The CloudnSec Podcast

In this episode of CloudnSec, join me as I break down the vital role Operating Systems (OS) play in our digital lives. Let's thinkg about how the OS harmonizes the various components of your devices to ensure performance and resiliency. We’ll explore different types of OS, with a focus on General-Purpose OS, and dive into the critical security measures that protect your system at the Kernel level. Whether you're a tech enthusiast or a cybersecurity professional, this video provides essential insights into the backbone of modern computing. Check out the images and more details in my blog post: https://andrecamillo.medium.com/operating-systems-types-and-common-archetypes-8db81455e1ac Sources: https://www.geeksforgeeks.org/types-of-operating-systems/ https://www.javatpoint.com/types-of-operating-systems https://superuser.com/questions/305626/what-are-the-different-types-of-os-general-purpose-os-rtos-etc https://www.bbc.co.uk/bitesize/guides/zbfny4j/revision/5

SANS released their 2024 Security awareness report which includes a range of polls from professionals all around the world - more than 1000 participants over 70 countries according to them.Let's have a look at the main results. Make sure to access the source for all the details 👇 Find the full report here: https://www.sans.org/mlp/ssa-2024-security-awareness-report/ Follow and leave a comment. https://linktr.ee/andrecamillo

This is an amazing tool for Offensive security professionals - make sure to check it out. Check out GraphSpy's github: https://github.com/RedByte1337/GraphSpy And follow Keanu on Linkedin for updates: https://www.linkedin.com/in/keanunys/

Answer is... yes, but not at a master level! At least not in this game... Here's why.

According to major consultancies and some extrta reports, here are some of the trends for the field in 2024. SOme have already turned into reality whereas others not so much, let's have a look at some of them. Sources: https://www.gartner.com/en/newsroom/press-releases/2023-03-28-gartner-unveils-top-8-cybersecurity-predictions-for-2023-2024 https://www.isaca.org/resources/news-and-trends/industry-news/2023/track-these-7-trends-for-proactive-cybersecurity-in-2024 https://www.forbes.com/sites/forbestechcouncil/2023/12/26/eight-cybersecurity-trends-to-watch-for-2024/?sh=25ca76044111 https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/critical-scalability-trend-micro-security-predictions-for-2024 https://www.microsoft.com/en/security/security-insider/microsoft-digital-defense-report-2023/

Flavio has been a Network and Cyber security professional for the past decade supporting Enterprises in Brazil with Cisco technologies and more recently Fortinet - and has dedicated himself to CompTIA certifications over the last couple years. In this chat, we talk about his journey and thinking behind using these certification frameworks to become a better Cyber Security Consultant / Presenter and the many successes of this journey and how the work put into it has affected his professional and personal (mental) life. He's also very active in social media and maintains a number of projects (most content in Portuguese): YouTube Channel: https://www.youtube.com/@segdesc LinkedIn: https://linkedin.com/oflavioc Instagram: https://www.instagram.com/segdesc/ Hope you enjoy the chat! Let me know in the comments your thoughts about it!

This is part 2 of my conversation with Ahmed, in which he goes in details on the Azure Well-Architected Framework and shares tips on how to use it properly. Find the Azure Well Architected Framework documentation here: https://learn.microsoft.com/en-us/azure/well-architected/ Follow Ahmed Muhi on Linkedin: https://www.linkedin.com/in/ahmedmuhi/ And his blog and work here: https://www.iamachs.com/ Leave a like, Subscribe to support (It's all FREE! 😉) ! Check out my other projects and follow me on Linkedin / Spotify / etc: https://linktr.ee/acamillo

Microsoft Azure Well Architected Framework (WAF) is a cornerstone of good Cloud Design. In this session, Ahmed - Cloud Network MVP - explains what is WAF , how it compares to Cloud Adoption Framework and discuss the main updates for 2024 with its revised format. Find the Azure Well Architected Framework documentation here: https://learn.microsoft.com/en-us/azure/well-architected/ Follow Ahmed Muhi on Linkedin: https://www.linkedin.com/in/ahmedmuhi/ And his blog and work here: https://www.iamachs.com/ Leave a like, sub and all the shananigas to help out! Follow me everywhere else: https://linktr.ee/acamillo This is available in spotify and my podcast: Cloudnsec learning Podcast.

Working with Microsoft technologies as a partner, customer and consultant involves being part of communities, fomenting connections and sharing knowledge through various ways. In this chat I heard from Bill how he's spent the last couple of years dedicating himself to blogging, being part of the official Microsoft Techcommunity and working with Sentinel, Defender and more to be awarded Security MVP status. We also discussed some old technologies from the Microsoft Security stack that you may have never heard of! Find Bill on his blog and linkedin: / bill-clarkson-antill https://www.billscybersecurity.blog/ Let me know in the comments your thoughts about it! Like, Subscribe and Follow for more: https://linktr.ee/acamillo

Leopold Aschenbrenner has dropped a 160+ pages long document around his thoughts on the future of AI, and how much involvement the government should have in it. Fascinating thoughts, and parallels drawn with last century's biggest military project: the atomic bomb. A must read document for everyone, In this video I go over his thoughts that are related to the security of it all - and they are plenty! Relax, sit back, get your cup of coffee and reflect on his thoughts alongside me. Find the paper here: https://situational-awareness.ai/ Let me know in the comments your thoughts about it! Like, Subscribe and Follow for more: https://linktr.ee/acamillo

In late February 2024, NIST released the much anticipated (by cyber nerds, of course) Cyber Security Framework (CSF) 2.0. Some major changes are included, most notably the addition of a new Function with its categories. I've invited for this chat, Kelly Hood a Cyber Security Engineer from Optic Cyber Solutions (https://www.youtube.com/@OpticCyberwho's) been digesting the new framework and creating great content and commentary around the changes lately. Amongst the changes, the way NIST proposes the use of Profiles is something worth keeping an eye on. Check out our conversation about the subject which even tips into how AI should be part of organizations' plans... All the documents related to the newly released documents: https://www.nist.gov/cyberframework Images sourced from: NIST CSF 2.0: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf NIST CSF 2.0 Profiles: https://www.nist.gov/profiles-0 Let me know in the comments your thoughts about it! Like, Subscribe and Follow for more: https://linktr.ee/acamillo

Impact, may be measured both subjectively and objectively - which (I learned, is) a true intersubjective concept. In Cyber security and Education impact can mean something as simple as conveying a message clearly. Describing complex themes in cyber security through images is a great way to do so and it's what Richard Diver, my interviewee for this episode does, brilliantly with his series: "Drawing Cyber Security" and a lot more. In the video we dicuss how he decided to start such articles, and his career has led him to most recently AI security, which he's recently released a book about, called "Guardians of AI: Building innovation with safety and security": https://www.amazon.com/Guardians-AI-Building-innovation-security/dp/B0D2TRVK33 In his own words: "Richard Diver is your guide through the intricate world of AI safety and security. With a career spanning 29 years in technology, Richard has experience in many roles, from support and engineering to architecture, consulting, sales, and now marketing and story design. His deep technical expertise in Microsoft Security, Compliance, and Identity (SCI) has been honed through experiences across multiple industries and collaborations with some of the world’s largest organizations, governments, and military customers. Not just a tech wizard, Richard is a storyteller. Dive into his world and discover the insights he has to offer." Linkedin: https://www.linkedin.com/in/rdiver/ His Books: https://www.amazon.com/stores/Richard-Diver/author/B075PGD64J?ref=ap_rdr&isDramIntegrated=true&shoppingPortalEnabled=true Modern SOC architecture article: https://www.linkedin.com/pulse/11-modern-soc-architecture-richard-diver/?trackingId=hWyfvr1BQ46MtmYhxzVaNQ%3D%3D Developer Security article: https://www.linkedin.com/pulse/12-developer-security-richard-diver/?trackingId=e9QkwCUKQ4aMp0g2eIm%2FpQ%3D%3D Leave a like, Subscribe to support - It's all free and made with passion! Check out my other projects and follow me on Linkedin / Spotify / etc: https://linktr.ee/acamillo

There have been major announcements to Microsoft Defender Threat Intelligence (MDTI) and I thought it was a great chance to go over the fundamentals of the tool. In the video I cover: - The very basics of what is Threat Intelligence, diving into - What is MDTI - How does it work - A brief look at the Free and Premium experiences. - A demo of the Free Experience in Defender XDR. These are practical scenarios and use cases, demonstrating how Cybersecurity Engineers and SOC analysts can apply these insights in real-world settings. Whether it’s through tracking and analyzing threats or raw IOCs, you'll see how to use MDTI today. Links I mention in the video: 1. https://techcommunity.microsoft.com/t5/microsoft-defender-threat/introducing-mdti-free-experience-for-microsoft-defender-xdr/ba-p/3976635 2. https://techcommunity.microsoft.com/t5/microsoft-defender-threat/new-at-secure-mdti-in-defender-xdr-global-search/ba-p/4083158 3. https://techcommunity.microsoft.com/t5/microsoft-defender-threat/mdti-standalone-portal-retirement-and-transition-to-defender-xdr/ba-p/4077806 4. https://learn.microsoft.com/en-us/defender/threat-intelligence/infrastructure-chaining 5. https://learn.microsoft.com/en-us/defender/threat-intelligence/data-sets Follow me in other channels too: https://linktr.ee/acamillo Thanks for tuning in and leave a comment to ohelp with the Algo!

When I stumbled upon a blog post about OpenAI enabled Sentinel automation, I knew I was looking at potential. Not too long after, Another post revealed TI Mindmap - a cloud service for GPT enabled Threat Intelligence "digestion" if you will, and both created by Antonio Formato - an Italy-based Security Technical Specialist at Microsoft. I reached out to hear from him about the creation of these and more tools by him - turns out he's a very prolific and cyber security community supporter! His TI Mindmap rely on a research I covered last time, with Thomas Roccia, to prove the community builds on itself and the open source approach garners amazing results for everyone! Shout out to Thomas, once again. Amazing work Antonio! And thanks for the chat! You can findhis blog here: https://medium.com/@antonio.formato And TI mindmap here: https://ti-mindmap-gpt.streamlit.app/ Let me know in the comments your thoughts about it! Like, Subscribe and Follow for more: https://linktr.ee/acamillo

Thomas Roccia is a Snr Cyber Security Researcher at Microsoft, a Book writer, tool creator for the Cyber Security Community, and a speaker at SANS summit and much more. In the Second part of this 2 part series I talk to him about his work and research on YARA Toolkit - an outcome from 100 days of YARA Challange. Among the cyber security community , open source tools are just imperative for effective work. And this here is something you must have your eyes on - if you're an Analyst / Engineer / Responder and even Forensic investigator - because YARA is one of those tools for these roles! This toolk greatly simplifies how you create and use YARA Rule, this is the YARA Toolkit, by Thomas Roccia. Details about the Yara Toolkit: https://blog.securitybreak.io/introducing-yara-toolkit-43dcab9caba1 The tool currently includes: 1. YARA Rule Generator 2. YARA Scanner 3. YARA Arsenal . Strings Mutation . ImpHash . Opcode Rule Gen . Strings Ranking Extraction and more. Read about the tool's capabilities here: https://blog.securitybreak.io/introducing-yara-toolkit-43dcab9caba1 Access it here: https://yaratoolkit.securitybreak.io/ And the awesome BYOK GPT enabled engined for YARA rules: DocYARA https://yaratoolkit.securitybreak.io/Ask_DocYara Check out his SANS CTI summit participation talking about this subject alongside Cyb3rwardog - Roberto Rodriguez, here: https://www.youtube.com/watch?v=9PpfYaAxFq4&t Check out his book here: https://store.securitybreak.io/threatintel His blog here: https://blog.securitybreak.io/ Twitter: https://twitter.com/fr0gger_ Follow him here: https://www.linkedin.com/in/thomas-roccia/ Let me know in the comments your thoughts about it! Like, Subscribe and Follow for more: https://linktr.ee/acamillo

Thomas Roccia is a Snr Cyber Security Researcher at Microsoft, a Book writer, tool creator for the Cyber Security Community, and a speaker at SANS summit and much more. In the first part of this 2 part series I talk to him about his research on how to Apply LLM and AI to automate some Theat Intelligence gathering / review processes. Check out his SANS CTI summit participation talking about this subject alongside Cyb3rwardog - Roberto Rodriguez, here: https://www.youtube.com/watch?v=9PpfYaAxFq4&t Check out his book here: https://store.securitybreak.io/threatintel His blog here: https://blog.securitybreak.io/ Twitter: https://twitter.com/fr0gger_ Follow him here: https://www.linkedin.com/in/thomas-roccia/ Let me know in the comments your thoughts about it! Like, Subscribe and Follow for more: https://linktr.ee/acamillo

From Psychology to Cybersecurity: A Trailblazer's Tale 🛡️ In this part 2 of my conversation with Hilary Walton, we discuss her remarkable journey of overcoming challenges and setting new benchmarks in the tech and cyber industry. 🌐 Including how Hilary transitioned from the female-dominated domain of Psychology to stand her ground in the male-dominated fields of tech and cybersecurity. This video explores the unique challenges she faced, the impostor syndrome that crept in, and how she conquered these feelings to earn her place at the table with confidence. Half-way through she shares bits of wisdom on how to pursue goals with determination, building up relevant skills, and never losing sight of what you aim to achieve. Learn how mentors like Suzy Whiles and Hellen Clark played a pivotal role in her journey, offering insights that are not just valuable but also serve as a pro tip for anyone looking to grow in their field. And I couldn't help asking about her philosophy of Work and her focus on fostering a positive digital culture. From the origins of digital culture to the innovative methodology of "working out loud" as championed by John Stepper, this video unveils how using a network and being transparent about one's journey can pave the way for success, something I've been unknowingly doing for the past few years... She also shared how platforms like Social Media, YouTube, and Podcasts are not just tools for networking but pivotal in transparently sharing your journey, learning, and contributing to the digital community. Check out Hilary's projects including her Digital ideas whatsapp group: https://chat.whatsapp.com/LULdX7yAtPy37vLFiteXqW https://www.youtube.com/@UC4dwoi3AqnpBmiaWvkac76w Check out my other projects and follow me on Linkedin / Spotify / etc: https://linktr.ee/acamillo

In this Cyber Chat, I speak to Hilary Walton - She'll explain how she transitioned from the world of Psychology to a leading figure in Cyber Security as a CISO and now at Microsoft as a Technology Strategist/vCTO. Starting her journey in the Psychology unit of the defense force, Hilary took a leap across the pond to London where her adventure in Cyber Security began within the elite MI5's Behavioral Science Unit focusing on Security Culture. 🕵️‍♀️ Exploring various dimensions of cyber security, from the tangible aspects of physical security to the intricate layers of Information Security and beyond. One of the Highlights you'll hear about is her experience leading the charge on security for the monumental 2012 Olympic Games 🏆, implementing robust security policies and ensuring the games were safe and secure. Plus, running a SOC in the games! Well, in fact, ever wondered what it's like to work in the adrenaline-pumping early versions of a SOC, then known as "Protect and Monitor"? Hilary's been there, diving into "bibles" of playbooks at a moment's notice to tackle threats! Get ready to be inspired by Hilary's incredible journey from deciphering human behavior to mastering the art of cyber security! This is Part 1 one my conversation with her. Check out Hilary's projects including her Digital ideas whatsapp group: https://chat.whatsapp.com/LULdX7yAtPy37vLFiteXqW https://www.youtube.com/@UC4dwoi3AqnpBmiaWvkac76w Check out my other projects and follow me on Linkedin / Spotify / etc: https://linktr.ee/acamillo

Copilot for security is among us and a slew of capabilities have been added to Defender XDR. I demo some of them in my demonstration tenant in the video. Additional news include: Microsoft named leader in Managed Detection and Response by Frost and Sullivan: https://www.microsoft.com/en-us/security/blog/2024/03/25/frost-sullivan-names-microsoft-a-leader-in-the-frost-radar-managed-detection-and-response-2024/ Defender for Endpoint improvements for MacOS and Offline Linux deployments! Defender for Cloud Apps' role permissions have been updated. Defender for Identity health checks via API And more... Here's the source and more articles/details: https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-april-2024/ba-p/4104169 Follow me in other channels too: https://linktr.ee/acamillo Thanks for tuning in and leave a comment to ohelp with the Algo!

When developing and using Generative AI solutions, as a Security professional, you will need to understand what are the threats that the technology might be exposed to. Understanding attack surface is key to our jobs , of course. Let's discuss this. This is just a start to think about this subject but keen to hear your thoughts about it. Learn more about this here: https://learn.microsoft.com/en-us/training/modules/responsible-generative-ai/5-mitigate-harms Let me know in the comments your thoughts about it! Like, Subscribe and Follow for more: https://linktr.ee/acamillo