Podcasts by Blue Security

CNAPP - Defender for Cloud Overview from 2023-12-11T15:00

This episode of the Blue Security Podcast discusses the Cloud Native Application Protection Platform (CNAPP) and Microsoft's Defender for Cloud. The hosts provide an overview of CNAPP and it...

MeridianLink extortion, Plastic Surgery office breached, AI voice clones from 2023-12-04T15:00:09

On this week's episode, Adam and Andy talk about a ransomware gang making an SEC complaint against their victim, a medical office breach, and AI voice clones. -------------------------------...

Microsoft Ignite 2023 - Part 2 from 2023-12-04T14:57:04

On this week's episode, Adam and Andy talk about more things on security from Microsoft Ignite. From canary capabilities in MDE to Automatic Conditional Access Policies, there are a TON of r...

Microsoft Ignite 2023 - Part 1 from 2023-11-20T17:48:01

On this week's episode, Adam and Andy talk about all the security announcements from Microsoft Ignite 2023. There were SO many that this will be part 1 with another episode being released in...

Okta Breach Follow-up and Passkeys from 2023-11-13T15:00

On this week's episode, Andy and Adam talk about the follow up investigation from Okta about their support system breach along with some lessons that listeners can take away. They also talk ...

SEC charges Solarwinds CISO & Backing up and Archiving M365 data from 2023-11-12T22:47:03

On this week's episode, Andy and Adam talk about the SEC charging the Solarwinds CISO with fraud and the implications on the overall security leadership community. They also talk about some ...

23andMe, Okta breach, MDE Automatic Attack Disruption from 2023-10-30T14:07:40

On this week's episode, Andy and Adam talk about the 23andMe and Okta breach that happened recently along with some recommendations on how organizations can try and prevent similar attacks i...

Entra Web-sign in, MDE Device Control, Imposter Syndrome from 2023-10-23T17:46:41

On this week's episode, Andy and Adam talk about some new features with Entra Web Sign-in and Microsoft Defender for Endpoint Device Control. They also talk about what every infosec professi...

Conditional Access Gap Analysis from 2023-10-19T19:17:56

On this week's episode, Andy and Adam talk about how to think about your conditional access policy design to avoid some common gaps that attackers can take advantage of.

------------...

Unpopular Cybersecurity Opinions from 2023-10-09T13:59:26

On this week's episode, Andy and Adam talk about a fun Twitter/X thread where cybersecurity professionals expressed some "unpopular opinions."

-----------------------------...

JCI Ransomware, Ransomware Negotiations, CISA guidance from 2023-10-02T14:00

On this week's episode, Andy and Adam talk about Johnson Controls' ransomware attack and some implications on national security. They also talk about some lessons learned from ransomware...

MITRE Engenuity ATT&CK Evaluations and Insider Risk from 2023-09-26T14:26:56

On this week's episode, Andy and Adam talk about the results of the MITRE Engenuity ATT&CK Evaluations and how to interpret them. They also talk about the rising costs of insider risk an...

MGM Resorts Security Incident from 2023-09-18T14:00

On this week's episode, Andy and Adam talk about the security incident impacting MGM Resorts. They discuss the attack vector of social engineering and ways that you can help protect your hel...

Apple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard from 2023-09-11T13:38:08

On this week's episode, Andy and Adam talk about Apple's no-click zero day, the technical findings of the follow up investigation on Storm-0558, and the new Microsoft Conditional Access ...

Data Security in Microsoft 365 from 2023-09-04T14:00

On this week's episode, Andy and Adam talk about data security in Microsoft 365. They talk about data discovery, data classification, and some of the tools like sensitivity and retention lab...

Side channel attack, White House cybersecurity workforce plan, IBM Cost of a Data Breach from 2023-08-28T14:00

On this week's episode, Andy and Adam catch up some worthy infosec news including a new side channel attack, the White House cybersecurity workforce plan, and IBM's Cost of a Data Breach...

Red Teaming with Special Guest 23P from 2023-08-21T14:00

On this week's episode, Andy and Adam talk with Michael Belton and Dave Falkenstein from 23p, a Madison, Wisconsin based red-teaming company about pentesting, purple teaming, and start out i...

Securing Entra External Identities from 2023-08-14T14:00

On this week's episode, Andy and Adam talk about securing Entra external identities. They talk about B2B and B2C as well as a few other lesser known features of external identities like dire...

Educating Defenders with Special Guest Howard Friedman, Ascent Solutions from 2023-08-07T15:35:09

On this week's episode, Andy and Adam welcome guest Howard Friedman of Ascent Solutions to the program. Howard helps educate our audience of security defenders on the why, when, and how to e...

New SEC and FCC rules, and Samsung device security from 2023-07-31T14:00

On this week's episode, Adam and Andy talk about some new SEC and FCC rules as well as some news on Samsung device security.

-------------------------------------------

Youtu...

Expanded M365 audit logs, Threads, new Entra features from 2023-07-24T14:00

On this week's episode, Adam and Andy follow up on Storm-0558 and how Microsoft is expanding cloud logging as a result of the threat actor. They also chat about Threads, Meta's new Twitt...

Storm-0558 - Attack on Exchange Online from 2023-07-17T14:00

On this week's episode, Adam and Andy talk Storm-0558, the China-based actor, that compromised Exchange Online. They go through the attack chain and CISA's guidance on how you can better...

Common M365 Misconfigurations from 2023-07-10T14:00

On this week's episode, Adam and Andy talk through Trimarc Security's blog on M365 security misconfigurations. Surprisingly, there are a few that are still being seen through security as...

What's new with Intune and Entra from 2023-07-03T13:00

On this week's episode, Adam and Andy talk about some new features in Intune and Entra. There are some great features that are in public preview and general availability that admins should b...

OWASP Top 10 and Top 10 for LLM from 2023-06-26T15:04:48

on this week's episode, Adam and Andy talk about the OWASP Top 10 and the Top 10 for Large Language models. It is good for defenders to understand these vulnerabilities even if you are not i...

Network Security 101 from 2023-06-19T14:00:08

On this week's episode, Adam and Andy talk about the basics of network security. They go over asset management, firewalls, IDS/IPS, NDR's, and administrative access. If you're new to...

MSSP's from 2023-06-12T15:23:09

On this week's episode, Adam and Andy talk about Managed Security Service Providers (MSSP's). They talk about the different levels and services you can get from providers and introduce s...

Protecting M365 from on-premise attacks from 2023-06-05T14:00:53

On this week's episode, Adam and Andy talk about Microsoft's guidance on how to protect your M365 environment from on-premises attacks.

-------------------------------------------...

Microsoft Build 2023 Recap from 2023-05-30T04:00:22

On this week's episode, Adam and Andy give their perspective on some of the interesting security topics from Microsoft Build 2023.

-------------------------------------------

Y...

Limiting Chatgpt from 2023-05-22T14:00:52

On this week's episode, Adam and Andy talk about how many companies are limiting access to ChatGPT in their corporate assets. They discuss why this is happening and recommendations on how to...

Apple Rapid Security, Data Encryption, Layoffs & Insider Risk from 2023-05-15T14:00:08

On this week's episode, Adam and Andy talk about Apple's new Rapid Security update for iOS and Android. They also talk about different ways to encrypt data for protection. Finally, with ...

Microsoft Secure Score from 2023-05-08T14:00:45

On this week's episode, Adam and Andy talk about one of the most underutilized features of M365: Secure Score. They talk about what it is and go through some of the reasons why organizations...

Workplace Join, Azure AD Join, and Windows (Cloud) LAPS from 2023-05-01T14:00:37

On this week's episode, Adam and Andy talk about how Microsoft FTE's are going from Workplace Join to only Azure AD Join devices and their thoughts on it. They also talk about the much a...

Meta E2E, Proton Pass, LI Verified ID, iPhone Security from 2023-04-24T14:00:33

On this week's episode, Adam and Andy talk about Meta's plans on end to end encryption for Facebook and Instagram messages. They also talk about Proton's new password vault that just...

Security Copilot, Incident Response Retainer, Exchange Server On-Prem from 2023-04-17T14:00:08

On this week's episode, Adam and Andy talk about some Microsoft news including the newly unveiled Security Co-Pilot. They also talk about Microsoft's Incident Response Retainer and their...

State of Identity 2023 from 2023-04-10T14:00:11

On this week's episode, Adam and Andy talk about Oort's report on the state of identity in 2023. They talk about the takeaways from the report and provide some action items on how to sho...

News Update - MDVM, SEC Guidance, M365 Copilot from 2023-04-03T14:00:27

On this week's episode, Adam and Andy talk about some recent news including Microsoft Defender Vulnerability Management going generally available, some SEC guidance that will be going live i...

Protect your home network by the NSA from 2023-03-27T14:23:57

On this week's episode, Adam and Andy talk about the NSA's guidance on how to secure your home network. This may be basic for most cybersecurity pros but there's a lot of great infor...

White House National Cybersecurity Strategy from 2023-03-20T03:05:22

On this week's episode, Adam and Andy talk about the new White House National Cybersecurity Strategy from the Biden-Harris administration.

-------------------------------------------<...

Intune Suite from 2023-03-13T05:04:03

On this week's episode, Adam and Andy talk about the new Intune Suite. This is a new offering from Microsoft that will help bolster the security and streamline device management. Listen in to he...

Lastpass Incident Update from 2023-03-06T03:32:24

On this week's episode, Adam and Andy talk about the update to the Lastpass security incident. There are a lot of lessons to learn from the mistakes of Lastpass. Props to Lastpass on the disclos...

Road to the Cloud from 2023-02-27T05:35:06

On this week's episode, Adam and Andy talk about the different states of transformation when going through your journey to reduce dependency on on-premise infrastructure and Active Directory by ...

Identity Trends from 2023-02-20T07:21:26

On this week's episode, Adam and Andy talk through Alex Weinert's post about Identity Trends. Stay through the end to get your identity to-do list for this year!

-------------------------...

Identity Governance and Administration from 2023-02-13T06:37:06

On this week's episode, Adam and Andy talk about Identity Governance and Administration (IGA). They talk about what makes up a good IGA program and advice on some policies and procedures. They a...

ChatGPT from 2023-02-06T05:15:30

On this week's episode, Adam and Andy talk about ChatGPT. This innovative AI based chatbot is stirring up a storm of news. They'll talk about what it is and some great use cases for infosec prof...

Tech Layoffs from 2023-01-30T04:20:29

On this week's episode, Adam and Andy talk about the tech layoffs. Andy talks about his career and how he's dealt with being laid off multiple times. Listen in if you're interested in how to men...

Operational Excellence from 2023-01-23T05:02:24

On this week's episode, Adam and Andy talk about what operational excellence means and how it can help bolster your cybersecurity at your organization.

-----------------------------------...

News Catchup from 2023-01-16T05:43:59

On this week's episode, Adam and Andy do a catch up on news from December and talk about the retirement of Windows 7 ESU and 8.1. They also talk about Apple's Advanced Data Protection and the La...

Windows Defender Firewall from 2023-01-09T05:47:18

On this week's episode, Adam and Andy talk about Windows Defender Firewall. This often is overlooked, misconfigured, or part of legacy policies. With the start of a brand new year, it is a good ...

What we learned in 2022 in cybersecurity from 2023-01-02T03:18:37

On this week's episode, Adam and Andy talk about some trends from this past year and what they would focus on securing for 2023.

-------------------------------------------

Youtube...

Windows Autopatch with Special Guest Adam Nichols from 2022-12-26T03:56:58

On this week's episode, Adam and Andy talk with Adam Nichols, a Product Manager for Windows Autopatch. They talk about all things patching and do a deep dive on how the Windows Autopatch service...

Passkeys from 2022-12-19T03:00:51

On this week's episode, Adam and Andy talk about passkeys. This may be the replacement for passwords that we're looking for and it is starting to go mainstream with the collaboration between Mic...

Microsoft's Insider Risk Report from 2022-12-12T04:44:41

On this week's episode, Adam and Andy talk about Microsoft's Insider Risk Report for 2022. This report give insight on how to build a holistic insider risk program but combining tooling, people ...

DDoS Protection from 2022-12-05T04:23:58

On this week's episode, Adam and Andy talk about CISA's DDoS protection guidance. This follows the episode on Microsoft's Digital Defense Report where DDoS attacks and protections were also high...

Microsoft's Digital Defense Report from 2022-11-28T03:54:55

On this week's episode, Adam and Andy talk about Microsoft's Digital Defense Report. This report has a wealth of information on the state of cybersecurity, current trends, attack vectors, and de...

How to Mastodon from 2022-11-21T03:54:54

On this week's episode, Adam is back and joined by Andy to talk about Mastodon. This decentralized social media platform has been around since 2016 and recently has been growing exponentially du...

Patch Tuesday, Medibank Breach, Twitter Meltdown from 2022-11-14T05:40:34

This week, friend of the pod, Shannon Fritz, fills in for Adam and he and Andy talk about the big update for Patch Tuesday, the Medibank double extortion incident, and the meltdown happening at ...

Old Phishing Tricks Are Still Working from 2022-11-07T03:55:48

This week, Adam and Andy talk about the Dropbox and Twilio breach where old phishing tricks worked and attackers were able to get credentials. They also talk about CISA's new guidance on phish r...

SOCRadar and Ignite 2022 highlights from 2022-10-31T04:33:47

This week, Adam and Andy talk about the SOCRadar disclosure of a misconfigured Microsoft endpoint that led to a data privacy incident. They talk about what happened and what you should know as a...

IBM Incident Responder Report from 2022-10-24T03:17:34

This week, Adam and Andy talk about IBM's Incident Responder Report. This report has some great empirical data on incident responder perceptions and how incidents impact mental health. Listen in...

BYOD Zero-Trust Architecture from 2022-10-17T03:30:20

This week, Adam and Andy talk about how to look at BYOD policies in a Zero-Trust architecture. They go over a blueprint put out by Microsoft Middle East and Africa that's a little bit older but ...

MDE Tamper Protection from 2022-10-10T02:54:02

This week, Adam and Andy talk about Microsoft Defender for Endpoint's Tamper Protection. This type of feature is also available on other endpoint protection solutions. They talk about what it is...

Active Directory Security Tips from 2022-10-03T03:06:44

This week, Adam and Andy talk about some tips on securing Active Directory. This was inspired by a session led by Trimarc Security at The Experts Conference.

-----------------------------...

Kerberoasted from 2022-09-26T02:30:19

This week, Adam and Andy talk about kerberoasting: how it works and how to defend against it. Listen in on this unique attack technique!

-------------------------------------------

Microsoft Teams, Patreon, and Uber from 2022-09-19T01:53:59

This week, Adam and Andy talk about Microsoft Teams and the post-exploit technique that was discovered by Vetra's Project Team and the decision of Patreon to lay off their entire internal inform...

Cloudflare and Kiwi Farms from 2022-09-12T03:31:32

This week, Adam and Andy breakdown what led to Cloudflare dropping Kiwi Farms as a customer, why the media and Twitter were up-in-arms about the whole incident, and their thoughts about the deci...

Cloud Security 101 from 2022-09-05T23:21:03

This week, Adam and Andy talk about cloud security. If you're looking to learn about cloud security concepts, this is the show for you. They talk about basic and advanced security as well as ris...

Beyond E5, Rebranding, Public Previews in Microsoft Security from 2022-08-29T03:30:09

This week, Adam and Andy pull together all the new product launches and rebranding for Microsoft Security over the last couple of months. Listen in to learn about Microsoft Entra, Defender Threa...

Quantum & Cryptography Follow-up, TikTok, and Janet Jackson from 2022-08-22T03:36:42

This week, Adam and Andy follow up on a few things from the post quantum cryptography episode talking about how one of the quantum resistant algorithms was broken and a lawsuit against the US go...

Post Quantum Series - Part 2 - Quantum Cryptography from 2022-08-15T02:30:22

This week, Adam and Andy talk about post quantum cryptography this week. They go over why quantum computers are a threat to classical cryptography like public key encryption, quantum key distrib...

Post Quantum Series - Part 1 - Quantum Computers from 2022-08-08T01:25:50

This week, Adam and Andy start a two part series on post-quantum computer information security. This first part goes into understanding how quantum computers work and how they differ from classi...

Exchange Online Protection Deep-Dive from 2022-08-01T02:30:20

This week, Adam and Andy do a technical deep dive on Exchange Online Protection (EOP). They talk about the pre-delivery and post-delivery protections. They also talk about some of the zero-day p...

Personal and Organization Privacy from 2022-07-25T02:30:56

This week, Adam and Andy talk about privacy both in organizations and your personal life. They talk about some of the new Microsoft Purview Compliance Classifiers and how it might be an inv...

Microsoft Security News from 2022-07-18T03:02:09

This week, Adam and Andy talk about some security news relating to Microsoft. First they talk about a phishing campaign that Microsoft detailed that was going on affecting more than 10,000 orgs ...

Risk Management and Data Protection from 2022-07-11T02:30:59

This week, Adam and Andy talk about risk-centric security management and how to shift from looking at just severity of vulnerabilities to reducing risk to your organization. They also talk about...

Basic Auth, Zero Days, & Burnout from 2022-07-04T02:00:17

This week, Adam and Andy catch up some news in their first live show in a couple of weeks. First they talk about CISA's guidance to federal agencies to switch from basic auth to modern auth due ...

Secure Authentication to Azure VMs from 2022-06-27T03:12:20

This week, Adam and Andy talk about different methods to modernize the way you authenticate to virtual machines located in Azure. The first is using Azure Active Directory and the second is usin...

Don't Phish Me, Bro from 2022-06-20T01:30:37

This week, Adam and Andy talk about OMB procurement requirements changing due to increased cybersecurity defense, Gartner's thoughts on consolidated security platforms, and internal phishing cam...

Securing Guest Access to M365 from 2022-06-12T16:49:37

This week, Adam and Andy talk about how to secure guest access and collaboration in Microsoft 365. They talk about the differences between member and guest users and how guest users are created....

Windows Defender Exploit Guard from 2022-06-06T02:00:53

This week, Adam and Andy talk about Windows Defender Exploit Guard. This is a set of protections built into Windows Server and 10/11 operating systems that provide additional device hardening ru...

Patch Management from 2022-05-30T16:32:35

This week, Adam and Andy talk about patch management. This is basic security and some organizations are still struggling with it. They talk about the explosion of zero days and why continuous mo...

Domain Controller Security from 2022-05-23T02:31:15

This week, Adam and Andy talk about some updated guidance for securing domain controllers in a world where the cloud is a security imperative. They also review some of the existing guidance and ...

Cyber Threat Intelligence with Special Guest Charity Wright from 2022-05-16T02:00:42

This week, Adam and Andy talk with threat intelligence expert Charity Wright. Charity talks about her military career and how she got selected as a Chinese linguist and worked with the NSA. Char...

Andy was hacked! from 2022-05-09T02:00:24

This week, Adam and Andy talk about passwordless news released on World Password Day and about how Andy was hacked...listen in to hear the details of what happened!

----------------------...

MFA Bombing from 2022-05-02T04:04:32

This week, Adam and Andy talk about MFA bombing. This tricky compromise circumvents MFA. Listen on what it is and how to protect against it.

------------------------------------------- Listen

Interview with Special Guest Christina Morillo from 2022-04-25T02:05:47

This week, Adam and Andy talk with Christina Morillo about identity, diversity in information security, and her book "97 Things Every Information Security Professional Should Know: Collective Wi...

VPNs vs SDPs from 2022-04-18T01:38:55

Adam and Andy talk about VPN's versus Software Defined Perimeters (SDP) this week. They break down why companies still use VPN's and why they pose an infosec security risk. They present SDP's as...

Okta Says Sorry, Fake Warrants, New PCI Reqs from 2022-04-11T03:47:08

This week's episode, Adam and Andy talk about some interesting infosec news including Okta's apology and how that affected their stock prices. They also talk about the latest Apple zero days and...

LAPSUS$ from 2022-04-04T02:53:16

This week's episode, Adam and Andy talk about the hacker group LAPSUS$. They go over what makes this group unique in the cybercriminal world and a breakdown of the latest high value targets.

Infosec News Catch Up from 2022-03-28T02:00

This week's episode, Adam and Andy catch up on some infosec news including the new Cyber Incident Reporting Act signed into law last week and other reporting policies on the horizon. They also t...

Helpdesk Security from 2022-03-21T02:00

This week's episode, Adam and Andy talk about helpdesk security. Enterprise helpdesks are often a popular target for cybercriminals because they have access to sensitive information and acc...

War in the Digital Age from 2022-03-14T03:28:06

This week's episode, Adam and Andy talk about the Russian invasion of Ukraine and the information war that is happening behind the scenes. They go over some specific takeaways on what to focus o...

Windows Hello for Business Revisited from 2022-03-07T01:17:19

This week's episode, Adam and Andy talk about the new cloud key trust deployment model for Windows Hello for Business in hybrid environments. Cloud key trust greatly simplifies the deployment of...

Password Cracking from 2022-02-28T03:43:08

This week's episode, Adam and Andy talk about the basics of password cracking. Understanding how passwords are cracked by offensive security and cybercriminals can help defenders scope and make ...

Geopolitical Crises and Cybersecurity from 2022-02-21T05:37:34

This week's episode, Adam and Andy talk about some of the geopolitical crises happening around the world with Russia and China and how that affects cybersecurity defenders.

--------------...

Windows Defender Application Control from 2022-02-14T04:45:22

This week's episode, Adam and Andy continue their Windows Security series and talk about Defender Application Control. This is a great feature built into Windows Enterprise that can help reduce ...

Tabletop Scenarios with Special Guests Nate Gardner and Gavin Ashton from 2022-02-07T03:00

This week's episode, Adam and Andy have a great time chatting with fellow cybersecurity professionals Nate Gardner and Gavin Ashton walking through tabletop scenarios. This is something security...

News Smash from 2022-01-31T04:27:48

This week's episode, Adam and Andy talk catch up on some infosec news including BadUSB, President Biden's memorandum for National Security Systems, iOS/MacOS vulnerablities, and new hardware wit...

Windows Device Management with Special Guest Shannon Fritz from 2022-01-24T04:18:59

This week's episode, Adam and Andy talk with special guest Shannon Fritz on Windows Device Management. If you haven't listened to Shannon's episode on Device Identity, we encourage you to listen...

F12 and Find Out from 2022-01-17T03:37:28

This week's episode, Adam and Andy talk about the importance of the nomenclature we use in information security. They also talk about the perception of information security to those who are not ...

Digital Asset Management from 2022-01-10T03:50:35

This week's episode, Adam and Andy talk about a fundamental important program for security defenders: asset management. It may not be the most exciting aspect of security but knowing what you ha...

A look back on 2021 from 2022-01-03T03:00

This week's episode, Adam and Andy give an update on Log4j/Log4Shell insights from the Google Security Team. They also look back on some of the vulnerabilities and cyberattacks from 2021 and dis...

Work Life Balance from 2021-12-27T04:29:53

This week's episode, Adam and Andy talk all about a healthy work life balance. With the pandemic still on-going and working from home or hybrid work environments looking like they are not going ...

Threat and Vulnerability Management from 2021-12-20T03:14:46

This week, Adam and Andy talk all about how to start and run a threat  and vulnerability program at your company. From asset management,  scanning, remediation, and validation, they go...

Log4Shell from 2021-12-13T02:57:30

This week, Adam and Andy talk all about the Log4Shell vulnerability affecting the log4j Java library. They give an overview on how it works and how you as a security defender can secure your env...

Security Champions from 2021-12-06T03:03:15

This week, Adam and Andy talk about a security champions program. This is a way to bolster the security culture and develop representatives in each business group to understand security initiati...

Things are getting better from 2021-11-29T03:00

This week, Adam and Andy talk about how they see things improving in the cybersecurity industry from the Department of Justice and the US government investigating and hunting down cyber criminal...

Zero Trust, Amazon Security, and other news from 2021-11-22T03:33:59

This week, Adam and Andy talk about some recent infosec news, a shocking article about Amazon's lack of security, and what zero trust means to them.

--------------------------------------...

Ignite 2021 Fall Highlights from 2021-11-15T02:23:11

This week, Adam and Andy go over some of the endpoint, Windows, and security announcements from Ignite. If you were too busy to watch any of the sessions or read about the updates, listen in as ...

Cybersecurity Talent Gap from 2021-11-08T02:42:13

This week, Adam and Andy talk about the cybersecurity talent gap. They give advice to those who are trying to break into the field as well as hiring managers on changing the way they look at rec...

Microsoft Digital Defense Report, Consumer Expectations, and Gartner from 2021-11-01T03:34:44

This week, Adam and Andy talk about Microsoft's Digital Defense Report,  consumer expectations of "invisible" security, and should you rip out an  information security tool just becaus...

Windows 365 with Special Guest Bradley Dupay from 2021-10-25T02:53:39

This week, Adam and Andy talk with Microsoft's Global Black Belt Specialist, Bradley Dupay, about the all new cloud PC offering called Windows 365. They go over how VDI has evolved over the year...

Facebook Outage Learnings and Windows 11 security from 2021-10-18T02:00

This week on the Blue Security Podcast, Adam and Andy talk about the Facebook outage and what security defenders can learn from reading their after actions report. They also dive into Windows 11...

You are going to be a victim of ransomware from 2021-10-11T01:07:12

This week on the Blue Security Podcast, Adam and Andy talk about planning to be a victim of ransomware. This is a mindset shift. Instead of focusing on prevention, cybersecurity defenders should...

TPM design limitations and Apple-Google app store actions from 2021-10-04T01:08:56

This week on the Blue Security Podcast, Adam and Andy talk about two interesting topics. The first is a pentesting company's successful hack Bitlocker using a TPM limitation. They talk about why...

Protonmail kerfuffle from 2021-09-27T02:54:55

This week on the Blue Security Podcast, Adam and Andy talk about the hot water Protonmail got themselves into when the news reported that they  provided IP address and device information on...

Misconceptions about MDM from 2021-09-20T01:53:30

This week on the Blue Security Podcast, Adam and Andy go over a bunch of misconceptions about mobile device management spurred by some chatter on Twitter. Should you enroll your personal device ...

One year anniversary! from 2021-09-13T02:00

This week on the Blue Security Podcast, Adam and Andy celebrate one year of the podcast looking back on past episodes and key takeaways.

-------------------------------------------

Apple's Protections for Children from 2021-09-06T01:09:59

This week on the Blue Security Podcast, Adam and Andy talk about Apple's new proposed iOS 15 feature to protect children. They break down the technical details of how Apple differs from the othe...

Security News Edition: Lockfile, Razer, and T-mobile from 2021-08-30T02:41:11

This week on the Blue Security Podcast, Adam and Andy breakdown some of the latest infosec news. They go over some hardening advice on the current Exchange ProxyShell vulnerability and Lockfile'...

Windows Hello for Business from 2021-08-23T02:44:02

This week on the Blue Security Podcast, Adam and Andy discuss the enterprise-ready passwordless solution that's already built into your Windows 10 PCs. If your business-class PCs have a TPM, you...

Mistakes that hinder a security team's success with Special Guest Nate Gardner from 2021-08-16T02:42:32

This week, Nate Gardner joins Andy to talk about mistakes that security teams can make that will hinder their success at organizations. And these aren't technical errors. Listen in because these...

Secure Privileged Access from 2021-08-09T01:36:50

This week, Adam and Andy go through Microsoft's best practice on securing privileged access. This documentation is amazing and extremely detailed. There are some great tips including administrat...

Windows Defender Application Guard from 2021-08-02T01:20:28

This week, Adam and Andy continue their series on Windows security by talking about Windows Defender Application Guard. This is a great security feature in Windows 10 that isolates the browser i...

Pegasus, Twitter MFA, & Underfunding Infosec from 2021-07-25T21:46:20

This week, Adam and Andy discuss some interesting articles that were published during the week. Pegasus, a suite of mobile phone exploits, was big in the news again. Twitter released a report on...

CISA's RVA findings and what it means for organizations from 2021-07-19T02:57:27

This week, Adam and Andy go over CISA's (Cybersecurity & Infrastructure Security Agency) Risk and Vulnerability Assessments finding for 2020. In CISA's report, there were data driven values ...

The Tech We Use from 2021-07-12T03:28:14

This week, Andy and Adam take a break from cybersecurity and have a little fun talking about the tech they use. They chat about their phones, computers, headphones, mics, and more! Below are lin...

Information Protection with Special Guest Rachel O'Shea from 2021-07-05T01:45:24

This week, Rachel O'Shea, a Senior Technical Specialist in Compliance at Microsoft, join Adam and Andy to talk about information protection and governance. Rachel has a wealth of experience in c...

Should you block or allow this app? from 2021-06-28T03:36:12

This week, Adam and Andy talk about what infosec professionals should consider when being asked to block or allow an application.

----------------------------------------------

You...

Special Episode - Programming Note from 2021-06-21T14:00

Adam and Andy have some news to share!

Windows Defender Credential Guard from 2021-06-21T02:39:37

This week, Adam and Andy do a deep technical dive on Windows Defender Credential Guard. This security feature is part of Windows 10 Enterprise and not as broadly deployed as it should be. Learn ...

The True Cost of Ransomware from 2021-06-14T01:21:33

This week, Adam and Andy talk about how cyberattacks and ransomware incidents are increasing in  frequency and how the financial impact is getting greater both for  payments and for re...

Digital Every Day Carry (EDC) from 2021-06-07T00:30:27

This week, Adam and Andy talk about their digital "Every Day Carry" (EDC). These are tools they use personally on an every day basis to keep themselves and their data safe. They go through each ...

That Infosec Op-Ed from 2021-05-31T18:27:47

This week, Adam and Andy talk about the op-ed written by Prof Allen Gwinn in The Hill that had the information security community up in arms. They counter his article in a thoughtful way because...

Information Security Leadership with Special Guest Doug Turecek from 2021-05-24T02:00

This week, Adam and Andy talk with Doug Turecek. Doug has over 25 years of experience in information technology and is currently the Information Security Officer for Exact Sciences. They talk ab...

Colonial Pipeline and other news from 2021-05-17T01:52:31

This week, Adam and Andy talk about the Colonial Pipeline ransomware incident, the executive order President Biden signed on improving cybersecurity, and what infosec professional want to t...

Security Change Management from 2021-05-10T02:05:31

This week Andy and Adam talk about security change management. Rolling  out a security change or a new security product can be difficult and  stressful if not done correctly. It's impo...

Browser Security from 2021-05-03T02:49

This week Andy and Adam talk about browser security. They break down why it's important to secure your browser's configuration and recommendations on settings for Edge, Chrome, and Firefox. They...

Mentorship with Special Guest Matt Wood from 2021-04-26T00:26:53

This week Andy and Adam chat with Matt Wood. Matt is an information security manager who was Andy's first mentor in infosec. They talk about the importance of mentorship, what the relationship i...

M365 Productivity Tips and Tricks from 2021-04-19T02:46:40

This week, Adam and Andy take a break from security and give you their favorite tips and tricks for the M365 Suite. Hopefully you learn something and we'd love to hear your tips and tricks! Emai...

Zscaler Security with Raja Khalid from 2021-04-12T02:15:30

This week, Adam and Andy chat with Raja on Zscaler, one of our favorite tools when it comes to DNS security (and more!). Zscaler is a scalable security tool that performs category and ...

Mac Management with Special Guest Matthew Ward and Matt Benyo from 2021-04-05T02:00

This week, Adam and Andy are joined by Matthew Ward and Matt Benyo to talk about Mac Management. Macs are more and more important in enterprises and getting a hold on how to manage the...

How to get into cybersecurity and the skills you need from 2021-03-29T04:00

This week, Adam and Andy cover how people can break into the cybersecurity industry and the skills they might need prior to finding their first job. They cover a range of topics from basic ...

Azure Sentinel with Special Guest John Joyner from 2021-03-21T20:55:10

This week, Microsoft MVP John Joyner joins the show to talk about Azure Sentinel. If you're in the market for a SIEM or looking to bolster your security tools at your organization, we give you s...

Physical Security with Special Guest Wesley Strey from 2021-03-15T02:08:30

This week, Andy is joined by Wesley Strey to talk about the subdomain of physical security. There are so many great parallels between information security and physical security. We hope listener...

Say Goodbye to Domain Join with Special Guest Shannon Fritz from 2021-03-08T02:37:03

This week, Shannon Fritz joins the show to talk about device identity and why you should start joining your devices to Azure Active Directory. This show is jam packed full of information from di...

Cloud Application Security Brokers from 2021-02-28T21:19:08

This week, Adam and Andy talk about cloud application security brokers (CASB). The podcast is focused more around Microsoft Cloud App Security but the concepts and use cases can be applied to an...

Password Managers from 2021-02-22T05:00

This week, Adam and Andy talk about password managers. They discuss on password managers can protect you from phishing attacks, pros/cons of storing your TOTP key within your vault, and compare ...

What is EvilGinx and How do you protect against it? from 2021-02-15T04:03:42

This week, Adam and Andy talk about a Red Team/Pentesting tool called EvilGinx. They explain how this tool works and how cyber-criminals can use it to bypass MFA enabled accounts. Most important...

Modern Device Management from 2021-02-08T02:39:50

This week, Adam and Andy go over modern device management. They discuss how to use device based conditional access to make access decisions on corporate or personal devices spanning different op...

Real-world Ransomware Experience with Special Guest Gavin Ashton from 2021-02-01T02:54:07

This week, Adam and Andy speak with Stealthbits security strategist, Gavin Aston. Gavin wrote the blog "Maersk, me & notPetya" and brings a unique percepective to information security defens...

Guest speaker Morgan Patzwald on Active Directory Security from 2021-01-31T22:10:42.023393

This week, Morgan joins Adam and Andy on the podcast to discuss on-prem Active Directory security. They dive into administrator privileges, best practice for account creation, GPO's, and server ...

Application Security with Special Guest Tanya Janca from 2021-01-25T05:00

This week, Adam and Andy speak with application security guru, Tanya Janca, author of Alice and Bob learn Application Security. It was an amazing conversation where they touched on secure app de...

Secure Messaging from 2021-01-18T04:59:50

This week, Adam and Andy go over some news about Microsoft Defender for Identity and Intel's new CPU ransomware protection. There was also some news about Whatsapp's new privacy policy. Adam and...

Solarwinds Revisited and Tech Policy under a Biden Administration from 2021-01-11T05:00

This week, Adam and Andy revisit some more guidance that has come out about Sunburst/Solarigate since the initial breach. Additionally, they share some thoughts about this week's insurrection at...

Information Security Tips & Tricks for Parents from 2021-01-04T05:00

Happy New Year! To ring in the new year, this week's episode focuses on parents who are working from home while having to help home school their kids as well. Adam and Andy go through a lot of t...

Merry Christmas! Learn how to spin up your own VM lab and dev environments from 2020-12-27T04:18:45

This holiday week, Adam and Andy give you some advice on how to spin up your own virtual machine lab and dev environment. They go through SaaS applications that have free dev environments as wel...

Our thoughts on Fireeye, Solarwinds, and Sunburst from 2020-12-21T04:40:47

This week, Adam and Andy give you their thoughts on the Fireeye and Solarwinds breach. They also give defenders advice on immediate steps to help strengthen their organizations as well as some f...

Passwordless Authentication from 2020-12-14T05:00

Passwordless authentication is one of those rare features that strengthens security while making it easier for users to sign in. This week, Adam and Andy breakdown passwordless authentication op...

Conditional Access from 2020-12-07T04:41:49

This is it! Adam and Andy are finally diving into conditional access. They give an overview on what conditional access is including different types of conditional access like user, sign-in, and ...

Work from Home - Tips and Tricks from 2020-11-30T05:00

On this week's episode, Andy and Adam give you their tips and tricks for working from home. Having been in mature work from home company cultures, they have insights on what it was like pre and ...

Our thoughts on Chris Krebs, Infosec Job Security, and Infosec Qualifications from 2020-11-23T05:00

On this week's episode, Andy and Adam give their thoughts on the firing of Chris Krebs, former director of CISA. They also talk about their opinions on whether a CISO should be fired after a cyb...

Active Directory Security with Special Guest Morgan Patzwald from 2020-11-16T05:00

This week, Morgan joins Adam and Andy on the podcast to discuss on-prem Active Directory security. They dive into administrator privileges, best practice for account creation, GPO's, and server ...

Single-Sign On (SSO) and Self-Service Password Reset (SSPR) from 2020-11-09T05:00

This week, Adam and Andy go over why you should think about using an Identity Provider (IDP) to onboard your SaaS apps to use SSO. They also talk about why it's really important to think about w...

How did we get into information security and career progression advice from 2020-11-02T03:54:08

This week, Adam and Andy bring you a bonus episode where they talk about how they got into information security and offer advice on career progression in IT and cybersecurity.

Doc...