Jessica Payne

What wording did we change in our posting? Years of security experience from 5 to 3, but importantly the wording before was very Cyber Threat Intelligence specific - now it includes IR, forensics, IT admin, etc. because all those backgrounds are relevant and security experience.

None of the analyst/researcher job postings for the Defender Threat Intelligence team require a degree, because I don’t have one and it would be awkward to disqualify me from my own job.

Ransomware is an economic problem - attackers use the same techniques of RDP brute force and lateral movement for years because they still work. Increasing operational security is not only possible using native/builtin tools, it’s becoming a new business continuity requirement.

Ransomware is often talked about with the same ‘superpower’ and malware focused narrative APTs are. Both are humans usually using psexec, GPOs, and stolen credentials to move laterally and deploy malware. Mitigations exist and networks can be hardened:https://twitter.com/jepayneMSFT/status/1095102585193738240 …

Do you want to work on my team and track threats via attacker behaviors to produce Actionable Threat Intelligence to make the world a more secure place (see thread) and also want a link to the job description that that doesn’t require you to login? :) https://careers.microsoft.com/us/en/job/721411/Senior-Threat-Analyst …

I talked about our team, how we grow people, and how our diverse backgrounds give us superpowers in the security space (and the career history of @endisphotic who is now one of our awesome analysts and teammates) in this talk if you want to know more:https://twitter.com/jepaynemsft/status/1084864426212155392?s=21 …

If your background is Incident Response, malware analysis, or IT instead of “Threat Intelligence” - that’s OK! You should consider those skills applicable to the role. Role posted as Senior but if you can make a convincing case for your skills we can hire a more junior person.

We’re helping our teams that build our cross platform Defender engine understand the threat landscape as it applies to Macs, Linux, and Android - and how attacks in the cloud work and can be detected too.

We partner closely with the Microsoft Threat Experts and DART Incident Response teams, advising them on hunting for emerging threats, mitigation and recovery advice, and providing insights on ongoing campaigns and attacker techniques.

We produce the reports and mitigations in the Threat Analytics feature of Defender ATP - reports that we call ‘Actionable Threat Intelligence’ - which is also our motto. We want not just to report on threats, but teach people how to mitigate them.

What do we do here? Some recent projects included tracking the BlueKeep threat through its lifecycle, including this fun collaborative research project :https://twitter.com/jepaynemsft/status/1192550279243161600?s=21 …

Do you want to work in a security research org with awesome people who thrive on collaboration? Do you want to change the way Threat Intelligence is produced and consumed to make the world more secure? Do you want to work with me? :) We’re hiring! https://careers.microsoft.com/i/us/en/job/721411/Senior-Threat-Analyst …

While BlueKeep absolutely can be used for lateral movement, it’s very likely to be used to replace RDP brute force in attacker arsenals. One unpatched forgotten system with Domain Admin service account or matching Local Admin passwords quickly leading to a Samas/LockerGoGa event.

Being able to work with security researchers to confirm their findings and share the insights and intelligence from the visibility we have into the threat landscape from our dataset is incredibly exciting and inspiring. I’m really proud to be part of my team and what we do.https://twitter.com/MsftSecIntel/status/1192549278507388929 …

I’ll be presenting a public version of this talk at Africa HackOn!https://twitter.com/africahackon/status/1156221337914028032?s=21 …