Security Unlocked artwork

Security Unlocked

63 episodes - English - Latest episode: about 2 years ago - ★★★★ - 56 ratings

Security Unlocked explores the technology and people powering Microsoft's Security solutions. In each episode, Microsoft Security evangelists Nic Fillingham and Natalia Godyla take a closer look at the latest innovations in threat intelligence, security research, and data science, with a special focus on demystifying artificial intelligence and machine learning. Be sure to listen in and follow us!

Technology security security ai artificial intelligence machine learning microsoft microsoft security microsoft ai microsoft ml microsoft security ai nic fillingham
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Episodes

Cryptojacking, and Farewell for Now!

February 16, 2022 08:05 - 36 minutes

The success of crypto inspired dozens of other cryptocurrencies like Ethereum, Tether, and Dogecoin. Today, people worldwide use cryptocurrencies to buy things, sell things, and make investments. One thing is certain; digital currencies are here to stay, no matter how many times you have to explain what a bitcoin is. Unfortunately, it also created the world of cryptojacking, a form of cybercrime that remains completely hidden from the target and can infect millions of computers with cryptojac...

A look at Cybercrime in 2021

February 02, 2022 08:05 - 41 minutes

Ransomware attacks have never been so successful. The returns from these attacks are soaring and only becoming easier to conduct. In chapter two of the Microsoft Digital Defense Report, the growing threat of cybercrime is covered in great detail. As we continue to go over the MDDR, it's more apparent than ever that the cybercrime economy and services it provides are stronger and more complex than ever. Cryptocurrency, malware, and adversarial machine learning are just a few of the topics we b...

What’s a BISO?

January 19, 2022 08:05 - 40 minutes

Everything is exciting and new when you're a kid, and curiosity inspires many of us to branch out and try new things. For some, that means drawing from our imagination or trying all kinds of sports. And for others it means spending days at the library, checking out books on modem communications, and eventually hacking into the local dial-up community service. That's just a random example, of course... Either way, curiosity can be a powerful tool, even at a young age. To the point that it may ...

Disinformation in the Enterprise

January 05, 2022 08:05 - 35 minutes

Disinformation refers to the calculated use of false information to influence others and has been a steadily growing form of information warfare. Unfortunately, disinformation is everywhere these days, often hidden in plain sight. Criminals will also adapt and take advantage of technologies, such as AI and deepfakes, to increase the effectiveness of disinformation campaigns. Of course, there are ways to combat these types of attacks, and we cover recommendations for protecting the enterprise ...

I am Shroot-less

December 22, 2021 08:05 - 36 minutes

Microsoft works around the clock to protect their customers, no matter what product they’re using, Microsoft or otherwise. In some instances Microsoft teams up with other companies, creating an all-star cybersecurity team, to handle newly discovered vulnerabilities. It helps everyone stay more secure, and of course, that's the ultimate goal, right?     In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are re-joined by Jonathan Bar Or, Principal Security Researcher ...

Decoding NOBELIUM

December 08, 2021 08:05 - 49 minutes

In December 2020, Microsoft began sharing information with the cybersecurity industry on a group of Russia-based hackers who gained access to multiple enterprises through vulnerable software code, stolen passwords, compromised on-premises servers, and minted SAML tokens. In this supply chain attack, hackers could access the SolarWinds code, slip malicious code into a piece of the software, and use the vendor’s legitimate software updates to spread malware to customer systems.    Security Unlo...

Trusting Your Hybrid Workforce

November 24, 2021 08:05 - 41 minutes

We are back, covering more of the 2021 Microsoft Digital Defense Report, and this time we’re taking a deep dive into chapter five on Hybrid Workforce Security and Zero Trust. Zero Trust means precisely what it sounds like, never assuming any device or identity is secure; it's like having major trust issues, but in a professional way. With most businesses moving to remote work because of the pandemic, cybercriminals, of course, found new ways to take advantage, especially since most people are...

When Privacy Meets Security

November 10, 2021 08:05 - 39 minutes

The way most people operate online these days, what would you even consider private anymore? We are so quick to share details about our job, home, friends, and family without even thinking about how much personal info we're giving away. Privacy and user agreements are a part of almost everyone's life at this point, and what do you know about them? For the most part, we often see a user agreement pop up, click agree and move on, but do you know what you just agreed to? Privacy choices have bec...

Securing Modern Software

October 27, 2021 07:05 - 22 minutes

The newfound popularity of the internet in the nineties spurned an obsession with hacking. Unfortunately, most movies believed that it wasn't possible to show real hacking and still be entertaining; hence all the awkward video game graphics and characters living in sketchy basements regularly yelling out, "We're in!" while pounding on their keyboards. I'd also like to address their outfit choices but now is not the appropriate time. The point is, hackers have been portrayed as the same charac...

The 2021 Microsoft Digital Defense Report

October 20, 2021 07:05 - 39 minutes

Okay, look, we know you plan on reading the entire 2021 MDDR at some point. But you're busy. Life gets in the way. We get it. Who has the time! Well, we've got the time, but that's beside the point, and honestly... fortunate for you. We've read the report front to back and have decided to cover some of it today on the podcast, but you'll still need to read all 134 pages yourself if you truly want to grasp the entire piece. Unless you want to be that person who listens to a single podcast and ...

Mobile 4N6 101

October 13, 2021 07:05 - 35 minutes

What would you say is the most personal possession that you own? Most would say their cell phone... unless you still have a few journals from high school. And if you do, this is your reminder that it might be time to let those go. It's become increasingly apparent lately how much info our phones collect from us, from the first app you check in the morning after waking up, recent calendar entries, and your actual heart rate by 9 am. The crazy part is most people don't give it a second thought....

Untangling Botnets

October 06, 2021 07:05 - 37 minutes

You're back home celebrating the holidays with friends and family, sharing stories, catching up, and discussing your plans for the year ahead. Next thing you know, that cousin who wouldn't stop sending you emails about the "future of bitcoin" and coin mining kicks the door open, and he's ready to spread some holiday knowledge. Oh yeah, he's also going to cut you in on a sweet deal he has going on with his buddy Carl, who he met at dollar wing night. Unfortunately, Carl is one of the bad guys....

What the Fuzz?!

September 29, 2021 07:05 - 36 minutes

Do you have a data science or engineering background? If so, you're in luck. If not, you're also in luck because today's guest found a way to make a few complex subjects understandable for everyone. The first of many topics... Fuzzy hashing. It might sound like an adorable, adventurous Muppet character, but I promise you the reason behind it is not cute at all. The short explanation is "fighting crime with math," and honestly, the short version is all I've got for you. So, sit back and pay at...

The ‘Three E’s’ of Scam Disruption

September 22, 2021 07:05 - 36 minutes

Juan Hardoy leads an international team of investigators, analysts, and lawyers inside the Digital Crimes Unit who share a joint mission to protect customers and promote trust in Microsoft technologies. Hearing that might take your imagination to a place where Juan is deputized to fight crime in digital space, and you wouldn't be completely wrong. Still, unfortunately, he's not sitting at his desk with a sheriff's badge and a cowboy hat. It's not as simple as the days in the west, where you c...

Entering the Virtual Battlefield

September 15, 2021 07:05 - 35 minutes

Have you ever thought about a career in threat intelligence or cyber security? Possibly finishing school with a degree in computer programming and feel overwhelmed with what to do next? Don't worry; we've all experienced this. Maybe not specifically with computer programming, but the figuring it out aspect. You could be ending active military service and working in cyber operations, helping offensive and defensive cyberspace operations, wondering about the next step. The thought of making the...

Battling BazaCall BuzzKill

September 01, 2021 07:05 - 35 minutes

It's finally Friday. You successfully made it through another week and the weekend is so close you can taste it. You pour yourself a bowl of your favorite cereal, but before you can get that first bite your phone rings. It's a random number, but for some reason you're feeling chatty and decide to answer. Unfortunately, it's a robot that somehow knows your name and is asking for your social security number, home address, and password from that first AOL account you made in 1998!  It’s easy to ...

Turning to the Purple Side

August 25, 2021 07:05 - 25 minutes

Picture this: you’re working on a new software that will revolutionize your industry. You’ve got your work cut out for you, from design to programming to integration. But what about security? Keeping your software secure should be in the conversation from day one, but not all developers are well-versed in application security. The good news is that you’re not alone, and even if this picture that we’ve painted isn’t of you, there are still very accessible ways to learn about application securi...

Protecting the Power Grid

August 18, 2021 07:05 - 36 minutes

Electricity is all around us. In fact, you’re using it to read this right now. It powers (no pun intended) our everyday lives, and it works without us having to think about it. It’s kind of like breathing. I mean, you don’t have to tell your lungs “Hey! Start breathing right now!” But just like with breathing, the problems that can follow an interruption of electricity can be deadly. It shouldn’t be shocking (pun intended) that keeping power grids secure is an international priority. In this ...

Making the Leap to the Cloud

August 11, 2021 07:05 - 37 minutes

8 trillion. It’s kind of a big number, right? That’s how many signals are collected, processed, and analyzed by Microsoft’s security team every single day. Those signals are travelling from the cloud, coming through endpoints, coming through Bing, coming through Xbox. All of these signals are turned into intelligence, and if you’re a cloud user, that intelligence is an asset to your security. By making the leap to the cloud, the power, size, and flexibility of Microsoft’s threat intelligence ...

Mary Had a Little Scam Report

August 04, 2021 07:05 - 38 minutes

How likely are you to fall for a scam? Survey Says… depends on your demographic. Scammers are evolving, from cold calls on the phone, to computer desktop pop-ups with nagging alarm sounds, to buying out search terms like “email support.” Tech support scams have become an ever-present threat in our online world with 3 out of 5 people globally experiencing them and 1 out of 6 people actually giving their money or personal information to the scammers. Even though there are some honorable people ...

Talking Security With Non-Security Professionals

July 28, 2021 07:05 - 38 minutes

Every occupation has its unique jargon that allows professionals to speak their own language and understand each other’s shorthand.  Those of us in the world of cybersecurity are no exception as we frequently toss around acronyms and abbreviations, but how can we cybersecurity professionals communicate all of this crucial ingrained knowledge to people who haven’t the faintest idea about technology, security, or what our conversational shorthand even means?   In this episode of Security Unlock...

Discovering Router Vulnerabilities with Anomaly Detection

July 21, 2021 07:05 - 32 minutes

Ready for a riddle? What do 40 hypothetical high school students and our guest on this episode have in common? Why they can help you understand complex cyber-attack methodology, of course!  In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla are brought back to school by Principal Security Researcher, Jonathan Bar Or who discusses vulnerabilities in NETGEAR Firmware. During the conversation Jonathan walks through how his team recognized the vulnerabilities and worked...

Securing the Internet of Things

July 14, 2021 07:05 - 37 minutes

There used to be a time when our appliances didn’t talk back to us, but it seems like nowadays everything in our home is getting smarter. Smart watches, smart appliances, smart lights - smart everything! This connectivity to the internet is what we call the Internet of Things (IoT). It’s becoming increasingly common for our everyday items to be “smart,” and while that may provide a lot of benefits, like your fridge reminding you when you may need to get more milk, it also means that all of th...

Looking a Gift Card Horse in the Mouth

July 07, 2021 07:05 - 31 minutes

Is it just me, or do you also miss the good ole days of fraudulent activity? You remember the kind I’m talking about, the emails from princes around the world asking for just a couple hundred dollars to help them unfreeze or retrieve their massive fortune which they would share with you. Attacks have grown more nuanced, complex, and invasive since then, but because of the unbelievable talent at Microsoft, we’re constantly getting better at defending against it.   On this episode of Security U...

Simulating the Enemy

June 30, 2021 07:05 - 35 minutes

How does that old saying go? Keep your friends close and keep your understanding of a threat actor’s underlying behavior and functionality of tradecraft closer? As new tools are developed and implemented for individuals and businesses to protect themselves, wouldn’t it be great to see how they hold up against different attacks without actually having to wait for an attack to happen? Microsoft’s new open-source tool, Simuland, allows users to simulate attacks on their own infrastructure to see...

Dial 'T' for Tech Support Fraud

June 23, 2021 07:05 - 37 minutes

We’ve all had a family dinner, Netflix binge, or otherwise relaxing moment ruined by a telemarketer trying to sell you something you didn't need – a magazine subscription, insurance, you name it! But recently, people have been getting calls that are much more sinister in nature; people claiming to be employees of Microsoft, or Apple, or Amazon, have been calling unsuspecting victims and urging them to pay the caller in exchange for cleaning their computer of viruses. Viruses that don’t exist....

A Day in the Life of a Microsoft Principal Architect

June 16, 2021 07:05 - 34 minutes

We’re formally sending out a petition to change the phrase “Jack of all trades” to “Hyrum of all trades” in honor of this episode’s guest, Hyrum Anderson. In this episode, hosts Natalia Godyla and Nic Fillingham sit down with Hyrum Anderson who, when he’s not fulfilling his duties as the Principal Architect of the Azure Trustworthy ML group, spends his time playing accordions, making cheese, and founding impressive technology conferences. He does it all!   Rather than chatting with Hyrum abou...

Red-teaming AI with CounterFit

June 09, 2021 07:05 - 32 minutes

It’s an all out offensive on today’s episode while we talk about how the best defense is a good offense. But before we plan our attack, we need to know our vulnerabilities, and that’s where our guest comes in.   On this episode, hosts Nic Fillingham and Natalia Godyla are joined by Will Pearce, who discusses his role as AI Red Team Lead from the Azure Trustworthy ML Group and how he works to find weaknesses in security infrastructure to better develop ways to prevent against attacks.   In Th...

Pearls of Wisdom in the Security Signals Report

June 02, 2021 07:05 - 30 minutes

It’s our 30th episode! And in keeping with the traditional anniversary gift guide, the 30th anniversary means a gift of pearls. So from us to you, dear listener, we’ve got an episode with some pearls of wisdom!   On today’s episode, hosts Nic Fillingham and Natalia Godyla bring back returning champion, Nazmus Sakib, to take us through the new Security Signals Report. Sakib walks us through why the report was done and then helps us understand the findings and what they mean for security.   In...

Securing Hybrid Work: Venki Krishnababu, lululemon

May 26, 2021 07:05 - 32 minutes

On this week’s Security Unlocked we’re featuring for the second and final time, a special crossover episode of our sister-podcast, Security Unlocked: CISO Series with Bret Arsenault.   Lululemon has been on the forefront of athleisure wear since its founding in 1998, but while many of its customers look at it exclusively as a fashion brand,  at a deeper level this fashion empire is bolstered by a well thought out and maintained digital infrastructure that relies on a hard working team to run ...

Contact Us; Phish You!

May 19, 2021 07:05 - 30 minutes

Threat actors are pesky and, once again, they’re up to no good. A new methodology has schemers compromising online forms where users submit their information like their names, email addresses, and, depending on the type of site, some queries relating to their life. This new method indicates that the attackers have figured out a way around the CAPTCHA’s that have been making us all prove we’re not robots by identifying fire hydrants since 1997. And what’s more, we’re not quite sure how they’ve...

Securing the Cloud with Mark Russinovich

May 12, 2021 07:05 - 30 minutes

On this week’s Security Unlocked, we’re pulling a bait and switch! Instead of our regularly scheduled programming, we’re going to be featuring the first episode of our new podcast, Security Unlocked: CISO Series with Bret Arsenault. Each episode is going to feature Microsoft’s CISO Bret Arsenault sitting down with other top techies in Microsoft and other companies in the industry.   In its inaugural episode – which we’re featuring on this episode – Bret sits down with Mark Russinovich, Chief ...

Ready or Not, Here A.I. Come!

May 05, 2021 07:05 - 35 minutes

Remember the good ole days when we spent youthful hours playing hide and seek with our friends in the park? Well it turns out that game of hide and seek isn’t just for humans anymore. Researchers have begun putting A.I. to the test by having it play this favorite childhood game over and over and having the software optimize its strategies through automated reinforcement training.   In today’s episode, hosts Nic Fillingham and Natalia Godyla speak with Christian Seifert and Joshua Neil about t...

Knowing Your Enemy: Anticipating Attackers’ Next Moves

April 28, 2021 07:05 - 40 minutes

Anyone who’s ever watched boxing knows that great reflexes can be the difference between a championship belt and a black eye. The flexing of an opponent’s shoulder, the pivot of their hip - a good boxer will know enough not only to predict and avoid the incoming upper-cut, but will know how to turn the attack back on their opponent.  Microsoft’s newest capabilities in Defender puts cyber attackers in the ring and predicts their next attacks as the fight is happening. On today’s episode, hosts...

Below the OS: UEFI Scanning in Defender

April 21, 2021 07:05 - 34 minutes

All of us have seen – or at least, are familiar with – the antics of Tom and Jerry or Road Runner and Wile E. Coyote. In each one the coyote or the cat set up these elaborate plans to sabotage their foe, but time and time again, the nimble mouse and the speedy bird are able to outsmart their attackers. In our third episode discussing Ensuring Firmware Security, hosts Nic Fillingham and Natalia Godyla speak with Shweta Jha and Gowtham Reddy about developing the tools that allow for them to sta...

Inside Insider Risk

April 14, 2021 07:05 - 39 minutes

Throughout the course of this podcast series, we’ve had an abundance of great conversations with our colleagues at Microsoft about how they’re working to better protect companies and individuals from cyber-attacks, but today we take a look at a different source of malfeasance: the insider threat. Now that most people are working remotely and have access to their company’s data in the privacy of their own home, it’s easier than ever to access, download, and share private information. On today’...

The Language of Cybercrime

April 07, 2021 07:05 - 39 minutes

How many languages do you speak? The average person only speaks one or two languages, and for most people that’s plenty because even as communities are becoming more global, languages are still very much tied to geographic boundaries. But what happens when you go on the internet where those regions don’t exist the same way they do in real life? Because the internet connects people from every corner of the world, cybercriminals can perpetrate scams in countries thousands of miles away. So how ...

The Human Element with Valecia Maclin

March 31, 2021 07:05 - 36 minutes

For Women’s History Month, we wanted to share the stories of just a few of the amazing women who make Microsoft the powerhouse that it is. To wrap up the month, we speak with Valecia Maclin, brilliant General Engineering Manager of Customer Security & Trust, about the human element of cybersecurity.  In discussion with hosts Nic Fillingham and Natalia Godyla, Valecia speaks to how she transitioned into cybersecurity after originally planning on becoming a mechanical engineer, and how she over...

Identity Threats, Tokens, and Tacos

March 24, 2021 07:05 - 41 minutes

Every day there are literally billions of authentications across Microsoft – whether it’s someone checking their email, logging onto their Xbox, or hopping into a Teams call – and while there are tools like Multi-Factor Authentication in place to ensure the person behind the keyboard is the actual owner of the account, cyber-criminals can still manipulate systems. Catching one of these instances should be like catching the smallest needle in the largest haystack, but with the algorithms put i...

Re: Tracking Attacker Email Infrastructure

March 17, 2021 07:05 - 39 minutes

If you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place, threat analysts have to always be one step ahead of these cybercriminals, deploying advanced and ever-evolving tactics to stop them. On today’s p...

Celebrating Women in Security

March 08, 2021 08:05 - 36 minutes

Today is International Women’s Day, and we are celebrating with a very special episode of Security Unlocked. Hosts Nic Fillingham and Natalia Godyla revisit their favorite interviews with some of the prominent women featured previously on the podcast. We speak with Holly Stewart, a Principal Research Lead at Microsoft and known in the Defender organization as “The Queen of AI.” Holly shares how building a security team with different perspectives helps to better understand and stop threats. N...

Digital Crimes Investigates: Counterfeit Tales

March 03, 2021 08:05 - 35 minutes

Digital crime-fighter Donal Keating revisits the podcast, but this time… it’s personal. *cue dramatic crime-fighting music* The Director of Innovation and Research of the Digital Crimes Unit (DCU) at Microsoft joins hosts Nic Fillingham and Natalia Godyla to regale us with the origin story of the DCU and his captivating career exploits. Whether it’s tales of his early days preventing Windows 98 counterfeits in Ireland or the many international law enforcement raids he’s participated in…there’...

Judging a Bug by Its Title

February 24, 2021 22:16 - 40 minutes

Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely ...

Enterprise Resiliency: Breakfast of Champions

February 17, 2021 08:05 - 46 minutes

Prior to the pandemic, workdays used to look a whole lot different. If you had a break, you could take a walk to stretch your legs, shake the hands of your co-workers, or get some 1-on-1 face time with the boss. Ahh... those were the days. That close contact we once had is now something that many of us yearn for as we’ve had to abruptly lift and shift from living in our office to working from our home. But communicating and socializing aren’t the only things that were easier back then. The wa...

Pluton: The New Bedrock for Device Security

February 10, 2021 08:05 - 48 minutes

Close your eyes, and imagine a world where booting up your computer wasn’t a susceptibility point for attacks. Imagine a Root of Trust that’s integrated into the CPU. Imagine all of your devices being protected against advanced attacks. Now, what if I told you there’s a cutting-edge processor that’s battle-tested for hardware penetrations, easy to update, and protects credentials, encryption keys, and personal data all at once? What if I told you it was already here, and your systems might al...

BEC: Homoglyphs, Drop Accounts, and CEO Fraud

February 03, 2021 08:30 - 46 minutes

CCI: Cyber Crime Investigation. Another day, another email attack - something smells “phishy” in the network. *Slowly puts on sunglasses and flips up trench coat collar* Time to go to work.  Just how easy is it for someone to steal your credentials? Because once they’re stolen, and sold for pocket change, it’s open season. Homoglyphs, drop accounts, email forwarding… is it any wonder billions of dollars have been lost to BEC (business email compromise)? Join hosts Nic Fillingham and Natalia G...

All Your Pa$$w0rd Are Belong to Us

January 27, 2021 08:05 - 44 minutes

Special Edition!  We’ve been told for years how important passwords are, taught how to make them stronger and longer and better, and we frantically tear up our home or office when we can’t find that sticky note where we wrote them down. Life feels like it comes to a screeching halt when we’ve lost our passwords, but… what would life be like if we didn’t need them? Can your passwords truly become a thing of the past? Sounds a bit unnerving, but we can promise you, it’s always security first he...

Under the Hood: Ensuring Firmware Integrity

January 20, 2021 08:05 - 48 minutes

How do we ensure firmware integrity and security? Join hosts Nic Fillingham and Natalia Godyla and guest Nazmus Sakib, a Principal Lead Program Manager at Microsoft, to dive deeper and assess the complexities and challenges that come along with securing firmware - bootstraps and all!   Megamind Bhavna Soman, a Senior Security Research Lead, joins us later in the show and we learn about her journey in optimizing AI and ML to improve efficiency in security and give the humans a break.   In Thi...

Tracking Nation State Actors

January 13, 2021 08:30 - 58 minutes

Watchdogs in tow, hosts Nic Fillingham and Natalia Godyla are joined by guest Randy Treit, Principal Security Leader at Microsoft, to examine the process of identifying the source of a threat and stopping the spread by protecting “patient zero.” Randy has a few key tricks up his sleeve as a defender, but you can decide if they’re more impressive than the antics he and his identical twin have pulled while working at Microsoft. In the second segment, Jeremy Dallman, Principal Program Manager at...

Unpacking the New ML Threat Matrix

January 06, 2021 08:00 - 57 minutes

Yeehaw! “Data Cowboy” is in the building. Join us as Nic Fillingham and Natalia Godyla sit down with Ram Shankar Siva Kumar, aka “Data Cowboy” at Microsoft, for an exciting conversation about the release of a new adversarial ML threat matrix created for security analysts. Have no fear, we made sure to find out how Ram acquired the name, “Data Cowboy”, so saddle up and get ready for the ride! Stick around to hear Nic and Natalia explore the urgency of surfacing threats at a faster rate with Ju...

Twitter Mentions

@drhyrum 1 Episode
@cyb3rward0g 1 Episode