Craig Nelson on Simulating Attacks with Microsoft’s Red Team

Craig Nelson, leader of Microsoft's Red Team joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Craig explains how the Red Team simulates attacks on Microsoft's infrastructure to identify vulnerabilities and protect customer data stored in the cloud. He emphasizes the importance of these simulated attacks in preparing for real threats and describes the collaborative efforts with other security teams at Microsoft, such as the Azure penetration testing team and the Microsoft Security Response Center. Craig shares his personal journey into cybersecurity, highlighting his early fascination with cryptography and computer security. He also discusses the unique challenges and strategies of Red Teaming at Microsoft, including the need to influence engineering teams and the importance of systemic thinking to create durable security solutions. 

In This Episode You Will Learn:    

• The need for early detection of vulnerabilities during the development lifecycle 
• Why a mix of technical and persuasive skill build successful red teams 
• Significance of internal security education and training initiatives 

Some Questions We Ask:     

• What projects are you pursuing in AI and security? 
• How do you have conversations with engineers to influence their security decisions? 
• What skills are important for someone aspiring to join the Red Team? 

Resources:  

View Craig Nelson on LinkedIn   

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

Related Microsoft Podcasts:   

• Microsoft Threat Intelligence Podcast  
• Afternoon Cyber Tea with Ann Johnson  
• Uncovering Hidden Risks  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts