A free podcast about cybersecurity, vulnerability management, and the CVE Program.
…
continue reading
CVE Program Podcasts
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
…
continue reading
1
Securing AI Agents; Using AI Agents for Security
29:31
29:31
Play later
Play later
Lists
Like
Liked
29:31
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss the emerging concept of AI agents, their implications for security, and how Microsoft is integrating these technologies into their solutions. They explore the evolution of AI from simple prompt-response interactions to autonomous agents capable of making decisions and…
…
continue reading
1
JP Morgan's CISO open letter, Microsoft & Crowdstrike working together on threat intel
38:31
38:31
Play later
Play later
Lists
Like
Liked
38:31
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss the implications of JP Morgan's open letter to SaaS vendors, emphasizing the need for improved security practices in the software industry. They explore the challenges posed by the SaaS model, the importance of collaboration among security practitioners, and Microsoft…
…
continue reading
1
Microsoft Deputy CISOs, Defending Identity Attacks
39:22
39:22
Play later
Play later
Lists
Like
Liked
39:22
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss the formation and function of the Cybersecurity Governance Council at Microsoft, highlighting the roles of various deputy CISOs and their focus on specific security areas. They delve into misconceptions in cybersecurity, the importance of shared responsibility, and th…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam delve into the critical aspects of Windows security, focusing on the recently published Windows 11 security book. They discuss various security features, including hardware security, operating system enhancements, application security, identity protection, privacy features, a…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss various Microsoft news topics, including the upcoming end of life for Windows 10 and the options for extended security updates. They also delve into the exciting news of the Windows Subsystem for Linux becoming open source, the discontinuation of password autofill in …
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam delve into Microsoft's new feature, Security Exposure Management (XSPM). They discuss the evolution of vulnerability management, the importance of understanding exposure management, and the five phases of continuous threat exposure management. The conversation also covers lic…
…
continue reading
1
Administrator protection on Windows 11, Multi-tenancy in Unified SOC
28:29
28:29
Play later
Play later
Lists
Like
Liked
28:29
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the new security features of Windows 11, focusing on Administrator Protection and its implications for user privilege management. They also explore the advancements in Microsoft Sentinel, particularly the introduction of multi-tenancy and workspace manag…
…
continue reading
1
Microsoft's Secure by Design journey - One year of success
44:15
44:15
Play later
Play later
Lists
Like
Liked
44:15
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft's Secure Future Initiative (SFI), which aims to enhance security standards across its products and services. They delve into the implementation of mandatory multi-factor authentication, the transition to passwordless accounts, and the adoption of …
…
continue reading
1
Quick Recovery, Hotpatch, Copilot Podcast
35:38
35:38
Play later
Play later
Lists
Like
Liked
35:38
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the new Quick Recovery feature in Windows 11, which automates device remediation during critical failures. They explore its implications for cybersecurity, the Windows Resiliency Initiative, and the importance of user feedback in feature development. The co…
…
continue reading
1
CVE Program under fire, NLRB whistleblower, Microsoft Zero-Day
30:25
30:25
Play later
Play later
Lists
Like
Liked
30:25
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical updates in cybersecurity, focusing on the funding crisis of the CVE program, concerns over government efficiency and data security, and the recent Microsoft CLFS vulnerability that led to ransomware threats. They emphasize the importance of maintai…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the integration of Microsoft Security Solutions with third-party security tools. They explore how organizations can leverage Microsoft Defender for Endpoint, Defender for Office, Entra, Intune, and Cloud Access Security Broker solutions to enhance their sec…
…
continue reading
1
Automatic Attack Disruption with OAuth Protection
32:26
32:26
Play later
Play later
Lists
Like
Liked
32:26
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the intricacies of Microsoft's Automatic Attack Disruption feature, particularly focusing on its integration with OAuth protection. They discuss the risks associated with OAuth applications, the importance of signal correlation in detecting and mitigatin…
…
continue reading
Summary In this episode, Andy and Adam discuss a significant breach of sensitive military information that was leaked through a Signal chat involving high-level government officials. They explore the implications of this breach, the role of technology in government security, and the human errors that led to the violation of established policies. Th…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the intricacies of Microsoft Entra's conditional access. They explore the fundamental concepts of conditional access, its policies, and the integration of identity management with device management. The discussion highlights the importance of risk assess…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the complexities of granting secure access to third-party vendors and contractors. They discuss the best practices for managing elevated permissions, the implications of B2B collaboration, and the importance of lifecycle management for contractor account…
…
continue reading
1
Next-Gen Logging for the Next-Gen SIEM with Special Guest Karl Niblock
57:00
57:00
Play later
Play later
Lists
Like
Liked
57:00
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer engage with cybersecurity architect Karl Niblock to discuss the evolution of logging practices in security information and event management (SIEM) systems. The conversation explores the shift from a 'log everything' mentality to a more strategic approach that empha…
…
continue reading
1
Defender Experts with Special Guest Raae Wolfram
1:05:21
1:05:21
Play later
Play later
Lists
Like
Liked
1:05:21
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer engage with Ray Wolfram, Senior Product Manager for Defender Experts at Microsoft. Ray shares her extensive background in healthcare IT and cybersecurity, detailing her journey to Microsoft and the impact of COVID-19 on the cybersecurity landscape. The conversation…
…
continue reading
1
UK vs Apple on Encryption, MITRE Eval results, How to Rethink Phishing Simulations
1:06:16
1:06:16
Play later
Play later
Lists
Like
Liked
1:06:16
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the ongoing battle between governments and tech companies over encryption, focusing on Apple's recent response to the UK government's demands for access to iCloud data. They explore the implications of Apple's decision to disable advanced data protection fo…
…
continue reading
1
FBI warns about unencrypted messaging, Deepseek discussion
45:49
45:49
Play later
Play later
Lists
Like
Liked
45:49
Summary In this episode, Andy and Adam discuss the evolution of messaging security, focusing on end-to-end encryption and the implications of RCS messaging. They explore the recent market reactions to AI developments, particularly the impact of the DeepSeek app on Nvidia's stock value and delve into the nuances of AI model efficiency and its potent…
…
continue reading
1
CISA guidance on securing CI/CD pipelines
31:56
31:56
Play later
Play later
Lists
Like
Liked
31:56
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the importance of securing CI/CD environments, highlighting the risks associated with these systems and the best practices for mitigating vulnerabilities. They delve into specific threats, including insecure code and supply chain compromises, and emphasize …
…
continue reading
Host Shannon Sabens speaks with fellow CVE Board members Kent Landfield and Madison Oliver and CVE Program Lead Alec Summers about the 25th anniversary of the CVE Program. Topics include the history of the program, the program today, and what’s next.By CVE Program
…
continue reading
1
Microsoft Fasttrack with Special Guest Thomas Finney
47:47
47:47
Play later
Play later
Lists
Like
Liked
47:47
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft FastTrack with guest Thomas Finney. They explore the benefits and eligibility of FastTrack, which is designed to help organizations adopt and deploy Microsoft 365 services. The conversation covers various aspects of FastTrack, including various Mi…
…
continue reading
1
Microsoft Industry Solutions Delivery with Special Guest Brodie Cassell
1:04:01
1:04:01
Play later
Play later
Lists
Like
Liked
1:04:01
Summary In this episode of the Blue Security Podcast, host Andy Jaw and co-host Adam Brewer welcome Brodie Cassell, a principal security consultant at Microsoft. Brodie shares his journey from various IT roles to his current position at Microsoft, discussing the importance of adapting to new technologies and the challenges of data security in the a…
…
continue reading
1
CISA zero trust, macOS malware, IRS PIN, Cyber Trust Mark
48:40
48:40
Play later
Play later
Lists
Like
Liked
48:40
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the Zero Trust Maturity Model and its implications for organizations looking to enhance their cybersecurity posture. They delve into CISA's guidance and Microsoft's mapping of this model, emphasizing the importance of prescriptive guidance in navigating the…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the latest cybersecurity trends, focusing on CISA's Scuba Project and its implications for federal agencies. They explore the transition to cloud-based passwordless authentication, the Binding Operational Directive 25-01, and provide prescriptive guidance f…
…
continue reading
1
Sophos, Digital License Plates, TP-Link, Github Copilot
29:51
29:51
Play later
Play later
Lists
Like
Liked
29:51
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss significant cybersecurity updates, including the indictment of a Chinese hacker involved in attacks on Sophos firewalls. They explore the growing competition from Chinese electric vehicle manufacturers and the vulnerabilities of digital license plates. The …
…
continue reading
1
Cloud Security - Defender for ARM, DNS, and AI Workloads
28:45
28:45
Play later
Play later
Lists
Like
Liked
28:45
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the latest developments in Azure cloud security, focusing on the Defender solutions for Resource Manager, DNS, and AI workloads. They emphasize the importance of protecting these foundational elements of Azure, particularly the Resource Manager, which serve…
…
continue reading
1
Cloud Security - Defender for App Service and Defender for Databases
18:13
18:13
Play later
Play later
Lists
Like
Liked
18:13
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the importance of cloud security, focusing on Microsoft's Defender services. They explore Defender for App Service, highlighting its ease of activation and the security recommendations it provides. The conversation then shifts to Defender for Databases, det…
…
continue reading
1
Cloud Security - Defender for Key Vault and Defender for API
21:45
21:45
Play later
Play later
Lists
Like
Liked
21:45
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into Azure Key Vault and its security features, particularly focusing on Defender for Key Vault and Defender for API. They discuss the importance of securely managing sensitive information, the ease of deploying these security solutions, and the critical need…
…
continue reading
Summary In this episode, Andy and Adam discuss various resources available for training on Microsoft technologies. They emphasize the importance of the Learn Microsoft portal, highlight the benefits of Ninja training for deep dives into specific topics, and recommend various YouTube channels for bite-sized learning. The conversation also covers the…
…
continue reading
Summary In this episode, hosts Andy and Adam recap the key announcements from Microsoft Ignite, focusing on new features in Microsoft Edge, enhancements in Microsoft Teams for global collaboration, and significant updates in security management tools like Security Co-Pilot and Microsoft Purview. They discuss the importance of data security, the rol…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer welcome Justin Orcutt from Microsoft to discuss the Cybersecurity Maturity Model Certification (CMMC). The conversation covers the history and requirements of CMMC, the steps companies need to take to prepare for audits, and the importance of continuous monitoring.…
…
continue reading
1
T-Mobile Breach, Sophos hacks back, Bluesky surges
41:05
41:05
Play later
Play later
Lists
Like
Liked
41:05
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the recent T-Mobile breach attributed to Chinese state-sponsored hackers, emphasizing the importance of parsing corporate statements. They delve into the implications of cybersecurity threats, referencing a Sophos report detailing a five-year cat-and-mouse …
…
continue reading
Summary In this episode, Andy and Adam discuss the challenges and strategies for securing seasonal and contingent workers using a Zero Trust approach. They emphasize the importance of managed devices, the complexities of hybrid domain joins, and explore alternative solutions such as cloud-based services. The conversation also touches on the signifi…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the critical steps involved in offboarding employees, particularly focusing on Microsoft 365 environments. They cover essential practices such as blocking user sign-ins, managing mailbox contents, device management, and ensuring data protection. The convers…
…
continue reading
1
Detecting AD Compromise, Safe MDE Deployment, macOS SSO
30:50
30:50
Play later
Play later
Lists
Like
Liked
30:50
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical cybersecurity insights, focusing on Active Directory security techniques, the implications of recent incidents involving Microsoft Defender for Endpoint, and the introduction of passwordless solutions for Apple devices. They emphasize the importanc…
…
continue reading
Summary In this episode, Andy and Adam discuss Microsoft's 2024 Digital Defense Report, which highlights the evolving cyber threat landscape, the rise of ransomware, identity attacks, and DDoS attacks. They emphasize the importance of centering organizations around security, the shift towards passwordless authentication, and the impact of AI on cyb…
…
continue reading
Summary In this episode, Andy Jaw and Adam Brewer discuss Microsoft's Secure Future Initiative (SFI), which emphasizes security by design, default, and operations. They explore the initiative's six key security pillars, the impact of recent cyber incidents, and the ongoing progress in enhancing security measures across Microsoft. The conversation h…
…
continue reading
Summary In this episode of the BlueScarity Podcast, hosts Andy Jaw and Adam Brewer discuss the evolution of password guidelines, focusing on the recent updates from NIST and Microsoft. They explore the implications of these changes, emphasizing the importance of understanding human behavior in password security and the need for organizations to ado…
…
continue reading
1
CNA Onboarding Process Myths Versus Facts
24:33
24:33
Play later
Play later
Lists
Like
Liked
24:33
Shannon Sabens of CrowdStrike chats with Dave Morse, program coordination lead for the CVE Program, about the myths and facts of the CVE Numbering Authority (CNA) partner onboarding process. Truth and facts about the following topics are discussed: duration and complexity of the onboarding process; the fact that there is no fee to participate; ease…
…
continue reading
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the critical topic of token theft in identity management. They discuss the importance of multi-factor authentication (MFA) as a primary defense against identity attacks, the nature of tokens, and how attackers exploit vulnerabilities to steal these token…
…
continue reading
1
BSP Turns 4, WSUS Deprecated, macOS Firewall Woes
40:57
40:57
Play later
Play later
Lists
Like
Liked
40:57
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer celebrate four years of podcasting, reflecting on their journey and the importance of providing actionable insights to their audience. They discuss the significance of education in technology, particularly in relation to Microsoft products and the recent deprecatio…
…
continue reading
1
Cloud Security - Containers 101 & Defender for Containers
26:59
26:59
Play later
Play later
Lists
Like
Liked
26:59
Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the world of containers, exploring their functionality, differences from virtual machines, and the importance of securing them. They discuss key tools like Docker and Kubernetes, and introduce Microsoft's Defender for Containers as a solution for managin…
…
continue reading
Summary In this episode, Andy and Adam discuss the key findings from IBM's report on the costs of a data breach in 2024. They cover topics such as the increase in the cost of data breaches, the use of security AI and automation, the cyber skills shortage, the challenges of shadow data, and the importance of insider risk management. They also highli…
…
continue reading
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss Entra Suite, a new package from Microsoft that includes various Entra products and solutions. They provide an overview of each component, including Entra Private Access, Entra Internet Access, Entra ID Governance, Entra ID Protection, and Entra Verified ID. They highlight t…
…
continue reading
Summary In this episode, Andy and Adam discuss various resources and methods for getting training and learning about Microsoft and other technology solutions. They cover topics such as official documentation, certification tracks, Ninja training, Microsoft Mechanics, the Tech Community, customer connection programs, building a personal lab, and the…
…
continue reading
1
Trump and NPD Hacked, Microsoft Admin MFA
33:19
33:19
Play later
Play later
Lists
Like
Liked
33:19
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss several cybersecurity news stories. They cover the hack of the Trump campaign's emails by Iranian hackers, the breach of the National Public Data records, and Microsoft's new requirement for admins to enable multi-factor authentication (MFA). They also touch on the importan…
…
continue reading
1
Cloud Security - Defender for Storage Deep Dive
28:25
28:25
Play later
Play later
Lists
Like
Liked
28:25
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft's Defender for Storage, a cloud-native security solution for Azure Blob Storage, Azure Files, and Azure Data Lake Storage. They highlight the three major impacts on data workloads: malicious file uploads, sensitive data exfiltration, and data corruption. The solut…
…
continue reading
1
New Autopilot Features, Intune Enrollment Attestation, MAM for W365/AVD
24:40
24:40
Play later
Play later
Lists
Like
Liked
24:40
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss new features and updates in Intune, including autopilot for existing devices, Intune enrollment attestation, and mobile application management (MAM). They explain how autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot usin…
…
continue reading
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss Defender CSPM (Cloud Security Posture Management). They explain that CSPM is the process of monitoring cloud-based systems and infrastructure for risks and misconfigurations. They highlight the key capabilities of CSPM, including automation, monitoring and managing IaaS, Sa…
…
continue reading
