Craig Nelson on Simulating Attacks with Microsoft’s Red Team
The BlueHat Podcast · Microsoft
Audio is streamed directly from the publisher (traffic.megaphone.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions.
In This Episode You Will Learn:
- The need for early detection of vulnerabilities during the development lifecycle
- Why a mix of technical and persuasive skill build successful red teams
- Significance of internal security education and training initiatives
Some Questions We Ask:
- What projects are you pursuing in AI and security?
- How do you have conversations with engineers to influence their security decisions?
- What skills are important for someone aspiring to join the Red Team?
Resources:
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts