1/ A few weeks ago I gave a talk about how Security Fundamentals functions across the OneDrive + SharePoint organization. A short thread 🧵 on how we framed this topic and what we believe success looks like in our engineering organization:

Creating a Mastodon profile: infosec.exchange/@mswann

Great security engineering removes dangerous levels of access by system operators' credentials. That means that great security engineering also has a prerequisite of ensuring that high-reliability operation is possible without retaining unrestricted powers of interactive access.

A sneak peek at what Ram Shankar Siva Kumar and I have been working on. Available now for pre-order, our book tours the various ways that AI can be hacked in serious and sometimes entertaining ways. Currently the #1 New Release on "Business Ethics" on Amazon! All proceeds go to charity!

Kyle and the team at iFixit have made incredible progress over the last 19 years. Thrilled to see the impact they’re making at the local, national, and global scale!

Celebrating the release of Ram Shankar Siva Kumar and Hyrum Anderson’s book “Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them” a.co/d/4eyzZHG

Key Guard prevents certificate private keys from being extracted from a compromised Windows device, even if the intruder has kernel-level access 🔥

PCT Section J has been on my bucket list for years. Excited to be part of John Lambert’s epic adventure!

“when someone is compelled to measure they are likely to be initially worried (or horrified) by those results and then do some self-correction before you even stipulate an outcome” 💯

“A Confidential VM turns the threat model for a VM upside-down: a core pillar of any virtualization stack is protecting the host from the guest, but with Confidential VMs there is a focus on protecting the guest from the host as well.” 💯

This BlackHat talk is going to be great 💣

This resonated strongly for me: “For a long time work has given a significant meaning to a large part of my life…I think a big part of the purpose of life is about pursuing meaningful goals while trying to make that effort as enjoyable as you can.”

140,000 steps. A week from today I start my section hike of the Pacific Crest Trail with Matt Swann. I am mindful of these things: ▪️Respect the preparation. Route details, gear choices, fitness, and pack weight make a difference on every step ▪️Hike your own hike. Savor the

Today Matt Swann and I completed our hike of a section of the Pacific Crest Trail. Huge thanks to Ram Shankar Siva Kumar for giving us a lift to the trailhead. Here is what we experienced 👇

📢The Microsoft AI Red Team is hiring across all levels! Your area can be Adversarial ML or Responsible AI or Pen testing, and you will fit right in! Questions? DM always open Junior: jobs.careers.microsoft.com/global/en/job/… Senior: jobs.careers.microsoft.com/global/en/job/… Principal: jobs.careers.microsoft.com/global/en/job/…

Once you have seen which events are delivered in #ETW channels, the events from the normal event logs will never be enough, no matter how verbose the audit policy is set

Security is like retirement: - you need to be investing monthly, - the best time to start investing is now, - investments bear compound interest over time, - the effectiveness of “catch up contributions” is limited

AMSI integration is now enabled by default on SharePoint Server 2016, 2019, and Subscription Edition: techcommunity.microsoft.com/t5/microsoft-s…

It started with an X on a map. I had hiked this valley many times before, but this was new. The map showed routes leading to this place. What was it?