RunAs Radio

Paula Januszkiewicz, CEO of Secure/ Secure Academy, shares her journey in cybersecurity, driven by insatiable curiosity. She discusses the delicate balance between education and hands-on experience, highlighting the intense demands of incident response. Paula reveals the challenges of legacy protocols in aviation security and how AI is transforming both attack and defense strategies. With a focus on proactive measures, she illustrates the importance of building community through knowledge sharing and the evolving career paths in the cybersecurity landscape.

Steve Syfuhs, who leads the Windows authentication platform team at Microsoft, discusses the impending retirement of NTLM, a legacy authentication protocol. He outlines the complexities involved and explains how auditing improvements can help identify NTLM usage. Steve reveals why transitioning to Kerberos is not always straightforward and introduces Microsoft Negotiate as a valuable intermediary. He emphasizes that while retiring NTLM requires time and meticulous planning, there are steps organizations can take today to prepare for a secure future.

In this engaging conversation, Amy Norris, a graphic designer turned software developer at Dimensional Innovations and volunteer with Kansas City Women in Tech, delves into fostering a culture that embraces failure. She emphasizes the importance of clear communication and detailed feedback to create a safe space for asking questions and discussing challenges. Amy also discusses the value of preparing for crises through drills and open incident channels, while encouraging constructive criticism among team members for continuous improvement.

In this engaging discussion, Troy Hunt, an internet security expert and the creator of Have I Been Pwned, reveals the importance of breach awareness and password management. He explains how his service notifies users of compromised accounts, which can mitigate risks for both individuals and organizations. Troy also delves into the motivations behind data sharing from researchers and criminals, the regulatory landscape regarding breach notifications, and the challenges companies face post-breach. With insight into password security and the value of adopting password managers, this conversation is a treasure trove of information for anyone concerned about online safety.

You're down - is it your servers, or someone else's? While at the Kansas City Developers Conference, Richard sits down with Mandi Walls from Pager Duty about her experiences dealing with incidents involving vendor services. It might be your cloud provider, or some other SaaS element of a pipeline, or even an open-source library dependency in an important internal application that can cause a problem. What are the next steps? Mandi talks about having a software and services bill of materials so that you know what dependencies you have, where to check their status, and how to get help when you need it. Our systems are more complicated than ever - you need a plan to deal with the incidents!LinksAzure StatusSBOM ToolVendor Incidents with Jeff MartinsRecorded August 14, 2025

Todd Gardner, a savvy developer and creator of CertKit, dives into the critical future of SSL certificates, including the impending shift to 200-day lifespans and eventually just 47 days by 2029. He emphasizes the importance of automating certificate renewals to prevent outages. Gardner discusses how CertKit simplifies management with centralized storage and monitoring. He also touches on the impact of free certificate providers like Let's Encrypt and the need for real-time alerts on renewals. Join his pilot program to streamline your certificate management!

Join Stephanie Donahue, the U.S. modern work practice lead at Avanade, as she dives into the world of AI training in the workplace. They discuss the risks of unregulated AI tools like ChatGPT and the importance of established corporate guidelines. Stephanie highlights the need for upskilling employees to navigate the fast-changing AI landscape. With insights into the integration of AI in business processes and the value of collaboration, she emphasizes transformative knowledge sharing and adapting to new technological advancements.

Paul Thurrott, a tech journalist celebrated for his insights into Microsoft, joins to mark a podcast milestone. They dive into the evolution of Windows, reflecting on its relevance amidst emerging technologies. The conversation covers the transition to ARM architecture, the shift to cloud computing, and the transforming nature of IT roles influenced by AI. Paul also discusses the importance of continuous learning and adapting to new technologies. A nostalgic journey through tech innovations and the impact of AI on jobs makes this a lively discussion.

Scott Sauber, a Microsoft MVP and Director of Engineering at Lean Techniques, shares key insights into common Azure mistakes. He emphasizes the importance of proper account management, from credential structure to naming conventions. Security is another focal point, as he discusses modern TLS protocols and passwordless authentication methods. Cost management strategies are crucial, with Sauber advocating for setting budgets and alerts to avoid overspending. Tune in for a wealth of practical tips to enhance reliability and efficiency in Azure!

How do you secure your organization's data to let AI technologies work safely? Richard chats with Martina Grom about her experiences helping sysadmins responsibly bring the power of Microsoft M365 Copilot into their organizations. Martina discusses setting up security and monitoring with tools like Microsoft Purview, enabling visibility into where copilots are working and who is using them. Once the measuring tools are in place, you can begin to establish limitations for the AI without compromising regular employee workflows. Check the show links for a list of great tools you can use to get M365 Copilot working for your organization safely!LinksGovernance Toolkit 365EU AI ActData, Privacy, and Security for Microsoft 365 CopilotTranslating with CopilotConfiguring SharePoint with Entra IDMicrosoft PurviewData Loss PreventionMicrosoft Purview Compliance ManagerData Security Posture Management for AISharePoint Advanced ManagementCopilot in Microsoft 365 Admin CentersRecorded July 16, 2025