The Security Insights Show

Join our hosts December 18th, 2025, as they dive into the electrifying world of Microsoft Security’s latest breakthroughs. This episode unpacks real-world triumphs in thwarting sophisticated AI-driven phishing swarms, and debates the hottest zero-day exploits shaking the headlines. Packed with insider tips this is your must-listen guide to staying light-years ahead in the cyber arms race.This episode, we welcome back Alistair Pugin to talk Agent security.Show Notes/Links* Alistair Pugin on LinkedIn: https://www.linkedin.com/in/alistairpugin/* Learn about Data Security Posture Management for AI: https://learn.microsoft.com/en-us/purview/dspm-for-aiList of AI sites supported by * Microsoft Purview Data Security Posture Management (DSPM) and DSPM for AI: https://learn.microsoft.com/en-us/purview/ai-microsoft-purview-supported-sites* Permissions for Data Security Posture Management for AI: https://learn.microsoft.com/en-us/purview/ai-microsoft-purview-permissions* MITRE ATLAS: https://atlas.mitre.org/ This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

As the Thanksgiving turkey roasts and the family gathers, cybercriminals are lurking in the digital shadows, ready to crash your holiday feast. In Episode 280 of THE Security Insights Show, hosts serve up a timely platter of cybersecurity wisdom to keep your “gravy secrets”—those juicy credentials, financial data, and personal info—safe from opportunistic hackers.Dive into the rising tide of “Turkey-Day Trojans”: sneaky malware disguised as festive deals, phishing emails from “Aunt Edna” demanding urgent wire transfers, and smart home devices turned into spy cams by unsecured Wi-Fi. We’ll unpack real-world holiday hacks, from ransomware gobbling up your shopping carts to social engineering tricks exploiting family chit-chat. Plus, get actionable Microsoft Security tips—like leveraging Defender for endpoint protection, Entra ID for secure guest access during virtual toasts, and Copilot-powered threat hunting to spot the bad stuffing before it sours the meal.Whether you’re a CISO stress-testing your perimeter or just a home user dodging Black Friday bait, this episode arms you with the tools to feast worry-free. Tune in now on YouTube, Apple Podcasts, Spotify, or your favorite platform—because nothing ruins a holiday like a data breach on dessert. Don’t forget to subscribe for more bites of security insight!This episode of “THE Security Insights Show” covers a range of topics, starting with personal updates and discussions about cybersecurity certifications. The hosts delve into the role of Artificial Intelligence (AI) in cybersecurity, specifically debating the necessity of learning KQL (Kusto Query Language) from scratch given the advent of natural language to KQL models (16:01). They discuss the importance of understanding underlying data and language nuances even with AI assistance (18:56).The conversation then pivots to key announcements from Microsoft Ignite, including:* Work IQ: An intelligent layer that enhances productivity by connecting organizational and personal data, enabling AI-driven insights and recommendations within Microsoft 365 applications (31:31).* Proactive Attack Disruption and Predictive Shielding: Microsoft’s new capabilities to anticipate attacker moves during ongoing attacks, dynamically hardening targets in real-time (35:59).* Expanded Automatic Attack Disruption: This feature extends to work across third-party services like AWS, Okta, and Proofpoint, allowing Microsoft Defender to take decisive actions on external systems even if the threat originates from a non-Microsoft system (39:06).* Rebranding of Defender XDR to Borg XDR: Indicating a consolidation of more Defender for Cloud functionality and assimilation of Sentinel into the unified Defender portal (42:00).* Native Sysmon in Windows 11: A significant announcement for security professionals (42:35). This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Picture this: It’s the witching hour of cybersecurity, where jack-o’-lanterns glow with malevolent code and candy corn conceals keyloggers. In this spine-tingling episode of The Security Insights Show, we dive headfirst into the ghoulish guts of seasonal phishing scams – those crafty creeps who lure you in with “Free Zombie Apocalypse Prep Kits” emails, only to carve up your credentials like a deranged pie maker at a harvest festival. Join our hosts as they unmask the tricks-or-treats of spear-phishing spooks, ransomware pumpkins that explode in your inbox, and why your two-factor auth is the garlic necklace against digital Dracula. We’ll roast real-world horror stories – like the exec who traded his soul (and SSO login) for a “haunted house discount” – and arm you with tricks to keep your data from doing the monster mash. This episode of “THE Security Insights Show” discusses the risks and security challenges associated with artificial intelligence (AI), particularly concerning phishing scams during the Halloween season (0:21). The hosts, Rodney and Franklin, touch on various aspects of AI, its adoption, and the evolving landscape of cybersecurity.Key discussion points include:* The hosts’ return and show changes: Rodney and Franklin discuss their return to the show after a summer break, moving to a bi-weekly Thursday schedule to allow more time for content creation and guest planning (1:02-6:54).* October as Cybersecurity Awareness Month: They emphasize the importance of cybersecurity awareness, noting a lack of guest speakers this year compared to previous years (4:17-4:33).* Artificial Intelligence (AI) and its security implications: A significant portion of the discussion revolves around AI, specifically the challenges of securing and governing it (7:47). They highlight the increasing use of AI in creating sophisticated phishing campaigns and the alarming potential for “non-human entities” or “agentic offerings” to be compromised or act as “double agents” in an environment (10:10-10:57).* Understanding AI architecture and threats: Franklin argues that securing AI is fundamentally about securing compute, identity, data, and networks, with the Large Language Model (LLM) being a new threat (11:31-12:29). They discuss the role of the MCP (Microsoft Collaboration Protocol) server in providing context between chatbots and data sources, acknowledging that generative AI can sometimes provide inaccurate responses (13:03-15:41).* Challenges in AI security and training: The hosts express concern about the lack of fundamental understanding of AI among security professionals and the trend of training courses merely adding “with AI” to existing content without real value (28:41-31:21). They also discuss the emergence of highly specialized roles in AI security, like the “Chief Artificial Intelligence Risk Officer (CAIRO),” and the potential for a “corporate fear of missing out” driving quick, potentially insecure, AI adoption (36:06-38:29).* The CISO’s role and application expectations: Franklin suggests that CISOs have the necessary tools for AI security, viewing it as another application to secure, while Rodney believes many are unprepared due to rapid adoption and an “outnumbered” feeling in defense (37:42-43:52). This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Hello podcast listeners and supporters. Today we announced that we will start our late summer | early fall show slow down. After five years of producing the show, we are taking the months of August and September off to recharge, do some back-office updates and re-invent.We look forward to having fresh energy and lots of dad jokes upon our return. Keep an eye on the discord channel and website for tips and tidbits until we return.thanksBrodie, Edward, Frank, RodWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

In this episode, one of the leading Microsoft security partners - Cyclotron - https://cyclotron.com/ - discusses common and “uncommon” mistakes customers encounter while deploying Microsoft Purview.Show notes:Teams ChannelsPublic Webinars & TrainingWelcome GuideDigital Badge ProgramJoin the CommunityFeedback OpportunitiesCommunity CallsRecognition & BadgesDiscussion GroupsUpcoming Public WebinarsSecurity YouTube ChannelPublic ForumsNinja Training & CertificationNinja ShowNeed Assistance? Email our TeamMicrosoft respects your privacy. Review our online Privacy Statement. ​Microsoft Corporation | One Microsoft Way | Redmond, WA, USA 98052 ​At any point you may opt-out of the program by filling out this form.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we invite some of our awesome Microsoft Security MVPs to discuss their experiences with the MVP program.Show Notes/Links* Defender Experts upcoming webinar: Defender Experts: S.T.A.R. Forum - Strategies for Threat Awareness and Response, Episode 3. ClickFix: The Threat You Can’t Afford to Ignore. Are You Ready to Respond? Join Microsoft Defender Experts for an unfiltered breakdown of the ClickFix attack, and learn how to defend against it before it disrupts your operations. * Register Here: https://msit.events.teams.microsoft.com/event/4cee88e5-0a8a-4f02-9e4a-453bdda2e38d@72f988bf-86f1-41af-91ab-2d7cd011db47/registrationWhat to Expect:* No-Nonsense Tactics: Dive into actionable strategies for detecting, investigating, and mitigating ClickFix straight from the frontlines.* KQL Demystified: Get hands-on with KQL to enhance your threat detection, automate responses, and build custom playbooks.* Real Expertise: Hear from the professionals actively hunting and blocking threats like ClickFix in real-time.* Advanced Defense: Sharpen your response to ransomware, phishing, and social engineering with field-tested techniques.If you're serious about your defense posture, this isn’t just another webinar. This is essential knowledge to keep you ahead of the curve and out of harm’s way. Check out content from our previous episode(s): https://aka.ms/DefenderExpertsWebinarSeries* Secure Score over time with Power BI - Secure Score Over Time Power BI Dashboard | Microsoft Community Hub* Analyze Conditional Access Policy impact - The policy impact view for individual Microsoft Entra Conditional Access policies enables admins to evaluate the effects of enabled and report-only Conditional Access policies in their organization, without using Log Analytics. This feature surfaces a graph for each policy in the Microsoft Entra admin center, showing the policy’s impact on the tenant’s past sign-ins.* Microsoft Entra External ID: Sign in with Apple - Configure Apple as an external identity provider (IdP) to add Apple as a social provider for your user flows. Users can sign up and sign in to associated applications using their Apple ID accounts through the Sign in with Apple option.* Hands-on learning resource for Defender for AI Services hosted here:https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2024%20-%20AI%20Workloads.md* Microsoft is now hosting xAI’s Grok 3 modelsI reported in my Notepad newsletter earlier this month that Microsoft was getting ready to host Elon Musk’s Grok AI models, and now it’s official. At Microsoft’s Build developer conference today, the company confirmed it’s expanding its Azure AI Foundry models list to include Grok 3 and Grok 3…* Microsoft introduces GitHub AI agent that can code for youMicrosoft’s GitHub unit on Monday introduced a Copilot artificial intelligence agent that can take on specific programming work and inform people once it has finished. From there, developers can check the agent’s work from GitHub, a widely used repository for code.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us as we welcome Micah Heaton from BlueVoyant and Michael Brown from Microsoft as we discuss a whole stack of things, including DEX, Security Copilot agents, and SIEM and XDR.Show Notes/Links* The MISA Awards - Full show: https://securitypartners.transform.microsoft.com/misa-excellence-awards-2025* BlueVoyant XDR Threat Gap Analysis: https://appsource.microsoft.com/en-cy/product/power-bi/bluevoyant1583844909747.securitydiagnosticapp?exp=kyyw&tab=Overview* Threat Actor Naming: https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/* KQL Query for Actor Names: https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming#resources* Github of Jaime: https://github.com/jguimera * Microsoft BlueHat: https://www.microsoft.com/bluehat/* Secure Score over time with Power BI - Secure Score Over Time Power BI Dashboard | Microsoft Community Hub* Analyze Conditional Access Policy impact - The policy impact view for individual Microsoft Entra Conditional Access policies enables admins to evaluate the effects of enabled and report-only Conditional Access policies in their organization, without using Log Analytics. This feature surfaces a graph for each policy in the Microsoft Entra admin center, showing the policy’s impact on the tenant’s past sign-ins.* Microsoft Entra External ID: Sign in with Apple - Configure Apple as an external identity provider (IdP) to add Apple as a social provider for your user flows. Users can sign up and sign in to associated applications using their Apple ID accounts through the Sign in with Apple option.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com