Mark Simos

All 18 of the Microsoft Cybersecurity Reference Architectures (MCRA) videos are now up! We cover detailed technical information + context on security threats and business risk. Share and Enjoy! aka.ms/mcra-videos Many thanks to my incredible co-presenters!

FYI, I tweaked the wording on a few of these as I was listening to the CISO panel that followed and wanted to capture some of those insights (so don't be surprised that they don't exactly match the recording that will be released later)

I just posted the slides for my 'Security is a Team Sport (but we are NOT playing like a team)' session at BSides Tampa Check out the Events page for the link to those slides as well as videos/slides from previous talks. zerotrustplaybook.com/events/

This is going to be a fun one with antipatterns, hard-won lessons learned, tips, tricks, and more! I really leaned into the sports team on this and it really works well! (but I couldn't resist using the 🔥 graphic for the title slide 😄)

Just putting the finishing touches on slides for my BSides Tampa talk "Security is a Team Sport ... but we are NOT playing as a team" Hope to see you there on Saturday!

"Somebody should do this" means "Nobody will do this" unless you assign a name.

Next up is BSides Tampa this Saturday! #session-1103620" target="_blank" rel="nofollow noopener">bsidestampa.net/schedule#sessi…

BSides South Florida was a great conference in a beautiful venue right on the beach! I am grateful to have the opportunity to speak and to gain insight from thoughtful talks and hallway conversations with Rey Bango, Bill Barnard, Jim Routh, Oscar Kourany, and more!

I just posted the slides for my BSides South Florida talk on the events page zerotrustplaybook.com/events/

My author copies of the second edition of the SC-200 Exam Ref which I wrote with @yuridiogenes turned up this week, so of course I'll take pictures with the dogs who are clearly enthralled and going to read it cover to cover. Can't believe I wrote the first version of this ~5 years ago stuck in lockdown in NZ! But seriously if you're using Sentinel and Defender you need to give this a read, totally up to date with the new unified portal etc.

▪️ Everyone faces a different version of the journey Many organizations have the same challenges (see antipatterns at aka.ms/antipatterns), but every organization is in a different stage of their maturity journey end 🧵

▪️ Everyone needs big picture AND actionable tactical guidance. Think of the (newer) Jumanji movies - you need a map to go in the right direction (big picture), but you also need specific tooling/guidance to survive the crocodiles, herds of animals, gangs of humans, and more.

I recently did an interview-style session for an internal Microsoft team on why end to end security is so important and thought I would share my notes on the points to cover. 🧵

Each day is life linkedin.com/pulse/each-day…

On the events page, I posted two opportunities to see me speak live and get the book signed in Ft. Lauderdale and Tampa in the coming weeks! zerotrustplaybook.com/events/

The Zero Trust Playbook site is live! It currently has a summary of the series, the outline of the first book, some information on the authors, and an events page with upcoming events and recordings. Much more to come in time!

@just_infosec_ I agree 100%! Gotta make it as easy as possible to do the right thing. The Microsoft SFI uses the term 'paved paths' for this concept.

@MarkSimos Key is: Secure way of doing things: should be made easy and seemless Bypassing security: Should be made difficult, as a process.

Are the people in your organization rewarded to ignore security?