RunAs Radio

Paula Januszkiewicz, founder of Secure Academy, shares her cybersecurity expertise, encouraging proactive vulnerability assessments. She highlights common oversights organizations make, particularly with PKI servers. The discussion delves into effective penetration testing tools while warning about the risks of unreliable sources. Paula emphasizes the need for ethical considerations in cybersecurity, balancing automated methods with manual assessments. She also touches on the importance of security awareness and services like 'Have I Been Pwned' to help prevent breaches.

Doug Finke, a 15-time Microsoft MVP and author of "PowerShell for Developers," shares his insights on leveraging OpenAI tools like ChatGPT and GitHub Copilot to enhance PowerShell scripting. He discusses how incorporating the OpenAI API into PowerShell scripts can create conversational interfaces, making scripts more user-friendly. Doug highlights productivity gains, automating tasks, and exploring new features. The integration of AI tools promises to transform coding workflows, improving accessibility and support for developers at all levels.

Microsoft 365 Data Governance has always been critical - but it's only getting more important! Richard talks to Nikki Chapple about her experiences working with companies trying to get their "data estate in order." That phrase is what Microsoft recommends before turning on tools like Copilot for M365. Nikki talks about how hard the goal of data security is - that it is just as tricky as any other security goal. Data security is an endless process that needs refining and work on routinely as new data and classes of data arrive in the organization. In the meantime, users are taking advantage of LLMs like ChatGPT for their work whether we want them to or not - so there is a need to act quickly to provide secure capabilities!LinksData. Privacy, and Security for Microsoft Copilot for M365Exabeam Business Rewards vs Security Risks ReportMicrosoft 2024 Work Trend Index ReportMicrosoft Purview Data Security and Compliance Protections for Generative AI AppsMicrosoft Copilot Studio for M365Entra Entitlement ManagementShareable Links in OneDrive and SharePoint in M365Nikki's M365 Governance BlogAll Things M365 Governance on YouTubeRecorded August 16, 2024

Orin Thomas, a Principal Cloud Operations Advocate at Microsoft and author of multiple books on Microsoft technologies, shares insights on Windows Server 2025's impact on Active Directory. He discusses key improvements, like the retirement of NTLM and the importance of upgrading to at least Server 2016 functional level for new security features. Orin also explores innovative certification practices, emphasizing hands-on evaluations that reflect real-world skills. Tune in for a deep dive into modernizing IT infrastructure and enhancing security!

Eli Holderness, an expert in encryption technologies, dives into the fascinating world of asymmetric encryption. He explains the importance of public and private keys in securing communications. The conversation also highlights the looming threats of quantum computing and the need for quantum-resistant algorithms. Eli introduces newcomers like Dilithium and Kyber, discussing their potential to secure our digital future. The talk wraps up with insights on evolving encryption standards and the role of initiatives like Let's Encrypt in safeguarding online security.

In this engaging discussion, Tony Redmond, Principal of Tony Redmond Associates and a Microsoft MVP, shares his expertise in technology strategy. He reveals the astounding capabilities of PowerShell within Microsoft 365, emphasizing its role in automation. The conversation dives into the emergence of a new book dedicated to this topic and explores how tools like GitHub Copilot can enhance coding efficiency. Tony also tackles the intricacies of Microsoft Graph and the integration of AI, highlighting the dynamic and evolving landscape of M365 administration.

How is generative AI evolving, and what can we do about it? While at NDC in Oslo, Richard chatted with Alison Cossette about her work as a data scientist before the ChatGPT explosion in November 2022 and what life has been like since the LLM came to town. Alison talks about the rigor of building AI models using generative AI before ChatGPT and how many of those efforts have diminished when confronted with a friendly, confident language model. Eventually, this rigor will be needed - as the dangers of not managing language models cause problems, and the need for rigor will re-appear. Alison describes steps you can take today to understand how the LLMs you are using are trained and how they are tested. Generative AI is evolving, and you can be part of making it better!LinksGitHub CopilotFairly TrainedRecorded June 12, 2024

Leadership wants to get on the AI bandwagon - what are the security risks? While at the Kansas City Developers Conference, Richard sat down with Steve Poole to talk about his experiences helping companies manage the risk of bringing AI into the company. Steve talks about the impact of introducing a new development stack, especially open-source stacks where you aren't sure of the providence of the code - sometimes there's malware in there! The conversation also moves to the various sources of language models and the potential risks. There's an urgency to move quickly on this technology, but don't allow that urgency to shortcut the safety your company will need - you can do this properly!LinksHugging FaceRecorded June 27, 2024

What are the threats your cloud application and infrastructure are facing? While at NDC Oslo, Richard chatted with Daniela Cruzes and Romina Druta about their work building threat models for cloud-based applications. Daniela discusses how modeling helps to understand security concerns before applications are deployed and attacked - often, security retrofits are time-consuming and expensive, so thinking them through beforehand has enormous benefits. Romina dives into the supply chain side of threats - open-source libraries with backdoors, even down to development tools with malware. There are a lot of threats - but when you look, there are often great solutions as well. You'll need to collaborate with development to secure things, but security isn't optional and is worth fighting for.LinksCloud-Native Application Protection PlatformArgoVSCode Malicious Extention ThreatsRecorded June 12, 2024

Tarek Dawoud, an expert from Microsoft specializing in passwordless access and the FIDO alliance, shares insights into the evolution of authentication. He highlights the urgent need to move away from traditional passwords due to their vulnerabilities. Tarek emphasizes the advantages of passkeys in combating phishing attacks and discusses the collaborative efforts among tech giants to enhance security standards. The conversation reveals how passkeys could redefine user experience, making cybersecurity more accessible for all.