Welcome to the Azure Security Podcast where we discuss topics relating to security, privacy, reliability and compliance on the Microsoft Cloud Platform. Hey everybody, welcome to episode 92. This week it's just myself, Michael and Sarah, and we have a guest this week, Martin Abbott, who's here to talk to us about Global Azure. But before we get stuck into Global Azure and talking to Martin, let's take a little lap around the news. Sarah, why don't you kick things off?
Okay, so I have some this news. So a couple of things. For a start, if you didn't see already, we announced Microsoft Ignite for 2024. It's going to be in November and it's going to be in Chicago. So pop that in your calendars if you haven't already. We've announced it much earlier this year, so hopefully more people can plan to come along. So that's exciting. I am hoping I will get to go. I don't know about you, Michael.
I haven't been to Chicago since 2011, so it's been a while since I've been there. So yeah, assuming I get to go, I'm pretty excited for that. So that's the first one. Then a couple of things that I have been working on that have been released the last couple of weeks. We started airing, well, at the time of recording this a few days ago, a series called Co-Pilot LeetSpeak. I'm very happy we got to call it something kind of fun. It's a webinar series that's airing every couple of weeks.
It's airing on Tuesdays at 9 a.m. Pacific time. But if that is not a good time for you, which it may well not be, if you live on my side of the world, it's not a great time. If you register for the webinar, you can also watch it on demand after the air date. Basically it's a 13-part series. We're interviewing some Microsoft folks and also some external industry experts about AI security.
Obviously, there's some Co-Pilot in there, as it would suggest by the name, but it is more generally a series just interviewing experts and people who really know what they're talking about about AI security. And obviously we all know that's a hot topic at the moment. So if you're interested, go sign up. And the episode started airing, as I said, at the time of recording a couple of days ago, but it's going to be running all the way through to August.
So I'm biased, of course, but there's an amazing host doing the interviews. So go check that out. The other thing, the last thing I have for today is we released a Security 101 course. It's completely open-sourced. We'll have the links to all of these in the show notes, by the way. And it's a security basics course. And I do mean basics. It's literally explaining seven lessons. They should take maybe about half an hour to an hour. And it's explaining the very basic fundamentals of security.
It has also been written by my good self. You can watch some videos of me as well in that course. But it's maybe for probably a lot of the folks listening, it might be a little bit too foundational. But if you have any people who are wanting to get a base in security basics, that's not product focus at all, that's all just about understanding those principles like the CIA triad, what a security control is, et cetera, et cetera. Then it's worth going and checking out as a starting point.
And it is entirely open-sourced. It's on GitHub. So you can clone it. You can do whatever you want with it. It is there for you to use as you wish. So go check that out as well. That's at aka.ms slash sec 101 dash beginners. So yeah, and it was released about 10 days ago. Again, at the time we're recording the podcast. And the response has been really amazing for this one in particular.
It's had crazy amounts of views because of course we can track the views on the GitHub repo and apparently lots of people need to know their basics still, which is probably not surprising. Anyway, that's all the news from me. So Michael, over to you. On the topic of the security training, yeah, I'm a huge fan of that sort of stuff. I think we can't assume that everyone knows everything about security, right? We have to make sure that there's a new wave of people learning security.
I mean, it's just such a fundamental thing today with this massively interconnected environment that we have called the internet that if you're building something or designing something or whatever or managing something on the internet, you really want to make sure it's secure. So I think sort of helping the next generation, so to speak, is really huge. So as to my news, a few items. The first one is my colleague Peter Van Hover has written an article on always encrypted SGX and VBS enclaves.
So SGX being the Intel Software Guard extensions and VBS being virtualization based security. So that's two different enclave technologies that we have when using always encrypted. And Peter wrote a blog post sort of comparing and contrasting the two very well worth a read. So my personal preference is VBS mainly because it's just easier to set up and there are more options in terms of the computer underneath. But hey, sometimes you might have to use SGX. So go ahead and read the article.
Next one is we now. So okay, the very most fundamental level in Windows, there is a thing called SimCrypt. SimCrypt means symmetric encryption, even though it does asymmetric as well in hashing. The most lowest level is this thing called SimCrypt. We've now got a Rust crate that wraps those APIs, which is actually really nice. So now you can actually build into your Rust applications, FIPS 140-2 validated modules into your Rust code, which is really cool.
And it's just another example of Microsoft's commitment to the Rust infrastructure. Next is a video that I recorded with my colleague Anna Hoffman. Last time I was in Seattle and it's just, I don't know, it's just me vocalizing some security best practices around, I mean, not just SQL databases, but certainly SQL databases in general, but it's just some security best practices that people need to think about. So that video is available right now as well.
And last on the news front, Defender for Cloud has now added a whole bunch of new compliance checks that apply to both, sorry, that apply to AWS, Azure and GCP. More compliance checks is always a good thing. So they're actually in preview now, if I remember correctly. But yeah, go and check that out again. So to all the things that Sarah and I just talked about, we'll have links in the show notes. Now let's turn our attention to our guest.
As I mentioned, we have Martin here this week, who's here to talk to us about global Azure. So Martin, welcome to the podcast. We'd like to just take a moment to sort of introduce yourself to our listeners. Thanks Michael, and thanks Sarah for the invite. Yeah, so hello, Martin Abbott. I'm one of the admin team for global Azure. I'm actually a Brit in Australia. I live in Perth, Western Australia, which I like to think is the sunniest state of Australia, of course, because that's where I live.
Yes, my background is very much around systems integration and integrating various distributed systems and enterprise systems in a secure and meaningful way. But more latterly around Azure as well. I did work for Microsoft two and a half years as well, until about a year ago. And now I work for a very large WA government department where I'm running a huge program of work, which is terribly, terribly exciting.
But again, it's all again, down to things like financial systems and so on and so forth. So security is a pretty key aspect of all that stuff. So Martin, just there for anyone listening, WA government, that's the Western Australian government, right? The state government. Correct. Yes, yes, absolutely. Western Australian government. Yeah, not Washington. Not Washington state. Not Washington state. It's surprising how many times that gets mixed up. I'm sure, I'm sure.
That's what I think of too, you know? I think of, I think, well now I think of both because I've lived in both Washington and Australia. I probably will context switch appropriately, but it does depend sometimes. All right, so let's get to the most obvious of questions. And that is, so what is global Azure? And honestly, why should anybody care? Right, so a little bit of history, I suppose, is probably where to start. So global Azure was started, I think it was 12 years, this is our 12th year.
And by a couple of guys called Magnus Martensson, who's regional director and Microsoft most valuable professional, and Alan Smith in Sweden. Soon after that, a couple of other people joined and the snowball started getting bigger and bigger and bigger. And essentially what it is, it's an effort by the community for the community. So we encourage local user groups to run events. We run it on a very specific day. And we kind of try and follow the sun.
So I think our greatest achievement there was starting in Auckland and finishing in Hawaii, that's a few years ago. This year, we're up to about 50 odd locations, something like 50 or 60 locations globally, and that's accelerating as we get closer to the dates. The dates this year, by the way, just a very important case in point really is April 18 to April 20. We're running for three days this year, last year and the year before.
And actually all the way through COVID, we ran through for three days. Prior to that, it was just the Saturday. Yeah, so that's kind of roughly it in a nutshell. We kind of coordinate events, I suppose, and we make sure that people are sponsorship and so on and so forth. So we're encouraging sponsors to come on board right now. And of course, Microsoft is one of our biggest sponsors. Most of the folks listening to this podcast are either security people or very interested in security.
So in terms of, of course, you said, you know, people can submit any kind of Azure topic. But of course, just to be super clear, that does include security, right? That's an important topic. 100%. And look, the security doesn't end with, you know, Defender and various other technologies, of course, it includes anything to do with, you know, software to software security, you know, as well. Whether that's through an API layer, whether that's through some kind of containerization.
So it's across the board and making sure, you know, if you go back to that time when Bill Gates sat down and said security is the number one thing that we need to worry about, it's all to do with that. Security is across the board in everything. So. Michael, you will know more about this. I like to laugh at Michael because he's been at Microsoft for a very long time and remembers the days of Bill Gates and Bill Gates and all of that.
So Michael, you remember when Bill Gates talked about trusted computing and all of that stuff, right? Actually, it was trustworthy computing. So but yes, I do remember it very well. And also, you know, back in those days, he referenced Running Secure Courage, which was a book that David LeBlanc and I had written at the time. So yeah, very, very familiar with those days. Can you still buy that book, Michael?
Because I know that you've well, as you and I know, I sometimes meet people who listen to the podcast. And recently I met a gentleman who said he really needed to meet Michael because he needed him to sign the copy of his book. Yeah, no, you can still buy it. In fact, you know, actually, to be honest with you, I'm still getting royalties off the book. I mean, it's not like tons and tons of money at this point. But but yeah, no, you can still buy it.
Yeah. I mean, imagine getting called out by Bill Gates. That's pretty cool. Yeah, there's a whole long story there. One day I'll tell the story. There is actually a very long story there that I'm all right, we don't have time to do it right now. But one day, yeah, I think we need we need to document that at some point. Absolutely. That's an episode. That's a separate episode, maybe Michael. I think so. Yeah. All right, let's get back to the topic. And yeah, yeah, we digress.
But Martin, so I mean, I mean, anybody who has met me or follow some of my activities knows I spend a lot of time in conferences and submitting to conferences and doing call for papers. But and this is something we haven't talked about in the podcast. But what would you say? Because I often come across people who say, Sarah, your job looks very glamorous. You get to go and talk at lots of conferences and do things. But how do I get into like the conference speaker circuit?
And of course, global Azure is an opportunity for people to do that. So if there were people listening who maybe have not submitted to a conference to a call for papers before, do you have any tips for them or thoughts? Would you say global Azure is a, you know, a good place for people to kind of cut their teeth if they've not done it before?
I think the nice thing about global Azure is that we really encourage things to be locally run and and, you know, whilst we can't provide financial support for any of that, one of the things we do encourage is that is that those local organizations, and in my case, that's the Perth Azure user group here in Western Australia, that they actually publish CFPs, so call for papers.
So essentially what there's many ways of doing that, but by far the most common way is to go through a piece of software or a website called Sessionize, where you can log in and essentially there's two aspects to Sessionize. One is the view that people who are organizing events see, which is that ability to do a call for papers.
And the other side of that is what us as individuals who are submitting presentations see, which is where we essentially create a list of the things that we want to talk about. So typical presentations, you know, so title and the content. And then when it comes to running through a CFP or going to a CFP, it's very easy to then submit your talk because you've already written it essentially. So you can just push that talk to the people.
The good thing about the Sessionize side of things is global Azure actually has some really tight integration into Sessionize. So if you do run your CFP through Sessionize as a local event, you can actually publish the speakers information and the talk that they're talking about directly through to global Azure's website. So I mean, I know Sessionize well, that's one of my favorite CFP platforms because it remembers all my talks so I can just resubmit them if I want to.
But in terms of, and I have some thoughts here too, in terms of sometimes people ask me like, what are good topics? And now I know I realize that it's a very difficult question to answer because of course a good topic in inverted commas could be, there are many good topics out there. But in terms of, do you have any sort of thoughts or advice for people on how to craft a good CFP submission or things to avoid, do's and don'ts? I've got some things to add here after you say something, by the way.
Yeah, I mean, I think the key thing here is that it's important to just go for it, right? So you'll find, and one thing that I've always found very useful when I've done CFP submissions in the past is actually reaching out to organizers afterwards if I haven't been accepted and finding out roughly what went wrong, what were they looking for? And most organizers are pretty good and will tell you and give you some feedback. That's one good tip that I've always found is really useful.
In terms of topics, I think the topic can be largely anything, but remember that a lot of the larger organizational conferences, so things like the NDC conferences is a good example of this. They get thousands of submissions. So having a catchy title can be the difference between whether your thing gets accepted or not. So that's one thing. Probably in your CFP content, I've always found that I prefer to not go into too much technical detail, and that's just a personal thing.
But you do have to try and tell a story. So snappy title and a good story in your CFP submission is certainly one of the things that gets me excited when I read them. But I think the key thing really as a person is submitting is just keep submitting, just keep submitting because you will get accepted to somewhere. And then, as I say, just seek feedback as to when you haven't been accepted.
Yeah, and I want to add to that someone who both submits to conferences and actually does reviews, paper reviews as well. What I can say, and I'm going to talk obviously very specifically about security side of the house, is it doesn't matter if you think a topic's been done before, as long as maybe you have a new angle on it. But also don't jump on the bandwagon of something that's currently trendy just for the sake of it. This is probably the best advice I can give people.
So I can tell you that I, and Michael, you might have some thoughts here too. I can tell you that I did a CFP review for an event where I had to review around a thousand papers. That was a silly amount of papers, but that's a different discussion, a different story. But I tell you, probably at least 10% of them, and this was a very broad security conference, but at least I'd say 10% of them were about AI security. Now of course AI security is new, it's trendy, everyone wants to talk about it.
But the fact is, and this was six months ago, the fact is that a lot of, most people are not experts in AI security at the moment. And of these 10% of talks, I'd say almost all of them were just AI security is interesting. What can we do with it?
I think there was no interesting angle, the people, also when it's somebody, one of the reasons you put a bio in a presentation, when a submission is, is so you can sort of see, you know, your level of expertise or your background and why you might be qualified to talk in something. And most people didn't have any background at all. They were just submitting for the sake of it because that's the trendy thing.
And that really isn't going to necessarily, it does obviously depend on conference organizers, but a lot of the time that's not going to help you be successful. So I really strongly advise people to talk about something you actually know about or talk about, you know, don't just submit something about AI security, for example, because that's trendy right now.
Because if you don't look like you actually know it, if it's not a topic that you're super familiar with or you have any level of knowledge of, what will happen is you'll just write a very generic submission and it will probably be the same as 15 others and that will reduce your likelihood of being successful. I don't know, Michael, you've been around the block and you must have done some CFPs in your time. Yeah, you know, I have a different, slightly different angle on this.
And that is, first of all, I totally agree. You know, if you are passionate about what you do and you know your stuff really well and you have interesting ideas, then just keep, you know, just keep signing up for CFPs, just keep submitting, just keep submitting. I totally agree. The other thing is, to Sarah's point, you've got to be an expert in your field. It doesn't matter what topic you're doing, you've got to make sure you know the topic. And let me give an example.
Back in the very, very earliest days of Microsoft when I first started, most of what I did was on Windows, Windows development using the Windows SDK and the C compiler back in the day. You know, you asked me a question, if I was presenting on those on those topics, you know, you throw a question at me, you know, I've got you covered more than likely. Well, I would often get asked to do like presentations on Microsoft Office and so on and so forth back in the day. And I knew nothing about Office.
In fact, it got to a point where I would actually say, look, I'm not presenting on that because I don't know that I don't know it well enough. And so you got to make sure that, you know, to your point, it's not just a generic presentation, it has to be a presentation that you know, technically, you know, very, very well, because you want people to throw questions at you. And look, we don't we don't always know the answers to absolutely everything.
But if you come across as someone who really doesn't know anything at all about the topic, you know, it's just not going to go well. And that will show in the in the scores that you get, you know, the feedback that you get, you may not ever get invited back to a presentation to, you know, if you just don't know what the heck you're talking about. So that's number one. Number two, one of the nice things about doing these things is getting your name out there.
The big part of sort of security, just tech in general, but definitely security is being known as the person who is, you know, well known, you know, covering a specific topic. You know, let's say security and AI. Well, that's a very big topic. So what do you have new to bring to the table?
And if it's something really new that no one's ever thought about before or an interesting way of looking at it, then, you know, that could that could end up going down as your magnum opus, you know, and you're the person who kicked that off. The way I look at it is not a great analog, but here we go. Smashing the stack for fun and profit by a left one, right? That was probably the seminal paper on the topic.
And a left one was like the go to person when it came to all, you know, stack based memory corruption vulnerabilities. There's been not numerous papers like that and presentations like that. And, you know, are you going to be the next person to do the next smashing the stack for fun and profit, you know, but in AI or perhaps in crypto or perhaps in scalability and security? So I don't know. I mean, you know, forge your own path on the topic of reviewing, you know, papers in the call for papers.
I don't like people who provide basically war and peace. Like it's a five page submission. I mean, luckily today I can throw that into chat GPT and get a summary, but 99 times out of 10, I'm going to gloss over it. Like, I'm not trying to be rude, but to your point, Sarah, if you've got like a hundred or more CFPs submissions to review, you know, there's only so much time in the day.
And if you give me like a succinct two paragraphs to the point and to your point, Martin, about telling a story, I'm a huge fan of that. Tell your story. And you know, if you can grip me quickly, catch my attention quickly, then the odds are better that I'm going to say okay to you or to your submission. So it's just some of my thoughts. I realize a bit rambling, but some of my brain works anyway. But yeah, any other thoughts on any of that stuff?
Yeah, I mean, I'm a huge fan of the two paragraph presentation summary, right? You know, it's the setting the scene and then slightly more dig into the detail of things. I will just say one thing about some other aspects of this though, and that is that expert is one part, but actually just trying to give it a go is also good. What do you mean by giving it a go? At Global Azure, we try and encourage anybody to submit. Of course we do.
At the same time, we, you know, at Perth Azure User Group, we sometimes run lightning talks for people who are very early in their presentation career, I guess, and people who are fairly early in career as well. So sometimes there's aspects that are people who are knowledgeable in their area, but may not be experts, but are just trying to forge their own path in terms of beginning to present at conferences. Actually, I like that idea. The lightning talks idea is fantastic.
Some of the best lightning talks I saw, let's say between five and 10 minutes long max, hey, we tried to do this security thing. Doesn't have to be security, obviously. I'm just giving an example. We tried to do the security thing. It didn't work, but here's everything we learned along the way that actually got it to work and got it to work at scale. That sort of stuff is gold, right? People's actual experience. It's not what's in the manuals. It's not what's in learn.microsoft.com.
It's not in the online documentation. It's actually stuff that you really did in the real world and things didn't necessarily go as well as you thought they would go, but the lightning talk covers just the real world experiences. Yeah, that from the trenches kind of conversation, I think is gold because it's what we all go through. Another one is that I'm a big fan of, and I've actually done a couple of them at Microsoft.
One of the ones that was really, really popular is this notion of a lap around. In other words, a lap around a topic, which means just the high level points really quickly, things that you really should know. One of them that I gave end of last year was a lap around Rust. Basically, this is what Rust brings to the table. This is what it means to set it up. Here's the errors you're going to find when you're setting it up. What does Hello World look like in Rust?
Now let's build on top of that and talk about some of the funky stuff that's in the language. That was the first half, and then the second half was about the borrow checker, if you know anything about the borrow checker in Rust. The whole point is just a lap around. Let's say you've worked with a feature for some time and you know it pretty well. You could do a lap around always encrypted. You could do a lap around common AI security attacks. A lap around permission management as a SQL database.
I'm just making it up. I like the idea of a lap around as well. They can be very, very specific, relatively short, and just really covering key aspects that you should really know about whatever feature you're talking about. I'm just saying one of my former colleagues, he's still at Microsoft, so he's a friend but former colleague, did a really great presentation on that very subject around OAuth in the APIs. It was really, really punchy to the point.
Just tells you what you need to know and comes with a repo, so even better. Actually, that's another great point. OAuth 2 is a complex protocol. Some would argue overly complex, but that's just my personal opinion, but here we go. I think a lap around OAuth 2 is magnificent because it's just like a simple introduction to the key points, like what's a flow. Guide one is OAuth 2 is not authentication, it's authorization. Then you continue from that point forward. I love that idea.
In fact, I would pay to see that presentation, I think. I'll tell you what as well. The one I want to throw in here as well because we've talked a lot about people being an expert in something. I'm sure there are people listening who think, oh damn, I'm not an expert. That's totally fine.
I just wanted to mention a presentation I did when I was very early in my presenting career was I actually did a presentation about, and this was pre-Microsoft days, about trying to install some of the Netflix chaos tools and trying to work with them. It was called My Rage Quit Journey, Trying to Configure Chaos Tools.
I actually did a talk about, because for those of you who aren't familiar, Netflix have some tools called Chaos Blah, there's various different ones, and they're for chaos engineering. I was playing around with them and I actually did a talk in Boston. Basically I just talked about as a noob to those tools, trying to configure them, trying to get them to work. Although Netflix make these tools and they open source them, they are notorious for not having a lot of documentation with them.
I actually documented my journey of trying to use them. For those of you out there who might be thinking, oh, I'm not an expert, how can I possibly do this? That's another way to do it, is talk about how you learn something. That's also very interesting because understanding how people learn, it's definitely something that will be relatable to people earlier in career.
It's a new take and of course for the veterans out there, it's sometimes quite amusing to see a presentation of how people learn as well because it helps us build better products and stuff. That's just a suggestion I wanted to throw in there.
That's an important one because a lot of technologists are tactile learners, so being able to put hands on keyboard, understand what people have gone through and being told what that journey is and being able to follow along at home as it were, I think is a really, really great way of learning for a lot of people like us. The other thing I want to point out about the word expert, because I realize you guys are all hanging off my reference to expert, but everyone's an expert at something.
I actually genuinely believe that. It doesn't matter who you are. It doesn't matter what walk of life you come from. You're an expert at something. Sometimes that practical experience, it makes you an expert at something. So don't be put off by... I understand where you guys are coming from. By experts, I don't mean being in field for 25 years and written the book and written the thesis and so on. I don't mean that.
I just mean you're really good at something you've done and you've done well and you've learned along the way. I do think that's really important. If you've installed something... So to your point, Sarah, about the chaos tools, actually we talked about in the last episode, we talked about chaos studio and we touched on some of the chaos monkey stuff out of Netflix.
But even though you may not know absolutely everything there is to know about the chaos tools, you're an expert in installing them because you went through the hard take of doing it and you documented the things that you found. That's probably stuff that no one in the audience even knows about. That immediately makes you an expert in that topic. It doesn't mean you know everything, but it means, hey, we tried this and it didn't work.
But if you flip this switch and you put your hands on your head and you do a 360, then it's going to work. That makes you an expert. When I was saying an expert, I mean, don't just go up there and talk about a topic you know nothing about because that's just not good for anybody. Yeah, and agree, right? I think if you have the confidence to talk, you should also have the confidence to answer questions.
And if you can answer the questions, whether that's high level or low level, depending on the presentation you're doing, I think it's important that you put yourself up in front of people. You have to show up. It's not really just about standing in front of people and talking for 20 minutes, half an hour or however long the presentation is and then walking off stage. I actually want to bring up something else real quick.
And I realize we're totally, by the way, for everyone who's listening, we are completely ad-libbing this, by the way. There is no agenda whatsoever. Isn't that our normal podcast? No, because we write down some topics that we're going to cover, right? And then we sort of ad-lib each topic. But right now we are totally winging it. So a colleague of mine, she's not presented much in the past. And she's got a presentation coming up in the next few days. And she's incredibly nervous about it.
But one thing I've, I've been sort of working with her on her presentation, as have a couple of other colleagues. And she's terrified actually of presenting in front of people. I said, look, don't, don't, don't worry about it one little bit. I mean, you know your topic very, very well.
And one thing I've told her, this is from my perspective, because it works well for me, is you can soften that impact of almost thinking you don't know the topic well by sharing some stories about how that feature or that thing-a-me-bob came to be. Or the process, I don't want to give the game away for her particular talk in case anyone goes to see it. But you know, I said, I said, so hey, you know, we, we do a whole bunch of threat models that we build internally for our features.
And you know, one of the questions that comes up in every single threat model, every threat model is a topic that is the topic that she's covering. So you know, start out with that story. You know, it's a lot of presentations, including very technical ones, the most successful ones revolve around some kind of story. And so she's taken that to heart. And all of a sudden she feels more comfortable because she knows that story because she was part of that story.
And so if anyone asks her a question on that, you know, she knows the answer, right? Because she's been actively involved in that. And also what you're doing is you're sort of cementing your expertise with the audience by saying, hey, we do this on a daily basis and I do this on a daily basis. And here are the things that we've learned. And that's why this feature that I'm going to talk to you about is so important.
And that way you've sort of broken the ice, you've softened that relationship with the audience and the rest of it should hopefully just flow from the start of that story. So I'm a big, big, big fan of personal anecdotes and personal stories when you're giving presentations no matter how technical they are. Agreed. And I think what that does, if you're a nervous presenter, it helps ground you as well because it makes you talk about yourself, which most of us like doing, I guess, to some degree.
And it just kind of helps orientate your mind, I think. Yeah, it gets some of those nervous, that nervous energy out of the way. I used to work with a guy, he was the general manager of Microsoft New Zealand. His name was Chris Keller back in the day when we first started Microsoft. And he used to shadow box, seriously, he used to shadow box behind the stage to get rid of that nervous energy. He was actually terrified of presenting, but that's how he would do it.
You go to the back and there's Chris just shadow boxing, just getting that nervous energy out. And he would often start by telling a story about how whatever he's about to talk about affected him or affected customers or how a particular customer wanted this. And those kinds of stories are just absolutely gold. So yeah, anyway, I realize we're completely ad living. Hopefully we can bring it back on topic a little bit. Sarah, is there anything else you want to add?
No, I think I mean, I think we've covered what we wanted to. I know this has been a little bit of a different episode.
But I do think, like you were saying before, Michael, that it is actually really, it's really, I think even if you're not a natural at speaking, and it's not something you want to do all the time, certainly if you're trying to build your, I know it's a cheesy phrase, but build your brand or, you know, just get your name known a little bit and in the community, then going and doing talks at user groups or events like global Azure or any or B sides
or whatever, you know, you know, it's not realistic to expect you'll go straight to black hat or something is a really good way just to meet new people, but also have more people familiar with you. And of course, that can only benefit your career. So I think although we're, this is a little bit different to our usual episodes that we haven't talked about technical stuff so much.
I do think it's an important soft skill side of things that everyone should at least think about doing, even if it's only once or twice and you're not talking at a conference like every other week like I do, because I'm extreme. Yeah. And I think to Martin's point about global as you're being, you know, sort of local, a big focus on local, I think that's incredibly important as well. Again, it's not a black hat, but that's fine. You got to start somewhere.
And if that's even if you're not starting someone, even if you're an expert, you know, getting to meet local people, I think, who are interested in Azure, obviously in our perspective security and Azure, getting to know local people is a great way of building up that sort of that web of relationships. And I'm a big fan of the whole human element. A lot of people in my group know a lot, know that I'm a diver and I'm not going to lie, I share videos of diving shenanigans with people in our group.
And the reason why I do it is just, you know, it's that human element, right? And I know a lot of things a lot of other people get up to when they're not working, because at the end of the day, we're all human beings. And that human relationship aspect is so critically important.
And I think things like global as you're important, again, because of that local, that ability to sort of build a local web of contacts and relationships and people you can talk to, and perhaps even people who can give you future ideas for presentations. Oh, 100%. And look, and we were always a global event that was local, right? That was always really the point. And obviously, the pandemic put a hold on a lot of those things.
I think the biggest one we did was just before the pandemic when we had 336, I think it was 236 events globally and about 15,000 attendees. And we're up to nearly 60 now. And for anybody who's listening, if you go to globalazure.net, you'll be able to see instructions on how you onboard your event to the global Azure. I'll call it a platform, but it's really a bunch of people behind the scenes pulling wires and plugging them in other places. But that's what the global team does.
So yeah, I think there's no doubt in my mind that the local aspect of that, getting people in a room, getting people talking to each other, that generates its own conversations. And that ability to network and be relatable like that in those environments is gold. You can't buy that. All right. So Martin, I'm not sure if you're aware or not, but one thing we ask our guests, if you had one final thought to leave our listeners with, what would it be?
Yeah. So I think I want to just tie into something Sarah mentioned around AI security and webinars that are coming up, because that's been something on my mind. I've got three kids. I remember giving them tablets many years ago. And as I handed them the tablets, I said to them, you know what? This is the worst computing device you will ever own. And that's something that's super, super powerful.
And I think back to when I was growing up and doing Emerald School engineering at Manchester University and all the stuff that I had to go through in order to just get time on a very large supercomputer to run some computational models. And here I am handling a very, very powerful device. I think we're at that kind of intersection point now between humanity and technology, which is going to be very, very interesting.
I was reflecting on this this morning thinking that kids are in kindergarten right now. When they get to year 12, year 12 in Australia is the final year of education. Before you go to tertiary education, things will have moved so quickly. Going back to my Emerald School engineering days or my engineering background, I remember saying to my children when SpaceX landed the Falcon 9 at the landing pad saying, you have no idea how important this is.
I think we're getting to this point now where we're making leaps forward in technology. And as we reach out to the stars and all the planets and the stars, things like the ability for people to not be on all the time, for us to move from the AI aspects of process automation to actual real inference and intelligence to be able to run very, very complex systems when there is no human interaction available is going to be huge. Honestly, all those things are going to happen in our lifetimes.
So I think it's a really, really interesting time to be in technology, to be in AI, to be in security, because that's going to be a huge aspect of that, to be in ethics around AI ethics. Again it's going to be a very, very interesting 10 to 25 years, I think, in the future. Well, Martin, it's been a super interesting conversation to have with you.
I know a little bit different to our normal topics, but for those of you who are wanting to maybe expand your horizons and challenge yourself in 2024, if you don't do talks and CFPs, hopefully this has been helpful. And with that, we'll wrap up today's show. As Michael says, stay safe and we'll see you on the next one.