Security Unlocked 5.12.21
Ep 27 | 5.12.21

Securing the Cloud with Mark Russinovich


Nic Fillingham: Hello, and welcome to Security Unlocked. A new podcast from Microsoft, where we unlock insights from the latest in news and research from across Microsoft security, engineering, and operations teams. I'm Nic Fillingham.

Natalia Godyla: And I'm Natalia Godyla. In each episode we'll discuss the latest stories from Microsoft Security. Deep dive into the newest threat intel, research, and data science.

Nic Fillingham: And, profile some of the fascinating people working on artificial intelligence from Microsoft Security.

Natalia Godyla: And now, let's unlock the pod.

Nic Fillingham: Hello, and welcome to episode 27 of Security Unlocked. Not a normal episode this time. We're trying something different. Ah, instead of hearing from Natalia and myself, you are going to hear the very first episode of a brand new podcast called Security Unlocked: CISO Series with Bret Arsenault. And as the name suggests, Bret Arsenault is the Chief Information Security Officer here at Microsoft. And we here at Security Unlocked have partnered with Bret and his team to help produce a brand new series, where Bret is going to sit down and talk to security and technology leaders at Microsoft, as well as some of his CISO peers at some of the biggest and most interesting companies in the industry. In every episode you are going to hear Bret and his guest talk about the biggest challenges in cyber security, and what tactics and strategies they've taken to address them. There'll also be some fantastic practical guidance that you'll be able to implement in your own organization, that will mirror the guidance and the actions and the strategies being taken by companies like Microsoft.

Nic Fillingham: Now, in this first episode that you're going to hear in just a few seconds, Bret sits down with Mark Russinovich, who you may know is the Chief Technology Officer for the Azure Cloud, and is one of the most influential and fascinating technical minds at Microsoft. It's a fantastic conversation, you're going to love this first episode. And the other super exciting thing about this new podcast is that we are partnering with The CyberWire. This podcast will be hosted by The CyberWire, and will a part of the CyberWire network. So, if like me, you're listening to The CyberWire daily and all the other fantastic podcasts in The CyberWire network, you'll also be able to find Security Unlocked CISO Series with Bret Arsenault over on The CyberWire, or at So, enough from me. On with the pod.

Bret Arsenault: I'd like to introduce you to Mark Russinovich, Chief Technology Officer and Technical Fellow from Microsoft Azure, Microsoft's global cloud platform. I've had the pleasure of working side by side with this gentleman for the past 12 years, and our paths have crossed for almost 22 years. Mark, talk to me a little about what you do in the Azure team.

Mark Russinovich: So, my role is leading technical strategy and architecture for the Azure platform. Which takes me all over the place, from our data center designs to our servers, infrastructure, software, platform as a service, cloud data computing, Azure resource manager. That's the bulk of my time is spent working with engineers on that. But, I also do a lot of stuff like working with customers and internally and externally on what they need out of Azure platform, and making sure it meets their needs.

Bret Arsenault: Well, then, if that's not enough, you occasionally write a few books, here and there. Ah, fiction and nonfiction books both, right?

Mark Russinovich: Yeah. I'm blessed with that these days and in the past.

Bret Arsenault: Yeah. I'm sure, I'm sure you're super busy. I think, in addition, though, from crossing paths, obviously we've done some interesting, working on some hard problems. Like, when we worked on SAW, and high-risk environments and some of the enclaves that we built. But, you're not just a technologist. You've been a great person for us on security. Not just at Microsoft, but around the industry. And so, I'd really like to focus a little bit on that today, if that's all right with you.

Mark Russinovich: Sure. Yep. I'm very passionate about security, and always have been.

Bret Arsenault: Yeah, no. I know. It's great. We always have... We've had a few wonderful late night conversations on the topic. And I think, just from a context perspective, that's how people here... I think conversations, for me, at this company start with, and then the earth cooled. And, I was working on, I was working on... I came here never [inaudible 00:04:20] protocol, and I was working on getting TCPIP as our new standard protocol. And I remember this little voice that had created these NT internals, and I needed a chain, inert 5C chaining sequence. I couldn't get the right answer to. So, I'm looking for, looking for, looking for, looking for. And I end up using some of your tools to help solve a lot of problems. So, one, I owe you great debt of gratitude, all the way back into the mid-90s. I appreciate that.

Mark Russinovich: Sure. Well, I'll take you up on that vino.

Bret Arsenault: (laughs). It sounds like a great deal. Sounds like a great deal. Hey, just to set sort of expectations with the audience, it's sort of from a data perspective. Your first book was Zero Day, and I always liked the concept of Zero Day, but sadly, when we look even last year, over 60% percent of the breaches that we saw were from unpatched basics. Basics that were known that had patches that people didn't do. And the other 40% weren't even zero day, they were other things. And I think that's an interesting backdrop. I'd love to hear your perspective on what you've learned. You know, we go through a lot of incident reviews, and just, some of your perspective on what we've learned recently.

Mark Russinovich: Yep. I mean, well, you hit on it. The fact is that bread and butter security is the place to start, and if you manage the basics, you'll cover a tremendous amount of ground. And the fact is that most breaches are failures to just cover the basics.

Bret Arsenault: Yeah. Yeah. I think that's true. I think it's the pedestrian part of the job. Like I love all the amazing AI and everything else, but we do have to help people do more in that space. And, you know, what do you think we can do, and what do you suggest people do to make sure they can get to that work, and prioritize that work?

Mark Russinovich: Well, when you say what we can do, I think what you're speaking... What Microsoft can do.

Bret Arsenault: Absolutely.

Mark Russinovich: And a big part of it is education, which I think we do a lot of, all over Microsoft. Documentation, and our conferences, talking about security best practices. And, even our field, working directly with customers, on getting them up to good security baselines. We also build security into our tools, and pretty fundamental ways, like in Azure, close to my turf. Azure Security Center, with the secure score is a way to help people focus on the basics, because you're going to raise your secure score by covering the basics. And then, the other part is just the support in the products for the security basics. Including automated patch management, which we support in Azure, in fact, with Azure Virtual Machines, automated patch management. With MFA support, built into Azure Active Directory, the authenticator app. So, just from that perspective, it kind of spans from education to giving you insights into how you can improve your security posture. Whether it's using our products or somebody else's products, as well as ensuring that our products are a way for you to be able to meet those baselines.

Bret Arsenault: I think you raise a good point. What I think when you first came it was in '06. I was a CTO for Ecommerce, and we were patching all of our own servers, we were patching all of our exchange servers, and like, today all of that's dealt with by the various cloud providers. So, I think there's a question about, you know, if you look at the evolution even over the last 10 years as people look at convergence. Do we think about, and how do you think about cloud security as a first choice, as opposed to when it wasn't the first choice 10 years ago. Maybe some of the examples there.

Mark Russinovich: Well, that's been an interesting evolution, because when I started in Azure, there was a bunch of concerns around moving to cloud. A big one was obviously unknown and lack of skills, and well, how's it going to transform how my organization works, in a basic way. But, then it was like security was considered a big risk. If I moved to the cloud, I'm going to be less secure. And then, starting about four or five years ago, as the cloud capabilities got more mature,

Mark Russinovich: People started to change to, "Actually, moving to the cloud is going to get me into a better security posture." And I think that that is hard to argue the case that that's not true today. Especially with all of the capabilities now that have come online for you to be able to create deployment in a cloud that is completely isolated off the internet, that has security monitoring automatically built into it, and alerting, and the insights that you get out of security center like I mentioned. That it's become easier than ever.

Mark Russinovich: I mean, in fact, one of the things that I pointed out to customers I've always believed would make the cloud a better place for security, is the fact that the cloud is built on consistent APIs across all resources. And when you take a look at an on-prem environment, the way that they've evolved pretty organically, they are extremely heterogeneous. With respect to the servers and the network topologies and the policies that are in place, and the software that's running in different areas.

Mark Russinovich: And my challenge to CISOs coming from an on-prem world was, "If I walked into your colo and pointed at a server, would you be able to tell me what that server is doing and what it's running? And would you be able to recreate it if something happened to it?" And in many cases, the answer would be, "No, no, no," or, "I don't know." But in the cloud being API-driven, every resource, you can go and get an inventory of. And because of the automation that's in place with modern cloud development, it's easier to rebuild something if it fails. In fact, that's the, uh, the core philosophy.

Mark Russinovich: But even if you're lifting and shifting, and you've got those enterprise workloads that are bespoke. Still, you know what it's talking to on the network using standard cloud APIs. You know what other resources it's talking to. So I think that the argument has changed a lot in the last 10 years when it comes to cloud and security.

Speaker 1: Yeah, it's interesting. And for folks who don't know, I'm Mark's customer in this scenario 'cause we run all of the services as well as, you know, the sort of, you know, tautological part of the conversation. But if you remember, I think you were pointing out four to five years ago, as we were moving Microsoft digital transformation and all the tools, security was a blocker for a number of things. And then we got to where we had all of the security capabilities and more that we needed. And yet the migration stopped. I don't know if you remember when that happened.

Mark Russinovich: Mm-hmm (affirmative).

Speaker 1: And like, "Okay, well, security's not the blocker, so what's happening?" Do you remember? I know you won't, because I probably never shared it. FFUUEE. This is the F-F-U-U-E-E. It's one of the most amazing things we learned when that happened, which is why, when we met all the security controls that the migration stopped... And FFUUEE is the six reasons, F-F- U-U-E-E, the six reasons why anybody, boss, subordinate, spouse, children, grandparents, don't do something. They fear it, they don't think it's fair, they don't understand it, there's not a sense of urgency, they're entitled, or they're exhausted. And so, when we saw that pitch, we thought people didn't understand so we gave them more training internally. And to your point, they were fearful of a job or, in many cases, they were just exhausted. And we had to take a completely different approach to, to now, we're at 95% of all of our apps have moved onto the cloud. So that's a really good point about the capabilities versus moving. You know, helping people continue to move through that, that life cycle.

Mark Russinovich: I don't remember that acronym, but I've written it down because it's a great one. But...

Speaker 1: (laughs). Yeah. With all due credit, it belongs to a guy named Dick Butterfield, but it's super helpful. I use it at home.

Mark Russinovich: Yes.

Speaker 1: Not always successfully, but I try. I'd be really curious though, 'cause you mentioned a really good point about the API component of the cloud and the resilience piece, right? Like, all this stuff we used to have to do, like, with your offsite provider, with dark fiber and spare compute, and now, in [PAS 00:11:33] services, you just click a few buttons and you have this resiliency capability. But that data. Maybe some examples about how we really think about customers, really use that data, to create that continuous feedback loop and continue to create the most secure experience possible.

Mark Russinovich: Yeah. Well, I mean, part of the premise of cloud has been agility. Agility for customers because of the on-demand self-service nature of it. But it's also agility in terms of getting new capabilities. And the agility that we get from the continuous deployment systems that we have in place that are based off of the telemetry we get. The telemetry that comes from just the direct observability of how customers are using the product. Which gives us insights into which features are tough to use, which ones are easy to use, which ones is nobody paying attention to. Where they're having issues with performance or scalability go right back into a feedback look that helps us improve the product. And then those improvements can show up. I mean, you mentioned earlier, like the patching and exchange. I mean, on the back end of Office 365. New features roll out in Office 365 basically on a weekly cadence, and that is... Customers just get it. I mean, you remember as any IT, as anybody running enterprise IT does. A new version of software comes out, and it's a many months long process, or even years, of first validating it, and then doing a pilot of it, and then started to roll it out broadly across the infrastructure. That's been basically eliminated on the cloud. And so the pace of innovation and the pace of improvements in areas like reliability, scalability, and security, the basics, has accelerated to levels that make the old era look really slow-moving.

Speaker 1: We started this reflective view in 2020, and why do this podcast in 2021, and obviously, with the pandemic we hit massive digital transformation around the world. And obviously, think about if we had been doing, uh, all the things we were doing on-prem, it would've been a very different outcome in terms of technology capability and what people needed to do. Just the scale unit problem would've been, really been devastating for companies. Even our own company would've really struggled without that.

Mark Russinovich: Yep. Totally. Basically, the services weren't to the level of maturity needed to support work from home, learn from home.

Speaker 1: Yeah.

Mark Russinovich: Just even between five and 10 years ago. And then the scale of the systems underneath them weren't where they needed to be either, to support it. I mean, if COVID had happened 10 years ago, or worse, 20 years ago. Multiply the problem that we faced with COVID by a couple of orders of magnitude.

Speaker 1: Yeah.

Mark Russinovich: Like, the world just would not have been able to function.

Speaker 1: Yeah, no. I think it'd have a far more devastating impact, both from a physical standpoint, as well as an economic standpoint. Which, and I'm not, not belittling it. It's had a huge impact and many industries were more impacted than others. But I would say, it has been amazing to see the, see what's happened in that. Which pushes me to you a question. Do you think about what's happening in 2020, and people have realized they can work remotely. How do you think about that now? Like, two things. One, hybrid workforce, right? Like, so now, people have realized they can be productive in, in more and more locations. And cloud's been a big part of that. The whole intelligent edge and client-to-cloud and all that has made it super helpful. But how do you, as a leading engineer, think about that with your people? And then I'm gonna come back into workforce issue in a minute, but I'd love to hear your thoughts on that.

Mark Russinovich: So I've got just, for me and my team, the office of the CTO. I've grown probably 50% since COVID lockdowns happened. So that means 50% of the people, many of them from outside the company, have not physically met anybody else on the team and yet have come in and gotten very productive very quickly, to the level of productivity that's no different than pre-COVID times of somebody onboarding in a team like ours. So it's just been really amazing to see the fact that, from a perspective of remote work, nothing slowed down.

Mark Russinovich: Now, I think that there's gonna be big challenges as we go to hybrid in that human nature is human nature. And the bandwidth of communication when you're in person with somebody, especially in a group meeting, right? One on one is a little bit different because you can focus directly. But if you're in a meeting with a bunch of people and you're in a conference room, you can instantly get signals from all over the room.

Speaker 1: Right.

Mark Russinovich: But if you're on a Zoom call or a Teams call, those signals get lost. And then you don't have the opportunity, walking into the conference room,

Speaker 2: "Hey Bret, what's going on" kind of side conversations so the advantage of being in person is, I think real and it's gonna be tough to not make the people that are remote feel the way they did pre-COVID. Which was "Hey everybody in the room is ignoring me".

Speaker 3: Right, right, right, right. (laughing) Hey on that note, you know, you're talking about your team growing and all the other things, customers continue to tell you how they really struggle about finding qualified talent, finding security talent and obviously one thing is having your security team and mine work for customers is awesome but, how do you think about that, just in general, about getting talent and driving through talent in a hybrid work environment? You mentioned a little bit about the teams you've hired so far but, any other thoughts you have on helping people and how they think about attracting talent?

Speaker 2: I mean, a few things that Microsoft has done to try to attract talent is just the culture that we've adopted and of course driven by Satya diversity inclusion-

Speaker 3: Mm-hmm (affirmative).

Speaker 2: .... as I think a key part of it. The corporate culture, I think matters a lot to people these days. Whereas in the past it was something that wasn't really even explicitly considered as a-

Speaker 3: Mm-hmm (affirmative).

Speaker 2: ... a draw for, especially people coming out of college. But when it comes to skilling, the world has changed a lot. Like we've talked about, especially for anybody that's in IT over the last decade, tremendous amount. And I think this is the challenge that I see talking to customers that are doing Cloud migrations. Many of them doing it as fast as they can, and what's slowing them down is skills.

Speaker 3: Yeah.

Speaker 2: And this is where platforms like Microsoft Learn, which have guided learning paths for different areas of specialty, like I'm a Cloud Admin or I'm a Cloud Security Architect to get skills. And this is part of Microsoft's broader goals to skill the workforce. I think Brad Smith just published a, about a month ago, an update on our commitments back from 2020, which was to skill 25 million people.

Speaker 3: Right.

Speaker 2: And we'd actually gotten to 30 million and there's a scaling platform being integrated on the LinkedIn to help skill the modern it workforce for this new landscape that everybody's having to face.

Speaker 3: I was thinking, you know, if you were to give advice to a security practitioner, some actionable things, skilling is obviously important and we touch a little bit at the beginning, but if there were three things, you'd tell people, go do it and go do it now, what would it be?

Speaker 2: Basically the three things I think would be the two that we already talked about. One is MFA. Actually we talked about all three.

Speaker 3: Yep.

Speaker 2: MFA, for sure, getting into a non-official posture and MFA doesn't necessarily completely get you there, but it gets you past the stupid fishing. And then the second one would be patching. And this is a tough one, especially with on-prem environments and fragile IT that exists a lot. But it is like you said, just forcing yourself into this, we need to patch and have systems in place to do pilot tests of updates, kind of a CI/CD pipeline for patching so that you can quickly roll that out. And every time there's patches, it's not a unique kind of a situation deal with, but it's just part of a process like we do in the Cloud, when we roll out new software, it's just part of a process. It's not a special once every three years kind of situation.

Speaker 3: Right. Right.

Speaker 2: And then the final one is get visibility into your environment. With logging and not just logging to dev/null, but actually logging into someplace where you can actually run analytics on the logs to get insight into what's happening. Something like Sentinel really resonated with customers that-

Speaker 3: Sure, you just remind people what Sentinel is.

Speaker 2: Yeah. Se- Azure Sentinel is, uh, basically I think of it as the realization of a security data lake. It is a place where you can bring in and fuse data from all your different sources of security monitoring, whether it's your cloud services, including of course, Azure and Office 365 and other Microsoft services. But also you can use leverage connectors. I think we've got, I don't know, 50 or 70 something connectors-

Speaker 3: Wow, yep.

Speaker 2: ... to bring in data from your own on-premise systems and services and put it in that lake and then get a whole ton of capabilities right off of that. Where now you're not siloed between data that's from one service with data, from another service, but actually it's part of a lake where you can see the activity and correlations across those different services because in the modern world, threat actors are moving across your services. They're not standing in one. And-

Speaker 3: Yeah, yeah.

Speaker 2: Yeah. So I think it's really a key to view it that way.

Speaker 3: Yeah, yeah. That's a great point. So you said MFA and obviously the patching component and the pervasive telemetry, I think is super cheering. Not, not really possible the way we could do it today. Like the scale unit that you can do that at and into getting the accretive value of the disparate data, like, like a diverse workforce is really important, but it turns out diverse data is as important. And so being able to correlate across that's super helpful, that's a, that's a really good way to look at it. Hey, on that note though, if we look at the MFA adoption, it's still low, right?

Speaker 2: Yeah. I'm curious, like from your perspective, for people who are out there, how do we help people? What should they do? And what can we do to help them continue to drive that up? 'Cause there's, there's awareness, but that like people, uh-huh, someone says to me once about training as something, he said, "Well, you know, people don't care." I said, "Well, if they don't know, they can't care. So you have to make sure they know." Like Secure Score makes you know, right?

Speaker 3: Yeah.

Speaker 2: But then you go from knowing to being able to do something about it. So obviously we have a lot to do. We can help people really move that adoption up. Do you have thoughts on how we move adoption of, of 2FA up? And not just for our Microsoft platforms and other thing?

Speaker 3: Yeah. Have it be the default, make it so that people have to opt out of it, because right now, I mean, I think even still it's like opt-in to MFA rather than opt-out.

Speaker 2: Opt-out, yeah.

Speaker 3: And when you have to opt-in to something it's like, "Okay, so gotta convince somebody. Here's why you need to opt in why it's better for you. And it's going to take a more work and then it's just easier it is to not bother and to look at that as friction." But opting out, at least that's in your face as, "Hey, this is the best practice. And if you want to opt out of it, you're kind of signing up for that risk, explicitly."

Speaker 2: Yeah. Yeah. And that's a, that's a good thing to drive that awareness on what people are doing in that space. One other thing I was just curious, and this is, you know, as we prognosticate going forward, we've seen sort of the way threats and the way they evolve to be faster blended on software. And we're seeing supply chain obviously in the last year having a similar model. And then we think hard about like a lot of the things that we do for users and endpoints.

Speaker 2: Like there's a lot, we're going to probably see change in the way we think about developer pipeline. You mentioned on the get hub stuff. There's some pretty amazing things we can do. But any thoughts on, 'cause we have citizen developer and other folks, how do we help them [mile 00:22:49] fall into the pit of the success of secure coding.

Speaker 3: Yeah. Well, I think that there's a few things and I've been involved across Microsoft initiatives that have even if it's gone out into become cross-industry initiatives to help secure the supply chain where developers are a key part of that supply chain and developers are sitting there producing code, which is consumed downstream by some, the enterprises and Cloud providers. And they're also consuming things from upstream to, to build their software.

Speaker 3: So this is interconnected graph of dependencies that flow from some dev that might be sitting in part-time on the weekends, contributing to some project into critical infrastructure way downstream. So-

Speaker 2: Yeah, yeah.

Speaker 3: I think that there's a few things that we're doing there. One is education, and this is part of the cross industry stuff that we started last year, which is the formation of the Open Source Security Foundation, OSSF, is part of the Linux Foundation though. It's called Open Source Security Foundation, it applies to Closed Source Software Development as well. So it just happens to be called out because the focus is on the Open Source ecosystem, which so many companies, including Microsoft have deep dependencies on. But the education,

Bret: So if you go to OSSF, there's education on security best practices aimed at open source developers, the people that are contributing to get projects on the weekend that end up being critical infrastructure.

Mark: Right.

Bret: There's also efforts on standardizing software, bill, and materials and I think that this is uh, an area to watch, especially given solar winds, this

Mark: Yeah

Bret: This solar [inaudible 00:24:20] focus that this has brought onto it and there's been many incidents related to supply chain and bad actors infiltrating software supply chain over time is having some record of providence and ultimately reproducible build evidence so that you know, how did this thing get produced? Did it get produced in a trustworthy way? Did the people that contributed code to it, did they have multifactor authentication enabled

Mark: Right

Bret: Which gives us some assurance that they're following security best practices.

Mark: From a healthy device

Bret: From a healthy device, yep, and

Mark: Yeah

Bret: And from a healthy device. So, all of these things, I think that this is what you're going to see a lot of investment across the industry over the next five to ten years to get us into place where we have better supply chain tracking, and like I said it's not just for open door security, but closed doors, as well.

Mark: Yeah, I think to your point, I think people should go look at that because many people who might think are competitors, we all have the view of, rising tide lifts all boats and are contributing to that model, so. I think you get the best of both worlds in that scenario for sure.

Bret: Yeah

Mark: I love your thoughts on virtualization. The evolution of virtualization and what it can do for us. As we start thinking about end point virtualization and more like windows virtualization or the [inaudible 00:25:34] has come into its own, and this idea of, of that model of if you're gonna have something that you trust as an end point, you might put your trusted end point in the cloud.

Bret: Yeah, yeah. Yeah. We're getting to the point where uh, the network computer idea from the nineties that actually, the infrastructure is there now to support that idea. So, you've been, you know, leading pilots on getting some Microsoft works onto virtual desktops.

Mark: Yep.

Bret: Built onto Windows virtual desktop service that's running on Asher, but we've also been talking about in the context, even developers, developer workstations, as a service. Men, all the benefits you can get out of that from the fact that you can have a provision device instantly.

Mark: Yep.

Bret: To, it's not just provision, but it's with everything you need, but it's constantly upgraded as well. Accessible for many more in the world at the same time, so

Mark: Yeah

Bret: So, there's a, a lot of benefits from a security, reliability, productivity, perspective, and finally, the infrastructure in terms of the cloud services to support the skill ability of it as well as the internet connections, now that we've got, to be able to access it, basically from anywhere, have made it so that it's time is finally showing up here.

Mark: Yeah, I know, I think it'll be fascinating to see how it goes back to culture. You think about your beginnings and some of the stuff we talked about on WIN32, and just being so on prim focus to now, virtualizing the cloud, and virtualizing on end point and you're right, but you needed the global infrastructure to make it as secure in reliable as we'll need it to be, for people to be productive, so.

Bret: Yeah.

Mark: It'll be a pretty fascinating future. Any closing comments, Mark, it's obviously so awesome to have you on board and I appreciate everything you're doing for the company and our customers and me, as your customer. But any other comments you have?

Bret: Closing thoughts, is, this is really a fun time to be in technology. This is what I tell people as they're coming to Microsoft as well, enterprise IT was actually pretty much the fun before I even showed up on the scene. It was a matter of incremental improvement to the existing architecture and systems, and way of delivering software. And what Cloud brought was a big disruption that we're still not done defining what that disruption is, what it looks like, and so, like a service like Asher Sentinel which was set up two years ago, and it still hasn't realized I think, the full potential of the vision that we have for it. If you're coming to technology now, you're part of this disruption. You're helping to define what the future's going to look like. I don't know if at some point the weight of all the systems that we're putting in place ends up becoming like a foundation that's in cement, kind of the way that Enterprise Systems ended up becoming, but now is the time to have fun defining it.

Mark: I think you're spot on. Hey, a fun question

Bret: Mm-hmm (affirmative)

Mark: Any new hobbies in the last year or any chance you're uh, writing another book that you can't answer, you can't answer best read book as being any of the ones you've written, so, anything you've read that you'd say has been super exciting or you'd recommend people read?

Bret: Let's see, well, new hobbies. I drew a lot when I was growing up and I didn't draw for twenty years and covid got me to draw, revisiting my drawing again, in fact, if you go to my Twitter feed, I post some of the, the drawings that I did, uh, over, uh lockdown.

Mark: Well from a guy who can't draw a straight line with a, with a ruler, I, I'm impressed so I think it's awesome. Well, thanks for your time!

Bret: All right, thanks Brett.

Mark: Bye bye.

Speaker 4: Well, we had a great time unlocking insights into security, from research to artificial intelligence. Keep an eye out for our next episode.

Speaker 5: And don't forget to tweet us at MSFTSecurity or email us at with topics you'd like to hear on a future episode. Until then, stay safe

Speaker 4: Stay Secure.