
Hosted by Richard Campbell · EN

How are supply-chain attacks evolving? Richard chats with Mackenzie Jackson about his work helping companies protect their software supply chains from malware attacks. Mackenzie discusses the vulnerability of developers to attacks, since their accounts are often highly privileged and invariably contain access to exploitable secrets. The conversation digs into the challenges of securing various code distribution mechanisms like npm and how you can protect your organization - starting with, don't install packages as soon as they are released! There are effective tools for detecting malware in code, but they take time. Waiting 48 hours can eliminate a lot of risk! Links Aikido Software Trivy Claude Mythos OpenClaw Shai-Hulud Guidance ClawHub Open Source Malware Windows Update Management Recorded June 15, 2026

How can sysadmins help software developers work securely and make more secure applications? While at NDC in Toronto, Richard sat down with Tanya Janca of SheCodesPurple to discuss what admins can do to help address the security challenges software developers face. Tanya talks about securing development environment and pipelines - developers routinely work from high privilege accounts because their tools require it, and as a result, have become the targets of black hats to get access to accounts, keys, and other exploitable resources. There are plenty of tools available to help work through the issues, including the latest AI-powered tools. LLMs can also help generate more secure code in the first place, and Tanya has created a set of prompts you can use to create more secure software. The threat landscape is shifting with these tools, and we need to act quickly to resist the new attacks! Links SheHacksPurple Canadian Guidance on Resisting Supply Chain Attacks OWASP Top 10 Security Risks for 2025 Prompts for Generating Secure Code Recorded May 8, 2026

The 47-day certificate is coming! While at NDC in Toronto, Richard received an update from Todd Gardner about his show last year: certificate authorities are moving toward SSL certificates that last only 47 days! Todd talks about the first decrease in duration that has already passed - as of March 2026, the longest duration certificate you can buy from certificate authorities is 200 days. At the core of these changes is the problem that certificate revocation just isn't working properly, so a short certificate lifespan is the effective solution. Short certificate lifespans make automation to replace certificates essential - and that's where CertKit and other tools come in! Links Lets Encrypt ACME Client Implementations CertKit Apple's 398 Day Rule Microsoft SHA-1 Retirement Google Transparency Logs Perfect Forward Secrecy Recorded May 8, 2026

What can go wrong with machine learning? While at NDC in Toronto, Richard chatted with Megan Robertson about her experience with machine learning projects, often using retail datasets, and where they can go wrong. Megan talks about getting clear expectations and metrics for projects, so you know when you succeed, but then digs into the specifics of problems in machine learning, such as overfitting on test data. Your results are only as good as the data you put in, so a lot of focus goes into building good sets, carefully developing the model with those sets, and using techniques like cross-validation to ensure the model is behaving appropriately. There's a lot that can go wrong, but the results with an effective model can be very powerful - it is worth the effort! Links Cross Validate Model Megan's Website Recorded May 7, 2026

How do you intelligently surface access to your database? While at NDC Toronto, Richard spoke with Jerry Nixon about Data API Builder, Microsoft's tool that enables data professionals using Microsoft databases, including SQL Server, Postgres, CosmosDB, and MySQL, to provide an API layer with security, schema extraction, and governance policies. You can expose the API as a REST interface, a GraphQL interface, and an MCP server! This is a powerful tool for providing controlled access to data while still allowing for ad-hoc access. The potential is huge - you need to check it out! Links Data API Builder GraphQL Recorded May 7, 2026

How can Microsoft Loop make your team more productive? Richard chats with Karinne Bessette about the role that Loop components can play in making meetings where the agenda is live, generating work items in Microsoft Planner, and keeping key information up to date. Karinne talks about how Loop components can be connected to any M365 document, including Outlook, Word, Excel, and OneNote, but only for members of the M365 tenant. Loop is a powerful tool for productivity within the organization! Links Microsoft Loop Microsoft Planner Microsoft OneNote Power Automate Loop Components in OneNote Teams Polls Polls in Loop Loop Admin Policies Recorded April 27, 2026

The original Secure Boot certificate expires in June 2026! Richard talks to Richard Hicks about how Secure Boot works and how the expiration of the master certificate can leave PCs vulnerable to boot-related malware, such as rootkits. Richard discusses recent Microsoft communications on SecureBoot and how to check which certificate your machines have. Workstations using managed updates are likely already up to date, but servers are a different issue. When the certificate expires, you'll no longer receive updates to Secure Boot for known exploits, leaving your machines vulnerable. Update today! Links Secure Boot Certificates Expiring Sony Rootkit Scandal Secure Boot Playbook for Windows Client Windows Update Management Registry Key Updates for Secure Boot Richard's Blog Post on Secure Boot EUFI Certificates Expiring Get-UEFICertificate in PowerShell Gallery Recorded March 9, 2026

What does a production-grade large language model look like? While at NDC Sydney, Richard talked with Vaishnavi Gudur from Microsoft about her work scaling LLMs for Teams transcriptions, summaries, and more! Vaishnavi discusses the underlying complexities of operating the Teams LLM infrastructure for a large array of customers across different countries and regulatory regimes. Data sovereignty also plays a large role: different countries have specific rules on where data must reside and how it can be accessed. As the scale increases and the tail gets longer, the rules set gets more complex! Lots of great thinking about what LLMs look like in a production environment. Links Transcripts in Microsoft Teams Recorded April 24, 2026

How secure is your Active Directory infrastructure? While at Zero Trust World in Orlando, Richard chatted with Spencer Alessi about his work helping companies secure Active Directory, making it more difficult for black hats to exploit it for lateral moves during a breach attempt. Spencer talks about the increasing speed of these exploits, making it much harder to block them after the fact, so it's best to make AD too difficult to target. Jake Hildreth's Locksmith tools are a great place to start - free and open source. There are also Microsoft tools and Spencer's own AD Security Resource Kit to help evaluate your AD infrastructure and lock it down! Links Locksmith Enhanced Security Admin Environment Active Directory Security Resource Kit Recorded March 4, 2026

There's competition in the Office productivity space! Richard chats with Sharon Weaver about her experiences with M365 Copilot and Anthropic's Claude Cowork to improve information worker productivity. Sharon talks about the confusion around all the different copilots in the Microsoft space - including the chat tools, research agents, and more. But when it comes to helping with an Excel spreadsheet, M365 Copilot can't do what Claude Cowork can do. Sharon talks about describing the goals of a spreadsheet to Claude Cowork and having the tool generate the spreadsheet, make corrections, and add formatting. Cowork has similar capabilities for presentations, and with the Connector library, new functionality is being added routinely. There's some competition in the AI productivity space - things are getting interesting! Links Microsoft 365 Copilot Researcher in Microsoft 365 Copilot Claude Cowork Claude Cowork Connectors Copilot in PowerPoint Recorded February 24, 2026