Blue Security

This week, Adam and Andy start a two part series on post-quantum computer information security. This first part goes into understanding how quantum computers work and how they differ from classical computers. While it's …

This week, Adam and Andy do a technical deep dive on Exchange Online Protection (EOP). They talk about the pre-delivery and post-delivery protections. They also talk about some of the zero-day protections that Defender …

This week, Adam and Andy talk about privacy both in organizations and your personal life. They talk about some of the new Microsoft Purview Compliance Classifiers and how it might be an invasive for some orgs when …

This week, Adam and Andy talk about some security news relating to Microsoft. First they talk about a phishing campaign that Microsoft detailed that was going on affecting more than 10,000 orgs where the attackers are …

This week, Adam and Andy talk about risk-centric security management and how to shift from looking at just severity of vulnerabilities to reducing …

This week, Adam and Andy catch up some news in their first live show in a couple of weeks. First they talk about CISA's guidance to federal agencies to switch from basic auth to modern auth due to the retirement of …

This week, Adam and Andy talk about different methods to modernize the way you authenticate to virtual machines located in Azure. The first is using Azure Active Directory and the second is using Azure Bastion. Listen …

This week, Adam and Andy talk about OMB procurement requirements changing due to increased cybersecurity defense, Gartner's thoughts on consolidated …

This week, Adam and Andy talk about how to secure guest access and collaboration in Microsoft 365. They talk about the differences between member and …

This week, Adam and Andy talk about Windows Defender Exploit Guard. This is a set of protections built into Windows Server and 10/11 operating …

This week, Adam and Andy talk about patch management. This is basic security and some organizations are still struggling with it. They talk about the explosion of zero days and why continuous monitoring of patching is …

This week, Adam and Andy talk about some updated guidance for securing domain controllers in a world where the cloud is a security imperative. They …

This week, Adam and Andy talk with threat intelligence expert Charity Wright. Charity talks about her military career and how she got selected as a Chinese linguist and worked with the NSA. Charity works for Recorded …

This week, Adam and Andy talk about passwordless news released on World Password Day and about how Andy was hacked...listen in to hear the details of what happened!

-------------------------------------------

Youtube …

This week, Adam and Andy talk about MFA bombing. This tricky compromise circumvents MFA. Listen on what it is and how to protect against it.

-------------------------------------------

Youtube Video Link: …

This week, Adam and Andy talk with Christina Morillo about identity, diversity in information security, and her book "97 Things Every Information …

Adam and Andy talk about VPN's versus Software Defined Perimeters (SDP) this week. They break down why companies still use VPN's and why they pose an infosec security risk. They present SDP's as a different way of …

This week's episode, Adam and Andy talk about some interesting infosec news including Okta's apology and how that affected their stock prices. They …

This week's episode, Adam and Andy talk about the hacker group LAPSUS$. They go over what makes this group unique in the cybercriminal world and a breakdown of the latest high value targets.

…

This week's episode, Adam and Andy catch up on some infosec news including the new Cyber Incident Reporting Act signed into law last week and other …

This week's episode, Adam and Andy talk about helpdesk security. Enterprise helpdesks are often a popular target for cybercriminals because they have …

This week's episode, Adam and Andy talk about the Russian invasion of Ukraine and the information war that is happening behind the scenes. They go over some specific takeaways on what to focus on in this heightened …

This week's episode, Adam and Andy talk about the new cloud key trust deployment model for Windows Hello for Business in hybrid environments. Cloud key trust greatly simplifies the deployment of Windows Hello for …

This week's episode, Adam and Andy talk about the basics of password cracking. Understanding how passwords are cracked by offensive security and …

This week's episode, Adam and Andy talk about some of the geopolitical crises happening around the world with Russia and China and how that affects …

This week's episode, Adam and Andy continue their Windows Security series and talk about Defender Application Control. This is a great feature built …

This week's episode, Adam and Andy have a great time chatting with fellow cybersecurity professionals Nate Gardner and Gavin Ashton walking through …

This week's episode, Adam and Andy talk catch up on some infosec news including BadUSB, President Biden's memorandum for National Security Systems, …

This week's episode, Adam and Andy talk with special guest Shannon Fritz on Windows Device Management. If you haven't listened to Shannon's episode …

This week's episode, Adam and Andy talk about the importance of the nomenclature we use in information security. They also talk about the perception of information security to those who are not in the field and how that …

This week's episode, Adam and Andy talk about a fundamental important program for security defenders: asset management. It may not be the most exciting aspect of security but knowing what you have makes it a lot easier …

This week's episode, Adam and Andy give an update on Log4j/Log4Shell insights from the Google Security Team. They also look back on some of the …

This week's episode, Adam and Andy talk all about a healthy work life balance. With the pandemic still on-going and working from home or hybrid work environments looking like they are not going away, it's time to …

This week, Adam and Andy talk all about how to start and run a threat  and vulnerability program at your company. From asset management,  scanning, …

This week, Adam and Andy talk all about the Log4Shell vulnerability affecting the log4j Java library. They give an overview on how it works and how …

This week, Adam and Andy talk about a security champions program. This is a way to bolster the security culture and develop representatives in each …

This week, Adam and Andy talk about how they see things improving in the cybersecurity industry from the Department of Justice and the US government investigating and hunting down cyber criminals and sanctioning the NSO …

This week, Adam and Andy talk about some recent infosec news, a shocking article about Amazon's lack of security, and what zero trust means to them.

-------------------------------------------

Youtube Video Link: …

This week, Adam and Andy go over some of the endpoint, Windows, and security announcements from Ignite. If you were too busy to watch any of the sessions or read about the updates, listen in as they give the highlights …

This week, Adam and Andy talk about the cybersecurity talent gap. They give advice to those who are trying to break into the field as well as hiring managers on changing the way they look at recruiting to widen the …

This week, Adam and Andy talk about Microsoft's Digital Defense Report,  consumer expectations of "invisible" security, and should you rip out an …

This week, Adam and Andy talk with Microsoft's Global Black Belt Specialist, Bradley Dupay, about the all new cloud PC offering called Windows 365. …

This week on the Blue Security Podcast, Adam and Andy talk about the Facebook outage and what security defenders can learn from reading their after actions report. They also dive into Windows 11 and the security …

This week on the Blue Security Podcast, Adam and Andy talk about planning to be a victim of ransomware. This is a mindset shift. Instead of focusing …

This week on the Blue Security Podcast, Adam and Andy talk about two interesting topics. The first is a pentesting company's successful hack …

This week on the Blue Security Podcast, Adam and Andy talk about the hot water Protonmail got themselves into when the news reported that they  provided IP address and device information on a Protonmail account to the …

This week on the Blue Security Podcast, Adam and Andy go over a bunch of misconceptions about mobile device management spurred by some chatter on …

This week on the Blue Security Podcast, Adam and Andy celebrate one year of the podcast looking back on past episodes and key takeaways.

-------------------------------------------

Youtube Video Link: …

This week on the Blue Security Podcast, Adam and Andy talk about Apple's new proposed iOS 15 feature to protect children. They break down the technical details of how Apple differs from the other tech companies already …

This week on the Blue Security Podcast, Adam and Andy breakdown some of the latest infosec news. They go over some hardening advice on the current …

This week on the Blue Security Podcast, Adam and Andy discuss the enterprise-ready passwordless solution that's already built into your Windows 10 …

This week, Nate Gardner joins Andy to talk about mistakes that security teams can make that will hinder their success at organizations. And these aren't technical errors. Listen in because these mistakes can mean the …

This week, Adam and Andy go through Microsoft's best practice on securing privileged access. This documentation is amazing and extremely detailed. There are some great tips including administration and secure device …

This week, Adam and Andy continue their series on Windows security by talking about Windows Defender Application Guard. This is a great security …

This week, Adam and Andy discuss some interesting articles that were published during the week. Pegasus, a suite of mobile phone exploits, was big in the news again. Twitter released a report on their MFA adoption. And …

This week, Adam and Andy go over CISA's (Cybersecurity & Infrastructure Security Agency) Risk and Vulnerability Assessments finding for 2020. In …

This week, Andy and Adam take a break from cybersecurity and have a little fun talking about the tech they use. They chat about their phones, computers, headphones, mics, and more! Below are links to the products they …

This week, Rachel O'Shea, a Senior Technical Specialist in Compliance at Microsoft, join Adam and Andy to talk about information protection and governance. Rachel has a wealth of experience in compliance and she talks …

This week, Adam and Andy talk about what infosec professionals should consider when being asked to block or allow an application.

…

Adam and Andy have some news to share!

This week, Adam and Andy do a deep technical dive on Windows Defender Credential Guard. This security feature is part of Windows 10 Enterprise and …

This week, Adam and Andy talk about how cyberattacks and ransomware incidents are increasing in  frequency and how the financial impact is getting greater both for  payments and for recovery. They go over the sometimes …

This week, Adam and Andy talk about their digital "Every Day Carry" (EDC). These are tools they use personally on an every day basis to keep …

This week, Adam and Andy talk about the op-ed written by Prof Allen Gwinn in The Hill that had the information security community up in arms. They …

This week, Adam and Andy talk with Doug Turecek. Doug has over 25 years of experience in information technology and is currently the Information …

This week, Adam and Andy talk about the Colonial Pipeline ransomware incident, the executive order President Biden signed on improving cybersecurity, …

This week Andy and Adam talk about security change management. Rolling  out a security change or a new security product can be difficult and …

This week Andy and Adam talk about browser security. They break down why it's important to secure your browser's configuration and recommendations on settings for Edge, Chrome, and Firefox. They also dive into some …

This week Andy and Adam chat with Matt Wood. Matt is an information security manager who was Andy's first mentor in infosec. They talk about the importance of mentorship, what the relationship is like, and how to go …

This week, Adam and Andy take a break from security and give you their favorite tips and tricks for the M365 Suite. Hopefully you learn something and …

This week, Adam and Andy chat with Raja on Zscaler, one of our favorite tools when it comes to DNS security (and more!). Zscaler is a scalable …

This week, Adam and Andy are joined by Matthew Ward and Matt Benyo to talk about Mac Management. Macs are more and more important in enterprises and …

This week, Adam and Andy cover how people can break into the cybersecurity industry and the skills they might need prior to finding their first job. …

This week, Microsoft MVP John Joyner joins the show to talk about Azure Sentinel. If you're in the market for a SIEM or looking to bolster your …

This week, Andy is joined by Wesley Strey to talk about the subdomain of physical security. There are so many great parallels between information security and physical security. We hope listeners walk away with a better …

This week, Shannon Fritz joins the show to talk about device identity and why you should start joining your devices to Azure Active Directory. This …

This week, Adam and Andy talk about cloud application security brokers (CASB). The podcast is focused more around Microsoft Cloud App Security but …

This week, Adam and Andy talk about password managers. They discuss on password managers can protect you from phishing attacks, pros/cons of storing …

This week, Adam and Andy talk about a Red Team/Pentesting tool called EvilGinx. They explain how this tool works and how cyber-criminals can use it …

This week, Adam and Andy go over modern device management. They discuss how to use device based conditional access to make access decisions on corporate or personal devices spanning different operating systems in the …

This week, Adam and Andy speak with Stealthbits security strategist, Gavin Aston. Gavin wrote the blog "Maersk, me & notPetya" and brings a unique percepective to information security defense as someone who's …

This week, Adam and Andy speak with application security guru, Tanya Janca, author of Alice and Bob learn Application Security. It was an amazing conversation where they touched on secure app design practices, password …

This week, Adam and Andy go over some news about Microsoft Defender for Identity and Intel's new CPU ransomware protection. There was also some news …

This week, Adam and Andy revisit some more guidance that has come out about Sunburst/Solarigate since the initial breach. Additionally, they share …

Happy New Year! To ring in the new year, this week's episode focuses on parents who are working from home while having to help home school their kids …

This holiday week, Adam and Andy give you some advice on how to spin up your own virtual machine lab and dev environment. They go through SaaS …

This week, Adam and Andy give you their thoughts on the Fireeye and Solarwinds breach. They also give defenders advice on immediate steps to help …

Passwordless authentication is one of those rare features that strengthens security while making it easier for users to sign in. This week, Adam and Andy breakdown passwordless authentication options for enterprises in …

This is it! Adam and Andy are finally diving into conditional access. They give an overview on what conditional access is including different types of conditional access like user, sign-in, and device based. Stick …

On this week's episode, Andy and Adam give you their tips and tricks for working from home. Having been in mature work from home company cultures, …

On this week's episode, Andy and Adam give their thoughts on the firing of Chris Krebs, former director of CISA. They also talk about their opinions …

This week, Morgan joins Adam and Andy on the podcast to discuss on-prem Active Directory security. They dive into administrator privileges, best practice for account creation, GPO's, and server admins. They also discuss …

This week, Adam and Andy go over why you should think about using an Identity Provider (IDP) to onboard your SaaS apps to use SSO. They also talk …

This week, Adam and Andy bring you a bonus episode where they talk about how they got into information security and offer advice on career progression in IT and cybersecurity.

Documentation:

Free Microsoft Developer's …

This week, Adam and Andy wrap up the ransomware series by first going over controlled folder access in Windows 10 security and Onedrive for Business …

This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into the concept …

This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into EDR …

Due to the recent ransomware attacks, Adam and Andy use this episode to kick off a series on how to protect your company from ransomware. We started with how security professionals need to have soft skills in order to …

In this episode, Adam and Andy talk about why if you have not enabled MFA for your identity provider (IDP), this should be your top priority today. …

In this first episode, Adam and Andy discuss whether geo-restricting IP addressing is considered "good" security. They also discuss Azure AD password protection as a method to protect against password spraying attacks.

…