They also discuss their experiences at Microsoft Ignite, insights into the cyber threat actor Octo Tempest, and personal reflections on threat intelligence and favorite threat actors. Both Stella and Holly discuss how they thrive on the uncertainty and variety of their work despite the long hours and high pressure but appreciate the supportive team environment that helps them.

In this episode you’ll learn:

Challenges of incident response when dealing with destructive threat actors
Difficulty in managing the emotional aspects of incident response
The unpredictability and dynamic nature of incident response work

Some questions we ask:

How is the workflow structured in incident response teams?
What traits are crucial for excelling in the high-pressure world of incident response?
Do Dart and Mystic teams collaborate in incident responses?

Resources:

View Stella Aghakian on LinkedIn

View Holly Burmaster on LinkedIn

View Sherrod DeGrippo on LinkedIn

Octo Tempest Threat Actor profile

Protecting credentials against social engineering

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Microsoft Threat Intelligence Podcast

Throwing Darts in the Dark With Microsoft Incident Response

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Dwell Time Variability Among Threat Actors

Valuable Data Sets for Effective Incident Response

The Intriguing Motivations of Threat Actors

Diverse Paths Leading to Cybersecurity Careers

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Microsoft Threat Intelligence Podcast

Throwing Darts in the Dark With Microsoft Incident Response

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Dwell Time Variability Among Threat Actors

Valuable Data Sets for Effective Incident Response

The Intriguing Motivations of Threat Actors

Diverse Paths Leading to Cybersecurity Careers

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights