Talking Security: Insights from Microsoft Security Experts

by Frans Oudendorp

Season 7

From Vision to Sentinel: How Microsoft Built the World's Most Beloved Cloud-Native SIEM

In this special Talking Security episode, recorded live from Microsoft HQ during the MVP Summit, hosts Frans Oudendorp and Pouyan Khabazi sit down with Ofer Shezaf, the mastermind behind Microsoft Sentinel—the first truly cloud-native SIEM. With over 30 years in cybersecurity, Ofer takes us on a journey through the evolution of InfoSec, shares the origin story of Sentinel, and unpacks what it takes to grow a billion-dollar product. From the early days of SIEM to the role of AI in modern detection and response, this episode is packed with insights, strategy, and a few fun stories along the way. Whether you're a seasoned SOC analyst, a cloud architect, or just curious about how Sentinel became a cornerstone of modern cyber defense—this one’s for you. 👉 Topics covered: - Why existing SIEMs weren’t enough—and how Sentinel changed the game - Lessons from building and scaling a $1B+ cybersecurity product - Real vs. perceived risk in product strategy - The role of community and open-source in shaping the future of cyber defense - Ofer’s advice for the next generation of cybersecurity leaders Grab your Favorito drink, and let’s talk security! 🔐

S7 · E2

May 6, 2025

35:48

From CASB to SaaS Security: Tackling OAuth Threats with Microsoft Defender for Cloud Apps

In this episode of the Talking Security Podcast, we sit down with Itai Cohen from the Microsoft Defender for Cloud Apps team to explore the evolution of SaaS Security — from the traditional CASB (Cloud Access Security Broker) model to a broader, more proactive security strategy. We cover: Why CASB isn’t enough anymore and what the future of SaaS Security looks like The growing threat of OAuth abuse — and why it’s such a hot target for attackers New innovations from Microsoft like Attack Path Analysis and Advanced Hunting for OAuth threats How Exposure Management is helping organizations proactively reduce SaaS risk 🎧 Whether you're a security architect, IT decision-maker, or Microsoft 365 enthusiast, this episode will help you rethink how you protect your SaaS environments. 👇 Don’t forget to like, subscribe, and share with your network. 📬 Got feedback or topics you'd like us to cover? Let us know in the comments or reach out via TalkingSecurity.nl! Outline of the recording 0:00 - Intro 0:22 - Introduction of this episode 2:05 - Introduction of Itai Cohen - Microsoft 2:29 - What was the original goal of Microsoft Defender for Cloud Apps as a CASB solution? 4:10 - Why is Microsoft adding more capabilities on top of the traditional CASB model towards a broader SaaS Security approach? 6:08 - How do you see today’s SaaS threat landscape compared to when CASB solutions first appeared? 10:11 - Why is OAuth has become such an attractive attack vector? 13:53 - What are typical OAuth attack paths, and how do attackers exploit them? 14:50 - Microsoft blog - https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/protect-saas-apps-from-oauth-threats-with-attack-path-advanced-hunting-and-more/4395997-, you announced new capabilities to detect OAuth threats. Can you give us an overview of what’s new? 16:16 - How does Attack Path Analysis help customers better understand and mitigate OAuth risks? 19:10 - Advanced Hunting is now available for OAuth threats — how can security teams leverage this capability? 22:36 - What are some common mistakes you see organizations make when it comes to OAuth permissions and consent management? 26:40 - Exposure Management - How does Microsoft Defender for Cloud Apps contribute to a broader exposure management approach, and how can customers use it 31:47 - How do you see the role of SaaS Security evolving within the wider Exposure Management strategy that Microsoft is building? 33:09 - How does SaaS Security fit into Microsoft’s broader security strategy, alongside Defender XDR and Entra ID? 35:33 - SaaS Security is overlooked? Why? 40:42 - If you weren’t working in security, what would you be doing instead? 42:20 - Closing the episode 43:23 - Outro #SaaSSecurity #MicrosoftDefender #OAuth #CASB #CloudSecurity #TalkingSecurityPodcast

S7 · E1

Apr 10, 2025

43:46

Season 6

Inside Microsoft Sentinel: Data Lake, Graph, and AI with Javier Soriano | Talking Security Podcast

Join Frans Oudendorp and Pouyan Khabazi in this special episode of Talking Security – Let’s Talk, where we sit down with Javier Soriano, Principal Product Manager for Microsoft Sentinel. We dive deep into: - The evolution of Sentinel from day zero to today - The new Sentinel Data Lake and how it transforms long-term log retention and investigations - Why Sentinel Graph matters for SOC teams - The Model Context Protocol (MCP) and its role in agentic AI workflows - What’s next for cloud-native security: automation, AI, and new operating models If you’re curious about the future of Microsoft Sentinel and want practical insights for your security team, this episode is packed with value. 👉 Subscribe for more conversations on Microsoft Security, Modern Workplace, and cloud innovations. #MicrosoftSentinel #TalkingSecurity #CloudSecurity #DataLake #CyberSecurity #ai Chapters:

S6 · E7

Dec 11, 2025

44:35

Let’s Talk: Microsoft Secure Recap – Agentic AI, Sentinel Evolution & Security Copilot Agents

In this episode of Let’s Talk, part of the Talking Security podcast, Frans Oudendorp and Pouyan Khabazi break down the biggest announcements from Microsoft Secure 2025. We explore how Microsoft Sentinel is evolving into an agentic AI platform, the introduction of Sentinel Graph and Model Context Protocol (MCP), and how Security Copilot agents are changing the game for SecOps automation. You’ll also hear about: Graph-based context and why it matters for threat detection Developer extensibility for custom connectors and AI agents Sentinel Data Lake for affordable long-term storage Real-world use cases for agentic AI in security operations Plus, we share community highlights, upcoming events like YellowHat 2025 and KustoCon, and a fun geeky quiz to wrap things up. 👉 Question for you: If you could build your own Security Copilot agent, what would it do? Let us know! 🎙️ Stay safe, stay secure, and keep talking security!

S6 · E5

Oct 8, 2025

42:01

Let's Talk March Update: Zero Days, OAuth Attacks, and the Latest in Microsoft Security

Join your hosts Frans Oudendorp and Pouyan Khabazi in this month's episode of "Let's Talk" on the Talking Security podcast. We dive into critical cybersecurity developments from March, including Microsoft's latest Patch Tuesday addressing seven zero-day vulnerabilities (https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2025-patch-tuesday-fixes-7-zero-days-57-flaws/), and emerging OAuth app attack campaigns targeting Microsoft 365 accounts (https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/, https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/). We highlight important updates across Microsoft security solutions, such as Microsoft Defender for Office's improved reporting tools, Defender for Identity's Enhanced Identity Inventory (preview) (https://learn.microsoft.com/en-us/defender-for-identity/identity-inventory), and Defender for Cloud Apps' new RBAC scoping for behaviors (https://learn.microsoft.com/en-us/defender-cloud-apps/manage-admins, https://learn.microsoft.com/en-us/defender-cloud-apps/behaviors). We also discuss the new GA release of on-demand malware scanning in Defender for Storage, capable of scanning blobs up to 50 GB, and introduce the preview of the Defender for Cloud Cost Calculator. Stay informed with our community spotlight featuring Rod Trent's Security Copilot prompts (https://github.com/rod-trent/Security-Copilot/tree/main/Prompts/Workshop), and get your calendars ready for upcoming industry events, including the Swiss Microsoft Security Summit, ExpertsLive 2025, Microsoft Secure, and RSAC. Plus, tune in for a fun geeky trivia about the first-ever internet domain! Stay vigilant, stay informed, and let's talk security!

S6 · E4

Mar 31, 2025

32:04

🔒Let's Talk Security - Feb 2025 Update | Safer Internet Day, Defender XDR, DeepSeek Data Leak & More

Welcome to another episode of "Talking Security - Let's Talk!" 🚀 This month, we bring you the latest cybersecurity updates, breaking news, and expert insights to keep you informed and ahead of threats. 🔹 Topics in this episode: ✅ Safer Internet Day 2025 – Promoting a safer online world for everyone ✅ DeepSeek Database Leak – Exposing sensitive chat history & backend data ✅ Defender for Endpoint & Office – New reporting and security enhancements ✅ Defender for Identity – Improved attack path visibility & security updates ✅ Microsoft Sentinel Updates – New features & integrations for threat intelligence ✅ Community Spotlight – A new detection engine to protect the Netherlands - https://Threathunters.nl ✅ Event Roundup – The must-attend cybersecurity events of 2025 - https://www.microsoft.com/en-us/security/blog/2025/02/03/hear-from-microsoft-security-experts-at-these-top-cybersecurity-events-in-2025/ ✅ Geeky Fun Fact – The first computer virus & its creators 📢 Join the discussion! Want to be part of our monthly recordings? Fill out the form on - https://forms.office.com/e/DhYZzQ8t6z 👍 Like, share, and subscribe for more cybersecurity insights! 🔔 Turn on notifications so you never miss an update! 💬 What are your thoughts on this month's cybersecurity updates? Drop a comment below! ⬇️ #CyberSecurity #MicrosoftDefender #LetsTalkSecurity #ThreatHunting #MicrosoftSentinel #DataLeak #SIEM #SecurityUpdates

S6 · E3

Feb 17, 2025

40:34

Let's Talk: January Update: Critical Advancements & Key Insights

🎧 Welcome to the latest episode of "Talking Security" - Let's Talk series! Join your host, Frans Oudendorp, and co-host Pouyan Khabazi, as they dive into the crucial advancements and developments in cybersecurity over the past two months. 🕵️‍♂️ In this episode, we cover: - DORA Giveaway: All about the Digital Operational Resilience Act (DORA), now enforced. - Defender for Office 365 LLM: Breaking down new threat classification details - https://www.linkedin.com/posts/markolauren_defenderforoffice-xdr-mdo-activity-7283818118110470145-6_pp - LDAPNightMare: What has happened in LDAP. - Microsoft Sentinel Updates: From Bicep templates to SOC optimizations and more. - Community Spotlight - https://rogierdijkman.medium.com/detecting-fasthttp-bruteforce-attacks-on-entra-users-42ceb13bf856 - Event Roundup - 38C3 - From phishing to Tenant takeover - https://www.youtube.com/watch?v=uowTmPomYcg YellowHat - https://yellowhat.live/ WPNinjaNL Connect / MC2MC Connect - https://wpninjas.nl/connect/ - Fun Geeky Element: Trivia challenge - reach out on our LinkedIn page - https://www.linkedin.com/company/talkingsecurity 🚀 Don't miss out on these essential updates and expert insights that can help fortify your organization’s defenses. Tune in now, stay informed, and remember - stay safe, stay secure, and let’s keep the conversation going! Thank you for your continued support. Don't forget to like, share, and subscribe for more insights from the world of cybersecurity!

S6 · E2

Jan 25, 2025

35:56

Let's Talk: Microsoft Ignite 2024 Security Highlights

Join us for the inaugural episode of "Let's Talk," a new series within the Talking Security podcast, where hosts Pouyan Khabazi and Frans Oudendorp delve into the latest updates from Microsoft Ignite 2024. In this episode, we cover the groundbreaking advancements in Microsoft Security products, including updates to Defender for Cloud, the launch of Defender for APIs, and new capabilities in Microsoft Entra and Microsoft XDR. Discover how these innovations will shape the future of cybersecurity, with discussions on AI advancements, quantum computing partnerships, and enhanced security measures. Tune in for a comprehensive recap of Ignite 2024 and insights into staying ahead in the ever-evolving world of cybersecurity. Don't miss out on the key highlights and expert analysis in this exciting new series! KustoCon Playlist - https://youtube.com/playlist?list=PL9sQKc0RBCiB73e4q-847W02Rzt3qPzbR&si=f0MbGvjGml8SOTxP Ignite 2024 Book of News - https://news.microsoft.com/ignite-2024-book-of-news/

S6 · E1

Dec 16, 2024

49:57

Season 5

From MVP to Microsoft: Building Cyber Resilience in the Public Sector with Ronny de Jong

In this episode of Talking Security – MVP Security Insights, we sit down with Ronny de Jong to explore his remarkable journey from cybersecurity MVP to his current role at Microsoft. Ronny shares insights on: 💎 His career path and what inspired him to join Microsoft 💎 The unique cybersecurity challenges facing governments and public institutions 💎 How Microsoft’s security portfolio supports national resilience 💎 Balancing innovation, compliance, and operational realities in the public sector 💎 Future trends in threat intelligence and security operations 💎 Practical advice for aspiring cybersecurity professionals 💎 The meaning of true cyber resilience and moving from reactive to proactive security Whether you’re passionate about public sector security, curious about Microsoft’s approach, or looking for career inspiration, this episode is packed with valuable takeaways. Chapters: 01:28 Introduction and welcome to Talking Security podcast with guest Ronnie Young 04:37 Ronnie's career journey starting with Microsoft certifications in early 2000s 07:10 Journey into modern management, Intune blogging, and early community involvement 09:22 The story of becoming a Microsoft MVP and staying humble in the community 13:04 Decision to transition from MVP to Microsoft employee and joining the security team 20:37 Cybersecurity challenges in public sector vs private enterprises 23:25 Microsoft security portfolio approach focusing on fundamentals first 32:13 Future trends in cybersecurity and the role of AI in security operations 35:35 Advice for cybersecurity beginners on frameworks, basics, and keeping it simple 46:23 Personal motivation and what keeps him energized in cybersecurity work

S5 · E11

Nov 28, 2025

54:31

Identity Security, Entra ID & Innovation: Insights from Eric Woodruff | MVP Security Insights

In this episode of Talking Security – MVP Security Insights, Frans Oudendorp and Pouyan Khabazi sit down with Eric Woodruff—Chief Identity Architect at Semperis and long-time identity expert—to explore his journey from managing Active Directory in the public sector to shaping cutting-edge identity strategies in the cloud era. Eric shares what it means to truly be “in” cybersecurity, the evolving role of Entra ID, and the significance of identity research like the UnOAuthorized project. We also dive into global challenges in identity management, the balance between strong security and business agility, and how community collaboration through IDPro is driving vendor-agnostic progress. Whether you're new to identity or a seasoned expert, this conversation is packed with real-world insights, practical advice, and forward-looking trends shaping the future of identity and access management. ⏱️ Topics include: - Career journey and cybersecurity pivot - Challenges guiding identity strategy at Semperis - Identity research, Entra ID, and privilege paths - Cloud-first learning paths and emerging trends - Balancing airtight security with operational flexibility - Community contributions, hobbies, and staying grounded ⏱️ Timestamps 00:00 – Teaser 00:55 – Intro 01:24 – Introduction of the podcast 07:03 – Eric’s identity journey: From AD in the courts to cybersecurity at Semperis 09:28 – Challenges as Chief Identity Architect: Building identity strategy for SaaS 14:41 – Global identity security challenges: Public vs. private sector insights 19:43 – Research spotlight: The UnOAuthorized project and privilege path exposures 25:00 – App Registrations: Risks, visibility, and best practices 28:00 – Advice for newcomers to Identity Security 30:14 – Can you learn identity with only cloud knowledge? 32:23 – Future of Identity and Access Management: Entra ID, trends, and predictions 37:35 – Balancing airtight identity security with business agility 42:05 – The role of community: IDPro and vendor-neutral collaboration 44:32 – QuickFireFun questions 46:40 – Closing thoughts and takeaways 47:43 – Outro 📌 Subscribe for more expert interviews on identity, security, and modern workplace innovation.

S5 · E10

Jul 2, 2025

48:14

1 of 6