Podcasts about blue team con

Parce que… c'est l'épisode 0x591! Shameless plug 03 au 05 juin 2025 - Infosecurity Europe 27 et 29 juin 2025 - LeHACK 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Contexte et Participants Ce quatrième épisode de collaboration entre “Cyber Citoyen” et “PolySécure” réunit Catherine Dupot-Gagnon et Sam Harper, animé par Nicolas-Loïc Fortin. L'enregistrement fait suite à leur participation au NorthSec (NSec), une conférence de cybersécurité qui vient de se terminer. Retour sur NorthSec 2024 Impressions Générales Catherine exprime son enthousiasme pour NorthSec, qu'elle considère comme sa conférence préférée dans l'écosystème cybersécurité. Elle souligne l'aspect inclusif et accueillant de la communauté, même pour ceux qui ne correspondent pas au profil typique des participants. La diversité et la richesse des conférences, ainsi que l'authenticité des présentations (versus les conférences trop sponsorisées), contribuent à cette appréciation positive. Sam partage cette vision positive, notant que malgré une fatigue initiale, il a apprécié la variété des présentations allant du très technique à la gouvernance. Il souligne particulièrement la présence d'académiques présentant leurs recherches pour la première fois, ce qui enrichit considérablement le contenu. L'événement se distingue par son degré d'inclusion remarquable, comparable selon Nicolas au Blue Team Con de Chicago. Cette atmosphère inclusive est attribuée aux valeurs du comité organisateur qui se propagent naturellement à travers l'événement. Conférence Coup de Cœur : Le Phishing Basé sur des Données Sam présente en détail une conférence particulièrement marquante sur le phishing, adoptant une approche scientifique et non-jugeante. Cette présentation analysait les comportements face aux tentatives de phishing sans blâmer les individus, mais en se concentrant sur les données statistiques. Les résultats révèlent des patterns fascinants : même 5 minutes après une formation sur le phishing, 0,3% des personnes cliquent encore sur les liens malveillants. L'étude montre qu'il est impossible d'atteindre un taux de réussite de 100%, certaines personnes continuant à cliquer indépendamment des formations reçues. Un élément particulièrement intéressant concerne le timing : la plupart des clics se produisent le lundi matin, quand les employés arrivent au travail avec des boîtes de réception pleines. Cette découverte suggère des solutions organisationnelles plutôt que techniques, comme reporter les réunions du lundi matin ou gérer différemment les emails de fin de semaine. Activités Annexes Les participants évoquent également les activités de soudure (badge hacking) et les CTF (Capture The Flag). Cette année, le thème était celui d'un bateau de croisière avec un casino intégré, permettant aux participants d'interagir avec des machines de casino pour découvrir des “flags” cachés. Ces activités offrent des défis variés, incluant des éléments plus “puzzle” accessibles aux non-programmeurs. Actualités Cybersécurité Storm-1516 : Opérations d'Influence Russe Sam présente un rapport détaillé de Viginum, l'agence française de vigilance numérique, sur Storm-1516, une opération d'influence russe active depuis août 2023. Cette analyse de 77 opérations révèle une machine de désinformation sophistiquée. Objectifs et Méthodes Les campagnes visent principalement à discréditer le gouvernement ukrainien, particulièrement Zelensky, tout en s'attaquant à l'opposition russe et aux gouvernements occidentaux. Une vingtaine d'opérations ciblaient spécifiquement des élections (européennes, françaises, américaines, allemandes). Schéma de Diffusion Le rapport détaille un processus en plusieurs étapes : Planification : Rédaction de scripts, recrutement d'acteurs, création de deepfakes et montages vidéo Primo-diffusion : Utilisation de comptes jetables se faisant passer pour des lanceurs d'alerte ou journalistes pigistes Blanchiment : Reprise par des médias étrangers rémunérés, particulièrement en Afrique et Asie, et par des influenceurs payés Amplification : Utilisation de réseaux comme CopyСop pour créer de faux sites d'information Récupération : Reprise finale par les médias pro-russes et l'écosystème occidental sympathisant Implications et Sophistication Catherine fait le parallèle avec le jeu éducatif “Get Bad News” qu'elle utilise dans ses cours sur la désinformation, qui reproduit exactement ces stratégies. La sophistication de ces opérations rend leur détection par les utilisateurs ordinaires quasi impossible, même pour des experts du domaine. Telegram : Coopération Forcée L'arrestation de Pavel Durov, fondateur de Telegram, a marqué un tournant dans la coopération de la plateforme avec les autorités. Environ 5000 requêtes gouvernementales ont abouti à la transmission de données sur 20000 utilisateurs, principalement suite à des demandes françaises et américaines. Contexte et Controverses Catherine souligne l'ironie de la situation : Telegram, qui se vantait d'être une plateforme de libre expression sans contrôle, a rapidement changé de position face aux pressions judiciaires. Elle évoque le scandale des “Nth rooms” en Corée du Sud, où 73 victimes (dont 26 mineures) avaient été exploitées via des salles de conversation Telegram, illustrant les dérives possibles de la liberté d'expression absolue. Débat sur la Liberté d'Expression La discussion révèle la tension fondamentale entre liberté d'expression et protection des droits humains. Sam note que l'anonymat combiné au “free speech” total crée un environnement sans conséquences, favorisant les comportements extrêmes. L'expérience historique montre qu'aucune plateforme de libre expression absolue n'a eu d'issue positive. Catherine et Sam reconnaissent néanmoins l'importance de préserver des espaces de communication sécurisés pour les communautés persécutées (LGBTQ+, dissidents politiques). L'équilibre reste difficile à trouver entre protection des vulnérables et prévention des abus. SignalGate : Nouvelles Préoccupations Nicolas introduit un nouveau volet du “SignalGate” concernant TeleMessage, un client Signal utilisé par des fonctionnaires américains pour la rétention légale des messages. Cette plateforme a été compromise facilement, soulevant des questions sur l'écosystème distribué de Signal. Problème Fondamental Le modèle de sécurité de Signal repose sur la confiance accordée aux clients. Or, rien ne garantit que l'interlocuteur utilise un client légitime. TeleMessage enregistrait tous les messages, contredisant les promesses de confidentialité de Signal. Absence de Réponse Catherine exprime sa déception face au silence de Signal sur cette problématique. Contrairement à leur habitude de communication proactive, l'organisation n'a émis aucun communiqué ni annoncé de solution pour détecter les clients non-officiels. Solutions Techniques Possibles Les participants discutent de solutions potentielles : Signal pourrait alerter les utilisateurs quand leur correspondant utilise un client desktop ou non-officiel. Cette information existe déjà dans le protocole, rendant l'implémentation techniquement faisable. Sam note que l'impact va au-delà : le groupe Distributed Denial of Secrets a publié 410 Go de données extraites de TeleMessage, incluant messages et métadonnées, compromettant potentiellement des lanceurs d'alerte. Réflexions sur l'Écosystème Numérique Gestion du Risque et Éducation La discussion révèle un déficit généralisé dans la compréhension et la gestion du risque numérique. Les participants soulignent que même des personnes éduquées (secrétaires d'État, universitaires) peinent à évaluer correctement les risques liés aux outils qu'ils utilisent. Guillaume insiste sur la nécessité d'intégrer une forme de gestion de risque rapide dans l'usage quotidien des technologies, reconnaissant que l'humain résiste naturellement au changement d'habitudes, même face à des statistiques alarmantes. Évolution des Menaces L'ensemble des sujets abordés illustre une sophistication croissante des menaces, que ce soit dans la désinformation d'État ou l'exploitation des plateformes de communication. Les “gentils” se retrouvent systématiquement en position défensive, avec des moyens limités face à des adversaires qui exploitent efficacement les technologies conçues pour faciliter la communication. Incident du Chicago Sun-Times En conclusion plus légère, Catherine présente le cas du Chicago Sun-Times qui a publié une liste de livres d'été générée par IA, incluant des titres complètement inventés (hallucinations). Cet incident illustre une paresse journalistique préoccupante où l'économie de temps permise par l'IA (réduire 5 jours de travail à 3) ne s'accompagne même pas d'une vérification minimale. Problème de Compréhension des Outils IA Catherine souligne que beaucoup de personnes, même éduquées, ne comprennent pas la différence fondamentale entre une recherche Google (qui indexe du contenu existant) et une requête ChatGPT (qui génère statistiquement des réponses plausibles). Cette confusion contribue à l'acceptation aveugle de contenus générés artificiellement. L'exemple de l'étudiant ayant demandé à ChatGPT une citation de Catherine Dupot-Gagnon, aboutissant à une référence vers un livre inexistant, illustre parfaitement ces dérives. Les modèles IA peuvent également être manipulés, comme l'exemple de Bing temporairement convaincu que l'Australie n'existait pas après avoir été entraîné sur des blagues Reddit. Conclusions et Perspectives Ce podcast révèle un écosystème numérique en mutation profonde, où les technologies conçues pour faciliter la communication et l'accès à l'information sont systématiquement détournées par des acteurs malveillants. Que ce soit les opérations de désinformation d'État, l'exploitation des plateformes de communication, ou la génération de fausses informations par IA, les défis s'accumulent. Les participants identifient plusieurs problèmes structurels : le déficit d'éducation à la gestion du risque numérique, la difficulté à maintenir un équilibre entre liberté d'expression et protection des droits humains, et l'asymétrie fondamentale entre la facilité de créer de fausses informations et la difficulté de les combattre. Malgré ce tableau sombre, l'échange maintient une note d'espoir, rappelant que la sensibilisation et l'éducation restent nos meilleurs outils. L'exemple de NorthSec montre qu'il est possible de créer des espaces inclusifs et constructifs pour aborder ces défis collectivement. La discussion se termine sur une note humoristique évoquant une retraite vers “une cabane dans le bois” avec élevage de brebis et poules pour échapper à la singularité technologique, illustrant avec ironie les sentiments d'impuissance face à l'ampleur des défis identifiés. Collaborateurs Nicolas-Loïc Fortin Catherine Dupont-Gagnon Samuel Harper Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

In this episode of The Cybersecurity Defenders Podcast, we discuss stress management and avoiding burnout with Amanda Berlin, CEO of Mental Health Hackers.Amanda is the Senior Product Manager of Cybersecurity at Blumira, where she collaborates with a talented team to make security more accessible. With a career in IT spanning nearly her entire adult life, her expertise includes infrastructure security, network troubleshooting, purple teaming, and security awareness training.Beyond her role at Blumira, Amanda leads Mental Health Hackers, an organization dedicated to addressing the unique mental health challenges faced by cybersecurity professionals and heavy technology users. Through education and advocacy, she helps shine a light on the critical intersection of mental health and the tech industry.All of the links:Coffee bot: DonutsBook: The Fearless OrganizationAmerican Psychological AssociationMental Health hackers next at: Bsides Charm in Baltimore, Blue Team Con in Chicago... check social media for more

In this episode of Stats On Stats, we sit down with Blake Regan, a cybersecurity expert specializing in incident response and digital forensics. Blake shares his journey from carpentry to cybersecurity, discussing how his past experiences shaped his approach to problem-solving in tech. Guest Connect LinkedIn: https://www.linkedin.com/in/blakeregan  For the latest in cybersecurity news every Monday, check out 'Talkin' Bout [infosec] News' with Black Hills Information Security https://www.youtube.com/@BlackHillsInformationSecurity  Checkout the first annual cybersecurity conference focused on Defenders - Blue Team Con in Chicago https://blueteamcon.com  Up your knowledge on hacker culture and important events in cybersecurity history Darknet Diaries Podcast Series https://darknetdiaries.com/  Training to up your knowledge and sharpen your skillset Check out Antisyphon Training for on demand and live cybersecurity training, including Pay What You Can options https://www.antisyphontraining.com/  The ultimate resource for Active Directory hacking and defense content - AD Security by Sean Metcalf (@pyrotek3) https://adsecurity.org  Stats on Stats Resources Merch: https://www.statsonstats.io/shop  LinkTree: https://linktr.ee/statsonstatspodcast  Stats on Stats Partners & Affiliates IntelliCON 2025 Website: https://www.intelliguards.com/intellic0n-speakers  Register: https://www.eventbrite.com/e/intellic0n-2025-tickets-1002600072807  Use Discount Code for 20% off Tickets: STATSONSTATS Path AI Website: https://yourpath.ai  Discount Code: Join our Discord community for access! Antisyphon Training Website: https://www.antisyphontraining.com  MAD20 Training Website: https://mad20.io  Discount Code: STATSONSTATS15 Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com  Discount Code: STATSONSTATS Kevtech Academy Website: https://www.kevtechitsupport.com  Dream Chaser's Coffee Website: https://dreamchaserscoffee.com  Discount code: STATSONSTATS Podcasts We Like DEM Tech Folks Website: https://linktr.ee/developeverymind  YouTube: https://www.youtube.com/@demtechfolks  IntrusionsInDepth Website: https://www.intrusionsindepth.com  YouTube: https://www.youtube.com/@IntrusionsInDepth   Elastic DoD Architects YouTube: https://www.youtube.com/@elasticdod  ----------------------------------------------------- Episode was shot and edited at BlueBox Studio Tampa https://blueboxdigital.com/bluebox-studio/

Breaking into Cybersecurity - DFIR Career Advice w/Cathy UllmanDr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect and security at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff, educating and informing users about how to prevent and detect social engineering threats and compute and digitally communicate safely. Cathy has presented at numerous information security conferences, including DEF CON and Blue Team Con. Cathy is a contributor to the O'Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth, Flash, at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.Sponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.This podcast runs on listener support and funding. Consider supporting this podcast:https://breaking-into-cybersecurity.captivate.fm/supportCheck out our books:Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/About the hosts:Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/Download a free copy of her book at magnetichiring.com/bookChristophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced...

Parce que… c'est l'épisode 0x500! Shameless plug 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Vincent Groleau Crédits Montage par Intrasecure inc Locaux réels par Vincent

Parce que… c'est l'épisode 0x499! Préambule Je fais des expériences avec de nouvelles façons d'enregistrer. Cette méthode n'est pas encore au point, même si elle a permis une plus grande fluidité dans la conversation. Work in progress. Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes Google's Secure AI Framework (SAIF) Collaborateurs Nicolas-Loïc Fortin Nicolas Bédard Crédits Montage par Intrasecure inc Locaux réels par Terrasse Nelligan

Parce que… c'est l'épisode 0x498! Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes DEFCON Collaborateurs Nicolas-Loïc Fortin Dominic Villeneuve Marc-André Lévesque Crédits Montage par Intrasecure inc Locaux réels par Pub le St-Georges

Parce que… c'est l'épisode 0x497! Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Alexandre Chéron Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x496! Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes Flare Collaborateurs Nicolas-Loïc Fortin Mathieu Lavoie Éric Boivin Crédits Montage par Intrasecure inc Locaux réels par Flare

Parce que… c'est l'épisode 0x495! Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Mickael Nadeau Crédits Montage par Intrasecure inc Locaux réels par LINQ

Parce que… c'est l'épisode 0x494! Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Dominique Derrier Crédits Montage par Intrasecure inc Locaux réels par Zibo! - Griffintown

Parce que… c'est l'épisode 0x493! Préambule Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes xxxx Collaborateurs Nicolas-Loïc Fortin Davy Adam Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x492! Préambule Shameless plug 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Benoit Gagnon Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x491! Préambule Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes RegreSSHion regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH serve Collaborateurs Nicolas-Loïc Fortin Alexandre Chéron Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Guest: Allyn Stott, Senior Staff Engineer, meoward.coOn LinkedIn | https://www.linkedin.com/in/whyallynOn Twitter | https://x.com/whyallyn____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Allyn Stott, Senior Staff Engineer, meoward.coOn LinkedIn | https://www.linkedin.com/in/whyallynOn Twitter | https://x.com/whyallyn____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Parce que… c'est l'épisode 0x490! Préambule Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes Blast-RADIUS Collaborateurs Nicolas-Loïc Fortin Alexandre Chéron Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x489! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes The Mandiant Approach to Operational Technology (OT) Security Collaborateurs Nicolas-Loïc Fortin Camille Felx Leduc Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x488! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes ÉFVP Collaborateurs Nicolas-Loïc Fortin Emeline Manson Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x487! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Thomas Veynachter Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x486! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Anglade Perrier Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x485! Shameless plug 8-11 août 2024 - DEFCON 7 et 8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 19 au 21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea février 2025 - SéQCure 2025 9 au 11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Davy Adam Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x484! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Benoit Gagnon Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x483! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Vanessa Deschênes Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x482! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Thomas Foubert Crédits Montage par Intrasecure inc Locaux réels par Northsec

Parce que… c'est l'épisode 0x481! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 29 septembre au 2 octobre 2024 - FAIR Conference 2024 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Jean-Philippe Décarie-Mathieu Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

Parce que… c'est l'épisode 0x480! Shameless plug 8-11 août 2024 - DEFCON 7-8 septembre 2024 - Blue Team Con 19-20 septembre 2024 - Brucon 18-21 novembre 2024 - European Cyber Week 19-20 novembre 2024 - C&ESAR 20-21 novembre 2024 - CAID 5-6 décembre 2024 - Objective by the Sea 26-27 février 2025 - SéQCure 2025 9-11 avril 2025 - Google Next ‘25 Description Notes À venir Collaborateurs Nicolas-Loïc Fortin Dominique Derrier Crédits Montage par Intrasecure inc Locaux réels par Northsec

In the August 28th episode of the Storm Watch podcast, the hosts discussed various cybersecurity topics and welcomed a new guest, Donna, the director of product design at Grey Noise. Donna shared her experience attending Blue Team Con, a conference for cybersecurity defenders. She emphasized the importance of learning directly from the cybersecurity community to improve Grey Noise's overall user experience. Glenn, another host, also attended the conference and praised its organization, variety of talks, and friendly atmosphere. The hosts then discussed a recent Sophos report on cybersecurity trends, highlighting the report's engaging writing style and informative content. They also touched on a misleading headline about Russia hacking Poland's train rail network, clarifying that it was not a cyber attack but rather a simple radio frequency interference that caused the trains to stop. The hosts expressed concern about the vulnerability of modern systems to such basic attacks. The conversation shifted to the impact of ransomware attacks on businesses, with the hosts mentioning two Danish cloud providers that went out of business due to ransomware incidents. They emphasized the importance of taking cybersecurity seriously, as even well-prepared businesses can be affected by unforeseen threats. Lastly, the hosts discussed a recent Capture the Flag (CTF) competition organized by Grey Noise. They praised the event's organization and shared some interesting stories from the participants, including a real-life open-source intelligence gathering situation. The CTF event showcased the creativity and skills of the cybersecurity community and provided valuable learning experiences for the participants. Learn more about GreyNoise >>

Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: ICS security, Blue Team Con and security work in the Air Force Reserve | Guest Lesley CarhartPub date: 2023-08-21Lesley Carhart of Dragos, also known as Hack4Pancakes on social media, is a lifelong breaker and builder of things, and their insights on the deep mechanics of Industrial Control Systems are an absolute must-hear for any of you even considering this space. Carhart also talks about their keynote at this year's Blue Team Con, the differences between incident response in the military vs. the private sector, and why standard cybersecurity studies won't take you as far in ICS as it will to learn how train track switchers work. Seriously, this is one of the best episodes I've ever been a part of, and I can't wait for you to hear it! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - ICS security 3:40 - Getting started in cybersecurity 9:13 - The early days of the internet11:05 - Air Force cybersecurity 12:50 - Military cybersecurity training 15:00 - Incident response work at Motorolla18:40 - Technical director of incident response23:30 - State of ICS39:13 - Starting work in ICS41:57 - Keynote speaker at Blue Team Con46:46 - Bringing diversity into ICS53:46 - Outro About InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Lesley Carhart of Dragos, also known as Hack4Pancakes on social media, is a lifelong breaker and builder of things, and their insights on the deep mechanics of Industrial Control Systems are an absolute must-hear for any of you even considering this space. Carhart also talks about their keynote at this year's Blue Team Con, the differences between incident response in the military vs. the private sector, and why standard cybersecurity studies won't take you as far in ICS as it will to learn how train track switchers work. Seriously, this is one of the best episodes I've ever been a part of, and I can't wait for you to hear it! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - ICS security 3:40 - Getting started in cybersecurity 9:13 - The early days of the internet11:05 - Air Force cybersecurity 12:50 - Military cybersecurity training 15:00 - Incident response work at Motorolla18:40 - Technical director of incident response23:30 - State of ICS39:13 - Starting work in ICS41:57 - Keynote speaker at Blue Team Con46:46 - Bringing diversity into ICS53:46 - Outro About InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Guest: Chris Roberts, CISO, Boom Supersonic [@boomaero]On Twitter | https://twitter.com/Sidragon1On LinkedIn | https://www.linkedin.com/in/sidragon1/________________________________Host: Alyssa MillerOn ITSPmagazine  

Guest: Jess Vachon, Chief Information Security Officer, Context Labs BV [@contextlabsbv]On Mastodon | https://infosec.exchange/@infosec_jessOn Twitter | https://twitter.com/infosec_jessOn LinkedIn | https://www.linkedin.com/in/jessvachon1/________________________________Host: Alyssa MillerOn ITSPmagazine  

Guest: Kayla Williams, CISO, Devo [@devo_inc] and co-host of the Locked Down Podcast on ITSPmagazineOn ITSPmagazine  

Guest: Jerry Bell, VP and CISO, IBM Public Cloud [@IBM | @IBMcloud] and founder & co-host of the Defensive Security Podcast [@defensivesec]On Mastodon | https://infosec.exchange/@jerryOn Twitter | https://twitter.com/MaliciouslinkOn LinkedIn | https://www.linkedin.com/in/maliciouslink/InfoSec.Exchange | https://infosec.exchange/home________________________________Host: Alyssa MillerOn ITSPmagazine  

Guest: Tricia Howard, Senior Technical Writer II at Akamai Technologies [@Akamai]On Mastodon | https://infosec.exchange/@triciakickssaasOn Twitter | https://twitter.com/TriciaKicksSaaSOn LinkedIn | http://linkedin.com/in/triciakickssaasWebsite | https://triciakickssaas.com/________________________________Host: Alyssa MillerOn ITSPmagazine  

GuestHelen PattonChief Information Security Officer, Cisco Security Business Group [@CiscoSecure], Cisco [@Cisco]On Mastodon | https://infosec.exchange/@cisohelenOn Twitter | https://twitter.com/CisoHelenOn LinkedIn | https://www.linkedin.com/in/helenpatton/Website | https://www.cisohelen.com/HostAlyssa MillerOn ITSPmagazine  

GuestBill DiekmannBISO, Director of Security and Architecture at Cupertino Electric [@CupertinoEl]On Mastodon | https://infosec.exchange/@bdiekmannOn Twitter | https://twitter.com/bdiekmannOn LinkedIn | https://www.linkedin.com/in/bdiekmann/HostAlyssa MillerOn ITSPmagazine  

GuestJosh NickelsCyber Security Engineer at Dematic [@DematicGlobal]On Mastodon | https://infosec.exchange/@ImlordoftheringOn Twitter | https://twitter.com/imlordoftheringOn LinkedIn | https://www.linkedin.com/in/josh-nickels/HostAlyssa MillerOn ITSPmagazine  

GuestGina YaconeCISO (Advisory) at Trace3 [@trace3]On Twitter | https://twitter.com/gina_yaconeOn LinkedIn | https://www.linkedin.com/in/ginayacone/HostAlyssa MillerOn ITSPmagazine  

GuestMaril Vernon"One Woman Purple Team" | Co-founder of The Cyber Queens Podcast | Purple Team Lead/Sr SE | Social Engineer | Physical Pentest | CTI | Administrative Officer- Offensive Ops @ CSFI | MSCSIAOn Twitter | https://twitter.com/shewhohacksOn LinkedIn | https://www.linkedin.com/in/marilvernon/HostAlyssa MillerOn ITSPmagazine  

GuestLesley CarhartDirector of ICS Cybersecurity Incident Response at Dragos [@DragosInc]On Twitter | https://twitter.com/hacks4pancakesOn LinkedIn | https://www.linkedin.com/in/lcarhart/Website | https://tisiphone.net/HostAlyssa MillerOn ITSPmagazine  

GuestEric J. Belardo, The "Cyber Papa"Founder at Raices Cyber Org [@RaicesCyberOrg]On Twitter | https://twitter.com/ebelardo73On LinkedIn | https://www.linkedin.com/in/ebelardo/On YouTube | https://www.youtube.com/EricBelardoCyberHostAlyssa MillerOn ITSPmagazine  

HostAlyssa MillerOn ITSPmagazine  

GuestPhil SwaimOn Twitter | https://twitter.com/0DDJ0BBOn LinkedIn | https://www.linkedin.com/in/phillipswaim/HostAlyssa MillerOn ITSPmagazine  

GuestPhil SwaimOn Twitter | https://twitter.com/0DDJ0BBOn LinkedIn | https://www.linkedin.com/in/phillipswaim/HostAlyssa MillerOn ITSPmagazine  

Today's guest is Derrick @CanBusDutch. They talk about embedded systems security, in particular in vehicles (i.e. CAN Bus architectures).________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestFordOn Twitter | https://twitter.com/wrentreeco________________________________HostAlyssa MillerOn ITSPmagazine  

Today's guest is Ford @wrentreeco.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestFordOn Twitter | https://twitter.com/wrentreeco________________________________HostAlyssa MillerOn ITSPmagazine  

Today's guest is award-winning author, Stefani Goerlich.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestStefani GoerlichAuthor and Clinician focusing on Gender, Sexuality and Relationship DiversitiesOn LinkedIn | https://www.linkedin.com/in/sgoerlich/On Twitter | https://twitter.com/Tzefira_Neviah________________________________HostAlyssa MillerOn ITSPmagazine  

Today's guest is Frank McGovern. Larry talks about the role of the security architect and the Blue Team Con event.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestFrank McGovernCybersecurity Architect at StoneX Group [@StoneX_Official] and Founder at Blue Team Con [@BlueTeamCon]On LinkedIn | https://www.linkedin.com/in/frankmcgovern/On Twitter | https://twitter.com/FrankMcG________________________________HostAlyssa MillerOn ITSPmagazine  

Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa Koopmans, and 3rd time returning guest Mark Morowczynski, to tell us about the important work that's been done to help organizations understand their data and detect Azure AD attacks. We cover log sources, the new Microsoft security operations guide, standardized dashboards and visualizations you can leverage to jump right in with best practice, and much more. You don't want to miss this one!Corissa Koopmans and Mark MorowczynskiCorissa Koopmans (@Corissalea) is part of the "Get to Production" team in the Microsoft Identity and Network Access Division, focusing on incorporating customer feedback to improve our products. She is very active in driving community contribution to AzureMonitor Log Analytics and increasing awareness of the power of log data by presenting at industry events including BSides, The Experts Conference (TEC), SPARK, & Microsoft MVP Summits.Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He's spoken at various industry events such as Black Hat, Defcon Blue TeamVillage, Blue Team Con, GrayHat, several BSides, and more. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.Azure AD SecOps - aka.ms/azureadsecopsAzure Monitor Log Analytics and KQL resources: aka.ms/KQLBlueTeamFor community contribution, please follow these prerequisites (these steps are also available at aka.ms/KQLBlueTeaml):1.      Have a GitHub account2.      Belong to the Microsoft Organization in GitHuba.      If you do not yet belong, click on this link: https://repos.opensource.microsoft.com/ and then select “Microsoft” to join their organization3.      Be a member of the @azure-ad-workbooks team in GitHuba.      if you are not yet a member, go to the Microsoft Organization in GitHub and search for the Join us in Scottsdale, AZ or virtually for the 2022 SANS Institute Blue Team Summit & Training. At the SANS Blue Team Summit, enhance your current skill set and become even better at defending your organization and hear the latest ways to mitigate the most recent attacks!