RunAs Radio

How can you hire and get hired in 2026? While at NDC London, Richard chatted with Suzi Edwards-Alexander about her experiences recruiting technology folks into companies. Suzi talks about developing interview practices that actually reflect the job, rather than examining esoteric knowledge or certifications - it's possible to have an interviewing experience that is actually enjoyable! The conversation dives into the power imbalance between employers and employees and how to resist being seen as lesser for not being employed. Work should be a mutually beneficial experience - we have to do better!
Links
Appartenir
Recorded January 29, 2026

What does it take to get your SaaS offering on multiple cloud providers? Richard chats with Steve Buchanan about his new role at JAMF, which focuses on a mobile device management product for Apple devices. Originally built as a SaaS product on AWS, Steve is helping to build out the JAMF stack on Azure to support a broader range of customers. Steve talks about Kubernetes as the common ground among the major cloud players, but you need to dig into the rest of the tooling to minimize differences across implementations. That means cloud-agnostic tools for deployment, identity, instrumentation, and more! The good news is that there are plenty of tools out there to help you, but it does take time to work out your suite of tools to get consistent results, no matter where the backend resides.
Links
JAMF
OpenTofu
Elastic Kubernetes Service
Azure Kubernetes Service
Google Kubernetes Engine
Microsoft Intune
iOS and Intune
Okta
Prometheus
Grafana
Steve's Pluralsight Classes
KAgent
SOC 2 Type 2
Recorded January 8, 2026

How have large language models impacted hacking? Richard talks to Erica Burgess about her experiences using LLMs for red team hacking, collecting bug bounties, and identifying vulnerabilities in systems. Erica discusses the power of LLMs to generate a variety of viewpoints on a potential exploit and help the hacker think "out of the box." Coordinating multiple agents to attempt a variety of exploits, retrieve information, and otherwise deal with the drudgery parts of hacking means a skilled operator can move faster - what once would be days of work can be minutes. Where does AI in hacking go? Lots of scary places - but also pointing the way to new ways to protect systems!
Links
Burninator Sec
Recorded January 24, 2026

You're using Active Directory Certificate Services - but is it configured securely? Richard talks to Ron Arestia about his work with organizations implementing their own Public Key Infrastructure (PKI) with ADCS. Ron explains how poorly configured ADCS enables lateral attacks within an organization once an initial breach occurs, allowing black hats to move throughout your network. A well-designed PKI system has tiers of protection, with the top level completely disconnected from the network. Or do you really need your own PKI system? The conversation digs into the various scenarios, including third-party options. Certificates are the top level of security for your organization - you need to get it right!
Links
Active Directory Certificate Services
Windows Hello for Business
Certified Pre-Owned
Microsoft Defender for Identity
Secure Privileged Access
Pass the Hash
Microsoft Cloud PKI for Microsoft Intune
Microsoft Entra Conditional Access
Microsoft Autopilot
Ron's Blog
Recorded February 6, 2026

Ready to get started with Purview? Richard chats with Erica Toelle about the first steps you can take to harness the power of Purview in your organization. Erica explains that Purview is an umbrella product that covers several infosec technologies, including information rights management, data loss prevention, structured data governance, and more. When preparing for M365 Copilot, you want to start tagging sensitive information in your organization, and Purview can help by using LLMs to identify potentially sensitive content. You can also monitor how data is used, the types of prompts sent to M365 Copilot, and more. This can help you bootstrap M365 Copilot by using Purview to see which data Copilot uses, and then tune the access rules for that data. "Getting your data estate in order" is not a destination; it's a journey, and Purview can give you a map!
Links
Microsoft Purview
Data Security Posture Management
Data Governance with Microsoft Purview
Conditional Access with Microsoft Purview
SharePoint Advanced Management
Microsoft 365 Archive
Endpoint Data Loss Prevention
Purview Browser Extension
Recorded January 7, 2026