Security Unlocked 1.13.21
Ep 10 | 1.13.21

Tracking Nation State Actors

Show Notes

Watchdogs in tow, hosts Nic Fillingham and Natalia Godyla are joined by guest Randy Treit, Principal Security Leader at Microsoft, to examine the process of identifying the source of a threat and stopping the spread by protecting “patient zero.” Randy has a few key tricks up his sleeve as a defender, but you can decide if they’re more impressive than the antics he and his identical twin have pulled while working at Microsoft.

In the second segment, Jeremy Dallman, Principal Program Manager at Microsoft, discusses why some bad actors are known in the security world under some of the most seemingly harmless codenames, such as “Fancy Bear” and “Charming Kitten”, and highlights the techniques his team is using to protect Microsoft’s customers from Nation-State actors. 

In This Episode, You Will Learn: 

  • How Microsoft is defending and protecting patient zero
  • The history of Defender and antimalware
  • The process of finding gaps in protections
  • The importance of protecting customers from Nation-State actors
  • How and why security vendors use codenames to refer to threat activity groups 

Some Questions We Ask:

  • What is different about focusing on patient zero than other aspects of security?
  • How does Microsoft measure the false positive rate in protecting patient zero?
  • What tools are being used on a day-to-day basis in defender security?
  • Why does Microsoft partner with the industry to identify Nation-State actors?
  • How many groups are utilizing AI and ML to enhance their ability to become a threat? 


Microsoft Digital Defense Report

Randy’s LinkedIn

Jeremy’s LinkedIn

Microsoft Security Blog


Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked: CISO Series with Bret Arsenault 

Discover and follow other Microsoft podcasts at  

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.