How does that old saying go? Keep your friends close and keep your understanding of a threat actor’s underlying behavior and functionality of tradecraft closer? As new tools are developed and implemented for individuals and businesses to protect themselves, wouldn’t it be great to see how they hold up against different attacks without actually having to wait for an attack to happen? Microsoft’s new open-source tool, Simuland, allows users to simulate attacks on their own infrastructure to see...

We’ve all had a family dinner, Netflix binge, or otherwise relaxing moment ruined by a telemarketer trying to sell you something you didn't need – a magazine subscription, insurance, you name it! But recently, people have been getting calls that are much more sinister in nature; people claiming to be employees of Microsoft, or Apple, or Amazon, have been calling unsuspecting victims and urging them to pay the caller in exchange for cleaning their computer of viruses. Viruses that don’t...

We’re formally sending out a petition to change the phrase “Jack of all trades” to “Hyrum of all trades” in honor of this episode’s guest, Hyrum Anderson. In this episode, hosts Natalia Godyla and Nic Fillingham sit down with Hyrum Anderson who, when he’s not fulfilling his duties as the Principal Architect of the Azure Trustworthy ML group, spends his time playing accordions, making cheese, and founding impressive technology conferences. He does it all!   Rather than chatting with Hyrum...

It’s an all out offensive on today’s episode while we talk about how the best defense is a good offense. But before we plan our attack, we need to know our vulnerabilities, and that’s where our guest comes in.   On this episode, hosts Nic Fillingham and Natalia Godyla are joined by Will Pearce, who discusses his role as AI Red Team Lead from the Azure Trustworthy ML Group and how he works to find weaknesses in security infrastructure to better develop ways to prevent against attacks.   In...

It’s our 30th episode! And in keeping with the traditional anniversary gift guide, the 30th anniversary means a gift of pearls. So from us to you, dear listener, we’ve got an episode with some pearls of wisdom!   On today’s episode, hosts Nic Fillingham and Natalia Godyla bring back returning champion, Nazmus Sakib, to take us through the new Security Signals Report. Sakib walks us through why the report was done and then helps us understand the findings and what they mean for security.   In...

On this week’s Security Unlocked we’re featuring for the second and final time, a special crossover episode of our sister-podcast, Security Unlocked: CISO Series with Bret Arsenault.   Lululemon has been on the forefront of athleisure wear since its founding in 1998, but while many of its customers look at it exclusively as a fashion brand,  at a deeper level this fashion empire is bolstered by a well thought out and maintained digital infrastructure that relies on a hard working team to run...

  Threat actors are pesky and, once again, they’re up to no good. A new methodology has schemers compromising online forms where users submit their information like their names, email addresses, and, depending on the type of site, some queries relating to their life. This new method indicates that the attackers have figured out a way around the CAPTCHA’s that have been making us all prove we’re not robots by identifying fire hydrants since 1997. And what’s more, we’re not quite...

On this week’s Security Unlocked, we’re pulling a bait and switch! Instead of our regularly scheduled programming, we’re going to be featuring the first episode of our new podcast, Security Unlocked: CISO Series with Bret Arsenault. Each episode is going to feature Microsoft’s CISO Bret Arsenault sitting down with other top techies in Microsoft and other companies in the industry.   In its inaugural episode – which we’re featuring on this episode – Bret sits down with Mark Russinovich, Chief...

Remember the good ole days when we spent youthful hours playing hide and seek with our friends in the park? Well it turns out that game of hide and seek isn’t just for humans anymore. Researchers have begun putting A.I. to the test by having it play this favorite childhood game over and over and having the software optimize its strategies through automated reinforcement training.   In today’s episode, hosts Nic Fillingham and Natalia Godyla speak with Christian Seifert and Joshua Neil about...

Anyone who’s ever watched boxing knows that great reflexes can be the difference between a championship belt and a black eye. The flexing of an opponent’s shoulder, the pivot of their hip - a good boxer will know enough not only to predict and avoid the incoming upper-cut, but will know how to turn the attack back on their opponent.  Microsoft’s newest capabilities in Defender puts cyber attackers in the ring and predicts their next attacks as the fight is happening.    On today’s...

All of us have seen – or at least, are familiar with – the antics of Tom and Jerry or Road Runner and Wile E. Coyote. In each one the coyote or the cat set up these elaborate plans to sabotage their foe, but time and time again, the nimble mouse and the speedy bird are able to outsmart their attackers.   In our third episode discussing Ensuring Firmware Security, hosts Nic Fillingham and Natalia Godyla speak with Shweta Jha and Gowtham Reddy about developing the tools that allow for them to...

Throughout the course of this podcast series, we’ve had an abundance of great conversations with our colleagues at Microsoft about how they’re working to better protect companies and individuals from cyber-attacks, but today we take a look at a different source of malfeasance: the insider threat. Now that most people are working remotely and have access to their company’s data in the privacy of their own home, it’s easier than ever to access, download, and share private information.   On...

How many languages do you speak? The average person only speaks one or two languages, and for most people that’s plenty because even as communities are becoming more global, languages are still very much tied to geographic boundaries. But what happens when you go on the internet where those regions don’t exist the same way they do in real life? Because the internet connects people from every corner of the world, cybercriminals can perpetrate scams in countries thousands of miles away. So how...

For Women’s History Month, we wanted to share the stories of just a few of the amazing women who make Microsoft the powerhouse that it is. To wrap up the month, we speak with Valecia Maclin, brilliant General Engineering Manager of Customer Security & Trust, about the human element of cybersecurity.    In discussion with hosts Nic Fillingham and Natalia Godyla, Valecia speaks to how she transitioned into cybersecurity after originally planning on becoming a mechanical engineer, and how...

Every day there are literally billions of authentications across Microsoft – whether it’s someone checking their email, logging onto their Xbox, or hopping into a Teams call – and while there are tools like Multi-Factor Authentication in place to ensure the person behind the keyboard is the actual owner of the account, cyber-criminals can still manipulate systems. Catching one of these instances should be like catching the smallest needle in the largest haystack, but with the algorithms put...

f you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place, threat analysts have to always be one step ahead of these cybercriminals, deploying advanced and ever-evolving tactics to stop them.     On...

Today is International Women’s Day, and we are celebrating with a very special episode of Security Unlocked. Hosts Nic Fillingham and Natalia Godyla revisit their favorite interviews with some of the prominent women featured previously on the podcast.  We speak with Holly Stewart, a Principal Research Lead at Microsoft and known in the Defender organization as “The Queen of AI.” Holly shares how building a security team with different perspectives helps to better understand and stop threats....

Digital crime-fighter Donal Keating revisits the podcast, but this time… it’s personal. *cue dramatic crime-fighting music* The Director of Innovation and Research of the Digital Crimes Unit (DCU) at Microsoft joins hosts Nic Fillingham and Natalia Godyla to regale us with the origin story of the DCU and his captivating career exploits. Whether it’s tales of his early days preventing Windows 98 counterfeits in Ireland or the many international law enforcement raids he’s participated...

Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely...

Prior to the pandemic, workdays used to look a whole lot different. If you had a break, you could take a walk to stretch your legs, shake the hands of your co-workers, or get some 1-on-1 face time with the boss. Ahh... those were the days. That close contact we once had is now something that many of us yearn for as we’ve had to abruptly lift and shift from living in our office to working from our home. But communicating and socializing aren’t the only things that were easier back then. The...

Close your eyes, and imagine a world where booting up your computer wasn’t a susceptibility point for attacks. Imagine a Root of Trust that’s integrated into the CPU. Imagine all of your devices being protected against advanced attacks. Now, what if I told you there’s a cutting-edge processor that’s battle-tested for hardware penetrations, easy to update, and protects credentials, encryption keys, and personal data all at once? What if I told you it was already here, and your systems might...

CCI: Cyber Crime Investigation. Another day, another email attack - something smells “phishy” in the network. *Slowly puts on sunglasses and flips up trench coat collar* Time to go to work.    Just how easy is it for someone to steal your credentials? Because once they’re stolen, and sold for pocket change, it’s open season. Homoglyphs, drop accounts, email forwarding… is it any wonder billions of dollars have been lost to BEC (business email compromise)?   Join hosts Nic Fillingham and...

Special Edition!  We’ve been told for years how important passwords are, taught how to make them stronger and longer and better, and we frantically tear up our home or office when we can’t find that sticky note where we wrote them down. Life feels like it comes to a screeching halt when we’ve lost our passwords, but… what would life be like if we didn’t need them? Can your passwords truly become a thing of the past? Sounds a bit unnerving, but we can promise you, it’s always security first...

How do we ensure firmware integrity and security? Join hosts Nic Fillingham, and Natalia Godyla, and guest Nazmus Sakib, a Principal Lead Program Manager at Microsoft, to dive deeper and assess the complexities and the challenges that come along with securing firmware; bootstraps and all!      Megamind Bhavna Soman, a Senior Security Research Lead, joins us later in the show and we learn about her journey in optimizing AI and ML to improve efficiency in security and give the humans a...

Watchdogs in tow, hosts Nic Fillingham and Natalia Godyla are joined by guest Randy Treit, Principal Security Leader at Microsoft, to examine the process of identifying the source of a threat and stopping the spread by protecting “patient zero.” Randy has a few key tricks up his sleeve as a defender, but you can decide if they’re more impressive than the antics he and his identical twin have pulled while working at Microsoft.     In the second segment, Jeremy Dallman, Principal Program...