3rd Party Vendor or Contractor Access
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the complexities of granting secure access to third-party vendors and contractors. They discuss the best practices for managing elevated permissions, the implications of B2B collaboration, and the importance of lifecycle management for contractor accounts. The conversation also covers licensing considerations for external identities and compares access methods like Azure Bastion and Azure Virtual Desktop (AVD). In this conversation, Adam Brewer and Andy Jaw delve into the complexities of RDP security, Azure environments, and the management of contractor accounts. They discuss the inherent risks associated with RDP, the importance of mitigating these risks through proper governance and lifecycle management, and the advantages of using Azure Virtual Desktop (AVD) versus Windows 365 for contractors. The discussion emphasizes the need for a zero trust approach and the benefits of network segmentation, while also addressing licensing considerations and user management strategies.----------------------------------------------------YouTube Video Link: https://youtu.be/PQSLdNK_Yv4----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/windows-365/overviewhttps://learn.microsoft.com/en-us/azure/virtual-desktop/overviewhttps://learn.microsoft.com/en-us/entra/external-id/b2b-fundamentals----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube:https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
18 Mar 47min
Next-Gen Logging for the Next-Gen SIEM with Special Guest Karl Niblock
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer engage with cybersecurity architect Karl Niblock to discuss the evolution of logging practices in security information and event management (SIEM) systems. The conversation explores the shift from a 'log everything' mentality to a more strategic approach that emphasizes quality over quantity in data ingestion. Karl highlights the challenges posed by exponential data growth and the importance of customer empathy in designing effective security operations. The discussion also delves into the cost of detection, the value of high-quality logs, and the need for organizations to rethink their logging strategies to enhance threat detection and response capabilities. In this conversation, Karl discusses the intricacies of data logging in cybersecurity, emphasizing the importance of understanding the layers of data fidelity and how to effectively manage and utilize logs within Azure Sentinel. He introduces a pyramid model to categorize different types of logs based on their security value and discusses the significance of data-driven decision-making in optimizing security operations. The conversation also touches on the need for evolving data architecture to keep pace with modern threats and the practical implications of data management in security operations.----------------------------------------------------YouTube Video Link: https://youtu.be/V3KEpNIJl-o----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/azure/data-explorer/data-explorer-overviewhttps://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overviewhttps://techcommunity.microsoft.com/blog/microsoftsentinelblog/using-azure-data-explorer-for-long-term-retention-of-microsoft-sentinel-logs/1883947https://learn.microsoft.com/en-us/azure/sentinel/basic-logs-use-caseshttps://www.linkedin.com/in/karlniblock/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube:https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
11 Mar 57min
Defender Experts with Special Guest Raae Wolfram
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer engage with Ray Wolfram, Senior Product Manager for Defender Experts at Microsoft. Ray shares her extensive background in healthcare IT and cybersecurity, detailing her journey to Microsoft and the impact of COVID-19 on the cybersecurity landscape. The conversation delves into the two offerings of Defender Experts: Defender Experts for Hunting and Defender Experts for XDR, highlighting their unique features and the role of Microsoft in providing unparalleled threat intelligence. The episode emphasizes the importance of human expertise in cybersecurity and the proactive approach of Defender Experts in threat hunting and incident response. In this conversation, the speakers discuss the evolving landscape of cybersecurity, focusing on the role of threat hunters, the capabilities of Microsoft Defender Experts for XDR, and the importance of partnerships in providing comprehensive security solutions. They explore how Microsoft meets customers where they are, the onboarding process for new customers, and the integration of third-party solutions into the Defender ecosystem. The discussion also highlights the proactive nature of Defender Experts and the future roadmap for Defender for Cloud, emphasizing the need for collaboration in the cybersecurity space.----------------------------------------------------YouTube Video Link: https://youtu.be/zY9zOEFkZOc----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/defender-xdr/defender-experts-for-huntinghttps://learn.microsoft.com/en-us/defender-xdr/dex-xdr-overviewhttps://www.microsoft.com/en-us/security/blog/2023/03/27/microsoft-incident-response-retainer-is-generally-available/https://www.linkedin.com/in/raaewolfram/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube:https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
4 Mar 1h 5min
UK vs Apple on Encryption, MITRE Eval results, How to Rethink Phishing Simulations
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the ongoing battle between governments and tech companies over encryption, focusing on Apple's recent response to the UK government's demands for access to iCloud data. They explore the implications of Apple's decision to disable advanced data protection for UK users and the broader context of encryption in cybersecurity. The conversation then shifts to the latest MITRE evaluation of endpoint protection platforms, highlighting Microsoft's performance and the challenges of the evaluation methodology. In this conversation, Andy Jaw and Adam Brewer delve into the complexities of cybersecurity, focusing on the limitations of current testing methods, the importance of realistic evaluations, and the need for a shared responsibility culture within organizations. They critique the MITRE evaluation process, discuss the shortcomings of phishing simulations, and emphasize the necessity of integrating security into the organizational culture to foster collaboration rather than hostility between security teams and users.----------------------------------------------------YouTube Video Link: https://youtu.be/TL_cu-vnu58----------------------------------------------------Documentation:https://www.theverge.com/policy/612136/uk-icloud-investigatory-powers-act-war-on-encryptionhttps://arstechnica.com/tech-policy/2025/02/apple-pulls-data-protection-tool-instead-of-caving-to-uk-demand-for-a-backdoor/https://www.microsoft.com/en-us/security/blog/2024/12/11/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise/https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube:https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
25 Feb 1h 6min
FBI warns about unencrypted messaging, Deepseek discussion
SummaryIn this episode, Andy and Adam discuss the evolution of messaging security, focusing on end-to-end encryption and the implications of RCS messaging. They explore the recent market reactions to AI developments, particularly the impact of the DeepSeek app on Nvidia's stock value and delve into the nuances of AI model efficiency and its potential effects on the tech industry. In this conversation, Adam Brewer and Andy Jaw explore the evolving landscape of AI technology, particularly in the context of US-China relations, the ethical implications of AI scraping, and the pressing concerns surrounding data privacy. They discuss the importance of building a record of work efforts, the innovative spirit that arises from constraints, and the public's perception of data security. The dialogue emphasizes the need for awareness and proactive conversations about data handling and privacy policies in an increasingly digital world.----------------------------------------------------YouTube Video Link: https://youtu.be/yicYSkuECcQ----------------------------------------------------Documentation:https://www.tomsguide.com/phones/iphones/fbi-warns-apple-and-android-users-to-avoid-rcs-messaging-heres-whyhttps://www.bbc.com/news/articles/c0qw7z2v1pgohttps://techcrunch.com/2025/01/29/microsoft-probing-whether-deepseek-improperly-used-openais-api/https://www.fastcompany.com/91267968/how-the-biden-chip-bans-created-a-monster-called-deepseekhttps://lifehacker.com/tech/how-to-try-deepseek-ai-and-why-you-might-not-want-to----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube:https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
18 Feb 45min
CISA guidance on securing CI/CD pipelines
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the importance of securing CI/CD environments, highlighting the risks associated with these systems and the best practices for mitigating vulnerabilities. They delve into specific threats, including insecure code and supply chain compromises, and emphasize the need for a collaborative approach between security professionals and developers to ensure secure software development practices. ---------------------------------------------------- YouTube Video Link: https://youtu.be/zQwFAN6PHrE ---------------------------------------------------- Documentation: https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joint-guidance-defending-continuous-integrationcontinuous-delivery-cicd https://owasp.org/www-project-top-10-ci-cd-security-risks/ ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Bluesky: https://bsky.app/profile/bluesecuritypod.com LinkedIn: https://www.linkedin.com/company/bluesecpod YouTube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Bluesky: https://bsky.app/profile/ajawzero.com LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
11 Feb 31min
Microsoft Fasttrack with Special Guest Thomas Finney
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft FastTrack with guest Thomas Finney. They explore the benefits and eligibility of FastTrack, which is designed to help organizations adopt and deploy Microsoft 365 services. The conversation covers various aspects of FastTrack, including various Microsoft services, focusing on Defender, Entra, Intune, Microsoft Viva, Windows deployment, App Assure, and the Microsoft 365 Copilot. They explore how FastTrack can assist organizations in leveraging these services effectively, including the role of FastTrack Ready partners in delivering benefits and support. The discussion emphasizes the importance of maximizing investments in Microsoft technologies and ensuring seamless transitions and integrations within organizations. ---------------------------------------------------- YouTube Video Link: https://youtu.be/TwaOZrDhm2M ---------------------------------------------------- Documentation: https://www.linkedin.com/in/thomascfinney/ tc.finney@microsoft.com FastTrack Service Description - https://aka.ms/ftcsd FastTrack Eligibility - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/eligibility Microsoft Defender - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-defender Microsoft Entra, including Zero Trust - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-entra-id Microsoft Intune - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-intune Microsoft Purview - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-purview Microsoft Sentinel - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-sentinel Microsoft Viva - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/microsoft-viva Office 365 - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/office-365 Windows, Windows 365, Universal Print, Microsoft 365 Apps, Microsoft Edge - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/windows-and-other-services App Assure - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/windows-and-other-services#app-assure FastTrack Process and Expectations - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/process-and-expectations Request FastTrack assistance for Microsoft 365 - https://learn.microsoft.com/en-us/microsoft-365/fasttrack/process-and-expectations#engaging-fasttrack https://learn.microsoft.com/en-us/microsoft-365/enterprise/request-fasttrack-assistance-microsoft-365?view=o365-worldwide FastTrack Ready approved partners https://cloudpartners.transform.microsoft.com/fasttrack-ready-approved-partners ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Bluesky: https://bsky.app/profile/bluesecuritypod.com LinkedIn: https://www.linkedin.com/company/bluesecpod YouTube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Bluesky: https://bsky.app/profile/ajawzero.com LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
4 Feb 47min
Microsoft Industry Solutions Delivery with Special Guest Brodie Cassell
Summary In this episode of the Blue Security Podcast, host Andy Jaw and co-host Adam Brewer welcome Brodie Cassell, a principal security consultant at Microsoft. Brodie shares his journey from various IT roles to his current position at Microsoft, discussing the importance of adapting to new technologies and the challenges of data security in the age of AI. The conversation delves into the significance of a holistic approach to security, the role of Microsoft Industry Solutions Delivery, and the need for organizations to evolve their security practices to keep pace with technological advancements. In this conversation, Brodie Cassell and Adam Brewer discuss their experiences in the cybersecurity field, particularly focusing on the dynamics of consulting work, the evolution of security practices at Microsoft, and the differences between public and private sector security. They emphasize the importance of passion in their work, the value of community in cybersecurity, and the need for continuous learning and adaptation in a rapidly changing environment. ---------------------------------------------------- YouTube Video Link: ---------------------------------------------------- Documentation: https://www.linkedin.com/in/brodiecassell/ brodie.cassell@microsoft.com ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Bluesky: https://bsky.app/profile/bluesecuritypod.com LinkedIn: https://www.linkedin.com/company/bluesecpod YouTube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Bluesky: https://bsky.app/profile/ajawzero.com LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28 Jan 1h 4min
