The Microsoft Threat Intelligence Podcast
Trailer
Recent Episodes
Behind the Scenes of the XZ vuln with Andres Freund and Thomas Roccia
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andres stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target's cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape.
Microsoft Secure in San Francisco
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Microsoft Secure in San Francisco and is joined by Brandon Dixon and Vasu Jakkal. As Group Product Manager for Security Copilot, Brandon is helping to shape how generative AI is used to empower professionals to focus on what matters most. Brandon reflects on how security practices have changed, mental health in the security industry and how AI can empower individuals in the tech and infosec fields. Vasu discusses her passion for cybersecurity and its impact on global safety. She emphasizes the importance of inclusivity and optimism in tackling security challenges and shares her journey into cybersecurity, which was influenced by her love for technology instilled by watching Star Trek. Vasu also highlights the transformative potential of AI, particularly Microsoft Copilot for Security, in enhancing defense capabilities and catching new threats.
Live from New York it’s Microsoft Secure
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Times Square at Microsoft Secure and is joined by Chris Wysopal, Chip Calhoun, and Torrell Funderburk. Chris (aka Weld Pond) reflects on his experiences with L0pht, the evolution of bug bounty programs and their dominance in the cybersecurity space, highlighting both the benefits and drawbacks. Chip explains how Copilot for Security assists with threat hunting and script analysis, enhancing analysts' capabilities in identifying threats and malicious activities. He also touches on the prevalent threat actor profiles, highlighting the prevalence of e-crime and the potential impact of nation-state actors. Terrell expresses excitement about the advancements in their security program and the ability to detect and respond at scale. He also discusses his transition from software engineering to cybersecurity and encourages others to consider the move due to the foundational similarities between the fields.
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Emily Yale and Anna Bertiger. The discussion delves into Emily and Anna's daily activities within the security domain. Emily highlights her role in supporting Microsoft's internal Security Operations Center by building detections for potential threats. Anna emphasizes the practical application of research in solving security problems and focuses on anomaly detection in post-breach security. Emily and Anna provide insights into Microsoft's work culture, the intersection of technology and security, the importance of mathematical and data science skills in tech roles, and the practical applications of AI tools in professional and personal contexts.