The BlueHat Podcast

By: Microsoft
  • Summary

  • Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers; to debate, discuss, share, challenge, celebrate and learn. On The BlueHat Podcast, Microsoft and MSRC’s Nic Fillingham and Wendy Zenone will host conversations with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology and create a safer world for all.
    ©2024 Microsoft
    Show more Show less
Episodes
  • Guy Arazi on the Art and Science of Variant Hunting
    Sep 18 2024
    Guy Arazi, a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and services. Guy explains that while static analysis tools are useful, they often require more complex, tailored approaches to detect these recurring issues. He emphasizes the importance of understanding the root cause of vulnerabilities and using both human insight and automated tools to address them across the vast codebase of Microsoft's offerings. In This Episode You Will Learn: The challenges of variant hunting and its significant impact on improving overall security Growing complexity of variant hunting and the necessity of thorough documentation What is important to consider when approaching a security vulnerability Some Questions We Ask: Are there industry tools or publicly available resources you recommend for variant hunting? How can you identify the security boundary a vulnerability affects? Is variant hunting something only humans can do, or can tools and automation help? Resources: View Guy Arazi on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show more Show less
    44 mins
  • Ryen Macababbad on How Security Can Empower Productivity
    Sep 4 2024
    Ryen Macababbad, Principal Security Program Manager at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Ryen discusses their career journey, including the return to Microsoft after working in security architecture and customer trust engineering. Ryen shares insights from their time at Hacker Summer Camp 2024 in Las Vegas, emphasizing the importance of creating frictionless security measures that don't hinder productivity. They explain that when security becomes a barrier, users will find workarounds, potentially compromising security. The conversation touches on the evolving relationship between security and productivity teams, highlighting the need for security to be an enabler rather than an obstacle. In This Episode You Will Learn: How investing in security helps maintain customer trust and protects revenue Why security should be built-in by default so users don't need to be security experts The importance of incorporating feedback and diverse viewpoints to enhance security Some Questions We Ask: How is a seamless security and productivity experience provided for end users? Can security researchers contribute to identifying gaps and improving product security? What motivated the shift from a focus on identity and program management to defensive security? Resources: View Ryen Macababbad on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
    Show more Show less
    41 mins
  • Michael Howard on Secure by Design vs Secure by Default
    Aug 27 2024
    Michael Howard, Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles and how they remain relevant today. He also touches on his recent move within Microsoft to John Lambert's team, where he continues to focus on security culture and education. The conversation delves into the origins of the Blue Hat conference, Michael's experiences at the first event, and the ongoing significance of secure coding practices and mitigations. In This Episode You Will Learn: Critical aspects of secure software development and pivotal moments in Microsoft's security The importance of using specific coding constructs and libraries to improve security Findings on vulnerabilities that spurred significant security improvements in SQL Server Some Questions We Ask: How do you deploy security patches effectively while minimizing disruptions? What coding constructs and compiler flags did you recommend for better security? How did external researchers at Blue Hat conferences impact Microsoft's culture? Resources: View Michael Howard on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn The Microsoft Azure Security Podcast Michael Howard (@michael_howard) on X (twitter.com) Latest book: Designing and Developing Secure Azure Solutions (Developer Best Practices): Howard, Michael, Simone, Curzi, Heinrich, Gantenbein: 9780137908752: Amazon.com: Books Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show more Show less
    48 mins

What listeners say about The BlueHat Podcast

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.