In this episode of The BlueHat Podcast, host Nic Fillingham is joined by George Hughey from Microsoft who returns to discuss his Blue Hat India talk on variant hunting, explaining how MSRC uses submission data from hacking competitions like Pwn2Own and Tianfu Cup to uncover additional security vulnerabilities in Windows. George shares how incentives in competitions differ from bug bounty programs, how tools like CodeQL assist variant hunting, and why collaborating with the security research comm...
Jul 09, 2025•39 min•Season 1Ep. 57
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft’s MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also expl...
Jun 25, 2025•42 min•Season 1Ep. 56
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share Ram Shankar Siva Kumar’s dynamic keynote from BlueHat India 2025, where he explores the evolving threat landscape of AI through the lens of the Microsoft AI Red Team. From adversarial machine learning to psychosocial harms and persuasive AI, Ram highlights real-world case studies, including prompt injection, content safety violations, and memory poisoning in AI agents. Ram underscores the urgent need for robust re...
Jun 11, 2025•40 min•Season 1Ep. 55
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone share David Weston’s keynote from BlueHat India 2025. David explores the growing role of on-device AI in Windows, the security risks it introduces, and how Microsoft is rethinking architecture to defend against new threats like model tampering, data exfiltration, and AI-powered malware. He also shares insights on innovations like Windows Recall, biometric protection, and the future of secure, agentic operating systems. ...
May 28, 2025•39 min•Season 1Ep. 54
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Felix Boulet fresh off his participation in Zero Day Quest. Felix talks about his unique journey from industrial maintenance to becoming a full-time vulnerability researcher, and how that background fuels his passion for hacking and bug bounty work. He explains his method for finding bugs in Microsoft products—particularly in identity systems—and why identity is such a valuable target for attackers. Felix ...
May 14, 2025•33 min•Season 1Ep. 53
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Marco Ivaldi , co-founder and technical director of HN Security, a boutique company specializing in offensive security services, shares his journey from hacking as a teenager in the '80s to becoming a key figure in the security research community. With nearly three decades of experience in cybersecurity, Marco digs into the ongoing challenges, particularly in Active Directory and password security, highlig...
Apr 30, 2025•49 min•Season 1Ep. 52
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Dhiral Patel , Senior Security Engineer at ZoomInfo and one of MSRC’s Most Valuable Researchers (MVR). Dhiral shares how a hacked Facebook account sparked his passion for ethical hacking. From web development to penetration testing, Dhiral has become a top bug hunter, landing multiple spots on the MSRC leaderboards. Dhiral reflects on his early MSRC submissions and lessons learned. He also discusses the im...
Apr 16, 2025•42 min•Season 1Ep. 51
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl , a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a secu...
Apr 02, 2025•35 min•Season 1Ep. 50
In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Brad Schlintz , independent security researcher and bug bounty hunter. Brad shares how he transitioned from a decade-long career as a software engineer to hacking Microsoft products while traveling the world with his wife. He recounts his early days tinkering with RuneScape bots, his experience working in SharePoint and Azure at Microsoft, and the moment he first encountered a real-world cybersecurity inci...
Mar 19, 2025•39 min•Season 1Ep. 49
In this episode of The BlueHat Podcast, Nic and Wendy are joined by seasoned security researcher, and CTO of Morphisec, Michael Gorelik. Michael discusses his approach to security research, which often begins by exploring PoCs released by other researcher groups and continues through to the release and validation of – sometimes multiple rounds of – fixes. Michael also provides an overview of this BlueHat 2024 presentation from last October and discusses his upcoming participation in the Zero Day...
Mar 05, 2025•46 min•Season 1Ep. 48
In this episode of The BlueHat Podcast, host Nic Fillingham is joined by Scott Gorlick , Security Architect for Power Platform at Microsoft. Scott shares his unconventional journey into cybersecurity, from managing a KFC to driving big rigs before landing in tech. He dives into security research in Copilot Studio, discussing how AI models interact with security frameworks and how researchers can approach testing these systems. We also explore his recent training video on YouTube , which provides...
Feb 19, 2025•44 min•Season 1Ep. 47
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner , Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session , and outlined in this MSRC blog post , Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft’s enterprise level, detailing how au...
Feb 05, 2025•46 min•Season 1Ep. 46
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by BlueHat 2024 presenter Joe Bialek , a security engineer at Microsoft with over 13 years of experience. Joe shares his fascinating journey from intern to red team pioneer, recounting how he helped establish the Office 365 Red Team and pushed the boundaries of ethical hacking within Microsoft. He discusses his formative years building sneaky hacking tools, navigating the controversial beginnings of red team...
Jan 22, 2025•47 min•Season 1Ep. 45
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone welcome back George Hughey and Rohit Mothe from the Microsoft Security Response Center (MSRC) to discuss their latest blog post on mitigating NTLM relay attacks by default. George and Rohit explain their roles in vulnerability hunting and delve into NTLM, a 40-year-old authentication protocol, outlining its vulnerabilities and the risks of relay attacks, which function as a type of man-in-the-middle exploit. They highl...
Jan 08, 2025•40 min•Season 1Ep. 44
Yonatan Zunger , CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He...
Dec 25, 2024•54 min•Season 1Ep. 34
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Johann Rehberger , security expert and Red Team director at Electronic Arts. Johann shares his career journey through roles at Microsoft, Uber, and EA, highlighting his expertise in red teaming and cybersecurity. Johann shares the inspiration behind his book on Red Team strategies and discusses his BlueHat 2024 talk on prompt injection vulnerabilities, a critical and evolving AI security challenge. Johann...
Dec 11, 2024•49 min•Season 1Ep. 43
In this episode of T he BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone present an insightful address by Corporate Vice President and Head of Product for Microsoft's Developer Division, Amanda Silver . Amanda discusses the importance of securing the software supply chain and Microsoft's efforts to protect the open-source ecosystem. She introduces the Secure Software Supply Chain Consumption Framework (S2C2F), a model for tracking and defending against vulnerabilities in open-source depend...
Nov 27, 2024•46 min•Season 1Ep. 42
In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal , also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht. Chris’ talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure. Chris presentation provides a fascinating reflection on...
Nov 13, 2024•48 min•Season 1Ep. 41
In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Arjun Gopalakrishna , a security engineer at Microsoft, to discuss his fascinating journey from software engineer to security leader. Arjun reflects on his 11-year tenure at Microsoft, including how a childhood experience with a computer virus sparked his curiosity in cybersecurity. He talks about his early exposure to security issues while working in Windows and his eventual transition to Azure security...
Oct 30, 2024•43 min•Season 1Ep. 40
In this episode of the Blue Hat Podcast, hosts Nic Fillingham and Wendy Zenone interview each other to give listeners insight into their personal and professional backgrounds. Nic recounts his unique career journey, which began with jobs like working as a chicken butcher and selling CDs, before joining Microsoft as an Xbox demo specialist. His career with Microsoft spanned various roles, ultimately leading him to work on the Blue Hat program, where he was captivated by the concept of ethical hac...
Oct 16, 2024•36 min•Season 1Ep. 39
Jim Hull, Program Manager at MSRC joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast to share insights into his role in reviewing vulnerability reports and managing cases. They dive into the submission process, detailing the types of reports accepted by MSRC and what happens after a researcher submits a potential vulnerability. The conversation also highlights the accessibility of the portal for anyone interested in identifying security issues, whether they are p...
Oct 02, 2024•39 min•Season 1Ep. 38
Guy Arazi , a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and ser...
Sep 18, 2024•44 min•Season 1Ep. 37
Ryen Macababbad , Principal Security Program Manager at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Ryen discusses their career journey, including the return to Microsoft after working in security architecture and customer trust engineering. Ryen shares insights from their time at Hacker Summer Camp 2024 in Las Vegas, emphasizing the importance of creating frictionless security measures that don't hinder productivity. They explain that when security becomes a ba...
Sep 04, 2024•41 min•Season 1Ep. 36
Michael Howard , Senior Director at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Michael shares his journey at Microsoft, starting from his early days in New Zealand as part of a small team of ten. He discusses his extensive career, his contributions to cybersecurity, and his role in the development of essential security books like "Writing Secure Code" and "The Security Development Lifecycle." Michael reflects on the importance of fundamental security principles...
Aug 27, 2024•48 min•Season 1Ep. 35
Yonatan Zunger , CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He...
Aug 07, 2024•54 min•Season 1Ep. 34
Craig Nelson , leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and t...
Jul 24, 2024•38 min•Season 1Ep. 33
Dmitrijs Trizna , Security Researcher at Microsoft joins Nic Fillingham on this week's episode of The BlueHat Podcast. Dmitrijs explains his role at Microsoft, focusing on AI-based cyber threat detection for Kubernetes and Linux platforms. Dmitrijs explores the complex landscape of securing AI systems, focusing on the emerging challenges of Trustworthy AI. He delves into how threat actors exploit vulnerabilities through techniques like backdoor poisoning, using gradual benign inputs to deceive A...
Jul 10, 2024•47 min•Season 1Ep. 32
Shawn Hernan , Partner Security Engineering Group Manager at Microsoft joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Shawn leads Microsoft Cloud & AI Security Assurance, overseeing an international team of security professionals dedicated to proactively addressing security challenges through vulnerability research, penetration testing, and threat modeling. Drawing from his extensive experience in early cybersecurity, Shawn shares valuable insights into ...
Jun 26, 2024•44 min•Season 1Ep. 31
Tom Gallagher , VP of Engineering and head of MSRC, joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. After nearly 25 years at Microsoft, Tom reflects on his early days at the company, where he started as a penetration tester on SharePoint, offering insights into the evolving landscape of cybersecurity since 1999. Tom shares a few different experiences from his journey, including auditing a local ISP's security in exchange for a job, and his transition from an ...
Jun 12, 2024•32 min•Season 1Ep. 30
Aaron Tng , a Microsoft Student Ambassador and BlueHat Conference Speaker, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Aaron shares how his curiosity during the pandemic in 2020, sparked by the surge in cyber-attacks, propelled him into the world of cybersecurity. Through dedicated self-learning and leveraging resources like the Microsoft Learn website, Aaron achieved multiple certifications, laying the foundation for his expertise in cybersecurity. Aaron is also passiona...
May 29, 2024•33 min•Season 1Ep. 29
