Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]

Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]

Traditional cybersecurity focuses on vulnerabilities, alerts, and dashboards. Attackers don't. They look for opportunities, weak identities, exposed cloud resources, excessive permissions, forgotten endpoints, and misconfigurations they can chain together into a successful attack. In this episode of the M365 FM Podcast, host Mirko Peters takes a unique approach by stepping into the role of the attacker while Microsoft Security MVP and Microsoft Certified Trainer Uros Babic defends a modern Microsoft environment using Microsoft Security Exposure Management, Microsoft Defender XDR, Microsoft Sentinel, Security Copilot, and Zero Trust principles. Instead of discussing security theory, this episode follows a realistic attack scenario from reconnaissance and phishing to privilege escalation, lateral movement, ransomware, and data exfiltration. Along the way, Uros explains how organizations can stop attackers before they reach critical assets by focusing on exposure rather than simply fixing vulnerabilities. The discussion demonstrates why modern security operations are shifting from reactive incident response to proactive risk reduction powered by Microsoft's latest security technologies.

THINKING LIKE AN ATTACKER
The episode begins with one fundamental mindset shift: attackers don't see security dashboards or compliance reports—they see attack paths. Uros explains why organizations should stop asking "How many vulnerabilities do we have?" and instead ask "Which attack path would an attacker exploit first?" Topics include:
  • Social engineering
  • Phishing attacks
  • Credential theft
  • Privilege escalation
  • Lateral movement
  • Ransomware
  • Data exfiltration
  • Insider threats
  • Supply chain attacks
  • Cloud misconfigurations
Understanding how attackers think is becoming one of the most valuable skills for every modern security team.

MICROSOFT SECURITY EXPOSURE MANAGEMENT
One of the central topics is Microsoft's Security Exposure Management platform. Unlike traditional vulnerability management, Exposure Management connects identities, endpoints, cloud resources, permissions, applications, and attack paths into a single security graph that helps organizations prioritize what actually matters. Rather than fixing thousands of isolated vulnerabilities, security teams can identify the fastest route an attacker could take to reach Tier-0 assets and eliminate those paths before they are exploited. The discussion covers:
  • Exposure Graph
  • Attack Path Analysis
  • Attack Surface Management
  • Risk Prioritization
  • Critical Asset Protection
  • Continuous Threat Exposure Management (CTEM)
  • Microsoft Defender Portal
  • Multi-cloud visibility
AI, SECURITY COPILOT & AGENTIC SECURITY
Artificial Intelligence is transforming cybersecurity for both defenders and attackers. Uros explains how Microsoft Security Copilot helps security analysts investigate incidents faster, summarize complex alerts, analyze malicious scripts, recommend remediation steps, and automate repetitive SOC workflows. The conversation also explores how AI agents introduce entirely new security challenges. Organizations must now secure AI agents just like human identities by applying Conditional Access, Microsoft Entra ID, Identity Protection, Microsoft Purview, and governance policies. As enterprises deploy more AI-powered assistants, securing Agentic AI becomes a critical part of every Zero Trust strategy.

ZERO TRUST IN THE AGE OF AI
Zero Trust remains one of Microsoft's core security principles—but AI changes how organizations must apply it. The discussion explores how Zero Trust combines with Exposure Management to answer an even more important question: "Even if nothing is trusted, what can an attacker still exploit?" Topics include:
  • Identity Protection
  • Conditional Access
  • Passwordless Authentication
  • Managed Devices
  • Microsoft Entra ID
  • Defender for Cloud Apps
  • Microsoft Purview
  • AI Governance
  • Security Policies
The result is a proactive security model that continuously reduces exposure instead of simply responding to incidents.

BUILDING A MODERN SECURITY OPERATIONS CENTER
Many organizations still measure security success by counting alerts or tracking ticket volumes. Uros explains why these metrics often create a false sense of security. Modern SOC teams should instead focus on:
  • Exposure reduction
  • Attack path elimination
  • Tier-0 asset protection
  • Critical exposure remediation
  • MITRE ATT&CK coverage
  • Identity risk reduction
  • Security posture improvements
By measuring business risk instead of operational activity, security teams become far more effective against today's sophisticated attackers.

CYBERSECURITY CAREERS AND COMMUNITY
Beyond technology, Uros shares valuable career advice for professionals interested in cybersecurity. He recommends building strong networking and infrastructure fundamentals before specializing in cloud security and emphasizes that practical hands-on experience is often more valuable than collecting certifications alone. The conversation also covers learning platforms, Microsoft certifications, community engagement, and the importance of continuously adapting as cybersecurity evolves alongside AI.

WHO SHOULD LISTEN?
This episode is ideal for:
  • Security Architects
  • SOC Analysts
  • Microsoft 365 Administrators
  • Azure Engineers
  • Cloud Architects
  • IT Decision Makers
  • Microsoft MVPs
  • Security Consultants
  • CISOs
  • DevSecOps Engineers
  • Anyone responsible for securing Microsoft environments
Whether you're deploying Microsoft Defender XDR, Microsoft Sentinel, Microsoft Security Copilot, Microsoft Entra, Microsoft Purview, or simply looking to better understand how modern attackers operate, this episode provides practical insights into building a proactive security strategy. If you want to stop reacting to security incidents and start thinking like an attacker, this conversation offers a comprehensive look at why Microsoft Security Exposure Management is becoming one of the most important innovations in enterprise cybersecurity.

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(690)

Everything Microsoft Didn't Tell You About Teams with Everything Microsoft Didn't Tell You About Teams with Josh Blalock [MVP]

Everything Microsoft Didn't Tell You About Teams with Everything Microsoft Didn't Tell You About Teams with Josh Blalock [MVP]

Microsoft Teams has evolved from a simple collaboration platform into the digital workplace at the heart of modern business. But behind every successful Teams meeting lies far more than software. In t...

3 Jul 45min

Beyond the Portal: The Strategic Architecture of Microsoft Graph and PowerShell

Beyond the Portal: The Strategic Architecture of Microsoft Graph and PowerShell

For years, Microsoft 365 administration has been defined by portals. Administrators spend their days inside the Microsoft 365 Admin Center, Exchange Admin Center, SharePoint Admin Center, Teams Admin ...

3 Jul 1h 10min

Stop Building Bots, Start Building Runtimes: A Field Guide to Microsoft Agents

Stop Building Bots, Start Building Runtimes: A Field Guide to Microsoft Agents

Everyone is calling Build 2026 the AI conference. Most of the attention went toward new copilots, voice experiences, and increasingly capable models. But beneath the headlines, Microsoft quietly intro...

2 Jul 1h 16min

EXTENSIBILITY FIRST: Building .NET Systems That Survive Change with Miguel Castro [MVP]

EXTENSIBILITY FIRST: Building .NET Systems That Survive Change with Miguel Castro [MVP]

Software rarely fails because developers cannot write code. It fails because applications are designed for today's requirements instead of tomorrow's changes. In this episode of the m365.fm Podcast, M...

1 Jul 1h 4min

The Death of the UI: Why CUA is the End of SaaS as We Know It

The Death of the UI: Why CUA is the End of SaaS as We Know It

For more than forty years, enterprise software has been built around one fundamental assumption: humans need graphical interfaces to interact with machines. Dashboards, forms, navigation menus, search...

1 Jul 1h 8min

Microsoft Copilot Adoption: What Actually Works - With Chris Hinch [Microsoft]

Microsoft Copilot Adoption: What Actually Works - With Chris Hinch [Microsoft]

Artificial Intelligence has moved beyond experimentation and into the heart of modern business. Yet while organizations are investing heavily in Microsoft Copilot, many struggle to achieve meaningful ...

30 Jun 54min

The Agentic Operating Model: Beyond the Copilot Hype

The Agentic Operating Model: Beyond the Copilot Hype

Most organizations believe they are implementing AI transformation. In reality, many are simply deploying chat interfaces on top of existing systems. While copilots and retrieval-based AI solutions ha...

30 Jun 1h 14min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
fotballpodden-2
forklart
stopp-verden
popradet
det-store-bildet
nokon-ma-ga
rss-gukild-johaug
lydartikler-fra-aftenposten
hanna-de-heldige
rss-ness
rss-espen-lee-usensurert
rss-penger-polser-og-politikk
aftenbla-bla
dine-penger-pengeradet
ukrainapodden
ta-dokumentar
frokostshowet-pa-p5