Summary
In this episode of the Blue Security Podcast, hosts Andy and Adam delve into Microsoft's new feature, Security Exposure Management (XSPM). They discuss the evolution of vulnerability management, the importance of understanding exposure management, and the five phases of continuous threat exposure management. The conversation also covers licensing requirements, the functionality of the exposure management portal, and the proactive approach to cybersecurity that this new feature embodies. The hosts emphasize the need for organizations to adopt a holistic view of their security posture and to continuously assess their vulnerabilities and risks.
----------------------------------------------------
YouTube Video Link: https://youtu.be/fuHMhE4gRrA
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/security-exposure-management/microsoft-security-exposure-management
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the new security features of Windows 11, focusing on Administrator Protection and its implications for user privilege management. They also explore the advancements in Microsoft Sentinel, particularly the introduction of multi-tenancy and workspace management, which enhances security operations for organizations with multiple tenants. The discussion emphasizes the importance of these features in improving security and operational efficiency.
----------------------------------------------------
YouTube Video Link: https://youtu.be/n4IsSrLmPPc
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/blog/windows-itpro-blog/administrator-protection-on-windows-11/4303482
https://techcommunity.microsoft.com/blog/microsoftsentinelblog/whats-new-multi-tenancy-in-the-unified-security-operations-platform-experience-i/4225658
https://techcommunity.microsoft.com/blog/microsoftsentinelblog/multi-workspace-for-multi-tenant-is-now-in-public-preview-in-microsofts-unified-/4398229
https://learn.microsoft.com/en-us/unified-secops-platform/mto-overview
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft's Secure Future Initiative (SFI), which aims to enhance security standards across its products and services. They delve into the implementation of mandatory multi-factor authentication, the transition to passwordless accounts, and the adoption of memory-safe programming languages. The conversation highlights the importance of user experience in security measures and the ongoing efforts to reduce vulnerabilities in software development. In this conversation, Andy Jaw and Adam Brewer discuss significant advancements in Windows security, including just-in-time admin access, the Pluton processor, and the integration of security features in Windows 11. They emphasize the importance of mandatory security practices at Microsoft, the role of Xbox in hardware security, and the need for transparency in vulnerability disclosures. The discussion also highlights the impact of security framework initiatives on employee behavior and the overall security posture of the organization.
----------------------------------------------------
YouTube Video Link: https://youtu.be/GctR4oEo_PI
----------------------------------------------------
Documentation:
https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the new Quick Recovery feature in Windows 11, which automates device remediation during critical failures. They explore its implications for cybersecurity, the Windows Resiliency Initiative, and the importance of user feedback in feature development. The conversation also covers the Hot Patch feature, which allows for security updates without requiring user reboots, and the performance of Windows on ARM devices. Finally, they delve into Copilot's new podcast generation feature, highlighting its potential to enhance user learning.
----------------------------------------------------
YouTube Video Link:
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-started-with-quick-machine-recovery-in-windows/4398487
https://techcommunity.microsoft.com/blog/windows-itpro-blog/hotpatch-for-windows-client-now-available/4399808
https://www.msn.com/en-us/news/technology/copilot-can-now-turn-your-favorite-topics-into-a-virtual-podcast-that-you-can-partake-in/ar-AA1CjDld
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical updates in cybersecurity, focusing on the funding crisis of the CVE program, concerns over government efficiency and data security, and the recent Microsoft CLFS vulnerability that led to ransomware threats. They emphasize the importance of maintaining a centralized database for vulnerability tracking and the risks associated with data handling in government agencies.
----------------------------------------------------
YouTube Video Link: https://youtu.be/V6kCi3H-yLY
----------------------------------------------------
Documentation:
https://www.theverge.com/news/649835/cve-cybersecurity-program-contract-renewed
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the integration of Microsoft Security Solutions with third-party security tools. They explore how organizations can leverage Microsoft Defender for Endpoint, Defender for Office, Entra, Intune, and Cloud Access Security Broker solutions to enhance their security posture. The conversation emphasizes the importance of utilizing existing tools to gain additional insights and telemetry, ensuring a more robust security framework without conflicts or performance degradation.
----------------------------------------------------
YouTube Video Link: https://youtu.be/kE2cVwjPzYs
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-antivirus-compatibilityhttps://learn.microsoft.com/en-us/intune/intune-service/protect/device-compliance-partners#supported-device-compliance-partnershttps://learn.microsoft.com/en-us/defender-cloud-apps/zscaler-integrationhttps://learn.microsoft.com/en-us/defender-cloud-apps/additional-integrations
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the intricacies of Microsoft's Automatic Attack Disruption feature, particularly focusing on its integration with OAuth protection. They discuss the risks associated with OAuth applications, the importance of signal correlation in detecting and mitigating attacks, and the capabilities of Microsoft's Defender XDR platform. The conversation highlights the need for organizations to configure their security settings effectively and the future direction of security practices towards a 'secure by default' approach.
----------------------------------------------------
YouTube Video Link: https://youtu.be/zLj5b8JFH2s
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/defending-against-oauth-based-attacks-with-automatic-attack-disruption/4384381
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal
https://learn.microsoft.com/en-us/graph/permissions-reference
https://learn.microsoft.com/en-us/defender-xdr/configure-attack-disruption
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss a significant breach of sensitive military information that was leaked through a Signal chat involving high-level government officials. They explore the implications of this breach, the role of technology in government security, and the human errors that led to the violation of established policies. The conversation delves into the cultural influences on compliance, the challenges posed by shadow IT, and the evolution of security practices in the face of modern technology. They also evaluate the security risks associated with using Signal for sensitive communications. In this conversation, Andy Jaw and Adam Brewer delve into the complexities of data security, focusing on the vulnerabilities associated with devices and applications like Signal. They discuss the importance of human factors in data security, emphasizing that even the most secure applications can be compromised through human error. The conversation transitions into organizational strategies for protecting sensitive information, highlighting the need for a positive workplace culture that encourages compliance with security protocols. The discussion concludes with reflections on the importance of adaptability in organizational security practices and the role of insider risk management.
----------------------------------------------------
YouTube Video Link: https://youtu.be/hLotPRhNH8s
----------------------------------------------------
Documentation:
https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/
https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176/
https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the intricacies of Microsoft Entra's conditional access. They explore the fundamental concepts of conditional access, its policies, and the integration of identity management with device management. The discussion highlights the importance of risk assessment, granular control, and the various conditions that can be applied to access controls. The hosts emphasize the significance of compliance policies and the interplay between different security measures to ensure robust protection against potential threats. In this conversation, Adam Brewer and Andy Jaw delve into the complexities of compliance and security in hybrid environments, focusing on access control mechanisms, session controls, and the innovative concept of authentication context. They explore the importance of ensuring devices are compliant and the various strategies organizations can implement to enhance security measures, including the use of approved client apps and continuous access evaluation. The discussion emphasizes the need for a layered security approach to protect sensitive information effectively.
----------------------------------------------------
YouTube Video Link: https://youtu.be/qvfEt49j2qQ
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
https://learn.microsoft.com/en-us/sharepoint/authentication-context-example
https://techcommunity.microsoft.com/blog/microsoft-entra-blog/conditional-access-authentication-context-now-in-public-preview/1942484
https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/enhancing-security-with-entra-pim-and-conditional-access-policy-using-authentica/4368002
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the complexities of granting secure access to third-party vendors and contractors. They discuss the best practices for managing elevated permissions, the implications of B2B collaboration, and the importance of lifecycle management for contractor accounts. The conversation also covers licensing considerations for external identities and compares access methods like Azure Bastion and Azure Virtual Desktop (AVD). In this conversation, Adam Brewer and Andy Jaw delve into the complexities of RDP security, Azure environments, and the management of contractor accounts. They discuss the inherent risks associated with RDP, the importance of mitigating these risks through proper governance and lifecycle management, and the advantages of using Azure Virtual Desktop (AVD) versus Windows 365 for contractors. The discussion emphasizes the need for a zero trust approach and the benefits of network segmentation, while also addressing licensing considerations and user management strategies.
----------------------------------------------------
YouTube Video Link: https://youtu.be/PQSLdNK_Yv4
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/windows-365/overview
https://learn.microsoft.com/en-us/azure/virtual-desktop/overview
https://learn.microsoft.com/en-us/entra/external-id/b2b-fundamentals
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer engage with cybersecurity architect Carl Neibach to discuss the evolution of logging practices in security information and event management (SIEM) systems. The conversation explores the shift from a 'log everything' mentality to a more strategic approach that emphasizes quality over quantity in data ingestion. Carl highlights the challenges posed by exponential data growth and the importance of customer empathy in designing effective security operations. The discussion also delves into the cost of detection, the value of high-quality logs, and the need for organizations to rethink their logging strategies to enhance threat detection and response capabilities. In this conversation, Karl discusses the intricacies of data logging in cybersecurity, emphasizing the importance of understanding the layers of data fidelity and how to effectively manage and utilize logs within Azure Sentinel. He introduces a pyramid model to categorize different types of logs based on their security value and discusses the significance of data-driven decision-making in optimizing security operations. The conversation also touches on the need for evolving data architecture to keep pace with modern threats and the practical implications of data management in security operations.----------------------------------------------------
YouTube Video Link: https://youtu.be/V3KEpNIJl-o
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/data-explorer/data-explorer-overview
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview
https://techcommunity.microsoft.com/blog/microsoftsentinelblog/using-azure-data-explorer-for-long-term-retention-of-microsoft-sentinel-logs/1883947
https://learn.microsoft.com/en-us/azure/sentinel/basic-logs-use-cases
https://www.linkedin.com/in/karlniblock/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer engage with Ray Wolfram, Senior Product Manager for Defender Experts at Microsoft. Ray shares her extensive background in healthcare IT and cybersecurity, detailing her journey to Microsoft and the impact of COVID-19 on the cybersecurity landscape. The conversation delves into the two offerings of Defender Experts: Defender Experts for Hunting and Defender Experts for XDR, highlighting their unique features and the role of Microsoft in providing unparalleled threat intelligence. The episode emphasizes the importance of human expertise in cybersecurity and the proactive approach of Defender Experts in threat hunting and incident response. In this conversation, the speakers discuss the evolving landscape of cybersecurity, focusing on the role of threat hunters, the capabilities of Microsoft Defender Experts for XDR, and the importance of partnerships in providing comprehensive security solutions. They explore how Microsoft meets customers where they are, the onboarding process for new customers, and the integration of third-party solutions into the Defender ecosystem. The discussion also highlights the proactive nature of Defender Experts and the future roadmap for Defender for Cloud, emphasizing the need for collaboration in the cybersecurity space.----------------------------------------------------
YouTube Video Link: https://youtu.be/zY9zOEFkZOc
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/defender-xdr/defender-experts-for-hunting
https://learn.microsoft.com/en-us/defender-xdr/dex-xdr-overview
https://www.microsoft.com/en-us/security/blog/2023/03/27/microsoft-incident-response-retainer-is-generally-available/
https://www.linkedin.com/in/raaewolfram/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the ongoing battle between governments and tech companies over encryption, focusing on Apple's recent response to the UK government's demands for access to iCloud data. They explore the implications of Apple's decision to disable advanced data protection for UK users and the broader context of encryption in cybersecurity. The conversation then shifts to the latest MITRE evaluation of endpoint protection platforms, highlighting Microsoft's performance and the challenges of the evaluation methodology. In this conversation, Andy Jaw and Adam Brewer delve into the complexities of cybersecurity, focusing on the limitations of current testing methods, the importance of realistic evaluations, and the need for a shared responsibility culture within organizations. They critique the MITRE evaluation process, discuss the shortcomings of phishing simulations, and emphasize the necessity of integrating security into the organizational culture to foster collaboration rather than hostility between security teams and users.----------------------------------------------------
YouTube Video Link: https://youtu.be/TL_cu-vnu58
----------------------------------------------------
Documentation:
https://www.theverge.com/policy/612136/uk-icloud-investigatory-powers-act-war-on-encryption
https://arstechnica.com/tech-policy/2025/02/apple-pulls-data-protection-tool-instead-of-caving-to-uk-demand-for-a-backdoor/
https://www.microsoft.com/en-us/security/blog/2024/12/11/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise/
https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss the evolution of messaging security, focusing on end-to-end encryption and the implications of RCS messaging. They explore the recent market reactions to AI developments, particularly the impact of the DeepSeek app on Nvidia's stock value and delve into the nuances of AI model efficiency and its potential effects on the tech industry. In this conversation, Adam Brewer and Andy Jaw explore the evolving landscape of AI technology, particularly in the context of US-China relations, the ethical implications of AI scraping, and the pressing concerns surrounding data privacy. They discuss the importance of building a record of work efforts, the innovative spirit that arises from constraints, and the public's perception of data security. The dialogue emphasizes the need for awareness and proactive conversations about data handling and privacy policies in an increasingly digital world.----------------------------------------------------
YouTube Video Link: https://youtu.be/yicYSkuECcQ
----------------------------------------------------
Documentation:
https://www.tomsguide.com/phones/iphones/fbi-warns-apple-and-android-users-to-avoid-rcs-messaging-heres-why
https://www.bbc.com/news/articles/c0qw7z2v1pgo
https://techcrunch.com/2025/01/29/microsoft-probing-whether-deepseek-improperly-used-openais-api/
https://www.fastcompany.com/91267968/how-the-biden-chip-bans-created-a-monster-called-deepseek
https://lifehacker.com/tech/how-to-try-deepseek-ai-and-why-you-might-not-want-to
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the importance of securing CI/CD environments, highlighting the risks associated with these systems and the best practices for mitigating vulnerabilities. They delve into specific threats, including insecure code and supply chain compromises, and emphasize the need for a collaborative approach between security professionals and developers to ensure secure software development practices. ----------------------------------------------------
YouTube Video Link: https://youtu.be/zQwFAN6PHrE
----------------------------------------------------
Documentation:
https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joint-guidance-defending-continuous-integrationcontinuous-delivery-cicd
https://owasp.org/www-project-top-10-ci-cd-security-risks/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft FastTrack with guest Thomas Finney. They explore the benefits and eligibility of FastTrack, which is designed to help organizations adopt and deploy Microsoft 365 services. The conversation covers various aspects of FastTrack, including various Microsoft services, focusing on Defender, Entra, Intune, Microsoft Viva, Windows deployment, App Assure, and the Microsoft 365 Copilot. They explore how FastTrack can assist organizations in leveraging these services effectively, including the role of FastTrack Ready partners in delivering benefits and support. The discussion emphasizes the importance of maximizing investments in Microsoft technologies and ensuring seamless transitions and integrations within organizations. ----------------------------------------------------
YouTube Video Link: https://youtu.be/TwaOZrDhm2M
----------------------------------------------------
Documentation:
https://www.linkedin.com/in/thomascfinney/
tc.finney@microsoft.com
FastTrack Service Description - https://aka.ms/ftcsd
FastTrack Eligibility - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/eligibility
Microsoft Defender - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-defender
Microsoft Entra, including Zero Trust - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-entra-id
Microsoft Intune - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-intune
Microsoft Purview - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-purview
Microsoft Sentinel - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-sentinel
Microsoft Viva - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-viva
Office 365 - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/office-365
Windows, Windows 365, Universal Print, Microsoft 365 Apps, Microsoft Edge - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/windows-and-other-services
App Assure - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/windows-and-other-services#app-assure
FastTrack Process and Expectations - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/process-and-expectations
Request FastTrack assistance for Microsoft 365 - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/process-and-expectations#engaging-fasttrack
https://learn.microsoft.com/en-us/microsoft-365/enterprise/request-fasttrack-assistance-microsoft-365?view=o365-worldwide
FastTrack Ready approved partners
https://cloudpartners.transform.microsoft.com/fasttrack-ready-approved-partners
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, host Andy Jaw and co-host Adam Brewer welcome Brodie Cassell, a principal security consultant at Microsoft. Brodie shares his journey from various IT roles to his current position at Microsoft, discussing the importance of adapting to new technologies and the challenges of data security in the age of AI. The conversation delves into the significance of a holistic approach to security, the role of Microsoft Industry Solutions Delivery, and the need for organizations to evolve their security practices to keep pace with technological advancements. In this conversation, Brodie Cassell and Adam Brewer discuss their experiences in the cybersecurity field, particularly focusing on the dynamics of consulting work, the evolution of security practices at Microsoft, and the differences between public and private sector security. They emphasize the importance of passion in their work, the value of community in cybersecurity, and the need for continuous learning and adaptation in a rapidly changing environment. ----------------------------------------------------
YouTube Video Link:
----------------------------------------------------
Documentation:
https://www.linkedin.com/in/brodiecassell/
brodie.cassell@microsoft.com
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the Zero Trust Maturity Model and its implications for organizations looking to enhance their cybersecurity posture. They delve into CISA's guidance and Microsoft's mapping of this model, emphasizing the importance of prescriptive guidance in navigating the complexities of cybersecurity. The conversation also touches on the distinction between education and sales in the cybersecurity space, highlighting the value of continuous learning and the purpose behind their podcast. In this episode, Andy Jaw and Adam Brewer discuss the emergence of Banshee malware targeting MacOS users, emphasizing the importance of vigilance in application downloads and the effectiveness of Mac's security features. They also highlight the IRS's Identity Protection PIN program, which aims to prevent tax fraud, and the newly launched Cybersecurity Safety Label for IoT devices, designed to help consumers identify secure products. The conversation underscores the need for robust security measures and user awareness in an increasingly digital world. ----------------------------------------------------
YouTube Video Link:
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/security/zero-trust/cisa-zero-trust-maturity-model-intro
https://www.msn.com/en-us/news/technology/new-macos-malware-uses-apples-own-code-to-quietly-steal-credentials-and-personal-data-how-to-stay-safe/ar-BB1rglVj
https://www.bleepingcomputer.com/news/security/scammers-file-first-get-your-irs-identity-protection-pin-now/
https://www.bleepingcomputer.com/news/security/us-govt-launches-cybersecurity-safety-label-for-smart-devices/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the latest cybersecurity trends, focusing on CISA's Scuba Project and its implications for federal agencies. They explore the transition to cloud-based passwordless authentication, the Binding Operational Directive 25-01, and provide prescriptive guidance for security configurations. The conversation emphasizes the importance of modernizing cybersecurity practices and the positive impact of CISA's initiatives on national security. ----------------------------------------------------
YouTube Video Link: https://youtu.be/vR3ebqm0MVs
----------------------------------------------------
Documentation:
https://www.cisa.gov/resources-tools/services/bod-25-01-implementing-secure-practices-cloud-services-required-configurations
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss significant cybersecurity updates, including the indictment of a Chinese hacker involved in attacks on Sophos firewalls. They explore the growing competition from Chinese electric vehicle manufacturers and the vulnerabilities of digital license plates. The conversation also covers the investigation into TP-Link routers due to national security concerns and the launch of a free tier for GitHub Copilot, enhancing accessibility for developers. ----------------------------------------------------
YouTube Video Link: https://youtu.be/_xXm3Gdr6rg
----------------------------------------------------
Documentation:
https://www.justice.gov/opa/pr/china-based-hacker-charged-conspiring-develop-and-deploy-malware-exploited-tens-thousands
https://www.wired.com/story/digital-license-plate-jailbreak-hack/
https://9to5mac.com/2024/12/18/most-popular-home-internet-routers-in-us-may-be-banned-as-national-security-risk/
https://github.blog/news-insights/product-news/github-copilot-in-vscode-free/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
