RunAs Radio

Eli Holderness, an expert in encryption technologies, dives into the fascinating world of asymmetric encryption. He explains the importance of public and private keys in securing communications. The conversation also highlights the looming threats of quantum computing and the need for quantum-resistant algorithms. Eli introduces newcomers like Dilithium and Kyber, discussing their potential to secure our digital future. The talk wraps up with insights on evolving encryption standards and the role of initiatives like Let's Encrypt in safeguarding online security.

In this engaging discussion, Tony Redmond, Principal of Tony Redmond Associates and a Microsoft MVP, shares his expertise in technology strategy. He reveals the astounding capabilities of PowerShell within Microsoft 365, emphasizing its role in automation. The conversation dives into the emergence of a new book dedicated to this topic and explores how tools like GitHub Copilot can enhance coding efficiency. Tony also tackles the intricacies of Microsoft Graph and the integration of AI, highlighting the dynamic and evolving landscape of M365 administration.

How is generative AI evolving, and what can we do about it? While at NDC in Oslo, Richard chatted with Alison Cossette about her work as a data scientist before the ChatGPT explosion in November 2022 and what life has been like since the LLM came to town. Alison talks about the rigor of building AI models using generative AI before ChatGPT and how many of those efforts have diminished when confronted with a friendly, confident language model. Eventually, this rigor will be needed - as the dangers of not managing language models cause problems, and the need for rigor will re-appear. Alison describes steps you can take today to understand how the LLMs you are using are trained and how they are tested. Generative AI is evolving, and you can be part of making it better!LinksGitHub CopilotFairly TrainedRecorded June 12, 2024

Leadership wants to get on the AI bandwagon - what are the security risks? While at the Kansas City Developers Conference, Richard sat down with Steve Poole to talk about his experiences helping companies manage the risk of bringing AI into the company. Steve talks about the impact of introducing a new development stack, especially open-source stacks where you aren't sure of the providence of the code - sometimes there's malware in there! The conversation also moves to the various sources of language models and the potential risks. There's an urgency to move quickly on this technology, but don't allow that urgency to shortcut the safety your company will need - you can do this properly!LinksHugging FaceRecorded June 27, 2024

What are the threats your cloud application and infrastructure are facing? While at NDC Oslo, Richard chatted with Daniela Cruzes and Romina Druta about their work building threat models for cloud-based applications. Daniela discusses how modeling helps to understand security concerns before applications are deployed and attacked - often, security retrofits are time-consuming and expensive, so thinking them through beforehand has enormous benefits. Romina dives into the supply chain side of threats - open-source libraries with backdoors, even down to development tools with malware. There are a lot of threats - but when you look, there are often great solutions as well. You'll need to collaborate with development to secure things, but security isn't optional and is worth fighting for.LinksCloud-Native Application Protection PlatformArgoVSCode Malicious Extention ThreatsRecorded June 12, 2024

Tarek Dawoud, an expert from Microsoft specializing in passwordless access and the FIDO alliance, shares insights into the evolution of authentication. He highlights the urgent need to move away from traditional passwords due to their vulnerabilities. Tarek emphasizes the advantages of passkeys in combating phishing attacks and discusses the collaborative efforts among tech giants to enhance security standards. The conversation reveals how passkeys could redefine user experience, making cybersecurity more accessible for all.

Natalie Serebryakova, a disaster recovery consultant, joins the conversation to unpack the costs associated with recovering from disasters in cloud environments. She discusses the various types of disasters, from data deletion to severe outages, and the critical importance of identifying what needs backing up. The dialogue ventures into how understanding Recovery Time Objectives can refine disaster recovery strategies, improve infrastructure, and ultimately lower costs. With a nod to best practices, Natalie emphasizes the balance between optimizing resources and maintaining efficient operations.

Richard Hicks, an expert in Microsoft Cloud PKI and certificate management, shares insights on moving device certificate authority to the cloud. He discusses the current state of Cloud PKI, emphasizing its early development and the reliance on Intune for device certificates. Richard explains how it can streamline on-premises infrastructure while enhancing security. He highlights challenges in managing server certificates and the need for automation in certificate management within cloud environments. The conversation reveals the future potential of Cloud PKI landscape.

How are you protecting your organization's data? Richard chats with Joanne Klein about her work with Microsoft Purview to help with data protection, management, and governance. Joanne talks about a spike in data protection concerns from Microsoft Copilot - if you have been securing data through obscurity, you're in for a nasty surprise! Copilot has a knack for finding every nook and cranny of data. Proper data protection also means effective archiving - getting rid of out-of-date or irrelevant data. And then there are the security concerns around data retention - how do you need to keep, and for how long? Microsoft Purview can help with all these problems, but you must work with leadership to get things right!LinksMicrosoft PurviewAdaptive Prevention in PurviewRecorded June 10, 2024

How has the cloud transformed the way we work with data? While at Build in Seattle, Richard sat down with Arun Ulag, Microsoft CVP of Azure Data, to discuss how the cloud has transformed how we work with data. The pre-cloud practice of extract-transform-and-load into OLAP cubes has given way to the data lake - you don't need to pre-process data if you have all the compute you need on demand. Arun goes further into empowering analysts using tools like PowerBI - but the key is access to data. With Microsoft Fabric, data lives in OneLake - or anywhere through links! Today, the data analytics landscape spans different product stacks and clouds - but all are available to learn more about your business!Links:PowerBIPivot Tables in ExcelOne LakeApache IcebergSnowflakeDatabricksRecorded May 22, 2024