Podcasts about Active Directory

Think Active Directory is dead? Think again. According to Microsoft data, 86% of organizational workloads still touch Active Directory, and nearly 20% of organizations don't expect to reach a hybrid state for 10-20+ years. In this episode, Brad and Spencer break down why AD attack paths remain one of the most critical threats in enterprise environments and what defenders can do about it right now.Spencer also previews his ContinuumCon workshop "Killing AD Attack Paths Once and For All" where he demonstrates how authentication policies and silos can eliminate an entire class of lateral movement attacks built into Windows and Active Directory.In this episode:- Why Active Directory is still alive, well, and heavily targeted- What an Active Directory attack path is and how attackers use them- The four prerequisites attackers need to abuse AD attack paths- Real-world examples: Kerberos ticket theft, SCCM abuse, certificate misconfigurations, and misconfigured permissions- Tools defenders should know: Bloodhound, PingCastle, Purple Knight, Locksmith, and ADelegator- How to prioritize remediations based on ease of exploitation vs. impact- Why retesting is the most overlooked step in any remediation cycleResources mentioned:- Spencer's ContinuumCon Workshop (Fri. June 12, 10:30am PT / 1:30pm ET): https://continuumcon.com/schedule/- Hybrid Identity Protection Podcast (Semperis): https://www.semperis.com/hybrid-identity-protection-podcast/- Bloodhound CE: https://github.com/SpecterOps/BloodHound- PingCastle: https://www.pingcastle.com- Purple Knight: https://www.purple-knight.com- Locksmith: https://github.com/TrimarcJake/Locksmith- offsec.blog | securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

オンプレミスのActive Directory環境が乗っ取られた場合、連携のクレデンシャル情報を悪用され、別ドメインへのアクセスやなりすましが可能になるため、ハイブリッド環境の認証連携設定に注意が必要です。

This episode features Geoffrey Mattson, CEO of SecureAuth, joined by co-host Sarah Cicchetti, Director of Product Management at Semperis.Geoffrey has spent decades building and leading companies at the intersection of AI and cybersecurity, including MistNet.ai, an AI-native threat detection platform acquired by LogRhythm, and Xage Security, where he drove zero trust adoption across the U.S. military, global energy firms, and Fortune 500 enterprises. At SecureAuth, he leads a platform built around continuous, real-time identity authority across workforces, APIs, and AI agents.In this episode, Geoffrey argues that agents combine the speed of automation with the unpredictability of humans, making real-time per-action authorization the only viable control model. He discusses why “friendly fire” from well-meaning employees is the biggest threat vector right now, how MCP vendors are ignoring their own OAuth spec, and what a practical agent rollout with real guardrails actually looks like.This episode reframes authorization as the problem the identity industry has been deferring for years and can no longer avoid.Guest Bio Geoffrey Mattson is a serial entrepreneur and globally recognized cybersecurity and AI executive with decades of experience building market-defining companies and technologies that protect the world's most critical systems.He is currently CEO of SecureAuth, a leader in AI-driven identity and access management with its Continuous Authority, ensuring ongoing verification across workforces, customers, APIs, and AI agents. This is enabled through its Private Authority Platform, which puts authentication and authorization under your control through any deployment model (cloud, on prem, hybrid, air-gapped).Prior to SecureAuth, Mattson served as CEO of Xage Security, where he led the company in Zero Trust for critical environments from energy to agentic AI. Under his leadership, Xage achieved rapid adoption across the U.S. military, global energy firms, and Fortune 500 enterprises.Previously, Geoffrey Mattson was co-founder and CEO of MistNet.ai, an AI-native threat detection platform acquired by LogRhythm. He pioneered decentralized analytics and machine learning approaches for real-time cyber defense, and later served as SVP of Product at LogRhythm, driving global expansion and shaping the next generation of SIEM/SOAR solutions.Earlier, he held senior executive roles at Juniper Networks, overseeing a $2B product portfolio and leading major M&A efforts, and at Huawei Technologies as SVP and CTO for networking and data center platforms. His engineering leadership at Corona Networks, Caspian, and Bay Networks helped build foundational technologies in network and security architecture.Guest Quote “With agents, you have the power and the speed of an automated process with the unpredictability of a human. And in fact, we are seeing their behavior and their psychology makes them even perhaps less predictable than a human.”Time stamps 01:45 Meet Geoffrey Mattson: Serial Entrepreneur and Cybersecurity Executive 02:40 Why Identity Is Having a Moment 08:40 Defining Agent Identity 12:15 Behavioral Guardrails for Agents 14:37 Agent Identity Lifecycle 17:36 Just-in-Time vs. Standing Privilege 18:02 C-Suite Pressure and Friendly Fires 21:00 When Agents Live Off the Land 26:12 MCP, OAuth, and Token Pitfalls 28:04 Threat Models and Rollout Strategy 30:13 LLMs and Policy Authoring 31:23 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Geoffrey on LinkedInConnect with Sarah on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Today’s headline news for Canadian IT solution providers: ConnectWise Platform: ConnectWise yesterday unveiled what it calls the industry’s first purpose-built platform for Predictive IT, unifying PSA, RMM, cybersecurity, automation, workflow orchestration, and native agentic AI into a single execution layer for managed services. CEO Manny Rivelo described it as a fundamental shift from reactive IT management to an AI-native operating model. The company also released new operational benchmark modeling based on a representative MSP with approximately $3M in annual managed services revenue, showing the productivity and economic impact it says AI-driven automation can deliver. Cavelo Cora AI Security Analyst: Kitchener, Ontario-based Cavelo has introduced Cora, an AI Security Analyst integrated into its data security posture management platform and positioned specifically for MSPs and MSSPs. Cavelo says Cora analyzes security telemetry and translates it into a guided remediation action plan in seconds, tailored by role. The tool targets the operational gap between risk visibility and actual remediation – without requiring additional headcount. Radiant Logic and Zscaler Partnership: Radiant Logic and Zscaler have announced a technology partnership aimed at solving the Day 1 access problem in mergers and acquisitions. By integrating RadiantOne’s identity data fabric with the Zscaler Zero Trust Exchange, the companies say acquiring organizations can securely connect newly onboarded employees to applications from the moment a deal closes, regardless of disparate identity systems. ConnectSecure Patch 360: ConnectSecure is launching Patch 360, a patch management platform built for MSPs that introduces pilot-first validation, risk-based prioritization using CISA Known Exploited Vulnerabilities and EPSS scoring, controlled rollouts with approval workflows, and integrated rollback – replacing what the company describes as a “deploy-and-hope” model with a “test-and-trust” framework. NTT DATA and Google Cloud: NTT DATA is expanding its AI partnership with Google Cloud, launching a dedicated Gemini Enterprise practice to help enterprise clients move AI deployments from pilot to production at scale. Descope Agentic Identity Hub: Identity platform Descope is announcing enhancements to its Agentic Identity Hub today, extending its tools for managing authentication and access for autonomous AI agents. Checkmarx CISO Research: Checkmarx has released research surveying more than 2,000 developers and CISOs, finding that 95 percent of CISOs report facing internal pressure to suppress software compliance findings. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Tuesday, June 9, 2026, and here’s what’s happening in the channel today. ConnectWise yesterday unveiled what it is calling the industry’s first purpose-built platform for the era of Predictive IT. The ConnectWise Platform brings together PSA, RMM, cybersecurity, automation, workflow orchestration, and native agentic AI into what the company describes as a single intelligent execution layer for managed services. CEO Manny Rivelo positioned it as a fundamental shift away from the labor-intensive, disconnected systems that have defined MSP operations for decades, toward what ConnectWise calls an AI-native operating model. To support the launch, the company released new operational benchmark modeling showing the productivity and economic impact it says AI-driven automation can have on MSP operations. In their model, a representative managed services firm with approximately three million dollars in annual revenue could see measurable transformation across their first stages of the Predictive Intelligence journey. This is a significant platform bet from one of the largest players in the MSP tooling market, and the framing around “Predictive IT” is clearly a narrative ConnectWise intends to own. In the security space, Kitchener, Ontario-based Cavelo has introduced Cora, an AI Security Analyst integrated directly into its data security posture management platform. Positioned specifically for MSPs and MSSPs, Cora functions as an AI agent that analyzes security telemetry to identify, prioritize, and recommend remediation steps for cyber risks across client environments. Rather than adding more alerts to the dashboard, Cavelo says the tool translates security data into a guided action plan in seconds, tailored to the specific roles of frontline technicians and senior security leaders. The development targets a well-documented operational gap between risk visibility and remediation – allowing service providers to reduce manual investigation time and offer clients clear, actionable intelligence without increasing headcount. Radiant Logic and Zscaler have formed a strategic partnership designed to address the Day 1 access challenges commonly found in mergers and acquisitions. By integrating RadiantOne’s identity data fabric with the Zscaler Zero Trust Exchange, the companies are aiming to eliminate the complex network and identity merge projects that typically stall productivity following a deal close. The joint solution allows acquiring organizations to securely connect newly onboarded employees to necessary applications from day one, regardless of disparate Active Directory or HR systems. In a market where M&A activity among IT service providers shows no sign of slowing, this integration offers a repeatable framework for reducing the downtime and cyber risk associated with bringing acquired entities onto a managed environment – which is a practical and recurring service challenge for many MSPs in the field. In Brief – ConnectSecure launches Patch 360, a patch management platform for MSPs built on pilot-first testing, risk-based vulnerability prioritization, and integrated rollback controls. NTT DATA expands its AI partnership with Google Cloud, launching a dedicated Gemini Enterprise practice to help organizations move deployments from pilot to production scale. Descope is announcing enhancements today to its Agentic Identity Hub, aimed at helping organizations manage access for autonomous AI agents. Checkmarx research of more than 2,000 developers and CISOs finds 95 percent of CISOs report facing pressure to suppress software compliance findings. Full details and links in the show notes or the blog post. Later today on In The Channel, we have a conversation about the launch of the AWS Partner Innovation Hub in Toronto, with AWS Canada’s Martin Brazonet and CGI’s Dinesh Bhavsar on the challenge of moving AI from proof-of-concept to production. And if you haven’t heard it yet, check out our conversation with Earl Gosick from ESTI Consulting Services, recorded at Dell Technologies World, on why the AI story is really a storage story – that one is on the feed now. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Frank Lesniak joins Andrew Pla for a wide-ranging conversation that covers Frank's newly minted Microsoft MVP status, his journey through PowerShell, and what it looks like to build a real presence in the tech community. Frank talks through the pipeline struggles that tripped him up early on, how his VB Script and object-oriented background made the shift to PowerShell's object model feel disorienting, and how AI has quietly changed the way he approaches scripting today. The conversation takes a thoughtful turn as Andrew and Frank dig into impostor syndrome, the value of conference speaking, and how showing up consistently in the community compounds into a career. Frank also shares an update on DuPage Animal Friends, the nonprofit he serves, which supports one of the country's highest-performing open-admission animal shelters. Key Takeaways: The PowerShell pipeline is one of the most commonly cited stumbling blocks for newcomers, especially those coming from text-based scripting backgrounds. Learning to visualize what your objects look like at each stage of the pipeline, using tools like Get-Member, is a skill that pays dividends long term. Showing up at conferences and user groups, even when you feel underprepared, is how you build the reps that eventually make it feel natural. Frank's consulting background gave him a head start on presentation skills, and he's clear that no one is born polished. Community involvement and career growth are more connected than they might look from the outside. Engaging with people on GitHub, at events, and through open source creates a feedback loop that builds confidence and opens doors. Guest Bio: Frank Lesniak returns to The PowerShell Podcast, this time as a Microsoft MVP (Microsoft Azure, PowerShell). Frank is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe, where PowerShell runs through client work on corporate M&A: carve-outs, tenant-to-tenant migrations, identity consolidation, endpoint moves, and security posture improvement across Microsoft 365, Azure, Entra ID, Active Directory, Intune, Defender, and Windows. Beyond consulting, Frank speaks at technical conferences, mentors first-time speakers, and publishes open-source PowerShell standards and tooling, including PSStyleGuide, GloryRole, and PSConnMon. His public work threads least-privilege identity, cloud role mining, cross-platform observability, and high-quality AI-assisted development through standards, automated tests, and automated code quality reviews. Connect with Frank: https://linktr.ee/franklesniak Connect with Andrew: https://andrewpla.tech/links PSConnMon - PowerShell Network Monitoring - https://github.com/franklesniak/PSConnMon/ GloryRole - Automating Least-Privlege Azure and Entra ID Directory Roles - https://gloryrole.com PowerShell Style Guide - https://github.com/franklesniak/PSStyleGuide PowerShell Style Guide + Coding Agents Lightning Talk - https://github.com/devops-collective-inc/pshsummit26/tree/main/PowerShellStyleGuideForCodingAgentsAndHumans-Lesniak Coding Agent Accelerator Template Repo (Coming Soon!) - https://github.com/franklesniak/copilot-repo-template ProStateKit - the DSC v3-Intune Starter Kit - https://github.com/franklesniak/ProStateKit ProStateKit Promotional Commercial - https://www.youtube.com/watch?v=cA5vMH522F0 macOSLab - Automating Legit macOS VMs - https://github.com/franklesniak/macOSLab DuPage Animal Friends - https://www.dupageanimalfriends.org/ PDQ Discord: https://discord.gg/pdq The PowerShell Podcast: https://www.pdq.com/resources/the-powershell-podcast/ Previous episodes with Frank Lesniak: https://powershellpodcast.podbean.com/?s=Frank+Lesniak The PowerShell Podcast on YouTube: https://youtu.be/Eg-uEGaurmY  

This episode features Mark Diodati, Managing Vice President for Identity and Access Management at Gartner.Mark has spent two decades shaping how the industry thinks about authentication, privileged access, and cloud identity, working with renowned companies like Ping Identity, CA, RSA, and now, Gartner. Today, he leads Gartner's global IAM for Leaders analyst team and sets its research agenda across the full identity stack.In this episode, Mark explains how Gartner's research model works and what his team is prioritizing across identity verification, authorization, ITDR, and decentralized identity. He also breaks down what AI means for identity right now and why securing AI agents is harder than most teams realize.This episode is a deep dive into where identity is heading from someone whose job is to listen to everyone.Guest Bio Mark Diodati is the Managing Vice President for Identity & Access Management at Gartner.Mark is a longtime identity pioneer who helped shape the way the industry thinks about authentication, privileged access management, and cloud identity. He leads a large team of analysts, sets the global IAM research agenda, and rigorously reviews every document to keep the bar high. Before that, he guided Gartner's IAM research for technical professionals, chaired major industry conferences like Catalyst Europe and the Cloud Identity Summit, and drove triple-digit growth in attendance and sponsorships. Earlier in his career, he held key leadership roles at CA, RSA, and Ping Identity, influencing product strategy and partnerships that many identity practitioners rely on today.Guest Quote " One thing we're critically aware of at Gartner is that nobody knows everything. It's impossible.”Time stamps (02:11) Meet Mark Diodati: Identity Analyst and IAM Research Leader (06:00) Inside Gartner: Research, Conferences, and Consulting (09:18) Hiring and Training the Gartner Analyst (15:26) How the Inquiry Process Works (24:07) Gartner Research Products for Identity Professionals (28:02) IAM Research Priorities Right Now (32:31) AI and Identity: Opportunity and Risk (39:35) A Musical Moment with Mark (44:26) Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Mark on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the security stuff if tangents aren't your thing! The security part: starting CARTP I've started the Certified Azure Red Team Professional course from Altered Security (enterprisesecurity.io). It's the Azure follow-up to CRTP, which I took a few years back. Quick notes: Why now: Active Directory and internal pentests will always be my first love, but more and more of our customers are shifting to hybrid or full-Azure environments. Time to get some formal training in that lane. Self-paced vs. live: They offer both. I'm past the point of giving up Saturdays to security training, so I went with the ~$500 self-paced 30-day option. You get a portal, a lab manual, and a remote Windows VM with low-priv creds into a target Azure tenancy to attack and enumerate. The catch: The lab manual is thorough on "do this, see this output" steps, but light on "and here's the wow moment hiding in line 47 of the output." With the live class, an instructor would highlight that stuff in real time. In the self-paced version, you're on your own to find the meaning in 200 lines of output. The fix: Started a Claude project that's effectively co-teaching the class with me. I paste command output and ask "what's the important bit here?" — Claude pulls out the line that matters and explains why (e.g., "this user has write access to a key vault, which means…"). Way more efficient than ALT-TABbing alone. Tools I've touched so far: ROADtools, GraphRunner, and Monkey365 (kind of a PingCastle-for-Azure that spits out a health-check report). Where I'm at: Module 4 of 40-something. Course culminates in a 24-hour exam, which I swore I'd never do again after CRTP — but James Bond and Justin Bieber both say "Never say never." Tangent Town: The Shake Shack incident. It's gross and not funny. But kind of funny. Saw (and sort of met) Calum Scott at the Fillmore in Minneapolis. Standing-room-only venue, but my wife found a clutch spot wedged between a security barrier and a support beam, perfect for our family. During an acoustic set, Calum and his band came right past us. My wife (unable to help herself) gave his shoulder a squeezy squeeze. I held out for the fist bump on his return trip to the stage — and we're basically best friends now. I highly recommend his show: very positive guy, family-friendly, genuine. Seven super-fast non-spoilery movie reviews from plane rides and hotel nights: Coherence — for smart people. I am not those people. Probably great if you can follow it. Deadstream (Netflix) — YouTuber live-streams a night in a haunted house. Surprisingly entertaining, a couple of real jump-scares. Get Away — a family vacations on a forbidden island. Goes somewhere unexpected in the third act. Hell House LLC — found-footage haunted house. A couple of genuine flinches; story was just OK. Hokum — Adam Scott as a writer at a hotel with a personal history. Creepy-crawly, goes to some dark places. Loved it. Predator: Badlands — went in expecting mind-numbing action, but I loved it! I'd give it an 8 or 9 out of 10. It had action, LOLs, and even some tender Predator moments. Going to watch it again soon. Obsession — young man buys a wish-granting trinket so a young lady will like him. It works. Then it really works. The movie slowly goes into full-on bonkers sauce mode! Satisfying but uncomfortable to watch at parts. That's it! 7MinSec.com for services, 7MinSec.club for the Substack, 7MinSec.wiki for pentest tips and scripts.

Today’s headline news for Canadian IT solution providers: SonicWall is making its Gen 8 security platform available in virtualized environments for the first time with the launch of the NSv XS, a subscription-based virtual firewall purpose-built for MSPs and MSSPs delivering managed security to small and distributed environments. The NSv XS supports VMware ESXi, Hyper-V, KVM, AWS, Azure, and Proxmox and ships in three service tiers designed around recurring revenue models. The top tier adds co-managed security from SonicWall’s SonicSentry NOC team plus embedded cyber warranty coverage through Cysurance. SonicWall’s 2026 Cyber Protect Report found high and medium severity attacks surged 20.8% last year, and with 52% of enterprises now running most of their infrastructure in the cloud, the NSv XS is explicitly designed to close that gap. Huntress and specialty insurance firm Acrisure have launched a new cyber insurance program offering eligible organizations access to Cyber or Tech E&O policies with no deductible and a streamlined application process. Organizations running qualifying Huntress Managed EDR and ITDR solutions may benefit from simplified underwriting – demonstrating active security posture translates to better insurance terms. The two companies are positioning the program as a response to growing AI-driven cyber threats and an alternative to the traditionally complex process of securing adequate cyber coverage. Intruder has released its 2026 Attack Surface Management Index, based on anonymized data from 3,000 customers. The headline number: 26% of organizations have exposed MySQL databases, a known target for ransomware and data extortion. Midmarket companies in the 5,000-10,000 employee range take an average of 56 days to remediate exposures – nearly four times slower than small enterprises. Banks closed gaps in an average of 11 days; insurance and pharma firms averaged more than 40. The report frames this against the emergence of autonomous AI models capable of independently discovering zero-day vulnerabilities – which makes a 56-day remediation window a meaningful risk. ThreatDown has launched identity threat detection and response for MSPs, adding credential-based attack detection to its managed security stack. ITDR joins ThreatDown‘s existing endpoint protection capabilities as attackers increasingly target identity infrastructure rather than devices directly. Cycode has announced new capabilities for AI-driven development, declaring “shift left is dead” and repositioning its application security platform around the AI development lifecycle. The move reflects a broader rethinking of where security fits as AI-generated code accelerates development velocity and introduces new risk vectors. Toronto-based MSP roll-up AYCE Capital has acquired a cybersecurity advisory firm to anchor a portfolio-wide center of excellence in vCISO and managed security operations. The move signals a push to build differentiated security capabilities across its MSP portfolio rather than sourcing them piecemeal. MSPAlliance has launched new service lines under its Cyber Verify program, expanding the compliance and assurance framework available to managed service providers. The additions give MSPs more structured pathways to demonstrate security and operational maturity to enterprise and regulated-industry clients. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, May 13, 2026, and here’s what’s happening in the channel today. SonicWall yesterday announced the NSv XS, a new virtual firewall extending its Gen 8 platform to cloud environments, with managed service providers and MSSPs as the primary target. The product allows partners to deploy firewall security wherever customer workloads run – public cloud, private cloud, branch offices, and distributed infrastructure – under a management model designed for multi-tenant operations. According to SonicWall, the NSv XS carries the same Gen 8 security engine found in its physical appliances into a lightweight virtual form factor, which the company says closes a growing gap as customer environments increasingly span both physical and cloud boundaries that legacy appliances can’t follow. The announcement is a practical one for the channel: a cloud-native firewall with the Gen 8 engine that can be managed centrally simplifies both the sales conversation around security coverage and the operational overhead of delivering it across heterogeneous customer environments. Also yesterday, Huntress announced a partnership with insurance firm Acrisure to connect cybersecurity posture directly to cyber insurance outcomes for eligible organizations. Under the program, customers running the Huntress managed security platform can access Cyber and Tech Errors and Omissions policies through Acrisure with no deductible – with policy terms tied to the customer’s verified security posture rather than a generic underwriting baseline. According to Huntress, the program is built on the premise that organizations that have actually deployed layered security controls should not be underwritten at the same rates as those that haven’t. The arrangement is worth watching for solution providers who have been looking for cyber insurance integrations that go beyond co-marketing – this one appears to operationalize the connection between managed security delivery and insurance terms in a way that could strengthen both the MSP’s value proposition and the client’s risk profile. Intruder rounded out a busy Tuesday by releasing its 2026 Attack Surface Management Index, drawing on anonymized data from 3,000 organizations to assess how quickly companies are identifying and closing their exposed attack surfaces. The headline finding: more than one in four organizations still have MySQL databases exposed and accessible from the internet – a foundational configuration risk that the report says reflects a broader struggle to maintain visibility over sprawling and distributed infrastructure. According to Intruder, the data shows that human remediation is falling further behind the pace of automated exploitation, a trend the company calls the “Mythos Era” – a period in which attacker tooling has measurably outpaced defender workflows. The report gives solution providers a concrete, data-backed framework to bring into client conversations, particularly for customers still relying on point-in-time scanning rather than continuous monitoring. In Brief –  ThreatDown yesterday launched an identity threat detection and response platform, extending its security stack to cover credential-based attacks across Microsoft Entra ID, Okta, and Active Directory.  Cycode is declaring “shift left is dead,” releasing new agentic development lifecycle security capabilities designed to protect AI-driven software pipelines from code generation through deployment.  Toronto-based AYCE Capital yesterday announced the acquisition of a cybersecurity advisory firm to anchor a portfolio-wide security center of excellence.  MSPAlliance last week added Service Lines to its Cyber Verify platform, letting MSPs map audited controls directly to the services they deliver for cleaner, client-ready compliance reporting.  Full details and links in the show notes or the blog post. Later today on In The Channel, we’re sitting down with Steve Petryschuk from Auvik to dig into their 2026 IT Trends Report and what the data reveals about the gap between AI ambition and AI maturity in managed services. And if you haven’t heard it yet, yesterday’s episode is a good one – Joel Abramson from Top Down Ventures joins me to discuss the close of their C$38 million MSP-focused founders fund and why they believe managed service providers are the primary delivery vehicle for AI to the small and mid-market. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

L'intelligence artificielle bouleverse les usages dans les entreprises, mais elle ouvre aussi une nouvelle génération de risques cyber. Entre Shadow AI, fuite de données, agents autonomes et manipulation des chatbots, les organisations découvrent un terrain encore largement incontrôlé.

This episode features Angie Klein, IAM Business Technology Manager at Federated Insurance.Angie brings over a decade of experience spanning systems development and identity security leadership, holding CISSP, CIDPRO, and CISM certifications and working hands-on with CyberArk, SailPoint IDN, and Active Directory in a regulated environment.In this episode, Angie dives into the organizational and cultural work that most identity programs skip. She shares why identity deserves its own program, how to apply OCM to bring resistant stakeholders on board, and why governance must come first. Angie's core argument is that if identity security creates too much friction, people will route around it, and that's where the real risk lives.This episode makes the case that the hardest part of identity security isn't the technology, it's getting people to trust it enough to stop working around it.Guest Bio As the IAM Business Technology Manager at Federated Insurance, Angie is dedicated to advancing our Identity and Access Management program and the industry as a whole. With over 10 years of experience and currently leading a team of Security Engineers and Identity and Access Analysts, Angie is passionate about IAM and love to see "ah ha" moments when colleagues understand that security is everyone's job.Angie bring over a decade of experience as a Systems Developer, providing extensive technical expertise in the Identity Security domain. I hold certifications, including CISSP, CIDPRO, and CISM. Additionally, she has experience working in the insurance industry and am skilled in CyberArk, Active Directory, SailPoint IDN, Analytical Skills, Project Management, and Public Speaking.Guest Quote "Identity security is ultimately about trust. People have to trust that you are doing the things that will help them do their job securely and not stop them from doing their job."Time stamps 01:45 Meet Angie Klein: Expert IAM Practitioner 01:22 Why Identity Needs Its Own Program 04:30 Why Identity Programs Stall 07:27 Organizational Change Management (OCM) Explained 12:51 OCM in Action 17:08 How to Gain Buy-In for an Identity Security Program 25:05 First Steps for Standing Up a Program 30:22 The Core Pillars of Identity Security 35:00 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Angie on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Today’s headline news for Canadian IT solution providers: inforcer launches Copilot Manager: inforcer has released its new Copilot Manager feature, giving MSPs in-depth visibility into Microsoft 365 Copilot adoption and shadow AI usage across customer tenants. According to the company, as many as 80% of SMB employees are using unauthorized AI tools at work, and IBM research cited by inforcer suggests organizations with high shadow AI exposure average $670,000 more in breach costs. The tool builds on the company’s earlier Copilot Readiness Assessment and has already been trialed in beta by more than 200 MSPs globally. SUSE launches Sovereign Partners Specialization: SUSE has announced a new Sovereign Partners Specialization at its SUSECON 2026 conference in Prague, designed for MSPs and channel partners operating in sovereign cloud environments. The specialization is structured as an agile layer on top of SUSE’s existing partner program, targeting partners who already hold sovereign field certifications and know the SUSE technology stack. For Canadian solution providers, the timing aligns with accelerating data sovereignty requirements under OSFI E-21 and Quebec’s Law 25. Cayosoft launches Microsoft Migration Services: Cayosoft has launched a full-cycle Microsoft identity migration service delivered in partnership with XMS Solutions, covering Active Directory, Entra ID, Microsoft 365, Exchange, SharePoint, and Teams. According to the company, the offering addresses the security exposure that persists after migrations that close on schedule but leave behind broken permissions and unmanaged identity drift. The service spans pre-migration assessment through post-migration monitoring and governance. Kaseya unveils Agentic IT Management Platform: Kaseya has announced what it is calling the first Agentic IT Management Platform, powered by a proprietary dataset the company calls Kaseya Intelligence, combining real-world IT data with an execution layer designed to act autonomously on behalf of MSPs. GuidePoint Security wins CrowdStrike Americas Partner of the Year: GuidePoint Security has been named CrowdStrike’s 2026 Americas Partner of the Year after the two companies surpassed $1 billion in cumulative joint sales, a milestone the company is positioning as validation of its managed security practice. Dyna Software showcases Platform Copilot at Knowledge 2026: Dyna Software is demonstrating Platform Copilot at ServiceNow Knowledge 2026, positioning the tool as a way to generate ServiceNow environment configurations from natural language inputs and images, reducing prototyping time for implementation partners. Kyndryl pushes AI deeper into IT operations: Kyndryl has announced updates expanding autonomous AI capabilities across its global IT operations practice, extending AI-assisted resolution workflows for its managed services engagements. Upwind adds Windows Server runtime visibility: Upwind has launched runtime visibility support for Windows Server virtual machines running across AWS, Azure, and Google Cloud Platform, closing a cross-platform gap in its cloud-native security coverage. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, May 8, 2026, and here’s what’s happening in the channel today. Managing Microsoft 365 Copilot is becoming a genuine operational challenge for MSPs, and a company called inforcer is positioning itself as the answer with the launch of its new Copilot Manager feature. The company, which makes Microsoft 365 multi-tenant management software for managed service providers, says Copilot Manager gives partners in-depth visibility into Copilot adoption trends across all client tenants, and – critically – the ability to monitor shadow AI usage. According to inforcer, as many as eighty percent of SMB employees are bringing their own AI tools to work, using unauthorized or open-source applications that increase the risk of data leakage. The company cites IBM research suggesting one in five organizations have experienced a breach due to shadow AI, with those carrying high shadow AI exposure averaging six hundred and seventy thousand dollars more in breach costs. The business case here is straightforward for solution providers. Copilot has crossed twenty million paid seats. The licensing is in motion. What most MSPs lack is the infrastructure to make Copilot governance a repeatable, billable service rather than a one-time check-in conversation. Copilot Manager has already been trialed in beta by more than two hundred MSPs globally, and the company says it builds directly on a Copilot Readiness Assessment tool released last year, giving partners a documented progression from pre-sales evaluation through ongoing managed AI services. SUSE has launched a new Sovereign Partners Specialization as part of its channel program, a move that carries meaningful implications for the Canadian market. The announcement came at the company’s annual SUSECON conference in Prague last month, with details emerging publicly this week. SUSE is positioning the specialization as an agile layer on top of its existing partner program, designed specifically for early-mover partners who already hold sovereign field certifications and are invested in the sovereign technology market. According to Hayley Wienszczak, SUSE’s head of global partner programs and success, the initial go-to-market will focus on existing SUSE MSPs who know the technology stack, working jointly to onboard the first reference customers onto a full SUSE sovereign stack. More than ninety-eight percent of SUSE’s business runs through partners, and the company is framing the sovereign play as an opportunity to lock in that partner ecosystem around an emerging but fast-growing requirement. For Canadian MSPs, the timing aligns with accelerating regulatory pressure around data sovereignty – OSFI’s E-21 guideline on technology and third-party risk, Quebec’s Law 25, and federal Protected B requirements are all pushing enterprise buyers toward environments where data residency is a verifiable, contractual commitment rather than a vendor promise. SUSE is also opening co-sell registration to ISVs and system integrators alongside MSPs as part of the same program update. Earlier this week, Cayosoft launched a full-cycle Microsoft identity migration service that it says is designed to address the ongoing risk that sits inside most Active Directory and Entra ID environments. The offering, called Cayosoft Microsoft Migration Services, is being delivered in partnership with XMS Solutions, a long-time provider of migration and cybersecurity services. According to the company, the service covers Active Directory, Entra ID, Microsoft 365, Exchange, SharePoint, Teams, and related identity infrastructure, and spans the complete lifecycle from pre-migration assessment through phased execution, data integrity validation, and post-migration monitoring, governance, and recovery. The launch targets a specific and frequently mismanaged problem: migrations that declare success on go-live day while leaving behind broken permissions, duplicated identities, and poorly governed access that creates security exposure for months afterward. Cayosoft is specifically calling out M&A, divestitures, and consolidation scenarios as high-risk contexts. For Microsoft-focused channel partners, the model Cayosoft is describing – migration as the front door into a longer-term identity management and recovery engagement – represents a services motion that can extend well beyond the initial project. Partners who have historically treated Active Directory migrations as one-time engagements may find this a useful framework for repackaging that work as an ongoing managed practice. In Brief Kaseya has unveiled what it is calling the first Agentic IT Management Platform, powered by a proprietary dataset the company calls Kaseya Intelligence.  GuidePoint Security has been named CrowdStrike’s 2026 Americas Partner of the Year after the two companies surpassed one billion dollars in cumulative joint sales.  Dyna Software is showcasing its Platform Copilot at ServiceNow Knowledge 2026, positioning the tool as a way to generate ServiceNow configurations from natural language and images.  Kyndryl has announced updates pushing AI deeper into its IT operations practice, expanding autonomous resolution capabilities across its global managed services engagements.  Upwind has launched new runtime visibility support for Windows Server virtual machines across AWS, Azure, and Google Cloud Platform, addressing a gap in cross-platform endpoint coverage.  Full details and links in the show notes or the blog post. Later today on In The Channel, we continue our Knowledge 2026 series with Cristin Gooderham, area vice president of Canada enterprise sales at ServiceNow, on what the shift to agentic business looks like from a Canadian market perspective. And if you haven’t heard it yet, yesterday on In The Channel we published my conversation with Michael Park, ServiceNow’s global channel chief, on why the company put its AI product leader in charge of the channel – and what that means for how partners get built and compensated going forward.  That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

How secure is your Active Directory infrastructure? While at Zero Trust World in Orlando, Richard chatted with Spencer Alessi about his work helping companies secure Active Directory, making it more difficult for black hats to exploit it for lateral moves during a breach attempt. Spencer talks about the increasing speed of these exploits, making it much harder to block them after the fact, so it's best to make AD too difficult to target. Jake Hildreth's Locksmith tools are a great place to start - free and open source. There are also Microsoft tools and Spencer's own AD Security Resource Kit to help evaluate your AD infrastructure and lock it down! Links Locksmith Enhanced Security Admin Environment Active Directory Security Resource Kit Recorded March 4, 2026

Hauke, Jean und Micha begrüßen euch zu ihrer regelmäßigen Infotainment-Sendung rund um Linux und Open Source.Heute geht es mitunter um: Ubuntu 26.04, KI, Gemma 4, Claude Mythos, Samba, Active Directory

En esta entrevista, Omar Ben Bouazza, responsable de RootedCon, adelanta los preparativos para la edición de 2026, que se celebrará los días 5, 6 y 7 de marzo en Kinépolis. Entre las novedades, destaca la confirmación de Patrick Breyer, activista de derechos digitales y exparlamentario europeo, como uno de los ponentes principales. Además, resalta la oferta formativa del evento, que incluye siete bootcamps de tres jornadas sobre temas como hardware hacking y Active Directory, junto a tres laboratorios de un día diseñados para facilitar la asistencia según presupuesto y tiempo. Finalmente, se lanza un concurso para los oyentes que consiste en identificar al ponente nórdico que abrió la edición de 2017, marcando el inicio de la proyección internacional del congreso. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

In this interview, Omar Ben Bouazza, representative of RootedCon, previews the preparations for the 2026 edition, which will take place on March 5, 6, and 7 at Kinépolis. Among the highlights is the confirmation of Patrick Breyer as one of the keynote speakers. He is known for his work as a digital rights activist and former Member of the European Parliament. The event's training offering is also emphasized, including seven three-day bootcamps covering topics such as hardware hacking and Active Directory, along with three one-day labs designed to make attendance more flexible depending on budget and availability. Finally, a contest for listeners is launched, challenging them to identify the Nordic speaker who opened the 2017 edition, marking the beginning of the conference's international expansion. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

This episode features Sarah Cecchetti, Director of Product Management at Semperis.A veteran identity executive, Sarah co-founded IDPro and co-authored NIST SP 800-63-3C Digital Identity Guidelines. She previously led Amazon Cognito as Head of Product at AWS, where she also open-sourced Cedar, the policy language at the center of this conversation.In this episode, Sarah presents her Bsides Seattle talk "Identity Crisis: IAM's Wild Ride in the AI Jungle" on why the assumptions that shaped modern identity have been overturned by the pace of agentic AI. She covers where authentication and authorization standards currently fall short for non-human identities and walks through the emerging frameworks the industry is building to fill that gap.This episode makes the case that natural language safety instructions are not a substitute for provable, external guardrails.Guest Bio Sarah Cecchetti is a seasoned technology executive driving product management at Semperis. At AWS, she led Amazon Cognito to triple-digit growth as Head of Product and led the open-sourcing of Cedar, a new access management language. She co-founded IDPro and co-authored NIST SP 800-63-3C Digital Identity Guidelines. Sarah has designed secure identity systems for corporate clients as well as US and Canadian governments and is recognized as a top identity professional by Okta Ventures and OWI. She's a keynote speaker at global identity conferences like Identiverse and Authenticate.Guest Quote  “[The] average enterprise has 250,000 non-human identities, and 97% of those have excessive privilege. And 68% of organizations lack AI identity controls...The concept of excessive privilege has almost been accepted by the industry at this point. That's just the way it's done.”Time stamps 01:45 Meet Sarah Cecchetti: Seasoned Identity Executive 02:36 Sarah's Bsides Seattle Talk: Identity Crisis: IAM's Wild Ride in the AI Jungle 04:19 How Deepfakes Broke Biometrics 06:37 The Scale of Non-Human Identities 09:34 How NHIs Differ from Human Identities 10:38 Why FIDO Doesn't Work for AI Agents 12:19 Introducing SPIFFE and Workload Identity 15:45 How SPIFFE Works in Practice 17:34 Where AI Protocols Are Falling Short 21:12 The Problem with OAuth Client Credentials 23:18 Dynamic Registration and Database Sprawl 24:38 Client ID Metadata Documents Explained 28:43 Authentication Standards: Who Wins the Client ID Field? 30:21 Cedar: Deterministic Authorization for AI Agents 33:58 Clawdrey Hepburn: Sarah's AI Agent in Practice 40:09 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksOAuth Client ID Metadata DocumentConnect with Sarah on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting hundreds of internal penetration tests every year.This isn't a vendor comparison or a theoretical framework. It's an honest account of what works, what gets misconfigured, and what separates organizations that slow attackers down from those that don't.Topics covered include:Application Control — ThreatLocker and Magic Sword — why app control is probably the single most effective endpoint control against attackers, how the learning period works, why jumping straight to enforcement mode is a mistake, and why executive buy-in is as critical as the technical implementationWDAC vs. traditional App Locker — the differences, what closed-book enforcement actually means for attackers, and the two schools of thought on allow-list vs. block-list approachesStrong identity controls — MFA beyond RDP including SMB, WinRM, and HTTP via products like Silverfort, why push notification MFA falls short, and why number matching mattersProtected Users Group — one of the most powerful and underused Active Directory controls, with a real-world story of how it nearly matched a full third-party identity product in effectiveness during a law firm pen testLeast privilege and admin tiering — why Help Desk is one of the most targeted groups for social engineering, how over-permissioned service accounts hand attackers domain admin in minutes, and the real cost of control path vulnerabilitiesNetwork segmentation and zero trust — why domain controllers don't need internet access, how segmentation limits attacker recon, and where products like Zscaler fit inEDR baselining and UEBA — why plugging in an EDR tool and expecting it to work isn't enough, the case for getting back to behavior-based detection, and why catching recon activity matters more than catching executionDeception — honeypots, canaries, and fake assets — why deception is underrated, why high-fidelity low-false-positive alerts change the game, and what it actually feels like as a pen tester to trip on a well-placed decoy without knowing itAlso mentioned: Spencer and Brad's Tools of the Trade workshop at ILTA Evolve — Denver, end of April.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

This episode features a virtual roundtable hosted by Michele Crockett, Associate VP of Product Marketing at Semperis.The panel brings together five practitioners with deep experience in identity security: Alex Weinert, Chief Product Officer at Semperis; Christopher Brumm, Cyber Security Architect at glueckkanja; Eric Woodruff, Chief Identity Architect at Semperis; Jorge de Almeida Pinto, Senior Incident Response Lead at Semperis; and Michael Van Horenbeeck, CEO and Senior Solution Architect at The Collective Consulting. Collectively, they represent experience across incident response, Microsoft product development, enterprise architecture, and security leadership.In this discussion, the panel addresses how to allocate limited security budgets across prevention and recovery, why the same AD misconfigurations keep appearing in assessments year after year, and what AI means for defenders and attackers alike.This episode is a practical, field-tested conversation about what moves the needle when resources are constrained.Guest Quote "80% of permissions that are out there are users that have access to systems they don't need. Going back to that Tier 0 system, a hundred percent of what's got access to Tier 0, you should know what it is, why it has access, why it needs it, [and] what's going on...  Any apps that you can't prove what they're there for, turn them off. See who yells."Time stamps 0:00 Meet the Panelists 00:00 AI in Cybersecurity 02:23 Budgeting for Identity Security 05:08 Field Lessons and AD Misconfigs 08:48 Prioritizing Prevention and Funding 12:59 Current Attacker Trends 14:56 Hybrid and Multi Cloud Risks 17:02 Entra Private Access POC 18:28 Lightning RoundSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Alex on LinkedInConnect with Chris on LinkedInConnect with Eric on LinkedInConnect with Michael on LinkedInConnect with Jorge on LinkedInConnect with Michele on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Thank you ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Spencer Alessi's SOCIAL // YouTube: / @techspence Website: https://spenceralessi.com/adsecuritykit/ X: https://x.com/techspence LinkedIn: / spenceralessi Swag: https://www.etsy.com/shop/ethicalthre... // ThreatLocker's SOCIAL // LinkedIn: https://www.linkedin.com/company/thre... X: https://x.com/threatlocker Instagram: / threatlocker Website: https://www.threatlocker.com/ / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:54 - Spencer Alessi introduction & background 02:20 - Pentesting demo // Active Directory 03:34 - Control paths // Finding bad permissions with ADeleg 06:04 - Finding bad permissions with NetTools 06:52 - The most common issue 08:15 - Certificate abuse 12:20 - Quick recap 12:30 - Certificate abuse continued 15:10 - Pentesting summary 15:09 - How to become a pentester 18:48 - Recommended certifications 20:54 - Advice for blue teamers 22:15 - Overcoming being an introvert // Soft skills vs tech skills 23:43 - Windows hacking in the real world 24:54 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #microsoft #windows11 #hacker

Summary On this episode of Chattinn Cyber, Marc is chattin' with Ben Wilcox, Chief Technology Officer and Chief Information Security Officer at ProArch. Their chat opens by focusing on high-impact, practical ways organizations can reduce cyber risk. Ben highlights identity as the top priority: his team moved to passkeys to remove passwords and lower the attack surface. He stresses that threat actors increasingly use man-in-the-middle techniques and that AI has accelerated the automation of credential-theft, which makes strengthening identity controls essential. The chat then moves to AI and data governance. Ben describes rolling out visibility tools to monitor internal AI use — what prompts users run and what data is fed into models — and pairing that with data labeling and classification. He warns organizations to restrict where AI tools are allowed and to implement compensating data controls to prevent accidental or intentional leaks of sensitive information. Ben cautions that AI and cybersecurity must be adopted in parallel, because AI will reveal existing misconfigurations and permission drift. He gives practical examples (like Copilot showing information a user shouldn't see because of incorrect permissions) to illustrate how AI surfaces weaknesses in access controls. The takeaway is that AI can be a force-multiplier but also a magnifier of existing security gaps. On leadership and tradeoffs, Ben explains how combining CTO and CSO responsibilities can be an enabler if balanced correctly. He argues for marrying a product/technology lens with a risk lens, leveraging internal expertise, and making business enablement and security complementary so organizations can move quickly while maintaining the right groundwork. Finally, Ben addresses translating cyber risk into financial terms for CFOs and boards. He recommends business impact analysis—linking key system outages (e.g., Active Directory) to production downtime costs—to quantify risk and justify security investments. He shares real incident cost ranges (low seven figures to tens of millions in some cases), underscores the role of compensating controls, and concludes with a call to monitor industry trends, assess outage and reputational costs, and prioritize risk reduction. Key Points Identity-first approach: move away from passwords (passkeys) and reduce reliance on MFA tokens that can be intercepted or automated by attackers. AI visibility and data controls: monitor internal AI usage, restrict sites/tools, and enforce labeling/classification to prevent data leakage. AI exposes existing weaknesses: adopting AI without fixing permission drift and misconfigurations surfaces risks rather than hiding them. Speed and detection advantage: AI can accelerate detection and response in SOCs—gaining even seconds can materially reduce impact. Translate risk to business terms: use business impact analysis to quantify downtime costs and build the financial case for security investments and insurance. Key Quotes “Last year we took the initiative and we moved to pass keys.” “AI has sped up that weaponization and being able to turn that around and get those tokens automatically.” “AI is going to expose the weaknesses that are inherent within your security controls that you already have in place.” “If we can get even 5 seconds faster or 10 seconds faster or 20 seconds faster, sometimes that makes a difference.” “And that’s why they should have bought cyber insurance.” About Our Guest Ben Wilcox is a seasoned technology leader with over 25 years of experience driving innovation and solving complex business challenges. Serving as both Chief Technology Officer and Chief Information Security Officer at ProArch, Ben combines a forward-looking vision with a hands-on approach to cybersecurity. He is passionate about leveraging technology to accelerate business outcomes while embedding security best practices into organizational culture and operations. Ben's strategic mindset and dedication to excellence have strengthened ProArch's resilience and helped protect clients' data and systems. Outside of work, Ben channels his relentless drive into racing as an instructor and competitor with the Northeast Audi Club, and enjoys gardening, cooking, and spending quality time with his family. As he puts it, “Security isn’t just about defending against threats—it’s about enabling trust, protecting growth, and ensuring every decision we make strengthens the foundation of the business.” Follow Our Guest LinkedIn | Website About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that's become a go-to for their internal penetration testing engagements.They start with the backstory: years of relying on AD Explorer from Microsoft Sysinternals, and the growing need to evade EDR detections. At one point, that meant manually obfuscating binaries with a hex editor. NetTools eliminates that friction entirely — no installation, no dependencies, no signatures to fight.Topics covered include:Why NetTools replaced AD Explorer and how EDR pressure forced the shiftGroup Policy enumeration, including how to spot dangerous GPO permissions like authenticated users with write access to server OUsLDAP Search & Browser for querying AD, identifying risky data (like passwords in descriptions), and exploring object relationshipsAssigned Trustees & Permissions Reporter for fast, visual identification of misconfigurationsHow to run NetTools from non-domain-joined machines using saved credential profilesPassword checker functionality for targeted validation without spraying the environmentFor pentesters, it's a faster way to get visibility into AD risk. For IT admins, it's a practical way to audit and harden your environment.NetTools combines the functionality of multiple tools into one portable utility. Learn more at nettools.net. Credit to creator Gary Reynolds.NetTools | The Swiss army knife of AD troubleshootingBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in building teams of security researchers and why there's still an emphasis on the ability to learn about and understand how software is built. But figuring out what skills will get you hired and what skills are valuable to invest in still feels daunting to new grads and others entering the security industry. We discuss where the role of appsec seems to be heading and a few of the security and software fundamentals that can help you follow that direction. Segment resources https://bsidessf2026.sched.com/event/2E1h4/we-pwn-the-night-growing-leading-an-31337-security-research-team?iframe=yes&w=100%&sidebar=yes&bg=no https://drive.google.com/file/d/1_zLH8vuHU1XOjEyk85WecQwSByDwxAmQ/view?pli=1 https://securing.dev/posts/if-i-were-eighteen-again/ https://research.nvidia.com/labs/lpr/slm-agents/ Then, we rebroadcast two interviews from RSAC 2026. The Identity Crisis of Agentic AI Identity security is being stretched between legacy infrastructure that was never built to be secure and rapidly emerging AI agents and non-human identities that organizations are quickly adopting. As AI accelerates, identity risk grows alongside it, making agentic security fundamentally an identity challenge—because the more access AI has, the greater both its power and potential risk. In this session, Ron Rasin explores how past gaps in areas like Active Directory and machine identities created today's blind spots, and why identity must now act as the control plane for AI-driven enterprises, with real-time enforcement before access is granted. He also highlights new innovations and partnerships enabling embedded identity controls across human, non-human, and AI identities, emphasizing that at machine speed, reactive security is no longer enough. To learn more about Silverfort and their AI Agent product, visit https://securityweekly.com/silverfortrsac. Privileged by Design: AI Agents and the New Identity Risk to Production Systems At RSAC this year, the AI conversation is getting more practical. Less “look what agents can do” and more “who's actually in control when an autonomous system can take real actions across business apps and infrastructure.” The Moltbook breach and the growing attention on OpenClaw-style agent vulnerabilities put real weight behind that question because they show how quickly agent ecosystems can scale past oversight. Today we're talking with Shashwath, CEO of P0 Security, about why identity and authorization are the quiet enablers of modern AI, where teams are losing control as non-human identities explode and what security leaders can do to keep innovation moving without turning access sprawl into enterprise risk. To learn more about P0 Security, visit: https://securityweekly.com/p0rsac. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-376

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in building teams of security researchers and why there's still an emphasis on the ability to learn about and understand how software is built. But figuring out what skills will get you hired and what skills are valuable to invest in still feels daunting to new grads and others entering the security industry. We discuss where the role of appsec seems to be heading and a few of the security and software fundamentals that can help you follow that direction. Segment resources https://bsidessf2026.sched.com/event/2E1h4/we-pwn-the-night-growing-leading-an-31337-security-research-team?iframe=yes&w=100%&sidebar=yes&bg=no https://drive.google.com/file/d/1_zLH8vuHU1XOjEyk85WecQwSByDwxAmQ/view?pli=1 https://securing.dev/posts/if-i-were-eighteen-again/ https://research.nvidia.com/labs/lpr/slm-agents/ Then, we rebroadcast two interviews from RSAC 2026. The Identity Crisis of Agentic AI Identity security is being stretched between legacy infrastructure that was never built to be secure and rapidly emerging AI agents and non-human identities that organizations are quickly adopting. As AI accelerates, identity risk grows alongside it, making agentic security fundamentally an identity challenge—because the more access AI has, the greater both its power and potential risk. In this session, Ron Rasin explores how past gaps in areas like Active Directory and machine identities created today's blind spots, and why identity must now act as the control plane for AI-driven enterprises, with real-time enforcement before access is granted. He also highlights new innovations and partnerships enabling embedded identity controls across human, non-human, and AI identities, emphasizing that at machine speed, reactive security is no longer enough. To learn more about Silverfort and their AI Agent product, visit https://securityweekly.com/silverfortrsac. Privileged by Design: AI Agents and the New Identity Risk to Production Systems At RSAC this year, the AI conversation is getting more practical. Less "look what agents can do" and more "who's actually in control when an autonomous system can take real actions across business apps and infrastructure." The Moltbook breach and the growing attention on OpenClaw-style agent vulnerabilities put real weight behind that question because they show how quickly agent ecosystems can scale past oversight. Today we're talking with Shashwath, CEO of P0 Security, about why identity and authorization are the quiet enablers of modern AI, where teams are losing control as non-human identities explode and what security leaders can do to keep innovation moving without turning access sprawl into enterprise risk. To learn more about P0 Security, visit: https://securityweekly.com/p0rsac. Show Notes: https://securityweekly.com/asw-376

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in building teams of security researchers and why there's still an emphasis on the ability to learn about and understand how software is built. But figuring out what skills will get you hired and what skills are valuable to invest in still feels daunting to new grads and others entering the security industry. We discuss where the role of appsec seems to be heading and a few of the security and software fundamentals that can help you follow that direction. Segment resources https://bsidessf2026.sched.com/event/2E1h4/we-pwn-the-night-growing-leading-an-31337-security-research-team?iframe=yes&w=100%&sidebar=yes&bg=no https://drive.google.com/file/d/1_zLH8vuHU1XOjEyk85WecQwSByDwxAmQ/view?pli=1 https://securing.dev/posts/if-i-were-eighteen-again/ https://research.nvidia.com/labs/lpr/slm-agents/ Then, we rebroadcast two interviews from RSAC 2026. The Identity Crisis of Agentic AI Identity security is being stretched between legacy infrastructure that was never built to be secure and rapidly emerging AI agents and non-human identities that organizations are quickly adopting. As AI accelerates, identity risk grows alongside it, making agentic security fundamentally an identity challenge—because the more access AI has, the greater both its power and potential risk. In this session, Ron Rasin explores how past gaps in areas like Active Directory and machine identities created today's blind spots, and why identity must now act as the control plane for AI-driven enterprises, with real-time enforcement before access is granted. He also highlights new innovations and partnerships enabling embedded identity controls across human, non-human, and AI identities, emphasizing that at machine speed, reactive security is no longer enough. To learn more about Silverfort and their AI Agent product, visit https://securityweekly.com/silverfortrsac. Privileged by Design: AI Agents and the New Identity Risk to Production Systems At RSAC this year, the AI conversation is getting more practical. Less "look what agents can do" and more "who's actually in control when an autonomous system can take real actions across business apps and infrastructure." The Moltbook breach and the growing attention on OpenClaw-style agent vulnerabilities put real weight behind that question because they show how quickly agent ecosystems can scale past oversight. Today we're talking with Shashwath, CEO of P0 Security, about why identity and authorization are the quiet enablers of modern AI, where teams are losing control as non-human identities explode and what security leaders can do to keep innovation moving without turning access sprawl into enterprise risk. To learn more about P0 Security, visit: https://securityweekly.com/p0rsac. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-376

This episode features Sander Berkouwer and Raymond Comvalius, two longtime identity security experts and Microsoft Most Valuable Professionals (MVPs).Sander is an independent identity architect and author of the Active Directory Cookbooks. Raymond is an IT specialist and senior technical consultant specializing in hybrid identity, Microsoft Entra ID, and identity lifecycle automation.In this episode, they explore a growing blind spot in cloud security: application governance. As organizations adopt more cloud apps and integrations, identity platforms like Microsoft Entra ID often accumulate hundreds of application registrations with little oversight.They explain why governance so often falls behind adoption, share practical steps organizations can take to regain control, and discuss the next frontier of identity.Guest BiosSander Berkouwer DirTeam Sander Berkouwer works as an independent identity architect in the Netherlands, where he helps organizations make the most out of Microsoft products, services, strategies, and technologies. Sander blogs on DirTeam.com. He regularly gets invited as speaker for his enthusiastic approach, his in-depth real-world knowledge and as the author of the much-appraised Active Directory Cookbooks. Sander has been awarded the Microsoft Most Valuable Professional (MVP) award (for the last 17 years), Veeam Vanguard award (for the last 8 years) and VMware vExpert (for 3 years).Raymond Comvalius Raymond Comvalius is an IT specialist and senior technical consultant with more than two decades of experience delivering enterprise infrastructure, identity, and security improvements. His work centers on hybrid identity and Microsoft ecosystems, including Microsoft Entra ID, Conditional Access, and identity lifecycle automation with Microsoft Graph and scripting. Raymond advises teams on pragmatic roadmaps for strengthening authentication (MFA, passkeys/FIDO2, Windows Hello), improving governance, and operationalizing secure access at scale across cloud and on-prem environments. Beyond consulting, he serves as a board member and co-hosts the IT Bro's Podcast, sharing news and insights for identity and security professionals.Guest Quotes  “In your tenant, you want to know what objects are in there, and it doesn't matter if those are users or groups or applications. You want to know what's in there so that you can keep track of what's going on.” - Raymond Comvalius“There's a difference between an application and an agent. An agent is far more ephemeral. It does a job that requires some sort of permission. It spins up, it does its thing, and it spins down.” - Sander BerkouwerTime stamps 00:45 Meet Sander Berkouwer and Raymond Comvalius: Microsoft Most Valuable Professionals (MVPs) 02:32 Importance of Entra Application Governance 12:29 How to Get Started with Application Governance 20:18 Understanding Entra Agent ID 26:59 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Sander on LinkedInConnect with Raymond on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in building teams of security researchers and why there's still an emphasis on the ability to learn about and understand how software is built. But figuring out what skills will get you hired and what skills are valuable to invest in still feels daunting to new grads and others entering the security industry. We discuss where the role of appsec seems to be heading and a few of the security and software fundamentals that can help you follow that direction. Segment resources https://bsidessf2026.sched.com/event/2E1h4/we-pwn-the-night-growing-leading-an-31337-security-research-team?iframe=yes&w=100%&sidebar=yes&bg=no https://drive.google.com/file/d/1_zLH8vuHU1XOjEyk85WecQwSByDwxAmQ/view?pli=1 https://securing.dev/posts/if-i-were-eighteen-again/ https://research.nvidia.com/labs/lpr/slm-agents/ Then, we rebroadcast two interviews from RSAC 2026. The Identity Crisis of Agentic AI Identity security is being stretched between legacy infrastructure that was never built to be secure and rapidly emerging AI agents and non-human identities that organizations are quickly adopting. As AI accelerates, identity risk grows alongside it, making agentic security fundamentally an identity challenge—because the more access AI has, the greater both its power and potential risk. In this session, Ron Rasin explores how past gaps in areas like Active Directory and machine identities created today's blind spots, and why identity must now act as the control plane for AI-driven enterprises, with real-time enforcement before access is granted. He also highlights new innovations and partnerships enabling embedded identity controls across human, non-human, and AI identities, emphasizing that at machine speed, reactive security is no longer enough. To learn more about Silverfort and their AI Agent product, visit https://securityweekly.com/silverfortrsac. Privileged by Design: AI Agents and the New Identity Risk to Production Systems At RSAC this year, the AI conversation is getting more practical. Less "look what agents can do" and more "who's actually in control when an autonomous system can take real actions across business apps and infrastructure." The Moltbook breach and the growing attention on OpenClaw-style agent vulnerabilities put real weight behind that question because they show how quickly agent ecosystems can scale past oversight. Today we're talking with Shashwath, CEO of P0 Security, about why identity and authorization are the quiet enablers of modern AI, where teams are losing control as non-human identities explode and what security leaders can do to keep innovation moving without turning access sprawl into enterprise risk. To learn more about P0 Security, visit: https://securityweekly.com/p0rsac. Show Notes: https://securityweekly.com/asw-376

Jim McDonald sits down with Greg Handrick, Director of IAM at Best Buy, for a wide-ranging conversation on running enterprise identity at one of America's largest consumer electronics retailers. Greg traces a nonlinear career path from Oracle DBA and Novell administrator to IAM director. The discussion covers Best Buy's CIO-reporting structure for IAM, how their steering committee evolved from status meetings into a strategic body, and managing identity across workforce, vendors, marketplace sellers, and non-human identities. Greg and Jim also dig into communicating identity value in business language, making the investment case without FUD, identity and cyber convergence, AI adoption, and psychological safety on a well-run IAM team. The Lighter Note wraps with Greg's YouTube-powered DIY hobby life.Connect with Greg: https://www.linkedin.com/in/greghandrick/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00:00 Intro and upcoming event announcements00:03:00 Meet Greg Handrick, Director of IAM at Best Buy00:04:00 What is Best Buy?00:05:00 Greg's career path from Oracle DBA to IAM Director00:12:00 IAM reporting to the CIO vs. the CISO00:17:00 How Best Buy's IAM steering committee evolved00:22:00 Third-party and non-human identities at scale00:24:00 Identity as a team sport and imposter syndrome00:27:00 Communicating identity value in business language00:28:00 Making the investment case for IAM without FUD00:32:00 Identity and cybersecurity convergence at Best Buy00:35:00 Balancing technical depth with business acumen00:38:00 AI in identity programs today00:39:00 Leadership philosophy and psychological safety00:43:00 Will AI replace identity practitioners?00:46:00 Ledger Note: DIY projects and the power of YouTubeKeywords: IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Greg Handrick, Best Buy, IAM, identity and access management, identity security, CIO, CISO, steering committee, SailPoint, Ping Identity, Active Directory, third-party identity, non-human identity, identity governance, PAM, privileged access management, zero trust, AI in identity, leadership, retail IAM, imposter syndrome, psychological safety

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into Windows security at scale, focusing on critical points where security measures impact real network environments. Learn how small misconfigurations, like one wrong checkbox, can expose significant data risks. Whether you are part of a study group, preparing for the CompTIA exam, or aiming to develop your IT skills, this episode covers practical Windows security architecture relevant to system administration, IT support, and tech exam prep. We discuss strategies for managing shared resources, centralized identity, and enforceable policies that you'll encounter in both real-world technology education settings and certification environments. Tune in to enhance your understanding and get tips that will aid you in your IT certification journey.I walk through modern Windows authentication, including what Windows Hello is designed to fix, why passwords keep failing in the real world, and how device bound PINs, biometrics, and phishing resistant security keys change the security model. From there, we talk about reducing login chaos with single sign-on and how SAML authentication helps systems trust an identity provider without making users juggle endless credentials.Then we move into the enterprise core: Windows domains, Active Directory, and how domain controllers, organizational units, and security groups keep management scalable. I also cover Group Policy as the tool that enforces consistent security settings across hundreds or thousands of PCs, plus the commands that matter when you need to verify and refresh policy like GPUpdate and GPResult.Finally, we dig into the breach magnet: Windows shares and permissions. You'll learn the difference between share permissions and NTFS permissions, why “most restrictive wins,” how deny rules and inheritance can save you or sink you, and why least privilege is the habit that keeps sensitive data out of the wrong hands. If this helps you, subscribe, share it with a friend in IT, and leave a review with the topic you want next.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

How do you find insecure permissions in Active Directory before they turn into attack paths?In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg, a free security tool trusted by penetration testers.Misconfigured delegation and overly permissive access rights are a common source of risk in Active Directory environments. These gaps can create hidden attack paths—but many teams don't know where to look or how to interpret what they're seeing.In this episode, we cover:How to identify insecure permissions in Active DirectoryWhat to look for in high-risk users and groups like Domain Users, Everyone, and Authenticated UsersHow these misconfigurations translate into real-world attack pathsHow to use ADeleg to analyze delegated permissions and uncover hidden riskWe also include a reference to ADeleginator, a related tool that can help automate parts of this process using PowerShell. While this episode focuses on hands-on analysis with ADeleg, ADeleginator is a useful companion for scaling this work.Tools referenced:ADeleg: https://github.com/mtth-bfft/adelegBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

This episode features Krista Arndt, Associate CISO at St. Luke's University Health Network.With a career spanning healthcare, finance, crypto, and the Department of Defense, Krista brings a uniquely nontraditional path into cybersecurity, one shaped by mission-driven leadership, authenticity, and a commitment to mentorship.In this episode, Krista explains why identity sits at the center of nearly every major cyber incident and shares lessons from real-world response work. She also draws a striking parallel between incident response and her life as a national drag racing competitor, where staying calm under pressure and building in fail-safes can mean the difference between disaster and resilience.This episode is a powerful look at what it means to lead in cybersecurity.Guest Bio Krista Arndt is the Associate CISO SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day-to-day operational effectiveness. In her previous roles, Krista assisted with developing and leading security programs in crypto, finance, and the Department of Defense. Krista earned her Bachelor's Degree in Biology from Felician College in NJ where she was a scholarship athlete, serving as the women's basketball team captain. She also holds her CISM and CRISC certifications and NHRA competition driver's license.Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter's Healthcare Sector Chief, serves on Neumann University's Business Advisory Council and is Marketing Committee chair for Women in Cybersecurity-Delaware Valley Affiliate. Krista is also a published author, detailing her journey to embracing her unique authenticity in her book, “Permission to be Real; How to Lead, Influence, and Thrive Without Fitting the Mold". Through this service and her writing, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field. When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.Guest Quote “In the incidents that I've been involved in, major or not, I'll tell you—identity is at the crux of that... They're trying to get unfettered access…  How do they get unfettered access? Through an identity that isn't secured correctly.”Time stamps 00:45 Meet Krista Arndt: Veteran CSO 06:17 Writing Permission to Be Real 10:43 Speaking the Business Language: Why Security Translation Matters 12:49 Lessons from Real-World Incidents 15:43 AI Agents and the Next Wave of Identity Risk 16:55 What Drag Racing Teaches About Incident Response 23:28 Surviving the CISO Seat 26:44 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Krista on LinkedInCheck out Krista's book: Permission to be RealLearn more about St. Luke's University Health NetworkConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Welcome to Episode 423 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben is live from Workplace Ninjas, joined by Eric Woodruff, Chief Identity Architect at Semperis and Microsoft MVP in Security focused on identity, and Chris Brumm, Cyber Security Architect at glueckkanja and Microsoft MVP in Security with over 16 years of experience in cybersecurity. Together they dig into the often-overlooked world of non-human identities in Microsoft Entra ID. They cover what service principals are, why they tend to fly under the radar compared to user accounts, and how attackers actively exploit that gap. The conversation spans credential management best practices, the risks of improper owner assignments, the challenges of multi-tenant app configurations, and why managed identities should be your go-to wherever possible. They also discuss the growing challenge of AI agent identities and what IT pros need to start thinking about now before that surface area explodes. Show Notes Eric Woodruff on LinkedIn Eric Woodruff on X (@ericanidentity) Eric on Identity Chris Brum on LinkedIn Chris Brumm on X (@cbrhh) Chris Brumm’s Blog Application and service principal objects in Microsoft Entra ID Workload Identities Securing service principals in Microsoft Entra ID Securing managed identities in Microsoft Entra ID Conditional Access for Workload Identities Microsoft Entra Audit Logs Microsoft Sentinel Detection Templates Eric Woodruff Eric Woodruff is the Chief Identity Architect at Semperis and a Microsoft MVP in Security with a focus on identity. He specializes in all things Microsoft Entra and Active Directory, with a passion for helping organizations understand and secure both human and non-human identities. You can find Eric on social media as @ericanidentity. Chris Brumm Chris Brumm is a Cyber Security Architect at glueckkanja based in Germany, with over 16 years of experience across virtually every corner of cybersecurity. He is a Microsoft MVP in Security with a primary focus on identity security. His team operates SOC services and he brings a detection and response perspective to identity risk, helping organizations build lifecycle processes and monitoring strategies for non-human identities in Microsoft Entra.   About the sponsors TrustedTech is a leading Microsoft Cloud Solution Provider (CSP) specializing in Microsoft Cloud services, Microsoft perpetual licensing, and Microsoft Support Services for medium and enterprise-sized businesses. Our robust team of in-house, U.S-based Microsoft architects and engineers are certified in all 6/6 Microsoft Solutions Partner Designations in the Microsoft Cloud Partner Program. M365 Licensing Consultation M365 Tenant Assessment Copilot Readiness Assessment At Intelligink, our focus is singular: the Microsoft cloud. Our Microsoft 365 and Azure experts help you work securely and efficiently by unlocking the full value of what you’re already paying for, so you can focus on running your business.

This episode features Drew Russell, Identity Resilience Platform Owner at Rubrik. Jim McDonald and Jeff Steadman explore the intersection of backup, recovery, and identity security. Drew explains how Rubrik evolved from data backup into a cyber resilience platform with identity as a core pillar. Topics include recovering Active Directory, Okta, and Entra ID after ransomware, Rubrik's "bunker in a box" appliance for immutable air-gapped recovery, proactive posture management, CrowdStrike and Defender integrations, and where AI and non-human identities fit into Rubrik's roadmap. The episode wraps with measuring success for a product you hope to never use, and a detour into watch collecting.This episode was made possible by the support of Rubrik. Learn more at rubrik.com/idacConnect with Drew: https://www.linkedin.com/in/drew-russell-3762411b/Learn more about Rubrik: https://www.rubrik.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTIMESTAMPS00:00:00 - Welcome and Introduction00:01:19 - Introducing Drew Russell00:01:36 - How Drew Got Into Identity00:02:43 - What Is Rubrik and What Sets It Apart00:03:38 - From Backup to Cyber Resilience00:05:31 - Where Rubrik Fits in the IAM Landscape00:07:08 - Rubrik's Scale: Clients and Growth00:07:51 - Primary Use Cases: Post-Incident Recovery and AD00:09:09 - Kicking Out Compromised Accounts and ADR00:10:11 - Proactive Threat Detection and Mandiant Integration00:11:28 - Scanning Backups to Find the Clean Recovery Point00:12:14 - The Bunker in a Box Explained00:13:18 - Posture Management and Upstream Tool Integration00:14:19 - AI Agent Swarms and the Future Attack Surface00:15:37 - The Taiwan Bank Case Study: Six Weeks to Rebuild AD00:17:16 - The State of Nevada Incident: $400K and 30 Days00:17:56 - What Recovery Covers: AD, Okta, and Entra ID00:19:26 - Post-Restore Change Management and Whitelisting00:20:08 - How Long Should You Store Backups?00:21:19 - Indexing Identity for Intelligent Recovery Points00:22:29 - Excluding Malicious Actions During Restore00:24:41 - Zero Trust for Rubrik's Own Backups00:26:21 - No Windows, No Virtualization Architecture00:27:49 - Proactive Posture Management00:29:00 - CrowdStrike and Defender Real-Time Integration00:30:48 - Why Tabletop Exercises Often Fall Short00:31:53 - AI Roadmap and Non-Human Identities00:34:22 - The Three Pillars: Data, Identity, and AI00:35:29 - Deployment: SaaS vs. On-Prem00:38:37 - Appliance Sizing and Redundancy00:42:23 - Measuring Success for a Product You Hope to Never Use00:43:46 - The Ludacris Rubrik Commercial00:45:31 - Watch Collecting and the Omega Speedmaster00:53:39 - Drew's Closing WordsKEYWORDSIdentity at the Center, IDAC, Jeff Steadman, Jim McDonald, Rubrik, Drew Russell, identity resilience, cyber resilience, Active Directory recovery, AD backup, Okta recovery, Entra ID recovery, identity backup, ITDR, ISPM, non-human identity, NHI, agentic AI, ransomware recovery, bunker in a box, immutable backup, CrowdStrike integration, Microsoft Defender integration, Mandiant integration, identity disaster recovery, ADR, zero trust, tabletop exercises, posture management, IAM, identity security podcast, cybersecurity podcast

AI is reshaping both sides of the cybersecurity battlefield — and fast. In this episode, we break down five stories that prove it: the first Chrome zero-day of 2026 (CVE-2026-2441), a near-perfect CVSS 9.9 in Microsoft's Semantic Kernel SDK (CVE-2026-26030), a supply chain attack on AI coding assistant Cline that silently installed autonomous agents on thousands of developer machines, the first-ever Android malware using Google's Gemini AI at runtime (PromptSpy), and a Russian-speaking threat actor who used commercial AI tools to breach over 600 FortiGate firewalls across 55 countries in just five weeks. Whether you're a developer, security professional, or just someone who uses a browser — this one's worth your time.

This episode features Cliff Fisher, Senior Solutions Architect at Semperis and former Senior Technical Program Manager on Microsoft's Active Directory product group.With over a decade spent inside Microsoft supporting enterprise customers and helping guide Active Directory's security and roadmap, Cliff brings a rare insider perspective on what's actually happening behind the scenes of one of the world's most widely deployed identity platforms.In this episode, Cliff tackles the question many organizations are still asking: Is Active Directory really going away? He explains why the shift to cloud identity has moved far slower than expected, shares polling data that confirms hybrid environments are here for the long term, and breaks down how Microsoft is still investing in AD through security hardening, supportability improvements, and features like Windows LAPS.This episode offers a clearer look at why Active Directory remains central to enterprise identity and what defenders need to prepare for as hybrid becomes the default reality.Guest Bio With nearly 20 years of Active Directory experience across varied roles in system administration, support, debugging, and program management, Cliff spent over a decade at Microsoft supporting Premier and Unified customers and, most recently, managing the releases of Windows LAPS, new features for Server 2025, and monthly security and quality updates. In January of 2026, he joined Semperis, bringing his unique blend of skills, perspectives, and passion to their stacked roster of established identity experts.Guest Quote  “The easiest way to get everyone secure is to get people all to the cloud. What [Microsoft] didn't realize... is that customers just aren't going to be able to absorb change at that rate, and especially at that cost. Shifting to the cloud is not cheap.”Time stamps 01:45 Meet Cliff Fisher: Identity security expert 04:24 Microsoft's Vision for Active Directory 07:58 Challenges and Future of Active Directory 23:12 The Complexity of AD Code and Security Vulnerabilities 24:39 Understanding Fuzzing and Its Importance 27:28 Domain Join Hardening and Its Challenges 36:28 Windows LAPS and Future Security Measures 41:39 Why is RC4 Going Away? 45:14 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Cliff on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about SemperisSubmit your proposal to speak at HIP Conf 26: HIP Conf 26 Call for Papers Submission

Long-time Microsoft MVP and consultant Richard Hicks joins The PowerShell Podcast to talk about ADCS security, PKI misconfigurations, and why PowerShell is a consultant's ultimate force multiplier. Richard shares real-world stories from auditing enterprise certificate environments, explains how simple template mistakes can lead to full domain compromise, and walks through tools like Locksmith that help administrators quickly identify dangerous configurations. The conversation also explores Richard's open-source PowerShell work, including his widely downloaded Get-UEFICertificate script for Secure Boot certificate expiration issues and his new ADPrincipalCertificate module for cleaning up unnecessary certificates published in Active Directory. Along the way, Richard reflects on career growth, publishing, consulting, and why sharing knowledge openly has been one of the biggest drivers of his long-term success. Key Takeaways: • ADCS is easy to deploy but difficult to secure — Misconfigured certificate templates, especially ESC1 scenarios, can allow instant privilege escalation and domain compromise. • PowerShell turns repetitive work into reusable tools — From UEFI certificate auditing to Active Directory cleanup, scripting creates consistency and prevents human error. • Sharing expertise compounds over time — Blogging, publishing modules, and speaking at conferences builds credibility, community, and long-term career momentum. Guest Bio: Richard Hicks is the founder and principal consultant of Richard M. Hicks Consulting, Inc. A Microsoft MVP with over 30 years of experience, he specializes in secure remote access and PKI, helping organizations deliver secure, high-performing access for today's mobile workforce. Resource Links: Richard Hicks Website – https://richardhicks.com Connect with Richard – https://richardhicks.com/connect Connect with Andrew: https://andrewpla.tech/links Get-UEFICertificate Script – https://www.powershellgallery.com/packages/Get-UEFICertificate ADPrincipalCertificate Module – https://www.powershellgallery.com/packages/ADPrincipalCertificate Locksmith ADCS Audit Tool – https://github.com/jakehildreth/Locksmith PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=Oa0GYX9_vj8&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=sAgC The PowerShell Podcast on YouTube: https://youtu.be/4HYCAjQS2W8  

In this episode, we're digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We'll break down how these extensions work, why they're so dangerous, and what IT leaders can realistically do about it.Check out these resources:Annex - Enterprise Software Extension Security & Managementhttps://crxaminer.tech/https://x.com/tucknerhttps://x.com/IceSolstBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

This episode features Tim Beasley, a Senior Incident Response Consultant at Semperis with decades of experience in compromise recovery and post-breach response.With a background that includes leading recovery efforts at Microsoft's DART team and helping build the Compromise Recovery Security Practice, Tim brings deep operational insight into what happens after attackers gain access. His work spans ransomware, nation-state intrusions, and large-scale identity compromises across public and private sector organizations.In this episode, Tim explains why gaining access is only the beginning of modern attacks and why identity remains the primary path for escalation. He breaks down how attackers exploit credential exposure and identity infrastructure, and why prevention alone fails without a recovery-first mindset. He shares real-world lessons from incident response and recovery, including how teams contain threats and limit the impact of identity compromises.This episode reframes identity security as a resilience problem and offers a clearer way to think about preparing for the breach you haven't detected yet.Guest Bio Tim Beasley is a Senior Incident Response Consultant at Semperis. He is Microsoft and VMware Certified, a MIS graduate, and a self-driven IT professional with experience in both public sector and private sector technology. While extremely loyal to employers, Tim has gained quality knowledge throughout a career that's enabled tremendous growth in an IT security environment. He enjoys challenges and implements proactive measures to maintain complete customer satisfaction and success.Guest Quote “Everything in compromise essentially starts with identity. We always say identity is the new perimeter. It's true. All attacks, breaches, every engagement that I've been a part of... all start with a compromised set of credentials.”Time stamps 00:41 Meet Tim Beasley: Cybersecurity Specialist 01:32 Tim's Journey at Microsoft 12:24 The Role of Identity in Cybersecurity 20:57 Real-World Cybersecurity Identity Challenges 23:27 The Big Four in Identity Management 24:01 Flashcard Fiascos: Cyberattacks Across Industries 32:50 Assume Breach Mentality 37:08 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Tim on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Welcome to Episode 421 of the Microsoft Cloud IT Pro Podcast. In this episode Ben sits down for a conversation with Frank Lesniak, the lead of the Microsoft 365 team at West Monroe. In this episode, they dive into the intricacies of mergers and divestitures within Microsoft 365 environments. They discuss the initial due diligence phase, planning and approach, building and configuring new environments, and the final migration and cutover phase. Frank shares insights on common challenges such as integration of different licensing models, the handling of workstations and applications, and the importance of security assessments. The episode provides a detailed look at the methodology and tools used by Frank’s team to streamline these complex processes. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes Frank Lesniak on LinkedIn West Monroe Frank Lesniak Github Microsoft 365 tenant-to-tenant migrations Microsoft 365 inter-tenant collaboration Tenant life cycle considerations in multitenant solutions Frank Lesniak Frank Lesniak is a Sr. Cybersecurity & Enterprise Technology Architect at West Monroe with nearly 20 years of experience leading consulting engagements involving Microsoft infrastructure technology. His expertise spans modern cloud systems like Azure, Microsoft 365, and Entra ID to classic platforms like Windows Server, Active Directory, and SQL Server. His recent focus has been on Microsoft platform cybersecurity and automating technical processes using PowerShell. In his role, Frank establishes technical project methodologies, leads teams, automates associated processes, and creates internal software products at West Monroe and in the open-source community. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

You're using Active Directory Certificate Services - but is it configured securely? Richard talks to Ron Arestia about his work with organizations implementing their own Public Key Infrastructure (PKI) with ADCS. Ron explains how poorly configured ADCS enables lateral attacks within an organization once an initial breach occurs, allowing black hats to move throughout your network. A well-designed PKI system has tiers of protection, with the top level completely disconnected from the network. Or do you really need your own PKI system? The conversation digs into the various scenarios, including third-party options. Certificates are the top level of security for your organization - you need to get it right!LinksActive Directory Certificate ServicesWindows Hello for BusinessCertified Pre-OwnedMicrosoft Defender for IdentitySecure Privileged AccessPass the HashMicrosoft Cloud PKI for Microsoft IntuneMicrosoft Entra Conditional AccessMicrosoft AutopilotRon's BlogRecorded February 6, 2026

This episode features Dr. Mary Aiken, Professor of Cyberpsychology at Capitol Technology University and one of the world's leading experts on the impact of technology on human behavior.With a career spanning academia, law enforcement advisory roles, and global policy work with organizations like INTERPOL and Europol, Dr. Aiken brings deep insight into how human psychology shapes security outcomes. Her work focuses on the human layer of cyber risk—how trust, perception, fatigue, and bias influence behavior in digital environments.In this episode, Dr. Aiken explains why humans aren't the weakest link in cybersecurity but the most targeted. She shows how attackers weaponize human behavior through phishing, MFA fatigue, and insider recruitment, and why hybrid identity must be treated as a cyber-psychological battlefield. She also discusses what human-aware defenses look like in practice and why intelligence augmentation is critical to psychological and technical resilience.This episode reframes identity security as a human problem first and offers a clearer way to think about protecting people in an increasingly manipulative digital world.Guest BioDr Mary Aiken is a world leading expert in Cyberpsychology – the study of the impact of technology on human behaviour. She is Professor of Cyberpsychology and Chair of the Department of Cyberpsychology at Capitol Technology University Washington D.C.'s premier STEM University, and Professor of Forensic Cyberpsychology at the University of East London. Professor Aiken is a Member of the INTERPOL Global Cybercrime Expert Group and an Academic Advisor to Europol's European Cyber Crime Centre (EC3). She is a Fellow of The Royal Society of Medicine, a member of the Medico-Legal Society and an International Affiliate Member of the American Psychological Association (APA). She is a former Global Fellow at the Washington DC Wilson Center, and is a Fellow of the Society for Chartered IT Professionals. She is a former Director of the Royal College of Surgeons (RCSI) Cyberpsychology Research Centre. Dr Aiken's work inspired the CBS PrimeTime TV series 'CSI: Cyber.' Her landmark bestselling book 'The Cyber Effect' was a 2016 'Times book of the year.' Dr Mary Aiken is recognised as an international expert in industry and policy debates at the intersection of technology and human behaviour she has been invited to present at events organised by global organisations such as the United Nations, the European Union, NATO, G7, Europol, INTERPOL and the White House.Guest Quote“People talk about humans being the weakest link in the cybersecurity equation. They're not the weakest link, they're just simply the most targeted link.”Time stamps01:58 Meet Dr. Mary Aiken: World-leading Expert in Cyberpsychology 03:17 The Psychology of Cybersecurity 10:40 Behavioral Differences Online vs. Real World 15:17 Cyber Behavioral Attack Vectors 23:05 Future of Cybersecurity: AI and Human Collaboration 25:46 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Dr. Aiken on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Principal Security Consultant and community favorite Jake Hildreth returns to The PowerShell Podcast to talk about building smarter automation, leveling up through community, and creating tools that solve real problems. Andrew shares his “stop trying so hard” theme for the year, how working smarter applies directly to scripting and security, and why getting involved with others is one of the fastest ways to grow in your career. The conversation dives into Jake's recent projects including Deck, a Markdown-to-terminal presentation tool built on Spectre.Console, and Stepper, a resumable scripting framework designed for long-running workflows that can't be fully automated end-to-end. They also explore presentation skills, avoiding “death by PowerPoint,” and why security work requires constantly re-checking assumptions as threats evolve.   Key Takeaways: • Work smarter, not harder — Whether you're scripting or building a career, small sustainable improvements beat grinding yourself into a corner. • Resumable automation is a game changer — Stepper helps scripts safely pause and resume, making real-world workflows more reliable when humans or flaky APIs are part of the loop. • Community turns into real momentum — Contributing, asking questions, and sharing feedback builds skills, friendships, and opportunities faster than trying to learn alone.   Guest Bio: Jake Hildreth is a Principal Security Consultant at Semperis, Microsoft MVP, and longtime builder of tools that make identity security suck a little less. With nearly 25 years in IT (and the battle scars to prove it), he specializes in helping orgs secure Active Directory and survive the baroque disaster that is Active Directory Certificate Services. He's the creator of Locksmith, Stepper, Deck, BlueTuxedo, and PowerPUG!, open-source tools built to make life easier for overworked identity admins. When he's not untangling Kerberos or wrangling DNS, he's usually hanging out with his favorite people and most grounding reality check: his wife and daughter.   Resource Links: • Jake Hildreth's Website – https://jakehildreth.com • Jake's GitHub - https://github.com/jakehildreth Andrew's Links - https://andrewpla.tech/links • PowerShell Spectre Console – https://pwshspectreconsole.com/ • PDQ Discord – https://discord.gg/PDQ • PowerShell Conference Europe – https://psconf.eu • PowerShell + DevOps Global Summit – https://powershellsummit.org • Jake's PowerShell Wednesday – https://www.youtube.com/watch?v=YdV6Qecn9v0 The PowerShell Podcast on YouTube: https://youtu.be/rFeoTKLerkA  

This episode features Andy Drag, Staff Product Manager at Cohesity.With a background in systems administration and two managed service provider startups, Andy brings deep, hands-on insight into the challenges IT teams face. Over the last decade, he's led product management across backup vendors and SaaS continuity platforms, shaping products around integrations, cyber recovery, and resilience.In this episode, Andy shows how ransomware has changed the stakes for backup and identity, and why they must be treated as tier-zero systems. He explains how attackers now target backup platforms, what tighter roles, isolation, and immutability look like in practice, and why actually rehearsing recovery is more important than any architecture diagram.This is a realistic look at whether your recovery plan will work in a real-world attack or only looks good on paper.Guest Bio Andrew Drag is a Staff Product Manager at Cohesity, focused on identity resilience and Microsoft enterprise applications.. He began his career in systems administration before founding two local managed service provider startups, giving him deep, hands-on experience with the challenges IT teams face. Over the last decade, he has transitioned into product management, shaping products across legacy backup and recovery vendors as well as SaaS business continuity platforms with specific focuses on integrations, cyber recovery, and SaaS-ification. Drawing on this blend of practitioner insight and product leadership, he is passionate about building solutions that help organizations stay resilient in the face of change. Based in the New York metro area, he brings a practitioner's perspective to product leadership, ensuring technology solves real-world challenges.Guest Quote "One of the most important things is testing your recoveries. In a disaster, when you do a recovery, you don't want it to be the first time that you're performing that recovery.”Time stamps 01:16 Meet Andrew Drag: Identity Resilience and Data Protection Expert 01:57 Why Traditional Data Protection Breaks Down 04:19 Modern Data Protection: From Backups to Resilience 05:47 The Hard Truth About Recovering After an Attack 08:43 Core Best Practices for Data Protection 10:32 Elevating Backup and Identity to Tier 0 13:23 Using Backup Data for AI and Analytics 16:22 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Andy on LinkedInLearn more about CohesityConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, January 29 (9:00 a.m. – 1:00 p.m. CST each day). More information, pricing information and more can be found at training.7minsec.com.  Today I talk about who should sign up for the course, what you should bring, and some of the awesome things you'll be doing should you choose to join me on this hacking adventure!

Imagine your work day starting off like any other only to find you've been laid off. What would you do next? Dave Stevens lived this reality a couple of years ago and joins us this week in episode 354 to share the lessons from that experience. We'll take you through how Dave processed the news of being laid off, the warning signs he missed, when he knew it was time to begin searching for a new role, how he thought about what to do next, and the critical importance of his personal and professional network throughout this process. Regardless of your age or the size of your professional network, Dave shares actionable suggestions for building professional connections that we all may be overlooking. Original Recording Date: 10-28-2025 Topics – Background and the Impact of a Layoff Event, Initial Forward Progress and Reliance on a Professional Network, Skills Gaps and Unexpected Positives, Elements of the Personal and Professional Network, Reaching Closure and Reflecting Back on the Lessons 2:27 – Background and the Impact of a Layoff Event Dave Stevens is a Field Solutions Architect at Pure Storage. In this role, Dave is a technical overlay for pre-sales technical personnel at Pure across North America. This is the role Dave took after he was impacted by a layoff. What was Dave's role before he was impacted by a layoff event? For context, the layoff event we discuss in this episode took place around 2.5 years before this recording. Dave was classified as a systems engineer or pre-sales technical resource at his employer supporting multiple account reps. It was more of a solutions architect type of role, and Dave highlights his entry into this organization and role was via acquisition. Was there an element of technical marketing to the role? Nick mentions that Dave often had to attend trade shows in this role. Dave had a virtualization background and went to a lot of events to discuss how his company's products integrated with those different technology ecosystems. The day Dave was laid off started as a normal day at his home office. His boss was based in Europe, so most 1-1 calls were usually late in the day his boss's time (early afternoon for Dave). A meeting popped up that was earlier than usual, but Dave didn't think anything of it. Right after Dave joined the remote session for the meeting, someone from HR joined followed by Dave's boss. Dave wasn't quite sure what to expect and didn't know what was happening. He didn't know if it was a layoff coming or some other kind of situation happening at his company. When Dave was laid off, they told him it was not for performance reasons, but there weren't really any other details provided on why he was being laid off. “So, at that point it was just like, ‘what do I do?'” – Dave Stevens, on receiving layoff news After receiving the news, Dave's access to company systems like e-mail was quickly cut off. He went downstairs and spent the rest of his day relaxing. Dave did not want to talk about what happened any further that first day. Did Dave struggle with separating his identity from his employer or the job he held at all when this happened? Dave says he did, at least a little bit. Dave wanted to be successful in whatever role he found himself, and the reason he was in the systems engineering role at the time of the layoff event is a result of his drive to be successful in the years leading up to that role. “I also wanted to make sure that…the people that I worked with that I enjoyed working with. If I didn't enjoy working with them, then there was no reason to continue staying there. So that's part of my identity on how I interact with work.” – Dave Stevens In the early days of Twitter (now X), Dave defined an identity there. He also created a personal blog. Dave says his identity was often tied to where he worked. “Once this all happened, I just kind of cut that off. And I needed some time to really digest what I just went through that day.” – Dave Stevens Is there something Dave wishes people had done for him when this first happened? Dave says he wishes he would have listened to his wife. Before experiencing the layoff event, a number of colleagues who had entered the company through acquisition like Dave were either leaving or had been laid off (including his boss being laid off). At the time, Dave didn't think much about these events. Dave's wife had encouraged him to look for other jobs before the layoff happened, and he feels he should have listened. “It's much easier finding a job when you have a job. There's not as much pressure on you. You can take your time and really find the job that you want. That's the one thing that kind of took me by surprise….” – Dave Stevens Did Dave's wife also point him in a direction or provide feedback on the type of work he should pursue? We've spoken to previous guests who had spouses that provided insight into the type of work that made them happy. Dave feels like there has been an element of this in place since he and his wife got married. When Dave got a job opportunity to relocate to the New Hampshire area, his wife had some interesting feedback. “It's great that you're going to make more than you're making at the job you are currently, but I don't want you to take a job just because of money. I want you to take a job because it's something you're interested in doing and you're going to be happy at. So, I've always kept that in the back of my mind every time I go and look for a job….” – Dave Stevens, quoting his wife's advice Dave considered this same advice when pursuing his current role at Pure. Because he enjoyed meeting and speaking with people during the interview process, the decision to accept the role was easy. Liking the people he would be working with was more important than a pay increase. 10:53 – Initial Forward Progress and Reliance on a Professional Network How long did Dave need to process before taking the first actions toward a new role? For the first 3 weeks or so, Dave relaxed a little bit. There were a number of projects at home that he needed to do and some that he wanted to do. Working on the projects helped take his mind off what had happened. Dave mentions he was given a severance for about 3 months and wanted to find a new role within that time period if possible. But if he could not find something in that time period, it would not be the end of the world. Dave tells us it was easier to find work when he was laid off than it is currently. Close to the time of this recording, AWS announced job cuts for up to 30,000 people. He made the conscious decision after those first few weeks to spend the first part of the day searching for new jobs and then continued working on different projects in the afternoons. How did Dave know who to reach out to first? Nick argues that most of us likely don't have a list of who we would call if something like this happened. When Dave came to the New England area, he started working for Dell in tech marketing. Through his work, Dave built a tight bond with many of his co-workers. Dave remembers sending a text message to many of his former co-workers (none of which were still at Dell) asking if they knew of any open opportunities. Dave wanted to understand what former colleagues were working on now and what the culture of their company was like. He started by seeking out people he already enjoyed working with and analyzed whether it made sense to go and work with them again. Was Dave open to different types of roles in his job search, or did that not matter? It had to be interesting work and involve people he wanted to work with or enjoyed working with. Dave says as long as it was something in the tech field, it didn't matter too much. Dave began his career in systems administration and tech support and had experience in the storage industry, with backups, and with Active Directory to name a few areas. He had also done technical marketing and was open to returning to it. Dave also looked at pre-sales systems engineering or solution architect roles. What about taking roles that moved him deeper into a business unit like product management? Dave says product management is interesting work, but depending on the company, the work may not always have the technical aspects he likes. Many of the product managers at Pure are quite technical, but most of the product management roles he observed at other companies were not as technical as he would like. “It just didn't interest me. It wasn't technical enough in nature for me.” – Dave Stevens, on moving into product management It sounds like Dave had done a good job of keeping in touch with people in his professional network over time. “I have always made sure to have a small group of folks that I can just reach out to at any time and…chat about anything…. I've always made sure to have that…. I didn't talk to them all the time, but we all interacted in some way, shape, or form whether it was an e-mail or text messaging…even some stuff on LinkedIn. We all kind of kept in touch…. I had people that I could fall back on and reach out to and get advice from if I needed to. This is the time where I really needed some advice on where to go to next.” – Dave Stevens Dave says he was lucky enough to find a new job before the end of his 3 months of severance pay. Dave's wife commented that she wasn't too worried about him. She knew he had a strong professional network. Did anyone in Dave's professional network ask him what he wanted to do next, or did they just start making recommendations based on what they knew about him? Dave says it was a little bit of both. Some people pointed Dave to specific open roles in the same group where they worked (still in tech, of course), while others directed him to the company job site and offered to act as a referral for him. Dave tells us he's very willing to give others a referral. “I want to make sure that people that I know and I like to work with come to work with me.” – Dave Stevens Dave says he also turned on the Open to Work banner on LinkedIn. While this did result in many recruiters reaching out to Dave, many of the opportunities they contacted him about were not interesting. Dave is hearing from many in our industry that bots are reaching out to people and trying to take advantage of them. His advice is that we need to be guarded in our interactions on LinkedIn as a result to avoid scams. 19:10 – Skills Gaps and Unexpected Positives What kinds of skills gaps did Dave see when seeking new opportunities? For context, this was roughly 2.5 years ago. Dave says at that time, AI wasn't as helpful as it is today and was not something that was interesting to him. Dave tells us he uses AI heavily today compared to back then. Dave felt confident in the knowledge and skillset he had built through years of industry experience. Ideally, he would land a new role that overlapped those areas, but if a new role required coming up to speed quickly, he would do what was needed. Dave started looking at public cloud and certifications related to Azure and AWS. “Although it was interesting, it wasn't really what I wanted to do.” – Dave Stevens, on public cloud technologies compared to the technologies with which he was familiar What were some of the unexpected positive outcomes of getting laid off even though it was difficult in the beginning? One positive, according to Dave, is the amount of people in his network he was able to reach out to on LinkedIn. So many people were open to helping. The only negative Dave thinks is maybe not acting quickly enough in starting his job search. “It's really about building not only your personal network but your professional network. And my professional network really came to my rescue and helped me understand that…it's not the end of the world. You're going to make it. You're going to do fine. But let me know if there's any way that I can help you in that journey that you're on right now.” – Dave Stevens Were there any things Dave and his wife had done (conscious or unconscious) to prepare for the layoff event based on market trends? Dave says his wife is very good at managing their home budget, and since they got married, they intentionally build a financial nest egg they could lean on in the event Dave was out of a job. 22:27 – Elements of the Personal and Professional Network What are some of the things Dave is even more intentional about now with his professional network than he was in the past? Dave received some great advice from a co-worker to reach out to one person in his professional network each week. Many times, Dave will do this on LinkedIn or even via text if he has the person's number. “Keep that personal connection going. As much as AI is taking over, as much as we do a lot of things on Zoom, I've learned over my years of working in the industry that there's nothing better than the face-to-face interaction…. It's so much more fun and relaxing to just get out of the office or home office…and just sit down with people and keep that personal connection going.” – Dave Stevens Dave mentions he likes to get together with co-workers in the area every now and then, even if they have the same conversation in person that they would have had on Zoom. It's different and more relaxing. How can younger listeners who may be trying to break into the industry build a professional network when they might not have a deep contact list or large network like someone in the industry for a long time? Nick and Dave talked about this before hitting record and thought it could be helpful to share during our discussion. Dave has a newfound perspective on this from being around his nephews and nieces. The job market is very different today than when Dave first began his career. “Nowadays, resumes just go into a black hole, and you don't necessarily know if you're still in the mix for a current job.” – Dave Stevens Dave has encouraged his nephews and nieces to leverage their personal network to build a professional network. He may know someone who knows someone in the field they want to pursue, for example. “There's no shame or harm in utilizing all your resources…. Utilize your personal network because you don't have the professional network built up yet to help you get that foot in the door.” – Dave Stevens Young people could even use their parents as a way to broaden their own network. It's an opportunity to get introduced to others. Dave uses the example of a chance meeting at a concert that could result in a new connection for someone. Nick would encourage younger listeners to get out to in-person meetup groups on any interesting topic. Go ask people what they are learning, why they work where they work, how they got there, and see if they have advice for you. Dave agrees and has leveraged both local professional groups and meetup groups in the New Hampshire area to meet new people. This is expanding your local professional network as Dave calls it (not to be confused with your global professional network) and is a great thing to do when you move to a new place. You never know when a conversation at a local meetup might help you get a warm lead on a job that will be posted soon. Did the layoff come up in interviews at all? How did Dave handle that? Dave says some people brought it up. In other cases, he brought it up in conversation, wanting people to know he was not let go for doing something wrong. 28:22 – Reaching Closure and Reflecting Back on the Lessons How did Dave know he had reached closure on the layoff situation? Dave thinks he was motivated to take action toward finding a job due to a fear of boredom. He had been working on various projects but knew he would run out of them at some point. Dave had enough time to adjust to not having a job, and he was ready to begin doing some kind of work again. “I didn't want to get bored. I hate being bored. I hate being bored at work. I hate being bored in general. That's really what the impetus was for me to go out and start looking…that fear of relaxing for too long and being bored.” – Dave Stevens At this point Dave reached further into his professional network beyond that first group of friends and former colleagues he mentioned earlier. Does taking action in a direction mean we're ready to move on from what happened? Is it when we have to discuss what happened in an interview, or is it something else? How do we measure this? Dave says it was easier to accept and felt mostly behind him when he was actively looking for a new position. He knew only he could take the actions to move forward. The feeling of what happened before went completely away when Dave accepted a new job at Pure. Dave feels he was very lucky to find a role. Lining up multiple interviews gave Dave momentum and a feeling of positivity. “I feel that people understand that I have the skills for these jobs. Otherwise, I wouldn't have gotten 5 job interviews as quickly after I really started taking action to look for a job. So, I got lucky.” – Dave Stevens If Dave had to do it all again, what would he do differently? Dave feels he has about 10 more years left working in the tech industry. For now, Dave enjoys the job he has, wants to excel doing it, and wants to continue growing. Dave currently works for the best boss he's had to date. “He not only pushes me, but he pushes our entire team to just get better….” – Dave Stevens, on his current manager Dave tells us he does not want to be a people manager or a product manager. “I want to continue to excel and expand my depth of knowledge across the virtualization industry and the storage industry.” – Dave Stevens The work at Pure is very interesting to Dave, which is also motivating him to continue learning and excelling. Part of this is using more AI-focused tooling as it becomes available to use. What does Dave think the role of AI tools is in helping with one's job search? There are a number of tools out there we can leverage to analyze our resume. Dave suggests keeping track of which tool we've used to analyze our resume because that could be used to train a model. In addition to this, use AI to research companies. Use them to help you understand what companies are like and what their culture is like. Many people in a sales role within Pure, for example, use an AI tool of some kind to learn more about their customers. Nick reiterates the nuances of acquisitions. Dave worked for a company that was acquired by another company. Over time there was a pattern of people from the company which was acquired being laid off. Perhaps this is a sign we should watch for and prepare. Dave says we need to be looking at and listening for the signs coming toward us. He listens to his wife more intently when she makes a suggestion. Dave continues to check in with people in his professional network and offers advice when they need it. Dave would encourage all of us to use our personal and professional network if we end up in the situation he was in (experiencing a layoff). “Not everybody is going to be able to help you or is willing to reach out and help you, but when someone does…don't just brush it aside as they want something out of this. They probably genuinely want to help you. So, take advantage….” – Dave Stevens If you want to follow up with Dave on this conversation, Connect with Dave on LinkedIn Check out Dave's blog site Mentioned in the Outro The three week period Dave took to work on projects may have been what gave him the clarity on the type of work he did and did not want to do once he began his search. Dave mentions getting some great advice from his wife and her emphasis on him pursuing roles that would make him happy and be enjoyable work. This echoes something similar to what Brad Christian shared in Episode 264 – Back to Basics: Technology Bets and Industry Relationships with Brad Christian (2/2) when it came to choosing what to do next after a layoff. If you enjoyed this format and want to hear other stories of people recounting their layoff experience, check out these episodes featuring Jason Gass. He talks about the lost art of supporting others in episode 343, which aligns very well with Dave's advice on building our personal and professional network. Episode 342 – Planting Seeds: Networking and Maneuvering Unexpected Job Loss with Jason Gass (1/2) Episode 343 – The Lost Art: Marketplace Heartbeat and Finding Closure after a Layoff with Jason Gass (2/2) Contact the Hosts The hosts of Nerd Journey are John White and Nick Korte. E-mail: nerdjourneypodcast@gmail.com DM us on Twitter/X @NerdJourney Connect with John on LinkedIn or DM him on Twitter/X @vJourneyman Connect with Nick on LinkedIn or DM him on Twitter/X @NetworkNerd_ Leave a Comment on Your Favorite Episode on YouTube If you've been impacted by a layoff or need advice, check out our Layoff Resources Page. If uncertainty is getting to you, check out or Career Uncertainty Action Guide with a checklist of actions to take control during uncertain periods and AI prompts to help you think through topics like navigating a recent layoff, financial planning, or managing your mindset and being overwhelmed.

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators who understand both human behavior and technical vulnerabilities. Greg Hatcher and John Stigerwalt, co-founders of White Knight Labs, talk about their latest physical penetration tests on financial institutions, manufacturing facilities protecting COVID-19 vaccine production, and why their new Server 2025 course had to rewrite most common Active Directory tools. They share stories of armed guards, police gun draws, poison ivy reconnaissance, and a bag of chips that saved them from serious trouble. The conversation reveals why EDR alone won't stop ransomware, how offline backups remain the exception rather than the rule, and what security controls actually work when attackers bring custom tooling. Impactful Moments: 00:00 - Intro 01:00 - New training courses launched 03:00 - Server 2025 breaks standard tools 05:00 - COVID facility physical penetration 07:00 - Armed guards change the game 10:00 - Police draw guns on operators 13:00 - Bag of chips saves the day 15:00 - Nighttime versus daytime physical tests 18:00 - VIP home security assessments 20:00 - 2026 threat predictions 22:00 - Why EDR doesn't stop ransomware 27:00 - Low cost ransomware simulation ROI 29:00 - Three banks in four days 32:00 - Deepfake as the new EDR Links: Connect with our guests –  Greg Hatcher: https://www.linkedin.com/in/gregoryhatcher2/ John Stigerwalt: https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ Learn more about White Knight Labs: https://www.whiteknightlabs.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!LinksAzure EntraAuth0DuendeKeyCloakNIST Cybersecurity FrameworkOpen Policy AgentPolicy ServerDefender for CloudAzure API ManagementAzure Front DoorRecorded October 29, 2025

Think your cloud backups will save you from a ransomware attack? Think again. In this episode, Matt Castriotta (Field CTO at Rubrik) explains why the traditional "I have backups" mindset is dangerous. He distinguishes between Disaster Recovery (business continuity for operational errors) and Cyber Resilience (recovering from a malicious attack where data and identity are untrusted) .Matt speaks about the "dirty secrets" of cloud-native recovery, explaining why S3 versioning and replication are not valid cyber recovery strategies . The conversation shifts to the critical, often overlooked aspect of Identity Recovery. If your Active Directory or Entra ID is compromised, it's "ground zero” and you can't access anything. Matt argues that identity must be treated as the new perimeter and backed up just like any other critical data source .We also explore the impact of AI agents on data integrity, how do you "rewind" an AI agent that hallucinated and corrupted your data? Plus, practical advice on DORA compliance, multi-cloud resiliency, and the "people and process" side of surviving a breach.Guest Socials - ⁠Matt's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions:(00:00) Introduction(02:20) Who is Matt Castriotta?(03:20) Defining Cyber Resilience: The Ability to Say "No" to Ransomware(05:00) Why "I Have Backups" is Not Enough(06:45) The Difference Between Disaster Recovery and Cyber Recovery(10:20) Cloud Native Risks: Versioning and Replication Are Not Backups(12:50) DORA Compliance: Multi-Cloud Resiliency & Egress Costs(15:10) The "Shared Responsibility Model" Trap in Cloud(17:45) Identity is the New Perimeter: Why You Must Back It Up(22:30) Identity Recovery: Can You Restore Your Active Directory in Minutes?(25:40) AI and Data: The New "Oil" and "Crown Jewels"(27:20) Rubrik Agent Cloud: Rewinding AI Agent Actions(29:40) Top 3 Priorities for a 2026 Resiliency Program(33:10) Fun Questions: Guitar, Family, and Italian Food

Newly minted Microsoft MVP, pentester, and returning guest Spencer Alessi joins The PowerShell Podcast to talk about growth, giving back, and building security through PowerShell. Spencer shares lessons from his journey from sysadmin to pen tester, including the importance of learning from mistakes, documenting wins, and advocating for yourself in your career. He also introduces his latest open-source project, AppLocker Inspector, and discusses tools like Locksmith, Pink Castle, and Purple Knight that help IT pros secure their environments and build confidence in automation and defense.   Key Takeaways: Grow through mistakes – Learn from both your own missteps and those of others; every lesson strengthens your technical and professional skills. Security tools for sysadmins – Free PowerShell-based tools like AppLocker Inspector, Locksmith, and Purple Knight offer practical wins for securing Active Directory. Advocate for yourself and give back – Track your wins, share your work, and pay forward the mentorship and generosity that helped you grow. Guest Bio: Spencer Alessi is a Microsoft MVP, penetration tester, and community educator passionate about helping sysadmins strengthen their environments. Known online as @TechSpence, he creates approachable content and tools focused on helping sysadmins o improve security. Spencer is also a podcast host, public speaker, and strong advocate for mentorship, authenticity, and continuous learning in tech.   Resource Links: Spencer on PDQ Live - https://www.youtube.com/watch?v=j33dN2bELPU AppLocker Inspector – https://github.com/techspence/AppLockerInspector Purple Knight – https://www.semperis.com/purple-knight/ Ping Castle – https://www.pingcastle.com/download/ Locksmith (ADCS Auditing Tool) – https://github.com/jakehildreth/locksmith ADeleginator – https://github.com/techspence/ADeleginator Spencer's Links – https://links.spenceralessi.com Cyber Threat Perspective Podcast – https://offsec.blog Connect with Andrew - https://andrewpla.tech/links PDQ Discord – https://discord.gg/PDQ PowerShell Wednesdays – https://www.youtube.com/watch?v=lPoc8X7t0hY&list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B&pp=0gcJCbAEOCosWNin The PowerShell Podcast on YouTube: https://youtu.be/E4ji0-rmsuA

Jim McDonald and Jeff Steadman sit down with Mike Reiring of RSM at InfoSec World 2025 to explore how managed service providers are reshaping IT and identity operations. They dig into the differences between MSPs and MSSPs, how to choose the right partner, and how AI is transforming help desks, problem management, and security monitoring. The conversation closes with a fun dive into Mike's passion for photography and how creativity ties into continuous learning in tech.Connect with Mike: https://www.linkedin.com/in/mreiring/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Intro – Live from InfoSec World 202502:00 Meet Mike Reiring of RSM04:30 Evolution of Managed Service Providers06:30 Shared Accounts, Identity, and Security Maturity09:00 Vendor Gaps and Federated Access Challenges11:30 What Makes a Good MSP Partner13:00 The Cost and Effort of Changing Providers16:30 MSP vs MSSP – Key Differences18:30 Coordination Between Managed Providers21:30 Top 3 Questions to Ask Your MSP25:00 Identity Ownership: IT or Security?27:30 Licensing, Active Directory, and Hidden Accounts30:00 RFP Challenges and Procurement Pitfalls32:00 Measuring Risk and Reducing Identity Exposure34:30 Vendor Management and Shadow IT Risks35:00 How AI Is Transforming MSP and MSSP Operations38:30 AI, Problem Management, and the Future of Help Desks42:30 Photography, Creativity, and Continuous Learning48:00 Closing Thoughts and IDAC OutroKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Mike Reiring, RSM, InfoSec World 2025, Managed Service Provider, MSP, MSSP, AI in Cybersecurity, Help Desk, Identity Management, Managed Identity, Partner Transparency, IT Outsourcing, Risk Reduction, Problem Management, Active Directory, DaVinci Resolve, Photography in Tech, Identity Governance, Cybersecurity Podcast

Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?"  It's not a pro-AI celebration, nor is it an anti-AI bashing.  Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.