Share

cover art for BlueHat Oct 23 Day 1 Keynote: John Lambert

The BlueHat Podcast

BlueHat Oct 23 Day 1 Keynote: John Lambert

Season 1, Ep. 14

In this week’s special episode, we bring you the BlueHat Oct 23, day 1 keynote delivered by John Lambert, Microsoft Corporate Vice President and Security Fellow. In his BlueHat Oct day 1 keynote, John discusses the importance of incidents in the security field, strategies for finding security incidents, and the importance of looking beyond traditional defense measures to discover attackers and traces outside of one's network. John introduces the idea of "hunting until closure," which involves systematically investigating various attacker actions to learn more about their activities. He also mentions the concept of "time travel breach detection," which uses historical logs to trace and identify previous attacker actions. 

 

 

In This Episode You Will Learn:    

 

  • The importance of security incidents in shaping the cybersecurity field 
  • Why logs and telemetry data in cybersecurity are essential when tracking attacker actions 
  • How valuable mutual respect is in the security community 

 

Some Questions We Ask:    

 

  • How do escalating conflicts within teams affect productivity? 
  • What role did trust and collaboration play in responding to the SolarWinds incident? 
  • Why must the security community work together to protect customers? 

 

Resources:  

View John Lambert on LinkedIn  

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 


Related Microsoft Podcasts:                 

   


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  


More episodes

View all episodes

  • 22. Black Voices Matter: The Role of Allyship in Cybersecurity with Devin Price and Derrick Love

    58:21
    Microsoft Security Technical Program Manager Devin Price and Sr. Program Manager Derrick Love join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. The discussion delves into the experience of being Black in the cybersecurity field. Derrick and Devin share their thoughts on the representation of Black individuals in tech, noting the underrepresentation in the field. The significance of representation and allyship is also discussed while emphasizing the importance of paying it forward, mentoring others, and highlighting the responsibility to support those coming up in the field. Devin and Derrick share the importance of involvement with events that promote the black community, black businesses, and black-led nonprofits. These events aim to create a supportive network within the community, particularly for those working in the technology sector. It underlines the significance of adopting a growth mindset, fostering a sense of community, and actively contributing to the empowerment of individuals within the cybersecurity landscape.     In This Episode You Will Learn:     How mentorship can help the growth of underrepresented individuals in security Actionable advice for fostering diversity in the industry Why representation and allyship is so vital for Cybersecurity  Some Questions We Ask:      What challenges and rewards come with working in cybersecurity? How can we positively affect and support the Black community in tech? Can you share actionable advice for fostering diversity in the industry?  Resources:  View Devin Price on LinkedIn  View Derrick Love on LinkedIn  View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Beam Foundation  Sync Seattle   The Talking Tech Podcast  BAM Scholarship  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts
  • 21. No Women; No Problem: Katelyn Falk on Creating an ERG for Women in Security

    44:39
    Katelyn Falk, Principal Security TPM at Zoom, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Katelyn is a security technical program manager with 11+ years of experience across IT and security, both cyber and physical, and is also co-founder of Zoom's Women in Security group. Katelyn, Wendy, and Nic discuss the growth of Zoom, the challenges of fostering a sense of community in a rapidly expanding organization, and the importance of diversity and representation in the cybersecurity industry. Katelyn explains the inspiration behind her Blue Hat conference lightning talk, "No Women in Security Group, No Problem," and her role in creating the Women in Security Group. In This Episode You Will Learn:  Practical steps for starting a Women in Security employee resource groupAdvice on overcoming self-doubt when considering a leadership roleExamples of allyship, offering resources and support in meetingsSome Questions We Ask:   How important is executive sponsorship, and how did you navigate securing it?Can you outline the process of establishing a group leadership team?How do you keep the members engaged and connected in a virtual setting?Resources: View Katelyn Falk on LinkedInView Wendy Zenone on LinkedInView Nic Fillingham on LinkedInkatelynfalk.comRelated Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts 
  • 20. Harnessing the Power of Community in Cybersecurity with Darren Spruell

    42:20
    Leading Threat Intelligence at InQuest, Darren Spruell joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Darren explains InQuest's focus on Deep File Inspection® technology to identify malicious traits in files and talks about their role in serving public and private sector companies. Darren shares his cybersecurity journey, passion for combating malware and criminal activities, and his presentation at BlueHat. Wendy, Nic, and Darren highlight the evolution of threat information sharing over the years and the value of intelligence advantage over adversaries. The conversation delves into the significance of threat indicators such as IP addresses, file hashes, domain names, and much more!   In This Episode You Will Learn:     The challenges of exchanging threat intelligence and person-to-person sharing Balancing technical expertise and leadership responsibilities The importance of evolving manual threat intelligence sharing practices  Some Questions We Ask:     How can practitioners enhance the effectiveness of threat intelligence? What types of security roles are sharing IOCs back and forth? Why is community engagement in the cybersecurity industry so necessary?  Resources:  View Darren Spruell on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:  Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 19. Canary (Tokens) in the Code Mine with Casey Smith

    37:21
    Thinkst Canary, Cyber Security Researcher Casey Smith joins Nic Fillingham on this week's episode of The BlueHat Podcast. Nic and Casey discuss his background in security, his experience presenting at Blue Hat, and his session on building a Canary token to monitor Windows process execution. The Canary token project is an open-source initiative that creates artifacts on a network to alert defenders when an attacker interacts with them. The tokens can take various forms, such as documents, cloud credentials, QR codes, or executables, providing an early warning system for potential breaches. They also cover the importance of failure in the research process and the evolution of the canary token project to adapt to new attack techniques.   In This Episode You Will Learn:     The need for defenders to explore new features in the Windows operating system Challenges of keeping ahead of more sophisticated adversaries The use of legitimate binaries for malicious activities   Some Questions We Ask:     How do you balance curiosity-driven research with practical security concerns? What challenges do you see in the current state of endpoint security? How do you navigate working with customers and using what you learn for research?  Resources:  View Casey Smith on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                 Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks    The Microsoft Threat Intelligence Podcast    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 18. Mastering the Bug Hunt: Insights and Ethics with Nestori Syynimaa

    39:42
    Senior Principal Security Researcher Nestori Syynimaa joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Nestori is an ICT professional with a strong practical and academic background. Since April 2021, Nestori has worked as a Senior Principal Security Researcher at Secureworks' Counter Threat Unit. Before joining Secureworks, he worked as a joint CIO for eight cities and municipalities surrounding Tampere, the largest inland city in Scandinavia. Nestori, Wendy, and Nic discuss the importance of understanding the dynamics between researchers and organizations in addressing security concerns, Nestori's journey as a researcher, his academic background, and his experiences speaking at various conferences worldwide.   In This Episode You Will Learn:     Challenges and successes in the bug bounty process The importance of researchers confirming fixes to make the process more efficient  Ethical considerations for researchers and motivations within the hacking community   Some Questions We Ask:     What challenges do many organizations face running bug bounty programs? How can you find a trustworthy peer or seasoned researcher to get feedback on your work? Has encountering different cases shaped your understanding of bug bounty programs?   Resources:  View Nestori Syynimaa on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                 Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks    The Microsoft Threat Intelligence Podcast      Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 17. Service Principles in the Spotlight: Insights from Microsoft’s Security Experts

    43:53
    Senior Data Scientist Emily Yale and Senior Threat Hunt Analyst at Microsoft Chris Bukavich join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Chris focuses on incident response, investigation, and detection of major incidents, while Emily works on developing and improving detections for Microsoft's internal security. Emily and Chris were co-presenters at this year's BlueHat conference. They discussed unmasking Azure-based adversaries with an emphasis on monitoring service principles,  how their respective expertise in data science and cybersecurity contributed to the session, and the challenges of monitoring service principles in Azure. This concept has evolved from traditional service accounts.   In This Episode You Will Learn:     The importance of monitoring spikes in activity Criteria for identifying malicious behavior targeting service principles Historical context of service principles and their increasing relevance  Some Questions We Ask:     How can you proactively monitor and detect anomalies related to service principles? What challenges arise when profiling service principles based on past behavior? When can service principles be tied to user authentication?  Resources:  View Emily Yale on LinkedIn View Chris Bukavich on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts 
  • 16. Kaileigh McCrea: Navigating the Privacy Maze: Insights from the Yandex Controversy

    45:33
    Kaileigh McCrea, Lead Privacy Engineer at Confiant, joins Wendy Zenone on this week's episode of The BlueHat Podcast. Kaileigh explains her journey into privacy engineering, the ever-evolving nature of privacy regulations, and the challenges of defining protected data. Wendy and Kaileigh also delve into Yandex's extensive reach, connections to the Netherlands, and the complexities surrounding its ownership and compliance in the face of global sanctions. Overall, the discussion emphasizes the importance of protecting personal data and being aware of potential risks, even if one believes they have nothing to hide.   In This Episode You Will Learn:     The importance of protecting personal data, even with nothing to hide Implications of the Yandex data leak Challenges Yandex faces in trying to sell off its assets   Some Questions We Ask:     What kind of analytics data was involved in the Yandex leak? How could this data be misused from a national security perspective? Why is protecting one's data so tricky due to the scale of data collection?   Resources:  View Kaileigh McCrea on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                 Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks    Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security The Microsoft Threat Intelligence Podcast      Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 15. Deprecating NTLM is Easy and Other Lies We Tell Ourselves with Steve Syfuhs

    43:32
    Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements.   In This Episode You Will Learn:     Technical and security aspects of password-based authentication protocols Why passwords should not be the primary authentication mechanism  The challenges of making significant changes to long-standing systems  Some Questions We Ask:     Why explore secure and user-friendly alternatives like biometrics or hardware keys? How quickly can you guess an 8-character password using specialized hardware? Will audits within Microsoft help understand and improve NTLM usage and security?  Resources:  View Steve Syfuhs on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                 Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks    Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security The Microsoft Threat Intelligence Podcast    Discover and follow other Microsoft podcasts at microsoft.com/podcasts