Episodes

  • AI-Accelerated Supply Chain Attacks with Mackenzie Jackson
    Jul 1 2026

    How are supply-chain attacks evolving? Richard chats with Mackenzie Jackson about his work helping companies protect their software supply chains from malware attacks. Mackenzie discusses the vulnerability of developers to attacks, since their accounts are often highly privileged and invariably contain access to exploitable secrets. The conversation digs into the challenges of securing various code distribution mechanisms like npm and how you can protect your organization - starting with, don't install packages as soon as they are released! There are effective tools for detecting malware in code, but they take time. Waiting 48 hours can eliminate a lot of risk!

    Links

    • Aikido Software
    • Trivy
    • Claude Mythos
    • OpenClaw
    • Shai-Hulud Guidance
    • ClawHub
    • Open Source Malware
    • Windows Update Management

    Recorded June 15, 2026

    Show More Show Less
    37 mins
  • Securing Developers with Tanya Janca
    Jun 24 2026

    How can sysadmins help software developers work securely and make more secure applications? While at NDC in Toronto, Richard sat down with Tanya Janca of SheCodesPurple to discuss what admins can do to help address the security challenges software developers face. Tanya talks about securing development environment and pipelines - developers routinely work from high privilege accounts because their tools require it, and as a result, have become the targets of black hats to get access to accounts, keys, and other exploitable resources. There are plenty of tools available to help work through the issues, including the latest AI-powered tools. LLMs can also help generate more secure code in the first place, and Tanya has created a set of prompts you can use to create more secure software. The threat landscape is shifting with these tools, and we need to act quickly to resist the new attacks!

    Links

    • SheHacksPurple
    • Canadian Guidance on Resisting Supply Chain Attacks
    • OWASP Top 10 Security Risks for 2025
    • Prompts for Generating Secure Code

    Recorded May 8, 2026

    Show More Show Less
    34 mins
  • How Machine Learning Fails with Megan Robertson
    Jun 10 2026

    What can go wrong with machine learning? While at NDC in Toronto, Richard chatted with Megan Robertson about her experience with machine learning projects, often using retail datasets, and where they can go wrong. Megan talks about getting clear expectations and metrics for projects, so you know when you succeed, but then digs into the specifics of problems in machine learning, such as overfitting on test data. Your results are only as good as the data you put in, so a lot of focus goes into building good sets, carefully developing the model with those sets, and using techniques like cross-validation to ensure the model is behaving appropriately. There's a lot that can go wrong, but the results with an effective model can be very powerful - it is worth the effort!

    Links

    • Cross Validate Model
    • Megan's Website

    Recorded May 7, 2026

    Show More Show Less
    37 mins
  • Data API Builder and SQL MCP with Jerry Nixon
    Jun 3 2026

    How do you intelligently surface access to your database? While at NDC Toronto, Richard spoke with Jerry Nixon about Data API Builder, Microsoft's tool that enables data professionals using Microsoft databases, including SQL Server, Postgres, CosmosDB, and MySQL, to provide an API layer with security, schema extraction, and governance policies. You can expose the API as a REST interface, a GraphQL interface, and an MCP server! This is a powerful tool for providing controlled access to data while still allowing for ad-hoc access. The potential is huge - you need to check it out!

    Links

    • Data API Builder
    • GraphQL

    Recorded May 7, 2026

    Show More Show Less
    37 mins
  • Team Productivity using Loop with Karinne Bessette
    May 27 2026

    How can Microsoft Loop make your team more productive? Richard chats with Karinne Bessette about the role that Loop components can play in making meetings where the agenda is live, generating work items in Microsoft Planner, and keeping key information up to date. Karinne talks about how Loop components can be connected to any M365 document, including Outlook, Word, Excel, and OneNote, but only for members of the M365 tenant. Loop is a powerful tool for productivity within the organization!

    Links

    • Microsoft Loop
    • Microsoft Planner
    • Microsoft OneNote
    • Power Automate
    • Loop Components in OneNote
    • Teams Polls
    • Polls in Loop
    • Loop Admin Policies

    Recorded April 27, 2026

    Show More Show Less
    36 mins
  • UEFI Secure Boot with Richard Hicks
    May 20 2026

    The original Secure Boot certificate expires in June 2026! Richard talks to Richard Hicks about how Secure Boot works and how the expiration of the master certificate can leave PCs vulnerable to boot-related malware, such as rootkits. Richard discusses recent Microsoft communications on SecureBoot and how to check which certificate your machines have. Workstations using managed updates are likely already up to date, but servers are a different issue. When the certificate expires, you'll no longer receive updates to Secure Boot for known exploits, leaving your machines vulnerable. Update today!

    Links

    • Secure Boot Certificates Expiring
    • Sony Rootkit Scandal
    • Secure Boot Playbook for Windows Client
    • Windows Update Management
    • Registry Key Updates for Secure Boot
    • Richard's Blog Post on Secure Boot EUFI Certificates Expiring
    • Get-UEFICertificate in PowerShell Gallery

    Recorded March 9, 2026

    Show More Show Less
    38 mins
  • Production LLMs with Vaishnavi Gudur
    May 13 2026

    What does a production-grade large language model look like? While at NDC Sydney, Richard talked with Vaishnavi Gudur from Microsoft about her work scaling LLMs for Teams transcriptions, summaries, and more! Vaishnavi discusses the underlying complexities of operating the Teams LLM infrastructure for a large array of customers across different countries and regulatory regimes. Data sovereignty also plays a large role: different countries have specific rules on where data must reside and how it can be accessed. As the scale increases and the tail gets longer, the rules set gets more complex! Lots of great thinking about what LLMs look like in a production environment.

    Links

    • Transcripts in Microsoft Teams

    Recorded April 24, 2026

    Show More Show Less
    35 mins