Miriam Wiesner on Identity Hygiene, Security Tools, and Finding Balance

Dec 16, 2024

Miriam Wiesner, a Senior Security Research Program Manager at Microsoft with over 15 years of IT and cybersecurity experience, dives into identity hygiene and the nuances of the Graph API. She discusses the significance of script block logging and the benefits of Kusto in security analytics. Balancing a demanding career with parenthood, Miriam opens up about the emotional challenges of returning to work and juggling family responsibilities. She emphasizes the importance of proactive security measures and self-advocacy in tech, aiming for a healthier work-life balance.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

ADVICE

Leverage DSC

Implement Desired State Configuration (DSC) with regular pull mode.
This creates a self-healing configuration, hindering adversaries.

ADVICE

Identity Hygiene and SAWs

Prioritize identity hygiene and lock down identities.
Use a Secure Admin Workstation (SAW) for sensitive tasks to minimize compromise.

INSIGHT

Security in Underfunded Organizations

Many organizations, especially those underfunded, often overlook security.
Prioritize securing your Identity Provider (IDP) and using SAWs.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of the PowerShell Podcast, we sit down with Miriam Wiesner, a Senior Security Research Program Manager at Microsoft, to dive into the fascinating world of security and identity hygiene. Miriam shares her expertise on the GraphAPI and the critical importance of maintaining proper identity hygiene in today's digital landscape.

We explore the day-to-day life of a security researcher and discuss how tools like script block logging can provide invaluable insights. Miriam also highlights the power of Kusto for analyzing data and solving complex challenges in the security space.

In addition to technical insights, Miriam opens up about the challenges of maintaining a healthy work-life balance, offering a candid look at the human side of working in a demanding and impactful field.

Guest Bio and links:

Miriam C. Wiesner is a Sr. Security Research Program Manager at Microsoft with over 15 years of experience in IT and IT Security. She has held various positions, including Administrator/System Engineer, Software Developer, Premier Field Engineer, Program Manager, and Security Consultant and Pentester.

She is also a renowned creator of open-source tools based in PowerShell, including EventList and JEAnalyzer. She was invited multiple times to present her research behind her tools at many international conferences like Black Hat (USA, Europe & Asia), PSConf EU, MITRE ATT&CK workshop, and more.

Miriam is the author of the book "PowerShell Automation and Scripting for CyberSecurity: Hacking and Defense for Red and Blue Teamers." Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany.

Previous episode with Miriam - https://www.youtube.com/watch?v=0Csw8YYGyCg&pp=ygUObWlyaWFtIHdpZXNuZXI%3D

Practical PowerShell Empowerment For Protectors - https://www.youtube.com/watch?v=JgqbR-7O7TI&pp=ygUObWlyaWFtIHdpZXNuZXI%3D

Echoes of Intrusion: Demystifying commonly used MS Graph API Attacks - https://www.youtube.com/watch?v=YDK5xYx1rKg&t=677s&pp=ygUObWlyaWFtIHdpZXNuZXI%3D

PowerShell ❤️ the Blue Team - https://devblogs.microsoft.com/powershell/powershell-the-blue-team/

https://techcommunity.microsoft.com/blog/microsoftsentinelblog/the-power-of-data-collection-rules-detect-disabling-windows-defender-real-time-p/4236540

PowerShell Podcast Home page: https://www.pdq.com/resources/the-powershell-podcast/

Listen to the PowerShell Podcast: https://powershellpodcast.podbean.com/