Microsoft Threat Intelligence Podcast

In this episode of the Microsoft Threat Intelligence Podcast recorded at the RSA Conference in San Francisco, host Sherrod DeGrippo engages with a diverse group of cybersecurity experts. David Weston, VP of Operating System Security at Microsoft, discusses the evolution of Windows security and the role of AI. Jamie Williams from MITRE shares insights on the importance of product functionality in cybersecurity. Emma Stewart, Chief Power Grid Scientist at Idaho National Lab, talks about securing the digital transition of the power grid. Joe Slowik from MITRE emphasizes the importance of threat intelligence and integrating cybercrime entities into their attack framework. Lindsey O'Donnell, executive editor of Decipher, highlights AI's crucial role in cybersecurity and finally, Todd Pauley, deputy CISO of the Texas Education Agency, discusses the challenges faced by small school districts in Texas.    In this episode you’ll learn:         How Windows security has transitioned from user-controlled to Microsoft-managed  The importance of understanding product functionality to combat cyber threats  Securing the power grid's digital transition and cloud technologies for grid control     Some questions we ask:        What challenges and opportunities arise in securing the power grid's digital transition?  How does AI enhance security in Windows operating systems?  What were some of the most memorable sessions you attended at RSA?    Resources:  View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider   The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Mark Russinovich.  Mark Russinovich, CTO and Technical Fellow of Microsoft Azure, joins the show to talk about his journey from developing on-prem tools like Sysinternals to working in the cloud with Azure. Sherrod and Mark discuss the evolution of cybersecurity, the role of AI in threat intelligence, and the challenge of jailbreaking AI models. Mark shares his experiences with testing AI models for vulnerabilities, including his discovery of the "Crescendo" and "Masterkey" methods to bypass safety protocols. They also touch on the issue of poisoned training data and its impact on AI reliability, while highlighting the importance of staying ahead in cybersecurity.  In this episode you’ll learn:       The shift from desktop computing to cloud-based systems and its implications  Potential consequences of AI models having overridable safety instructions  How AI training data can manipulate the outcomes generated by AI models  Some questions we ask:      Will AI owners be able to stop data poisoning, or will it become more common?  Can you share challenges and vulnerabilities in maintaining the security of AI systems?  What sparked your interest in AI jailbreaks, and what trends are you seeing?  Resources:  View Mark Russinovich on LinkedIn  View Sherrod DeGrippo on LinkedIn   AI jailbreaks: What they are and how they can be mitigated?https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/  Inside AI Security with Mark Russinovich | BRK227 https://www.youtube.com/watch?v=f0MDjS9-dNw How Microsoft discovers and mitigates evolving attacks against AI guardrails.https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/ Google AI said to put glue on pizza.https://www.businessinsider.com/google-ai-glue-pizza-i-tried-it-2024-5   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Sherrod DeGrippo discusses the Grandoreiro banking Trojan's global expansion and the Luna Tempest extortion group targeting startups. The evolving tactics of threat actors, challenges in disrupting them, and the rise of identity-based attacks are highlighted. Collaboration and industry unity are emphasized in combating cyber threats.

Andrew Morris from GreyNoise and Lauren Proehl from Marsh McLennan discuss banning ransomware payments, backup strategies, basic security measures, and investing in cyber defense. They explore challenges faced by CISOs, potential for ransomware attacks on physical infrastructure, and evolving tactics like double or triple extortion. The conversation touches on the effectiveness of law enforcement in combating ransomware and where organizations can invest to enhance cybersecurity.

Andres Freund and Thomas Roccia discuss discovering a backdoor in the XZ package, emphasizing proactive security measures and code review in open source. They highlight the importance of community collaboration in identifying and mitigating security threats effectively.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target's cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape.     In this episode you’ll learn:       The genesis of the project scumbots and its functionality  Challenges when dealing with commercial threat intelligence companies   The increasing sophistication of cybercrime and the potential for new tactics     Some questions we ask:      How has your time in incident response evolved over the years?  What advice would you give to aspiring cybersecurity professionals  Do you believe organizations can adapt and innovate their defense strategies?    Resources:  Scumbots on Twitter View Paul Melson on LinkedIn     View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security InsiderThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Join Brandon Dixon and Vasu Jakkal in discussing how AI empowers cybersecurity professionals, the importance of inclusivity in tackling security challenges, and the transformative potential of AI in enhancing defense capabilities. Explore how AI can automate tasks, enhance coding abilities, and streamline work tasks, while promoting inclusivity and optimism in the field of information security.

Reflecting on experiences with L0pht, Chris discusses bug bounty programs in cybersecurity. Chip explains Copilot for Security's role in threat hunting and script analysis. Torrell discusses advancements in their security program and transitioning to cybersecurity.

Emily Yale and Anna Bertiger discuss their roles in Microsoft's Security Operations Center and the practical applications of data science in security. They highlight anomaly detection, importance of mathematical skills, and using AI tools. The podcast explores the intersection of technology and security, securing AI models, and the need for data science methods in tech roles.

Exploring threat actors' techniques and incident response challenges. Insights into Octo Tempest. The dynamic nature of incident response work. Managing emotions in high-pressure situations. Teamwork and collaboration in cybersecurity. Importance of comprehensive data collection. Unpacking persistence and dwell time in cyber attacks. Personal narratives in the journey to cybersecurity. Promoting diversity in Microsoft's incident response team.