Cyber Security Content Creator, Speaker & Ethical Hacker, Katie Paxton-Fear, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Katie holds a PhD in defense and security AI plus cybersecurity and works as an academic, teaching undergraduate students cybersecurity topics. She also runs a popular YouTube channel focused on bug bounty hunting, hacking, and pen testing. Katie shares her journey into cybersecurity, reflects on her initial interest in undeciphered languages and how it parallels her approach to cybersecurity, both involving a fascination with solving mysteries and uncovering hidden meanings.

In This Episode You Will Learn:

• Approaching AI systems with caution when translating less-documented languages
• Concerns surrounding the use of copyrighted training data in AI systems
• Recognizing and addressing AI system limitations and biases in real-world deployments.

Some Questions We Ask:

• Can fine-tuning AI models prevent degradation and improve performance?
• What are the ethical implications of putting sensitive information into AI systems
• How does relying on niche or obscure training data impact AI models?

Resources:

View Katie Paxton-Fear on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

Related Microsoft Podcasts:

• Microsoft Threat Intelligence Podcast
• Afternoon Cyber Tea with Ann Johnson
• Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Luke Jennings, VP of Research & Development at Push Security joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Luke explains his recent presentation on a new SaaS cyber kill chain, exploring how attackers might target modern organizations heavily reliant on cloud and SaaS services, even when traditional infrastructure is minimal. The latest kill chain involves developing attack techniques specific to this environment, covering topics like lateral movement without conventional network infrastructure and adapting known techniques such as password guessing attacks to the SaaS landscape. Luke, Wendy, and Nic discuss the complexities of SaaS security, the intricacies of evil twin integrations, detection challenges, mitigation strategies, and the overall impact of these security issues on organizations.

In This Episode You Will Learn:

• Identifying malicious activities and understanding normal application behavior
• The importance of having structured methodologies for approving SaaS app usage
• Challenges organizations face in detecting and preventing SaaS application threats

Some Questions We Ask:

• How can an organization create alerts for new, unknown SaaS app integrations?
• What happens when a SaaS app integration is duplicated by an attacker?
• Would having a structured methodology for SaaS app usage help minimize risk?

Resources:

View Luke Jennings on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

Related Microsoft Podcasts:

• Microsoft Threat Intelligence Podcast
• Afternoon Cyber Tea with Ann Johnson
• Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.

Lea Snyder, Principal Security Engineer at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Lea is a security leader focused on security strategy and helping organizations mature their security posture and security programs, focusing on areas including IAM, product security, and risk management. Lea explains her unique role as a security architect, highlighting problem-solving across various domains within Microsoft. She shares her unconventional path to cybersecurity, starting with a background in economics and an MBA, and how she transitioned from IT roles to security. Lea, Wendy, and Nic discuss the importance of diverse backgrounds in the industry and offer advice on entering the cybersecurity field. Lea also discusses her involvement in community-driven conferences, particularly B-sides, highlighting their diverse and unique content.

In This Episode You Will Learn:

• Tips for submitting conference proposals
• Challenges when balancing anonymity during a submission
• The importance of a supportive approach in the conference submission process

Some Questions We Ask:

• Is there a typical anonymization process to ensure fairness and inclusivity?
• What are some challenges when selecting talks that resonate with an audience?
• Can you elaborate on the value behind B-sides conferences and the unique atmosphere?

Resources:

View Lea Snyder on LinkedIn

View Wendy Zenone on LinkedIn

View Nic Fillingham on LinkedIn

Related Microsoft Podcasts:

• Microsoft Threat Intelligence Podcast
• Afternoon Cyber Tea with Ann Johnson
• Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Hosted on Acast. See acast.com/privacy for more information.