Craig Nelson on Simulating Attacks with Microsoft’s Red Team

Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions.    In This Episode You Will Learn:     The need for early detection of vulnerabilities during the development lifecycle  Why a mix of technical and persuasive skill build successful red teams  Significance of internal security education and training initiatives    Some Questions We Ask:      What projects are you pursuing in AI and security?  How do you have conversations with engineers to influence their security decisions?  What skills are important for someone aspiring to join the Red Team?     Resources:   View Craig Nelson on LinkedIn    View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn  Related Microsoft Podcasts:    Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts