Podcasts
The Microsoft Threat Intelligence Podcast
Ep 65
The Microsoft Threat Intelligence Podcast 3.25.26
Ep 65 | 3.25.26

Winter SHIELD: Closing the Security Control Gap

Show Notes
Transcript

Sherrod DeGrippo: Welcome to The Microsoft Threat Intelligence Podcast. I'm Sherrod DeGrippo. Ever wanted to step into the shadowy realm of digital espionage, cybercrime, social engineering, fraud? Well, each week, dive deep with us into the underground. Come here for Microsoft's elite threat intelligence researchers. Join us as we decode mysteries, expose hidden adversaries, and shape the future of cybersecurity. It might get a little weird. But don't worry. I'm your guide to the back alleys of the threat landscape. Welcome to The Microsoft Threat Intelligence Podcast. I'm Sherrod DeGrippo with Microsoft. Today we're talking about what actually reduces breaches. We're talking about what the FBI sees, what they see repeatedly, and why intrusions succeed. As part of Operation Winter Shield, Microsoft has focused on hard truth and security. Yes. We have a lot of awareness. We're constantly doing awareness. We have an entire month dedicated to being aware. But let's talk about execution. Most of the successful intrusions don't begin with a zero-day. They start with controls that weren't implemented. All of us know this. All of you are nodding your head right now as you're listening. Things are enforced inconsistently, controls degrade over time, and we want to look at that gap from a national law enforcement perspective. So today I'm joined by Jarrod Forgues Schlenker, Acting Assistant Section Chief in the FBI's Cyber Division. Jarrod has visibility across the recurring patterns in those investigations nationwide. And what we're going to talk about today is what the FBI consistently sees, where that security intent breaks down, and what controls would actually stop breaches. So the focus here for us is patterns; prevention; and actual discipline, not really just awareness. Jarrod, welcome to The Microsoft Threat Intelligence Podcast.

Jarrod Forgues Schlenker: Thank you so much, Sherrod. I am very excited to be on the podcast. I'm really excited to talk with you all about my experience, what I've seen as I'm investigating cyberthreats across the Bureau and then helping in the assistant section chief role now to give our investigators and our case teams what they need in order to combat these threats. So thank you for having me on the podcast. I am very grateful to be here and excited to talk about Operation Winter Shield and how we can better action security in order to protect the American people.

Sherrod DeGrippo: I love that. That's what got me excited about this. Let's kind of tell the audience how -- first of all, how we met. So, I'm Sherrod; you're Jarrod. We met at CYBERWARCON at lunch, and that was in November in 2025, you know, in the DC area. As you saw, I brought some energy because your name is Jarrod.

Jarrod Forgues Schlenker: Yes, you did. It was great. It was the exact energy that I needed in my life. So, when I had the opportunity to jump on the podcast with you, as -- I couldn't turn it down, for sure. But, no. It was -- it was awesome. You know, the CYBERWARCON is a great conference in the role that I -- that I fill now, focusing on Cyber Division's engagement efforts with private sector industry. I have the opportunity to go to those types of conferences, make sure that we're connecting up with the private sector in ways that both facilitate the FBI's ability to accomplish our mission in securing, you know, investigating cybercriminal activity and helping folks secure their networks but then also being able to empower private sector, where appropriate, and through our authorities to expand and augment and amplify the efforts that we have. So it was great to meet you there and glad we could then continue the conversations on with the podcast.

Sherrod DeGrippo: Yeah. That -- you really spoke to me, I think, when we talked at CYBERWARCON. And then I talked to you a few weeks later when I was driving from my home in Atlanta to visit my dad for Thanksgiving. And you called me and were like, Hey. Let's just talk really quick about this thing that we're doing called Operation Winter Shield. And why don't you characterize for us what you see as Operation Winter Shield, what you think the value is there; and then I'll tell you what I thought about it when you -- when you explained it to me when I was in the car.

Jarrod Forgues Schlenker: Yeah. Absolutely. So, for us, you know, our mission within Cyber Division of FBI is to secure the homeland, right? That's a huge part of our mission. We engage with victims all the time. We also investigate the bad guys. But there's a piece of this that -- where we are uniquely situated, given the optics and the information that we have through our investigations, to empower the public to protect themselves and to be that catalyst for positive change. And that was the impetus for this operation, this initiative, Operation Winter Shield, to think about ways that we can leverage our unique insights through our investigative efforts to really hammer home a lot of the things that companies can do, even if it's little steps, and organizations can do to move the ball forward in securing our networks across the country and to really provide an obstacle and a barrier to threat actors based on what we know they do through our investigations. So the shield part of Operation Winter Shield, we in the government, we love our acronyms, right? If we didn't have a catchy acronym that was also a word, what would we be doing?

Sherrod DeGrippo: I know. That's a big part of the business over there.

Jarrod Forgues Schlenker: Absolutely. We spend probably an inordinate amount of time coming up with good acronyms. But the idea of securing homeland infrastructure by enhancing layered defense, that concept is really the objective of this operation, right? That encapsulates what we're trying to do. So highlighting the key defensive measures that can be taken by organizations in order to we -- talk about imposing risks and consequences on actors, but some of those risks and consequences, the costs that come from increasing our defense collectively as a team that's trying to secure our networks, you know, industry and both public and private, that's really what this gets to. That's at the heart of this -- this initiative.

Sherrod DeGrippo: I was really excited when you and I talked about Operation Winter Shield for a couple of reasons. But, for me, I'm really old school. Like, I've been around a really long time. I was a computer nerd from a very young age. I've been in security 22 years or something. I think I share this with a lot of people who've been in the work for a long time, which is, yeah. I'm aware. Yeah. I know what we're supposed to do. Uh-huh. Everybody knows you're supposed to do that.

Jarrod Forgues Schlenker: Yeah.

Sherrod DeGrippo: But getting on with the actual practical business of doing the darn thing is something that I think we're constantly running into these barriers of, Oh, we don't have the resources. Oh, we can't get the IT support. Oh, we can't get around the business asking for all of these things to do first. Oh, we need to implement features in our code before we can put security in. Working with organizations and enterprises for so long and hearing those constant refrains of all the reasons we can't is what made me so excited about Winter Shield is that, to me -- I won't speak for the FBI. They did design the program. But, for me, Operation Winter Shield is, yeah. I know you get it. Now let's do it. K

Jarrod Forgues Schlenker: Yeah. Yeah. That's absolutely right, right? It's a call to action to actually start moving the ball forward on this. And I think you articulated it perfectly. We all in this -- in security, in this space, in cybersecurity, we know what we need to do. None of this should be ideally news for folks. This is not outside of any of the typical frameworks that you would see. All of these things that we're pushing, you know, that we're articulating, it's all stuff that folks have heard before.

Sherrod DeGrippo: Right.

Jarrod Forgues Schlenker: It's not meant to be this, you know, revolutionary way to secure networks. It's just not what it is. The goal is -- I think a lot of times it's just theory how -- I won't say a failure -- a lack of implementing these components, it's theory how that affects you, right, until it's not theory anymore. And we in law enforcement, dealing with the victim side day in, day out, we see the not theory part of this, the actual, practical effect that it has on victim companies, victim individuals when these measures are not implemented. And so trying to highlight some of that, to make it more tangible, to hopefully motivate people, encourage people to take even just one step, right? Because even just a little step towards security can go a tremendous way in providing that obstacle to the adversary.

Sherrod DeGrippo: That's something that I really found attractive about this. And then the other thing was how just deep nerdy it really was, was like I -- so, for those of you that don't know the kind of like application of the way Winter Shield is going, each week or so has a theme. So there's different security control themes each week, which, if you are a security nerd, you just get -- I remember going through the -- each theme each week and was like, Oh. I love these things. These were exciting. MFA. What? And I remember talking to some of my coworkers at Microsoft and side I -- I was in -- I only had like a three-minute section of a really good, big meeting to say, you know, why this was important, why we're supporting it. And I said, Look. We're supporting Operation Winter Shield. It's designed by the FBI, and it's spirit weeks for security.

Jarrod Forgues Schlenker: Yeah. Totally.

Sherrod DeGrippo: And that's kind of how I've tried to approach it is getting super excited, like a pep rally, like a big cheer section focus for each of these different themes each week and talking about why they're so important.

Jarrod Forgues Schlenker: Yeah. Absolutely. I think the only way we could have made this maybe a little more nerdy would have been if we could have, like, gamified it somehow, which, like --

Sherrod DeGrippo: We need an app.

Jarrod Forgues Schlenker: Right, right. Maybe some, like, future iteration, we could -- we could build that into it too.

Sherrod DeGrippo: Next year. Next year I think we should have some kind of like points collection thing for each week that you participate in.

Jarrod Forgues Schlenker: Yeah.

Sherrod DeGrippo: Or like a bingo card.

Jarrod Forgues Schlenker: Oh, yeah. Yeah. Of course. Yep. Government, we love our bingo cards, for sure. So that would definitely resonate.

Sherrod DeGrippo: So let's talk a little bit about some of the actual themes. When you look across the different themes, what's one that you find interesting?

Jarrod Forgues Schlenker: I actually love the one for this week. I'm not going to lie. It's one of my favorites in part is because a lot of the investigative work that I did, I saw the issues where this came up, where folks didn't have the theme for this week, which is -- our week theme for this one is adopting phish-resistant technology. So, previously, before I moved into the role that I'm in currently, I was working investigations that involved some of our sophisticated criminal actors. And they loved phishing people out of their credentials and then just going straight into their accounts and wreaking havoc. So not having multifactor authentication, not having added layers of authentication to protect against phishing and credential compromise, I saw that all the time. So this -- this is definitely one of my favorite on here. It's also one that I feel like, of all the ones that we can implement within security, while it can be a little bit of a pain to have to go through the hoops of having, you know, multifactor authentication to get into your accounts, once you get used to it, it's not that bad. And it really -- it really can disrupt actors' ability to get onto networks and pivot through networks and wreak that havoc that they do.

Sherrod DeGrippo: I love this one, too, because I think people are starting to realize that identity, in many ways, is the new perimeter. So being able to compromise identity gives you insight into incredible things. And I want to kind of bring the audience along with me to understand what identity can do in terms of what a threat actor can do with it. So, first of all, I want you to know that, for the most part, threat actors really don't care about your personal consumer email. They want that juicy, juicy Enterprise ID because it has the ability to move money, access data, and push human people to do things. When somebody is able to log into your ID, they can chat as you. It's not just about viewing your data. It's about becoming you. The identity theft of a corporate identity is so much more valuable to threat actors. It has access to money. It has access to proprietary intellectual property data. It has access to customers, healthcare, financial, all of these different options that you as an individual can access. And then it can become you, essentially, sending emails as you, doing chats as you, accessing all of the files that are tied to that identity. So I really want people to understand, when threat actors are going after identity, consumer, your personal email is not really super attractive. It's your work ID that they want. And so that's a really important one to think about.

Jarrod Forgues Schlenker: Yeah. Absolutely. And it's more than that too. It's also, once you are that person, you can then become other people internally, right? So, like, we talk about threat actors Living Off the Land. And, once you have access into that corporate network, pivoting from there and becoming other people, as well, and escalating who you are within the enterprise and what you have access to becomes far easier than trying to influence from the outside. And you talk about threat actors not caring about your personal email and things like that, right? Absolutely true. What they do care about is when you reuse passwords. And your password for your personal email is the same as the password for your corporate email. The other thing they care a lot about is you as an individual. So much of compromising people's identity revolves around social engineering anymore. Some of the most effective ways that threat actors accomplish their ends is being good social engineers and getting that foot in the door at the highest level they can. And there's the human element there. But, if you have these phish-resistant technologies, if you have these multifactor authentications and these layers of protection to the identity piece, then that social engineering becomes far more difficult. And there's a technical stop there that you can preclude actors from getting into the networks and being able to then move laterally and escalate within.

Sherrod DeGrippo: So would you say, when you're doing work with the Cyber Division, is this a control that you see in incidents being abused constantly?

Jarrod Forgues Schlenker: Yeah. Definitely. I think actors get creative in how they abuse this, right? So sometimes, even if you have different authentication forms, you know, you get a PIN that gets pushed to your cell phone, right? Threat actors get creative in how they work around that. So SIM swapping is a thing that I dealt with a lot, where -- that's a technical term that folks may not be familiar with. But, basically, you have your phone number on your device. Well, bad guys figure out ways to move your phone number to a device that they control. So, when you get that PIN to your phone, it goes to them instead of to you; and then they -- they get into your accounts that way. Actors get creative in how -- how they work through this. But a lack of authentication controls and having phishing-resistant technology on the network is absolutely something we see on a regular basis as the initial access vector through which actors are moving.

Sherrod DeGrippo: I love that that's such a prominent one for this week. What are some of the other themes that you're interested in?

Jarrod Forgues Schlenker: This is kind of on the protection front, on the initial part, which I really enjoy. And I think, when you're talking about implementing controls that protect networks initially and preclude actors from getting in, it's a big one. But another one that I really like is in a different area of control and a different area of this. I really love when people secure and retain their logs. As an investigator, like, that is gold for me. And so that's one of the ones that we have on here, too, is log protection integrity. As we're doing our investigations, building out evidence to actually bring against actors, that's the bread and butter of what we do, right? We can't charge someone if we don't have the evidence. And if companies are in positions where they don't have logs, it makes our work so much harder. But it doesn't just make our work harder. It makes the company's work harder too. It becomes far more difficult for them to identify that activity on their networks, where it started, and how to remediate it. So that one is one of my favorites because it serves sort of everyone's purpose. As we're trying to bring consequences to our threat actors, it feeds directly into that. But, as as companies are trying to understand where threats are coming from and how they're coming in, it allows them to have that visibility too.

Sherrod DeGrippo: And imagine doing an indictment on an actor. Logs are -- are a big part of the foundation of -- of really what you have to make it happen.

Jarrod Forgues Schlenker: Absolutely. So for -- cyber is a unique -- a very unique threat to work because, for us, the crime scene is a network, right? Like --

Sherrod DeGrippo: That's so cool.

Jarrod Forgues Schlenker: Isn't that cool? I love that, right? Like, I don't know that people think about it that way, but --

Sherrod DeGrippo: Oh, the nerds that listen to this podcast do.

Jarrod Forgues Schlenker: All right. Great. Well, so, like, that's the crime scene, right? So, when -- when there's digital forensics happening, you know, like, people watch CSI or whatever, and -- and the -- and they go out with all the cool crime scene stuff; and they're swabbing for fingerprints, right? But, like, we're doing that technically with logs. So if you think about it that way --

Sherrod DeGrippo: All the incident -- all the incident responders that are listening to you right now are like, yeah. Yeah. That's true. That's what we do. You look at logs.

Jarrod Forgues Schlenker: Right. It's great. It's so cool, though. Like, I did not start in cyber. I actually started on the criminal side. I worked human trafficking and violent crimes against children cases. And so I got -- I got into some really crazy crime scenes and some fairly disgusting ones, as you can imagine. So, when we're talking about a crime scene that's digital and it's on a computer and on a network, like, I -- the nerd in me just loves it. It's so cool. It's -- but it's also, like, really clean. It's mathematical. But, if you don't have the logs, your crime scene has just disappeared.

Sherrod DeGrippo: Yeah. Right. It doesn't exist. Like, yeah. I think -- I think that that's one of the unique things. And I don't do -- I do a lot of detection engineering and detection engineer shout-outs here because I'm a big believer in detection engineering. I do a lot of threat intel analyst shout-outs here because, obviously, I work so deeply in that side of the house. But, you know, we don't give enough props, I think, to our incident response people that, you know, jump out of helicopters and crash in and grab evidence and, you know, get airlifted out back to the lab or whatever. That's how I imagine incident response to be. Haven't done an incident in a while, and it was not like that. But I'm sure it is now. So tell me, from -- from a perspective of an enterprise, what would you tell them if they said, you know, like, what are some important things we need to consider when we're thinking about logging? Because, essentially, they are creating the surveillance tape that you eventually may need to use.

Jarrod Forgues Schlenker: Yeah. I think that the amount of time that we're keeping those logs, right, the format they're -- that they're in, preserving the net flow, you know, there's a lot of different pieces to this. The other thing, definitely something to think about is -- is having them secured properly. So, you know, threat actors know the value of being able to comb through those in order to build out what the -- the TTPs were that they used and how they pivoted and navigated. So it's not surprising that they would seek to target where those logs are being stored and manipulate those in ways that would make it harder for responders or for law enforcement to actually detect that and then surface the evidence, right? So having them secured properly is something that I would say that's really important. Having sufficient enough timeframe to be able to -- to go back and retrace steps and not lose out on activity that might have occurred in the past, you know, well -- sometimes well before we actually see the compromise manifest itself on the network. So that would maybe be two things to kind of consider is how we're storing those as an organization and then the amount of time that we're -- we're maintaining those.

Sherrod DeGrippo: And everyone should use coordinated UTC on all logs, correct?

Jarrod Forgues Schlenker: Yes. Oh, my gosh. The number of times that I get the question, you know, can you give me the time stamp on this and also -- and then it's like, okay. Well, what's the actual time? Like, I -- just the date and time doesn't do me anything if this is Eastern or UTC or -- and then I got to convert it, and that's a huge pain. So, yeah. Preach on that.

Sherrod DeGrippo: I'm a -- yeah. I can -- I'm just so greedy. I'm imagining the incident response audience, the incident responder audience that we're going to get from this episode. They're going to love this. We don't talk to them enough. We really need to talk to them more. And speaking of that, speaking of incident response, I want to -- I want to try to change the security culture a little bit out there in the industry. I want to make sure that we think about prevention because most of the time what gets rewarded and praised is visibility and response. We are not rewarding prevention the way that we should. We are saying, Oh, the heroes that come in when we're under breach. And everything is super high urgency, and everything is really scary. And time is of the essence. And these super fantastic incident responders are on the ground doing the thing that they do, which is super important. That's really visible, and that's super celebrated and talked about. And everyone knows about it and focuses on it. But I feel like we need to flip it a little bit and highlight and celebrate prevention and the practice of security a little more.

Jarrod Forgues Schlenker: Yeah. I totally agree with that. Absolutely. I actually was just talking with somebody two weeks ago, and we were having a similar conversation to this one. And he said there's no glory in prevention. And I was like, oh, no.

Sherrod DeGrippo: There needs to be.

Jarrod Forgues Schlenker: Yes. I was like, oh. I couldn't disagree with you more. Like, there -- maybe there isn't right now, but there's -- there absolutely should be glory in prevention, right, because, if we're being successful at the prevention side of this, if we're protecting ourselves, sure. We can't -- you know, we can't necessarily -- it's a lot harder to cut -- to articulate the amount that we've saved an organization. But, man. I don't even want to have to quantify that, right? I'd much rather just never -- there'd never be an issue in the first place. So I totally think that we need to move toward that, more of a mentality there, and really focus on that because that is some of the best work that we do when it comes to securing networks.

Sherrod DeGrippo: I agree. And somebody who I really respect a lot in this space is Gadi Evron. He runs a lot of conferences. And he has a really great background, really long history in security. And he does a conference called Art and Science, which I think the tagline or one of the things people said all day at that conference was, we're here to glorify defenders. And the corollary to that is we don't glorify threat actors. We examine them. We think about them. We look at their tactics. We certainly can be surprised or impressed at the skill that they've used or the TTPs that they're leveraging. But, ultimately, I want us to really say the defenders, the ones that are implementing prevention, the ones that are working the process of security day in, day out, those are the people that -- that really deserve credit for making our lives easier.

Jarrod Forgues Schlenker: Yep. They're the unsung heroes, if you will --

Sherrod DeGrippo: I know.

Jarrod Forgues Schlenker: -- of network defense.

Sherrod DeGrippo: We need to make action figures of the network defenders.

Jarrod Forgues Schlenker: Right.

Sherrod DeGrippo: All the people across the world that are doing the work.

Jarrod Forgues Schlenker: Absolutely. There's a market for it, for sure.

Sherrod DeGrippo: So Operation Winter Shield is about resilience across our digital ecosystem in the United States, about our ability in the United States to protect the digital ecosystems that we use every day. One of the things I say jokingly but it's 100% true is, you know, people say, Oh, how did you get into security? And I always say, Well, I love to protect data and communications, whether it's financial data, government data, my text messages, my online shopping, my streaming shows. I really believe that all of those things are super important. Everyone should be able to transact safely and securely. So, from your perspective at the FBI, how does doing all the work, doing the process of security, how is that manifesting itself in the investigative burden at the end? Where have you seen real differences between organizations that do the work and then organizations that have maybe not put in the time and effort they should have.

Jarrod Forgues Schlenker: Yeah. That's a good question. I'll answer that maybe in a couple ways. One way is the organizations that are doing the work are, in many instances, in a better position to get themselves back up on their feet more quickly, right? And so some of the components that we talk about in the key defenses that we bring up are -- speak to that exactly: exercising your incident response plan or having backups that are immutable and protected. Those pieces allow organizations to get back up and running quickly. And, from an investigative standpoint, if that occurs, that frees up a lot of space and time for the folks to then do the triage and do the work to pull logs down, pull data, investigate sometimes along with us in terms of what's happening on the network. If organizations are scrambling for days on end or really struggling to get themselves back into a position of security, it makes it a lot harder for us to then be involved in the next steps, which are the investigative piece and getting to the bad actors. So that's one way in which the steps, following the security steps and some of these key defenses manifest itself in the investigative process. That may not be entirely intuitive, the degree to which an organization being better structured to recover and respond actually does really help us be able to then move toward identifying the bad guy and building out the ad -- the evidence to get to that adversary.

Sherrod DeGrippo: Would you say -- when you look at successful intrusions, would you say that it's typically like a single catastrophic failure or just like a chain of mistakes over time that an organization has made?

Jarrod Forgues Schlenker: I won't even say mistakes. The chain of circumstances and issues that organizations then deal with as they're being victimized, I don't necessarily want to say mistakes because sometimes it could be not anyone's fault necessarily. There are certain times where it's really, to your point, very skillful activity on the part of the adversary, as well. But it almost always is combinations of multiple factors that result in compromise, certainly that result in more significant compromise.

Sherrod DeGrippo: So, Jarrod, something that all of us who think about security, those who are on the, you know, security front lines thinking about intelligence, doing incident response, designing secure networks, putting together secure code, we're always trying to find ways to communicate with executives about the importance of security. And, as someone from the FBI Cyber Division, what would you say to executive leaders that are listening to help them understand the importance of securing their organizations?

Jarrod Forgues Schlenker: I would say that, having seen it multiple times in many different ways, the pain that you feel after an incident because there was something that allowed an adversary, an actor to get onto your network and compromise your network, the pain that you feel is not worth the alternative steps that you can take to secure yourselves. I mean, it's -- it is life altering for people as we're dealing with victim organizations. I think that it's -- again, I said it's all theoretical, right, until it isn't. But that risk, it's very difficult to feel that as an organization that's running smoothly. But, as an investigator that's dealt with it and seen it, it really just -- it's not worth it to shortchange yourselves on the preventive measures that you can take.

Sherrod DeGrippo: I think that's right, and I think that that generally is really compelling for executives to understand it in sort of the terms of risk that they're bringing into their enterprise; and do they want to suffer the consequences of a breach when, you know, you get that cortisol spike, which nobody likes. It's very popular these days to talk about avoiding cortisol spikes, especially on podcasts. But I think, like, letting executives know you don't want to suffer through the pain of a breach, and -- and everyone may need to go through that. Everyone may need to experience an incident at some point. But putting off that incident experience by doing the work of security, doing the process of security, that's what I would choose. I'm more of a, like, I want to take it slow. I want to think about it. I want to implement some security controls. I want to look at a network diagram. I don't want to be panicking trying to pull down logs as a threat actor is trying to delete them at the same time.

Jarrod Forgues Schlenker: Yep. Absolutely. And the other thing that I'd say, too, is that I think my sense is that, sometimes for executives, it can be overwhelming. How much should be done to properly secure networks, right? And so one of the objectives with Operation Winter Shield is also to simplify things a little bit, to just say you don't have to do all of it all at once, all the time. Even just doing one step towards security is going to make an impact. That's going to change things. And you don't have to expend tremendous amount of resources necessarily to do that. And some of it is also a culture shift, right? Like, there are certain aspects of these defense measures that make things a little more inconvenient for folks. But, if executive management is articulating from a leadership standpoint, leading the company why it matters and is important to have a security minded posture, that goes a long way. People just start thinking about things differently. People are less likely to be hesitant to report a phishing attempt, right? And even just that can make the difference in either securing yourself at the outset or your ability to respond quickly enough once a compromise has occurred to shut it down so you don't experience loss.

Sherrod DeGrippo: So I really appreciate that the FBI is digging in with us on this, bringing the real, practical realities of how to do security into their organizations, into their cultures, into their corporate enterprise spaces. I think that's really fantastic. I'll just kind of close out. What do you think that threat intelligence can really do for these organizations if they start kind of putting a little bit of a program together for Intel?

Jarrod Forgues Schlenker: The threat intelligence is -- is essential, right? So, I mean, for us, like, we're at the -- at the high end of that, where threat intelligence is driving everything that we're doing. Our investigative -- our investigations are entirely dependent upon that. But as -- as organizations start to think about this and think about treating security with a higher priority, I think having robust threat intelligence within an organization serves two purposes. One, it allows you to address potential threats and close down vulnerabilities quickly and efficiently to better secure yourselves. But it also gives you a better understanding of the adversary to continue to spur and be a catalyst for improvements in security going forward. If you don't understand the adversary, then you don't -- you don't necessarily know what's capable and what could happen to your organization. And so I think having -- having an ability to ingest and evaluate and incorporate threat intelligence into organization's mindset really has a -- it's a sort of a self-fulfilling prophecy that becomes very effective in improving and increasing security within -- within an organization.

Sherrod DeGrippo: I love that, and I completely agree. I'm always pro threat intelligence, as we all know. Well, Jarrod, thank you so much for joining us and talking about the FBI's perspective. I think it's really clear that incidents are going to persist where you are not executing security controls. Think about your foundational controls. Implement them consistently. And this could seriously materially reduce the impact of an incident. If you want to learn more -- and you should -- about Operation Winter Shield, please go visit fbi.gov/wintershield. Jarrod, thank you so much for joining us on The Microsoft Threat Intelligence Podcast.

Jarrod Forgues Schlenker: Thank you. I really appreciate it.

Sherrod DeGrippo: Thanks for listening to The Microsoft Threat Intelligence Podcast. We'd love to hear from you. Email us with your ideas at tipodcast@microsoft.com. Every episode will decode the threat landscape and arm you with the intelligence you need to take on threat actors. Check us out. Msthreatintelpodcast.com for more, and subscribe on your favorite podcast app.

The Microsoft Threat Intelligence Podcast
Podcast Info
HOST(S):
Sherrod DeGrippo
Sherrod DeGrippo, Deputy CISO, GM Customer Security at Microsoft, is a frequently cited threat intelligence expert with a 19-year career leading global threat research and analyst teams. She was named Cybersecurity Woman of the Year in 2022 and Cybersecurity PR Spokesperson of the Year for 2021. Sherrod has provided expert commentary for BBC News, Wall Street Journal, CNN, and New York Times and has presented extensively at conferences including Black Hat, RSA Conference, RMISC, SleuthCon, and others.
Schedule: Bi-Weekly
Credits: Producer is Rob Petrillo, Production Manager is Max Solomon, Scheduling and Administrative Support is Elliot Volkman, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft