Podcasts by Blue Security
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
Further podcasts by Andy Jaw & Adam Brewer
Podcast on the topic Technologie
All episodes
CNAPP - Defender for Cloud Overview from 2023-12-11T15:00
This episode of the Blue Security Podcast discusses the Cloud Native Application Protection Platform (CNAPP) and Microsoft's Defender for Cloud. The hosts provide an overview of CNAPP and it...
ListenMeridianLink extortion, Plastic Surgery office breached, AI voice clones from 2023-12-04T15:00:09
On this week's episode, Adam and Andy talk about a ransomware gang making an SEC complaint against their victim, a medical office breach, and AI voice clones. -------------------------------...
ListenMicrosoft Ignite 2023 - Part 2 from 2023-12-04T14:57:04
On this week's episode, Adam and Andy talk about more things on security from Microsoft Ignite. From canary capabilities in MDE to Automatic Conditional Access Policies, there are a TON of r...
ListenMicrosoft Ignite 2023 - Part 1 from 2023-11-20T17:48:01
On this week's episode, Adam and Andy talk about all the security announcements from Microsoft Ignite 2023. There were SO many that this will be part 1 with another episode being released in...
ListenOkta Breach Follow-up and Passkeys from 2023-11-13T15:00
On this week's episode, Andy and Adam talk about the follow up investigation from Okta about their support system breach along with some lessons that listeners can take away. They also talk ...
ListenSEC charges Solarwinds CISO & Backing up and Archiving M365 data from 2023-11-12T22:47:03
On this week's episode, Andy and Adam talk about the SEC charging the Solarwinds CISO with fraud and the implications on the overall security leadership community. They also talk about some ...
Listen23andMe, Okta breach, MDE Automatic Attack Disruption from 2023-10-30T14:07:40
On this week's episode, Andy and Adam talk about the 23andMe and Okta breach that happened recently along with some recommendations on how organizations can try and prevent similar attacks i...
ListenEntra Web-sign in, MDE Device Control, Imposter Syndrome from 2023-10-23T17:46:41
On this week's episode, Andy and Adam talk about some new features with Entra Web Sign-in and Microsoft Defender for Endpoint Device Control. They also talk about what every infosec professi...
ListenConditional Access Gap Analysis from 2023-10-19T19:17:56
On this week's episode, Andy and Adam talk about how to think about your conditional access policy design to avoid some common gaps that attackers can take advantage of.
------------...
ListenUnpopular Cybersecurity Opinions from 2023-10-09T13:59:26
On this week's episode, Andy and Adam talk about a fun Twitter/X thread where cybersecurity professionals expressed some "unpopular opinions."
-----------------------------...
ListenJCI Ransomware, Ransomware Negotiations, CISA guidance from 2023-10-02T14:00
On this week's episode, Andy and Adam talk about Johnson Controls' ransomware attack and some implications on national security. They also talk about some lessons learned from ransomware...
ListenMITRE Engenuity ATT&CK Evaluations and Insider Risk from 2023-09-26T14:26:56
On this week's episode, Andy and Adam talk about the results of the MITRE Engenuity ATT&CK Evaluations and how to interpret them. They also talk about the rising costs of insider risk an...
ListenMGM Resorts Security Incident from 2023-09-18T14:00
On this week's episode, Andy and Adam talk about the security incident impacting MGM Resorts. They discuss the attack vector of social engineering and ways that you can help protect your hel...
ListenApple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard from 2023-09-11T13:38:08
On this week's episode, Andy and Adam talk about Apple's no-click zero day, the technical findings of the follow up investigation on Storm-0558, and the new Microsoft Conditional Access ...
ListenData Security in Microsoft 365 from 2023-09-04T14:00
On this week's episode, Andy and Adam talk about data security in Microsoft 365. They talk about data discovery, data classification, and some of the tools like sensitivity and retention lab...
ListenSide channel attack, White House cybersecurity workforce plan, IBM Cost of a Data Breach from 2023-08-28T14:00
On this week's episode, Andy and Adam catch up some worthy infosec news including a new side channel attack, the White House cybersecurity workforce plan, and IBM's Cost of a Data Breach...
ListenRed Teaming with Special Guest 23P from 2023-08-21T14:00
On this week's episode, Andy and Adam talk with Michael Belton and Dave Falkenstein from 23p, a Madison, Wisconsin based red-teaming company about pentesting, purple teaming, and start out i...
ListenSecuring Entra External Identities from 2023-08-14T14:00
On this week's episode, Andy and Adam talk about securing Entra external identities. They talk about B2B and B2C as well as a few other lesser known features of external identities like dire...
ListenEducating Defenders with Special Guest Howard Friedman, Ascent Solutions from 2023-08-07T15:35:09
On this week's episode, Andy and Adam welcome guest Howard Friedman of Ascent Solutions to the program. Howard helps educate our audience of security defenders on the why, when, and how to e...
ListenNew SEC and FCC rules, and Samsung device security from 2023-07-31T14:00
On this week's episode, Adam and Andy talk about some new SEC and FCC rules as well as some news on Samsung device security.
-------------------------------------------
Youtu...
ListenExpanded M365 audit logs, Threads, new Entra features from 2023-07-24T14:00
On this week's episode, Adam and Andy follow up on Storm-0558 and how Microsoft is expanding cloud logging as a result of the threat actor. They also chat about Threads, Meta's new Twitt...
ListenStorm-0558 - Attack on Exchange Online from 2023-07-17T14:00
On this week's episode, Adam and Andy talk Storm-0558, the China-based actor, that compromised Exchange Online. They go through the attack chain and CISA's guidance on how you can better...
ListenCommon M365 Misconfigurations from 2023-07-10T14:00
On this week's episode, Adam and Andy talk through Trimarc Security's blog on M365 security misconfigurations. Surprisingly, there are a few that are still being seen through security as...
ListenWhat's new with Intune and Entra from 2023-07-03T13:00
On this week's episode, Adam and Andy talk about some new features in Intune and Entra. There are some great features that are in public preview and general availability that admins should b...
ListenOWASP Top 10 and Top 10 for LLM from 2023-06-26T15:04:48
on this week's episode, Adam and Andy talk about the OWASP Top 10 and the Top 10 for Large Language models. It is good for defenders to understand these vulnerabilities even if you are not i...
ListenNetwork Security 101 from 2023-06-19T14:00:08
On this week's episode, Adam and Andy talk about the basics of network security. They go over asset management, firewalls, IDS/IPS, NDR's, and administrative access. If you're new to...
ListenProtecting M365 from on-premise attacks from 2023-06-05T14:00:53
On this week's episode, Adam and Andy talk about Microsoft's guidance on how to protect your M365 environment from on-premises attacks.
-------------------------------------------...
ListenMicrosoft Build 2023 Recap from 2023-05-30T04:00:22
On this week's episode, Adam and Andy give their perspective on some of the interesting security topics from Microsoft Build 2023.
-------------------------------------------
Y...
ListenLimiting Chatgpt from 2023-05-22T14:00:52
On this week's episode, Adam and Andy talk about how many companies are limiting access to ChatGPT in their corporate assets. They discuss why this is happening and recommendations on how to...
ListenApple Rapid Security, Data Encryption, Layoffs & Insider Risk from 2023-05-15T14:00:08
On this week's episode, Adam and Andy talk about Apple's new Rapid Security update for iOS and Android. They also talk about different ways to encrypt data for protection. Finally, with ...
ListenMicrosoft Secure Score from 2023-05-08T14:00:45
On this week's episode, Adam and Andy talk about one of the most underutilized features of M365: Secure Score. They talk about what it is and go through some of the reasons why organizations...
ListenWorkplace Join, Azure AD Join, and Windows (Cloud) LAPS from 2023-05-01T14:00:37
On this week's episode, Adam and Andy talk about how Microsoft FTE's are going from Workplace Join to only Azure AD Join devices and their thoughts on it. They also talk about the much a...
ListenMeta E2E, Proton Pass, LI Verified ID, iPhone Security from 2023-04-24T14:00:33
On this week's episode, Adam and Andy talk about Meta's plans on end to end encryption for Facebook and Instagram messages. They also talk about Proton's new password vault that just...
ListenSecurity Copilot, Incident Response Retainer, Exchange Server On-Prem from 2023-04-17T14:00:08
On this week's episode, Adam and Andy talk about some Microsoft news including the newly unveiled Security Co-Pilot. They also talk about Microsoft's Incident Response Retainer and their...
ListenState of Identity 2023 from 2023-04-10T14:00:11
On this week's episode, Adam and Andy talk about Oort's report on the state of identity in 2023. They talk about the takeaways from the report and provide some action items on how to sho...
ListenNews Update - MDVM, SEC Guidance, M365 Copilot from 2023-04-03T14:00:27
On this week's episode, Adam and Andy talk about some recent news including Microsoft Defender Vulnerability Management going generally available, some SEC guidance that will be going live i...
ListenProtect your home network by the NSA from 2023-03-27T14:23:57
On this week's episode, Adam and Andy talk about the NSA's guidance on how to secure your home network. This may be basic for most cybersecurity pros but there's a lot of great infor...
ListenWhite House National Cybersecurity Strategy from 2023-03-20T03:05:22
On this week's episode, Adam and Andy talk about the new White House National Cybersecurity Strategy from the Biden-Harris administration.
-------------------------------------------<...
ListenIntune Suite from 2023-03-13T05:04:03
On this week's episode, Adam and Andy talk about the new Intune Suite. This is a new offering from Microsoft that will help bolster the security and streamline device management. Listen in to he...
ListenLastpass Incident Update from 2023-03-06T03:32:24
On this week's episode, Adam and Andy talk about the update to the Lastpass security incident. There are a lot of lessons to learn from the mistakes of Lastpass. Props to Lastpass on the disclos...
ListenRoad to the Cloud from 2023-02-27T05:35:06
On this week's episode, Adam and Andy talk about the different states of transformation when going through your journey to reduce dependency on on-premise infrastructure and Active Directory by ...
ListenIdentity Trends from 2023-02-20T07:21:26
On this week's episode, Adam and Andy talk through Alex Weinert's post about Identity Trends. Stay through the end to get your identity to-do list for this year!
-------------------------...
ListenIdentity Governance and Administration from 2023-02-13T06:37:06
On this week's episode, Adam and Andy talk about Identity Governance and Administration (IGA). They talk about what makes up a good IGA program and advice on some policies and procedures. They a...
ListenTech Layoffs from 2023-01-30T04:20:29
On this week's episode, Adam and Andy talk about the tech layoffs. Andy talks about his career and how he's dealt with being laid off multiple times. Listen in if you're interested in how to men...
ListenOperational Excellence from 2023-01-23T05:02:24
On this week's episode, Adam and Andy talk about what operational excellence means and how it can help bolster your cybersecurity at your organization.
-----------------------------------...
ListenNews Catchup from 2023-01-16T05:43:59
On this week's episode, Adam and Andy do a catch up on news from December and talk about the retirement of Windows 7 ESU and 8.1. They also talk about Apple's Advanced Data Protection and the La...
ListenWindows Defender Firewall from 2023-01-09T05:47:18
On this week's episode, Adam and Andy talk about Windows Defender Firewall. This often is overlooked, misconfigured, or part of legacy policies. With the start of a brand new year, it is a good ...
ListenWhat we learned in 2022 in cybersecurity from 2023-01-02T03:18:37
On this week's episode, Adam and Andy talk about some trends from this past year and what they would focus on securing for 2023.
-------------------------------------------
Youtube...
ListenWindows Autopatch with Special Guest Adam Nichols from 2022-12-26T03:56:58
On this week's episode, Adam and Andy talk with Adam Nichols, a Product Manager for Windows Autopatch. They talk about all things patching and do a deep dive on how the Windows Autopatch service...
ListenMicrosoft's Insider Risk Report from 2022-12-12T04:44:41
On this week's episode, Adam and Andy talk about Microsoft's Insider Risk Report for 2022. This report give insight on how to build a holistic insider risk program but combining tooling, people ...
ListenDDoS Protection from 2022-12-05T04:23:58
On this week's episode, Adam and Andy talk about CISA's DDoS protection guidance. This follows the episode on Microsoft's Digital Defense Report where DDoS attacks and protections were also high...
ListenMicrosoft's Digital Defense Report from 2022-11-28T03:54:55
On this week's episode, Adam and Andy talk about Microsoft's Digital Defense Report. This report has a wealth of information on the state of cybersecurity, current trends, attack vectors, and de...
ListenHow to Mastodon from 2022-11-21T03:54:54
On this week's episode, Adam is back and joined by Andy to talk about Mastodon. This decentralized social media platform has been around since 2016 and recently has been growing exponentially du...
ListenPatch Tuesday, Medibank Breach, Twitter Meltdown from 2022-11-14T05:40:34
This week, friend of the pod, Shannon Fritz, fills in for Adam and he and Andy talk about the big update for Patch Tuesday, the Medibank double extortion incident, and the meltdown happening at ...
ListenOld Phishing Tricks Are Still Working from 2022-11-07T03:55:48
This week, Adam and Andy talk about the Dropbox and Twilio breach where old phishing tricks worked and attackers were able to get credentials. They also talk about CISA's new guidance on phish r...
ListenSOCRadar and Ignite 2022 highlights from 2022-10-31T04:33:47
This week, Adam and Andy talk about the SOCRadar disclosure of a misconfigured Microsoft endpoint that led to a data privacy incident. They talk about what happened and what you should know as a...
ListenIBM Incident Responder Report from 2022-10-24T03:17:34
This week, Adam and Andy talk about IBM's Incident Responder Report. This report has some great empirical data on incident responder perceptions and how incidents impact mental health. Listen in...
ListenBYOD Zero-Trust Architecture from 2022-10-17T03:30:20
This week, Adam and Andy talk about how to look at BYOD policies in a Zero-Trust architecture. They go over a blueprint put out by Microsoft Middle East and Africa that's a little bit older but ...
ListenMDE Tamper Protection from 2022-10-10T02:54:02
This week, Adam and Andy talk about Microsoft Defender for Endpoint's Tamper Protection. This type of feature is also available on other endpoint protection solutions. They talk about what it is...
ListenActive Directory Security Tips from 2022-10-03T03:06:44
This week, Adam and Andy talk about some tips on securing Active Directory. This was inspired by a session led by Trimarc Security at The Experts Conference.
-----------------------------...
ListenKerberoasted from 2022-09-26T02:30:19
This week, Adam and Andy talk about kerberoasting: how it works and how to defend against it. Listen in on this unique attack technique!
-------------------------------------------
Microsoft Teams, Patreon, and Uber from 2022-09-19T01:53:59
This week, Adam and Andy talk about Microsoft Teams and the post-exploit technique that was discovered by Vetra's Project Team and the decision of Patreon to lay off their entire internal inform...
ListenCloudflare and Kiwi Farms from 2022-09-12T03:31:32
This week, Adam and Andy breakdown what led to Cloudflare dropping Kiwi Farms as a customer, why the media and Twitter were up-in-arms about the whole incident, and their thoughts about the deci...
ListenCloud Security 101 from 2022-09-05T23:21:03
This week, Adam and Andy talk about cloud security. If you're looking to learn about cloud security concepts, this is the show for you. They talk about basic and advanced security as well as ris...
ListenBeyond E5, Rebranding, Public Previews in Microsoft Security from 2022-08-29T03:30:09
This week, Adam and Andy pull together all the new product launches and rebranding for Microsoft Security over the last couple of months. Listen in to learn about Microsoft Entra, Defender Threa...
ListenQuantum & Cryptography Follow-up, TikTok, and Janet Jackson from 2022-08-22T03:36:42
This week, Adam and Andy follow up on a few things from the post quantum cryptography episode talking about how one of the quantum resistant algorithms was broken and a lawsuit against the US go...
ListenPost Quantum Series - Part 2 - Quantum Cryptography from 2022-08-15T02:30:22
This week, Adam and Andy talk about post quantum cryptography this week. They go over why quantum computers are a threat to classical cryptography like public key encryption, quantum key distrib...
ListenPost Quantum Series - Part 1 - Quantum Computers from 2022-08-08T01:25:50
This week, Adam and Andy start a two part series on post-quantum computer information security. This first part goes into understanding how quantum computers work and how they differ from classi...
ListenExchange Online Protection Deep-Dive from 2022-08-01T02:30:20
This week, Adam and Andy do a technical deep dive on Exchange Online Protection (EOP). They talk about the pre-delivery and post-delivery protections. They also talk about some of the zero-day p...
ListenPersonal and Organization Privacy from 2022-07-25T02:30:56
This week, Adam and Andy talk about privacy both in organizations and your personal life. They talk about some of the new Microsoft Purview Compliance Classifiers and how it might be an inv...
ListenMicrosoft Security News from 2022-07-18T03:02:09
This week, Adam and Andy talk about some security news relating to Microsoft. First they talk about a phishing campaign that Microsoft detailed that was going on affecting more than 10,000 orgs ...
ListenRisk Management and Data Protection from 2022-07-11T02:30:59
This week, Adam and Andy talk about risk-centric security management and how to shift from looking at just severity of vulnerabilities to reducing risk to your organization. They also talk about...
ListenBasic Auth, Zero Days, & Burnout from 2022-07-04T02:00:17
This week, Adam and Andy catch up some news in their first live show in a couple of weeks. First they talk about CISA's guidance to federal agencies to switch from basic auth to modern auth due ...
ListenSecure Authentication to Azure VMs from 2022-06-27T03:12:20
This week, Adam and Andy talk about different methods to modernize the way you authenticate to virtual machines located in Azure. The first is using Azure Active Directory and the second is usin...
ListenDon't Phish Me, Bro from 2022-06-20T01:30:37
This week, Adam and Andy talk about OMB procurement requirements changing due to increased cybersecurity defense, Gartner's thoughts on consolidated security platforms, and internal phishing cam...
ListenSecuring Guest Access to M365 from 2022-06-12T16:49:37
This week, Adam and Andy talk about how to secure guest access and collaboration in Microsoft 365. They talk about the differences between member and guest users and how guest users are created....
ListenWindows Defender Exploit Guard from 2022-06-06T02:00:53
This week, Adam and Andy talk about Windows Defender Exploit Guard. This is a set of protections built into Windows Server and 10/11 operating systems that provide additional device hardening ru...
ListenPatch Management from 2022-05-30T16:32:35
This week, Adam and Andy talk about patch management. This is basic security and some organizations are still struggling with it. They talk about the explosion of zero days and why continuous mo...
ListenDomain Controller Security from 2022-05-23T02:31:15
This week, Adam and Andy talk about some updated guidance for securing domain controllers in a world where the cloud is a security imperative. They also review some of the existing guidance and ...
ListenCyber Threat Intelligence with Special Guest Charity Wright from 2022-05-16T02:00:42
This week, Adam and Andy talk with threat intelligence expert Charity Wright. Charity talks about her military career and how she got selected as a Chinese linguist and worked with the NSA. Char...
ListenAndy was hacked! from 2022-05-09T02:00:24
This week, Adam and Andy talk about passwordless news released on World Password Day and about how Andy was hacked...listen in to hear the details of what happened!
----------------------...
ListenMFA Bombing from 2022-05-02T04:04:32
This week, Adam and Andy talk about MFA bombing. This tricky compromise circumvents MFA. Listen on what it is and how to protect against it.
------------------------------------------- Listen
Interview with Special Guest Christina Morillo from 2022-04-25T02:05:47
This week, Adam and Andy talk with Christina Morillo about identity, diversity in information security, and her book "97 Things Every Information Security Professional Should Know: Collective Wi...
ListenVPNs vs SDPs from 2022-04-18T01:38:55
Adam and Andy talk about VPN's versus Software Defined Perimeters (SDP) this week. They break down why companies still use VPN's and why they pose an infosec security risk. They present SDP's as...
ListenOkta Says Sorry, Fake Warrants, New PCI Reqs from 2022-04-11T03:47:08
This week's episode, Adam and Andy talk about some interesting infosec news including Okta's apology and how that affected their stock prices. They also talk about the latest Apple zero days and...
ListenInfosec News Catch Up from 2022-03-28T02:00
This week's episode, Adam and Andy catch up on some infosec news including the new Cyber Incident Reporting Act signed into law last week and other reporting policies on the horizon. They also t...
ListenHelpdesk Security from 2022-03-21T02:00
This week's episode, Adam and Andy talk about helpdesk security. Enterprise helpdesks are often a popular target for cybercriminals because they have access to sensitive information and acc...
ListenWar in the Digital Age from 2022-03-14T03:28:06
This week's episode, Adam and Andy talk about the Russian invasion of Ukraine and the information war that is happening behind the scenes. They go over some specific takeaways on what to focus o...
ListenWindows Hello for Business Revisited from 2022-03-07T01:17:19
This week's episode, Adam and Andy talk about the new cloud key trust deployment model for Windows Hello for Business in hybrid environments. Cloud key trust greatly simplifies the deployment of...
ListenPassword Cracking from 2022-02-28T03:43:08
This week's episode, Adam and Andy talk about the basics of password cracking. Understanding how passwords are cracked by offensive security and cybercriminals can help defenders scope and make ...
ListenGeopolitical Crises and Cybersecurity from 2022-02-21T05:37:34
This week's episode, Adam and Andy talk about some of the geopolitical crises happening around the world with Russia and China and how that affects cybersecurity defenders.
--------------...
ListenWindows Defender Application Control from 2022-02-14T04:45:22
This week's episode, Adam and Andy continue their Windows Security series and talk about Defender Application Control. This is a great feature built into Windows Enterprise that can help reduce ...
ListenTabletop Scenarios with Special Guests Nate Gardner and Gavin Ashton from 2022-02-07T03:00
This week's episode, Adam and Andy have a great time chatting with fellow cybersecurity professionals Nate Gardner and Gavin Ashton walking through tabletop scenarios. This is something security...
ListenNews Smash from 2022-01-31T04:27:48
This week's episode, Adam and Andy talk catch up on some infosec news including BadUSB, President Biden's memorandum for National Security Systems, iOS/MacOS vulnerablities, and new hardware wit...
ListenWindows Device Management with Special Guest Shannon Fritz from 2022-01-24T04:18:59
This week's episode, Adam and Andy talk with special guest Shannon Fritz on Windows Device Management. If you haven't listened to Shannon's episode on Device Identity, we encourage you to listen...
ListenF12 and Find Out from 2022-01-17T03:37:28
This week's episode, Adam and Andy talk about the importance of the nomenclature we use in information security. They also talk about the perception of information security to those who are not ...
ListenDigital Asset Management from 2022-01-10T03:50:35
This week's episode, Adam and Andy talk about a fundamental important program for security defenders: asset management. It may not be the most exciting aspect of security but knowing what you ha...
ListenA look back on 2021 from 2022-01-03T03:00
This week's episode, Adam and Andy give an update on Log4j/Log4Shell insights from the Google Security Team. They also look back on some of the vulnerabilities and cyberattacks from 2021 and dis...
ListenWork Life Balance from 2021-12-27T04:29:53
This week's episode, Adam and Andy talk all about a healthy work life balance. With the pandemic still on-going and working from home or hybrid work environments looking like they are not going ...
ListenThreat and Vulnerability Management from 2021-12-20T03:14:46
This week, Adam and Andy talk all about how to start and run a threat and vulnerability program at your company. From asset management, scanning, remediation, and validation, they go...
ListenSecurity Champions from 2021-12-06T03:03:15
This week, Adam and Andy talk about a security champions program. This is a way to bolster the security culture and develop representatives in each business group to understand security initiati...
ListenThings are getting better from 2021-11-29T03:00
This week, Adam and Andy talk about how they see things improving in the cybersecurity industry from the Department of Justice and the US government investigating and hunting down cyber criminal...
ListenZero Trust, Amazon Security, and other news from 2021-11-22T03:33:59
This week, Adam and Andy talk about some recent infosec news, a shocking article about Amazon's lack of security, and what zero trust means to them.
--------------------------------------...
ListenIgnite 2021 Fall Highlights from 2021-11-15T02:23:11
This week, Adam and Andy go over some of the endpoint, Windows, and security announcements from Ignite. If you were too busy to watch any of the sessions or read about the updates, listen in as ...
ListenCybersecurity Talent Gap from 2021-11-08T02:42:13
This week, Adam and Andy talk about the cybersecurity talent gap. They give advice to those who are trying to break into the field as well as hiring managers on changing the way they look at rec...
ListenMicrosoft Digital Defense Report, Consumer Expectations, and Gartner from 2021-11-01T03:34:44
This week, Adam and Andy talk about Microsoft's Digital Defense Report, consumer expectations of "invisible" security, and should you rip out an information security tool just becaus...
ListenWindows 365 with Special Guest Bradley Dupay from 2021-10-25T02:53:39
This week, Adam and Andy talk with Microsoft's Global Black Belt Specialist, Bradley Dupay, about the all new cloud PC offering called Windows 365. They go over how VDI has evolved over the year...
ListenFacebook Outage Learnings and Windows 11 security from 2021-10-18T02:00
This week on the Blue Security Podcast, Adam and Andy talk about the Facebook outage and what security defenders can learn from reading their after actions report. They also dive into Windows 11...
ListenYou are going to be a victim of ransomware from 2021-10-11T01:07:12
This week on the Blue Security Podcast, Adam and Andy talk about planning to be a victim of ransomware. This is a mindset shift. Instead of focusing on prevention, cybersecurity defenders should...
ListenTPM design limitations and Apple-Google app store actions from 2021-10-04T01:08:56
This week on the Blue Security Podcast, Adam and Andy talk about two interesting topics. The first is a pentesting company's successful hack Bitlocker using a TPM limitation. They talk about why...
ListenProtonmail kerfuffle from 2021-09-27T02:54:55
This week on the Blue Security Podcast, Adam and Andy talk about the hot water Protonmail got themselves into when the news reported that they provided IP address and device information on...
ListenMisconceptions about MDM from 2021-09-20T01:53:30
This week on the Blue Security Podcast, Adam and Andy go over a bunch of misconceptions about mobile device management spurred by some chatter on Twitter. Should you enroll your personal device ...
ListenOne year anniversary! from 2021-09-13T02:00
This week on the Blue Security Podcast, Adam and Andy celebrate one year of the podcast looking back on past episodes and key takeaways.
-------------------------------------------
Apple's Protections for Children from 2021-09-06T01:09:59
This week on the Blue Security Podcast, Adam and Andy talk about Apple's new proposed iOS 15 feature to protect children. They break down the technical details of how Apple differs from the othe...
ListenSecurity News Edition: Lockfile, Razer, and T-mobile from 2021-08-30T02:41:11
This week on the Blue Security Podcast, Adam and Andy breakdown some of the latest infosec news. They go over some hardening advice on the current Exchange ProxyShell vulnerability and Lockfile'...
ListenWindows Hello for Business from 2021-08-23T02:44:02
This week on the Blue Security Podcast, Adam and Andy discuss the enterprise-ready passwordless solution that's already built into your Windows 10 PCs. If your business-class PCs have a TPM, you...
ListenMistakes that hinder a security team's success with Special Guest Nate Gardner from 2021-08-16T02:42:32
This week, Nate Gardner joins Andy to talk about mistakes that security teams can make that will hinder their success at organizations. And these aren't technical errors. Listen in because these...
ListenSecure Privileged Access from 2021-08-09T01:36:50
This week, Adam and Andy go through Microsoft's best practice on securing privileged access. This documentation is amazing and extremely detailed. There are some great tips including administrat...
ListenWindows Defender Application Guard from 2021-08-02T01:20:28
This week, Adam and Andy continue their series on Windows security by talking about Windows Defender Application Guard. This is a great security feature in Windows 10 that isolates the browser i...
ListenPegasus, Twitter MFA, & Underfunding Infosec from 2021-07-25T21:46:20
This week, Adam and Andy discuss some interesting articles that were published during the week. Pegasus, a suite of mobile phone exploits, was big in the news again. Twitter released a report on...
ListenCISA's RVA findings and what it means for organizations from 2021-07-19T02:57:27
This week, Adam and Andy go over CISA's (Cybersecurity & Infrastructure Security Agency) Risk and Vulnerability Assessments finding for 2020. In CISA's report, there were data driven values ...
ListenThe Tech We Use from 2021-07-12T03:28:14
This week, Andy and Adam take a break from cybersecurity and have a little fun talking about the tech they use. They chat about their phones, computers, headphones, mics, and more! Below are lin...
ListenInformation Protection with Special Guest Rachel O'Shea from 2021-07-05T01:45:24
This week, Rachel O'Shea, a Senior Technical Specialist in Compliance at Microsoft, join Adam and Andy to talk about information protection and governance. Rachel has a wealth of experience in c...
ListenShould you block or allow this app? from 2021-06-28T03:36:12
This week, Adam and Andy talk about what infosec professionals should consider when being asked to block or allow an application.
----------------------------------------------
You...
ListenSpecial Episode - Programming Note from 2021-06-21T14:00
Adam and Andy have some news to share!
--- Send in a voice message: https://anchor.fm/blue-security-podcast/message ListenWindows Defender Credential Guard from 2021-06-21T02:39:37
This week, Adam and Andy do a deep technical dive on Windows Defender Credential Guard. This security feature is part of Windows 10 Enterprise and not as broadly deployed as it should be. Learn ...
ListenThe True Cost of Ransomware from 2021-06-14T01:21:33
This week, Adam and Andy talk about how cyberattacks and ransomware incidents are increasing in frequency and how the financial impact is getting greater both for payments and for re...
ListenDigital Every Day Carry (EDC) from 2021-06-07T00:30:27
This week, Adam and Andy talk about their digital "Every Day Carry" (EDC). These are tools they use personally on an every day basis to keep themselves and their data safe. They go through each ...
ListenThat Infosec Op-Ed from 2021-05-31T18:27:47
This week, Adam and Andy talk about the op-ed written by Prof Allen Gwinn in The Hill that had the information security community up in arms. They counter his article in a thoughtful way because...
ListenInformation Security Leadership with Special Guest Doug Turecek from 2021-05-24T02:00
This week, Adam and Andy talk with Doug Turecek. Doug has over 25 years of experience in information technology and is currently the Information Security Officer for Exact Sciences. They talk ab...
ListenColonial Pipeline and other news from 2021-05-17T01:52:31
This week, Adam and Andy talk about the Colonial Pipeline ransomware incident, the executive order President Biden signed on improving cybersecurity, and what infosec professional want to t...
ListenSecurity Change Management from 2021-05-10T02:05:31
This week Andy and Adam talk about security change management. Rolling out a security change or a new security product can be difficult and stressful if not done correctly. It's impo...
ListenBrowser Security from 2021-05-03T02:49
This week Andy and Adam talk about browser security. They break down why it's important to secure your browser's configuration and recommendations on settings for Edge, Chrome, and Firefox. They...
ListenMentorship with Special Guest Matt Wood from 2021-04-26T00:26:53
This week Andy and Adam chat with Matt Wood. Matt is an information security manager who was Andy's first mentor in infosec. They talk about the importance of mentorship, what the relationship i...
ListenM365 Productivity Tips and Tricks from 2021-04-19T02:46:40
This week, Adam and Andy take a break from security and give you their favorite tips and tricks for the M365 Suite. Hopefully you learn something and we'd love to hear your tips and tricks! Emai...
ListenZscaler Security with Raja Khalid from 2021-04-12T02:15:30
This week, Adam and Andy chat with Raja on Zscaler, one of our favorite tools when it comes to DNS security (and more!). Zscaler is a scalable security tool that performs category and ...
ListenMac Management with Special Guest Matthew Ward and Matt Benyo from 2021-04-05T02:00
This week, Adam and Andy are joined by Matthew Ward and Matt Benyo to talk about Mac Management. Macs are more and more important in enterprises and getting a hold on how to manage the...
ListenHow to get into cybersecurity and the skills you need from 2021-03-29T04:00
This week, Adam and Andy cover how people can break into the cybersecurity industry and the skills they might need prior to finding their first job. They cover a range of topics from basic ...
ListenAzure Sentinel with Special Guest John Joyner from 2021-03-21T20:55:10
This week, Microsoft MVP John Joyner joins the show to talk about Azure Sentinel. If you're in the market for a SIEM or looking to bolster your security tools at your organization, we give you s...
ListenPhysical Security with Special Guest Wesley Strey from 2021-03-15T02:08:30
This week, Andy is joined by Wesley Strey to talk about the subdomain of physical security. There are so many great parallels between information security and physical security. We hope listener...
ListenSay Goodbye to Domain Join with Special Guest Shannon Fritz from 2021-03-08T02:37:03
This week, Shannon Fritz joins the show to talk about device identity and why you should start joining your devices to Azure Active Directory. This show is jam packed full of information from di...
ListenCloud Application Security Brokers from 2021-02-28T21:19:08
This week, Adam and Andy talk about cloud application security brokers (CASB). The podcast is focused more around Microsoft Cloud App Security but the concepts and use cases can be applied to an...
ListenPassword Managers from 2021-02-22T05:00
This week, Adam and Andy talk about password managers. They discuss on password managers can protect you from phishing attacks, pros/cons of storing your TOTP key within your vault, and compare ...
ListenWhat is EvilGinx and How do you protect against it? from 2021-02-15T04:03:42
This week, Adam and Andy talk about a Red Team/Pentesting tool called EvilGinx. They explain how this tool works and how cyber-criminals can use it to bypass MFA enabled accounts. Most important...
ListenModern Device Management from 2021-02-08T02:39:50
This week, Adam and Andy go over modern device management. They discuss how to use device based conditional access to make access decisions on corporate or personal devices spanning different op...
ListenReal-world Ransomware Experience with Special Guest Gavin Ashton from 2021-02-01T02:54:07
This week, Adam and Andy speak with Stealthbits security strategist, Gavin Aston. Gavin wrote the blog "Maersk, me & notPetya" and brings a unique percepective to information security defens...
ListenGuest speaker Morgan Patzwald on Active Directory Security from 2021-01-31T22:10:42.023393
This week, Morgan joins Adam and Andy on the podcast to discuss on-prem Active Directory security. They dive into administrator privileges, best practice for account creation, GPO's, and server ...
ListenApplication Security with Special Guest Tanya Janca from 2021-01-25T05:00
This week, Adam and Andy speak with application security guru, Tanya Janca, author of Alice and Bob learn Application Security. It was an amazing conversation where they touched on secure app de...
ListenSecure Messaging from 2021-01-18T04:59:50
This week, Adam and Andy go over some news about Microsoft Defender for Identity and Intel's new CPU ransomware protection. There was also some news about Whatsapp's new privacy policy. Adam and...
ListenSolarwinds Revisited and Tech Policy under a Biden Administration from 2021-01-11T05:00
This week, Adam and Andy revisit some more guidance that has come out about Sunburst/Solarigate since the initial breach. Additionally, they share some thoughts about this week's insurrection at...
ListenInformation Security Tips & Tricks for Parents from 2021-01-04T05:00
Happy New Year! To ring in the new year, this week's episode focuses on parents who are working from home while having to help home school their kids as well. Adam and Andy go through a lot of t...
ListenMerry Christmas! Learn how to spin up your own VM lab and dev environments from 2020-12-27T04:18:45
This holiday week, Adam and Andy give you some advice on how to spin up your own virtual machine lab and dev environment. They go through SaaS applications that have free dev environments as wel...
ListenOur thoughts on Fireeye, Solarwinds, and Sunburst from 2020-12-21T04:40:47
This week, Adam and Andy give you their thoughts on the Fireeye and Solarwinds breach. They also give defenders advice on immediate steps to help strengthen their organizations as well as some f...
ListenPasswordless Authentication from 2020-12-14T05:00
Passwordless authentication is one of those rare features that strengthens security while making it easier for users to sign in. This week, Adam and Andy breakdown passwordless authentication op...
ListenConditional Access from 2020-12-07T04:41:49
This is it! Adam and Andy are finally diving into conditional access. They give an overview on what conditional access is including different types of conditional access like user, sign-in, and ...
ListenWork from Home - Tips and Tricks from 2020-11-30T05:00
On this week's episode, Andy and Adam give you their tips and tricks for working from home. Having been in mature work from home company cultures, they have insights on what it was like pre and ...
ListenOur thoughts on Chris Krebs, Infosec Job Security, and Infosec Qualifications from 2020-11-23T05:00
On this week's episode, Andy and Adam give their thoughts on the firing of Chris Krebs, former director of CISA. They also talk about their opinions on whether a CISO should be fired after a cyb...
ListenActive Directory Security with Special Guest Morgan Patzwald from 2020-11-16T05:00
This week, Morgan joins Adam and Andy on the podcast to discuss on-prem Active Directory security. They dive into administrator privileges, best practice for account creation, GPO's, and server ...
ListenSingle-Sign On (SSO) and Self-Service Password Reset (SSPR) from 2020-11-09T05:00
This week, Adam and Andy go over why you should think about using an Identity Provider (IDP) to onboard your SaaS apps to use SSO. They also talk about why it's really important to think about w...
ListenHow did we get into information security and career progression advice from 2020-11-02T03:54:08
This week, Adam and Andy bring you a bonus episode where they talk about how they got into information security and offer advice on career progression in IT and cybersecurity.
Doc...
ListenRansomware protection - Part 4 - Windows 10 Security, Network Segmentation, Detection and Recovery from 2020-10-26T03:24:46
This week, Adam and Andy wrap up the ransomware series by first going over controlled folder access in Windows 10 security and Onedrive for Business Known Folder Move. They discuss network segme...
ListenRansomware Protection - Part 3 - Admin Rights, Email Protection, Phishing Training from 2020-10-19T04:00
This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into the concept of least privileged access and administrative ...
ListenRansomware Protection - Part 2 - EDR, Patching, and Pentesting from 2020-10-12T04:00
This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into EDR solutions, patching and vulnerability assessment manag...
ListenRansomware Protection - Part 1 - Soft Skills and Endpoint Protection from 2020-10-05T05:14:23
Due to the recent ransomware attacks, Adam and Andy use this episode to kick off a series on how to protect your company from ransomware. We started with how security professionals need to have ...
ListenEnabled MFA! from 2020-09-28T04:00:03
In this episode, Adam and Andy talk about why if you have not enabled MFA for your identity provider (IDP), this should be your top priority today. They also talk about steps for implementation ...
ListenGeo-restricting IP addresses, Password policies, Defense against password spray attacks from 2020-09-21T00:58:14
In this first episode, Adam and Andy discuss whether geo-restricting IP addressing is considered "good" security. They also discuss Azure AD password protection as a method to protect against pa...
Listen