Share

cover art for Breaking Bias: Tera Joyce and Tina Zhang-Powell on Celebrating Women in Cybersecurity

The BlueHat Podcast

Breaking Bias: Tera Joyce and Tina Zhang-Powell on Celebrating Women in Cybersecurity

Season 1, Ep. 23

Microsoft Principal Security Engineering, Tera Joyce and Senior Security Program Manager at Microsoft, Tina Zhang-Powell join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. As we celebrate International Women's Day and Women's History Month, Tina and Tera join the show to discuss the importance of allies in promoting inclusivity and diversity within the industry. They both  provide valuable perspectives on assumptions made about women in cybersecurity and offer guidance on fostering an inclusive environment. They highlight the importance of leaders being aware of representation and ensuring diverse perspectives are considered in the decision-making processes and share internal resources like mentoring programs and external opportunities such as conferences to support women in the field. Tina and Tera also offer advice to allies, encouraging them to actively include diverse voices and how they can contribute to creating a more inclusive cybersecurity community. 

 

 

In This Episode You Will Learn:    

 

  • The significance of allies in promoting diversity and inclusivity 
  • How we can address small instances of unconscious bias 
  • The importance of discovering one's calling within the security field 

 

 

Some Questions We Ask:     

 

  • Can you share any resources or ways to support women in cybersecurity? 
  • How can allies better support women in the cybersecurity industry? 
  • Any advice for women or individuals interested in entering the tech and cybersecurity field? 

 

Resources:  

View Tera Joyce on LinkedIn 

View Tina Zhang-Powell on LinkedIn 

View Wendy Zenone on LinkedIn 

View Nic Fillingham on LinkedIn 

 

Related Microsoft Podcasts:  

 

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

More episodes

View all episodes

  • 26. SaaS Exposed: Unmasking Cyber Risks in Cloud Integrations

    39:16
    Luke Jennings, VP of Research & Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations.    In This Episode You Will Learn:     Identifying malicious activities and understanding normal application behavior The importance of having structured methodologies for approving SaaS app usage Challenges organizations face in detecting and preventing SaaS application threats   Some Questions We Ask:      How can an organization create alerts for new, unknown SaaS app integrations? What happens when a SaaS app integration is duplicated by an attacker? Would having a structured methodology for SaaS app usage help minimize risk?  Resources:  View Luke Jennings on LinkedIn  View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 25. Decoding Conference Proposals with Lea Snyder

    47:54
    Lea Snyder, Principal Security Engineer at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Lea is a security leader focused on security strategy and helping organizations mature their security posture and security programs, focusing on areas including IAM, product security, and risk management. Lea explains her unique role as a security architect, highlighting problem-solving across various domains within Microsoft. She shares her unconventional path to cybersecurity, starting with a background in economics and an MBA, and how she transitioned from IT roles to security. Lea, Wendy, and Nic discuss the importance of diverse backgrounds in the industry and offer advice on entering the cybersecurity field. Lea also discusses her involvement in community-driven conferences, particularly B-sides, highlighting their diverse and unique content.    In This Episode You Will Learn:     Tips for submitting conference proposals Challenges when balancing anonymity during a submission The importance of a supportive approach in the conference submission process  Some Questions We Ask:      Is there a typical anonymization process to ensure fairness and inclusivity? What are some challenges when selecting talks that resonate with an audience? Can you elaborate on the value behind B-sides conferences and the unique atmosphere?   Resources:  View Lea Snyder on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 24. Securing the Past with Dustin Heywood

    41:53
    Dustin Heywood, Hacker, Researcher, and Senior Leader at IBM, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Dustin provided a live demonstration of cracking NTLM version 1 during his BlueHat presentation, showcasing the process of responding to challenges, using coercion techniques, and ultimately extracting and cracking the NTLM hash. Dustin, Nic, and Wendy discuss checking group policies, auditing every object, ensuring relevant systems, and managing IT assets effectively. They emphasize the importance of IT asset management and recommend quarantining legacy systems with restricted access.    In This Episode You Will Learn:     Why security professionals need business skills for effective communication Advice for auditing legacy systems with vulnerable protocols  Extracting DPAPI keys and decrypting browser session history   Some Questions We Ask:      How do you manage risk for legacy systems deemed necessary for business? Can you discuss some of the outdated protocols in current IT environments? What guidance would you offer to IT professionals looking to audit their systems?  Resources:  View Dustin Heywood on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks   Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 22. Black Voices Matter: The Role of Allyship in Cybersecurity with Devin Price and Derrick Love

    58:21
    Microsoft Security Technical Program Manager Devin Price and Sr. Program Manager Derrick Love join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. The discussion delves into the experience of being Black in the cybersecurity field. Derrick and Devin share their thoughts on the representation of Black individuals in tech, noting the underrepresentation in the field. The significance of representation and allyship is also discussed while emphasizing the importance of paying it forward, mentoring others, and highlighting the responsibility to support those coming up in the field. Devin and Derrick share the importance of involvement with events that promote the black community, black businesses, and black-led nonprofits. These events aim to create a supportive network within the community, particularly for those working in the technology sector. It underlines the significance of adopting a growth mindset, fostering a sense of community, and actively contributing to the empowerment of individuals within the cybersecurity landscape.     In This Episode You Will Learn:     How mentorship can help the growth of underrepresented individuals in security Actionable advice for fostering diversity in the industry Why representation and allyship is so vital for Cybersecurity  Some Questions We Ask:      What challenges and rewards come with working in cybersecurity? How can we positively affect and support the Black community in tech? Can you share actionable advice for fostering diversity in the industry?  Resources:  View Devin Price on LinkedIn  View Derrick Love on LinkedIn  View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Beam Foundation  Sync Seattle   The Talking Tech Podcast  BAM Scholarship  Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts
  • 21. No Women; No Problem: Katelyn Falk on Creating an ERG for Women in Security

    44:39
    Katelyn Falk, Principal Security TPM at Zoom, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Katelyn is a security technical program manager with 11+ years of experience across IT and security, both cyber and physical, and is also co-founder of Zoom's Women in Security group. Katelyn, Wendy, and Nic discuss the growth of Zoom, the challenges of fostering a sense of community in a rapidly expanding organization, and the importance of diversity and representation in the cybersecurity industry. Katelyn explains the inspiration behind her Blue Hat conference lightning talk, "No Women in Security Group, No Problem," and her role in creating the Women in Security Group. In This Episode You Will Learn:  Practical steps for starting a Women in Security employee resource groupAdvice on overcoming self-doubt when considering a leadership roleExamples of allyship, offering resources and support in meetingsSome Questions We Ask:   How important is executive sponsorship, and how did you navigate securing it?Can you outline the process of establishing a group leadership team?How do you keep the members engaged and connected in a virtual setting?Resources: View Katelyn Falk on LinkedInView Wendy Zenone on LinkedInView Nic Fillingham on LinkedInkatelynfalk.comRelated Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts 
  • 20. Harnessing the Power of Community in Cybersecurity with Darren Spruell

    42:20
    Leading Threat Intelligence at InQuest, Darren Spruell joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Darren explains InQuest's focus on Deep File Inspection® technology to identify malicious traits in files and talks about their role in serving public and private sector companies. Darren shares his cybersecurity journey, passion for combating malware and criminal activities, and his presentation at BlueHat. Wendy, Nic, and Darren highlight the evolution of threat information sharing over the years and the value of intelligence advantage over adversaries. The conversation delves into the significance of threat indicators such as IP addresses, file hashes, domain names, and much more!   In This Episode You Will Learn:     The challenges of exchanging threat intelligence and person-to-person sharing Balancing technical expertise and leadership responsibilities The importance of evolving manual threat intelligence sharing practices  Some Questions We Ask:     How can practitioners enhance the effectiveness of threat intelligence? What types of security roles are sharing IOCs back and forth? Why is community engagement in the cybersecurity industry so necessary?  Resources:  View Darren Spruell on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:  Microsoft Threat Intelligence Podcast  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 19. Canary (Tokens) in the Code Mine with Casey Smith

    37:21
    Thinkst Canary, Cyber Security Researcher Casey Smith joins Nic Fillingham on this week's episode of The BlueHat Podcast. Nic and Casey discuss his background in security, his experience presenting at Blue Hat, and his session on building a Canary token to monitor Windows process execution. The Canary token project is an open-source initiative that creates artifacts on a network to alert defenders when an attacker interacts with them. The tokens can take various forms, such as documents, cloud credentials, QR codes, or executables, providing an early warning system for potential breaches. They also cover the importance of failure in the research process and the evolution of the canary token project to adapt to new attack techniques.   In This Episode You Will Learn:     The need for defenders to explore new features in the Windows operating system Challenges of keeping ahead of more sophisticated adversaries The use of legitimate binaries for malicious activities   Some Questions We Ask:     How do you balance curiosity-driven research with practical security concerns? What challenges do you see in the current state of endpoint security? How do you navigate working with customers and using what you learn for research?  Resources:  View Casey Smith on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                 Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks    The Microsoft Threat Intelligence Podcast    Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
  • 18. Mastering the Bug Hunt: Insights and Ethics with Nestori Syynimaa

    39:42
    Senior Principal Security Researcher Nestori Syynimaa joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Nestori is an ICT professional with a strong practical and academic background. Since April 2021, Nestori has worked as a Senior Principal Security Researcher at Secureworks' Counter Threat Unit. Before joining Secureworks, he worked as a joint CIO for eight cities and municipalities surrounding Tampere, the largest inland city in Scandinavia. Nestori, Wendy, and Nic discuss the importance of understanding the dynamics between researchers and organizations in addressing security concerns, Nestori's journey as a researcher, his academic background, and his experiences speaking at various conferences worldwide.   In This Episode You Will Learn:     Challenges and successes in the bug bounty process The importance of researchers confirming fixes to make the process more efficient  Ethical considerations for researchers and motivations within the hacking community   Some Questions We Ask:     What challenges do many organizations face running bug bounty programs? How can you find a trustworthy peer or seasoned researcher to get feedback on your work? Has encountering different cases shaped your understanding of bug bounty programs?   Resources:  View Nestori Syynimaa on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:                 Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks    The Microsoft Threat Intelligence Podcast      Discover and follow other Microsoft podcasts at microsoft.com/podcasts