Microsoft Ignite 2020 Sydney – Security Releases

View Show Notes and Transcript

Episode Description

What We Discuss with David O’Brien:

THANKS, David O’Brien!

If you enjoyed this session with David O’Brien, let him know by clicking on the link below and sending him a quick shout out at Twitter:

Click here to thank David O’brien on Linkedin!

Click here to let Ashish know about your number one takeaway from this episode!

And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at [email protected].

Resources from This Episode:

Ashish Rajan: [00:00:00] Hello, and welcome to cloud security podcast today. Our guest is David O’Brien. He’s a really good friend, also a Microsoft MVP for Azure based out of Melbourne, Australia. He was in Microsoft ignite tour recently. So I’m really glad to have him here. Welcome David. Good morning. How are you? Good for people who don’t know you much. 


How do you, like, how do you introduce your. 


David O’Brien: Yeah, so I’m in the term VP been an MVP for last seven years now I’m focusing mainly on the Microsoft stack. So that includes us obviously, the public cloud and what we do is. And when I say we started a company called two years ago, we focus on the whole DevOps, automation, security around clouds. 


Sweet. 


Ashish Rajan: That’s a great, that’s a great way to get into a lot more Azure. So for people who don’t know ignite. I think I put myself into that same bracket as well, where I know a lot about AWS. I have know a bit about cloud in Google as well, a Google cloud, but Microsoft Azure is a bit of an unknown. So for people who may be kind of similar to me who have no background [00:01:00] on Azure, what is ignite and it’s the Sydney one that you went to, is that it is the same thing or is it. 


David O’Brien: Yeah. So Microsoft has this just like AWS with reinvent. They have the ignite conference and that happens once a year, somewhere in north America or, and it just happened in Orlando a couple of months ago. That’s the massive annual event with like 35,000 people to present. The whole product teams. 


Are they it, it’s a really big thing. But not everybody can go to ignite, so not everybody can go to the north American conference. That’s why Microsoft said, well, we’re going to take ignites out of north America and do a road trip. And that’s what became ignite the tour. So every year now there’s like 40, I think this year there’s 40 different cities all around the world where they take ignite in a smaller context. 


And bring it to different cities. So for example, last week I was in Johannesburg, South Africa. And just yesterday I got back from Sydney. 


Ashish Rajan: Sweet. So if I were to compare this to [00:02:00] AWS land and AWS free invite re-invent three invite, that’ll be a good name for re invite us to AWS. AWS reinvent is the same as Microsoft ignite. 


That’s where all the major announcements for the year would go in. AWS summit, which is the regional one is kind of like the ignite tour, but AWS summit sometimes coincides with announcements as well. It’s not the same with Microsoft ignite. Well 


David O’Brien: look just like AWS, it’s constantly evolving, right? There’s there’s patches coming in there’s updates, new features. 


So it might be that you’re adding the two in Sydney and they just patched something or they just release a new feature and you face, and it’s not targeted at that event, but it might just happen that you’re there. And, there’s a session about that. 


Ashish Rajan: Is it, is it true that all announcement from Microsoft happened on a Tuesday the first Tuesday of the month? 


I always wonder like, oh, is the past users still carried on to Azure, but I guess clearly not. Well, we might have to have to come up with another word for that. So with Microsoft ignite tour I think [00:03:00] you are the expert panel from what you explained to me earlier, what is that panel? And what can you share about actually, maybe what can people see at the ignite tour who have not been to Sydney? 


Is it kind of like the same thing as a summit? Because you’ve been to summit as well. So 


David O’Brien: yeah, it’s been two AWS summits and it’s sort of similar. Yeah. So in Sydney it was at the ICC around dialing hopper on really good venue. Around 9,000 people were present. So. Yeah. And there’s product team members there. 


So as a customer it’s really, really valuable. It’s like I said, Zuora and other product team members from the U S like from corporate HQ, coming all the way to Australia. So you can actually go and talk to them. That’s very valuable. There’s MVPs like Mercedes there that you can ask and yeah, I was on part of the expert. 


Panted team and yeah, as a customer or user of Microsoft technology, you can go and have a chat to experts in their fields and ask them questions. So. I can take questions, security questions, all of these kinds of, 


Ashish Rajan: [00:04:00] So if anyone who’s listening and probably uses Microsoft say any Microsoft product, office, physics five for their business or Azure for the business, they probably should be looking at going there because to your point product, people would be there. 


And other people like yourself who are my MVPs is a great opportunity for you to probably hear straight from Microsoft. Is it, is it expensive to get into, or is it just like AWS summit? It’s a free 


David O’Brien: event. So it’s an absolute, perfect opportunity to talk to yeah. To the product teams and experts in that feared. 


Yeah. Especially 


Ashish Rajan: if you’re a small business as well. I think that’s a great opportunity. You don’t have to like Colin or be this premium support member, but you could just rock up and talk to a product person. Sweet. So being part of that. I guess tour and being part of the expert area. What kind of questions did you come across and any security questions in there? 


David O’Brien: Yeah. So the questions were really interesting to be honest. You never really know what to expect. If it’s like that super loose agenda, ask me 


Ashish Rajan: anything, right? Oh, but then for you, it was Azure though. [00:05:00] Right? Anything ask me anything in Azure. 


David O’Brien: Exactly. But that could be really. Like the website there, or how do I train my AI moderate? 


Or how do I run this third RT cuts application on a virtual machine. So it could be really anything. And that, that made it quite exciting. And especially around Johannesburg and Sydney, cause you always think of. We might be a bit further ahead than other continents may be, but overall, the questions were fairly similar. 


But it ranged from really basic to really advanced and yeah, that security was in really big topic range. Like a lot of people ask is the cloud even secure. I’m pretty sure you get that ID. 


Ashish Rajan: Yeah. Yeah. I was, I was going to, I was going to let go of thinking, what was the. I was going to ask you this for my med pass the question, but I think we’ve definitely gone into it earlier, but that’s fine. 


What is a known thing though? Yeah. And people are still asking this. 


David O’Brien: Yeah, absolutely. And cause you hear about the breaches every day. Right. And it, it’s interesting to then go and start [00:06:00] explaining what the cloud actually is and that the cloud is not just the location, but how you work with it. So. 


That enables you to do whatever you want, including getting your says breached. So these questions were really interesting. The other types were, how do I secure my environment? Not is the cloud secure, but how do I secure my environment? How do I protect myself against external and internal threats? 


And also people are now starting to look inside. Yeah. So people started probably two years ago, 20 years ago. How do I protect myself against external threats, but there’s now starting to realize that a lot of threats actually coming from inside this way. So on the services that is do released a while ago, like sentiment, that can help you also understand intended. 


Ashish Rajan: Yeah. Oh, actually, maybe. Well, while going into, what is AWS Sentinel and why should people look at it? 


David O’Brien: Yeah, so, so sentiment is it’s cloud hosted seem really, but it’s a bit more than a scene, so you can hook pretty much any data. So. [00:07:00] And their speeds and connectors for sentencing. Obviously I think that’s over 200 bid and connectors, including community connectors now. 


But if there’s no connector, you can go straight HTTP rests into, sentiment and send all your data, any data into it, including for example, AWS cloud trade. So there’s already a bit in connector for this strain to send them. And Sentinel can help you understand what is actually happening in your environment and not just somebody. 


Somebody is hitting a firewall from that one pod that’s easy. Yeah. You don’t need centers for that. But for example is if the. If a virtual machine gets an extension, so has the concept of extensions and virtual machine on which run random court a bit like a user data, an and let’s say somebody’s a user who’s authenticated. 


And so it’s an extension on that virtual machine and advance. And it just happens that that code in starts a process that is known to be malicious. Yeah. So you, as the [00:08:00] administrator, you get that alert and he would just go and say, oh, that that process is malicious. And you would kit that process. Yeah. 


Easy and fairly standard already. The thing is. The issue is not that process. The issue is user. So the authenticated user in start the process. So what’s up with that authenticated user. So obviously that as either malicious. So if somebody in your organization went rogue or compromised. Yeah. So. 


Centenary can help you get that bigger picture around. Oh, that use that. That’s actually the common cost and not that process. 


Ashish Rajan: Oh, right. So it’s sorry. I was gonna quickly say it’s central across multiple subscriptions or it’s a consoler view 


David O’Brien: view across your whole enterprise. 


Ashish Rajan: Yeah. And to, to your point, emphasize on the enterprise, because you’re including AWS in there as well. 


I wonder if Google cloud logs kind of come in as well, or is it just because, 


David O’Brien: yeah like I said, if that’s not a connector already, you can [00:09:00] just, there’s a Google function, 


Ashish Rajan: so swear sweater will be functions. That’s why you 


David O’Brien: can take those logs out of Google and with functions, just send it to centenary. 


Ashish Rajan: Oh, right. Oh, right. Okay. So 


David O’Brien: it’s not just cloud, right? It could hybrid technology 


Ashish Rajan: or Sumo logic. 


David O’Brien: So yeah, it’s a bit like Splunk and Sumo. Definitely. And we get that question quite often. But then you get the whole orchestration on top of it, so you can see where it is. This thing happens then. Ox thread. 


So you can have a full workflow that automatically happens and respond to these issues. Oh, right, 


Ashish Rajan: right. Okay. Fair enough. That makes sense. So was there a, now coming back to the AWS, AWS came back to Azure ignite chore. Was there a lot of interest in seeing, because my understanding of logging in Azure is that it’s kind of expensive. 


And there are people may already have Sumo logic or Splunk or something. So what, the questions around monitoring how to monitor better or was it hard? Do I use Sentinel? Like, what was the questions like? 


David O’Brien: I tried to stay away [00:10:00] from how do I use product X to use case, right. What would the chief and Sentinel might be an answer to that? 


Just like an AWS as much, but we used to lock stuff. So, yeah. Then there can be pricier options and centers. That’s going to be on the pricier end. But it’s all you need is I need some insights into my environment and I don’t need the whole AI and threat hunting, red team, blue team kinds of stuff, including the orchestrator. 


Like the really sophisticated office street sheet, then something like lock analytics, workspaces could already be enough. And that’s fairly cheap depending on the amount of data that you have to work with. Questions where sometimes how do you use product? Yeah. I always get those people back to. 


What’s actual use case. And then we figure out is that product actually something worthwhile digging into 


Ashish Rajan: yeah. And to your point, because most of the product information is really on the website already, right. In terms of documentation and videos and stuff. So you could just point [00:11:00] them, like, let me Google that for you and everything as well. 


What was an interesting use case for you in terms of, did you find they were very maturity level as well between the questions or do you find everyone with super mature. 


David O’Brien: It’s interesting. Look, I’ve been doing on AWS for quite awhile. And on any cloud, you get these super mature customers that everything’s serverless everything’s in API, everything. 


Instead of passwords, right. And then on the complete other sites, there’s the, how do I deploy a VPC or a virtual network? I don’t even know how to deploy a storage account. What, what do I do with my 15 year old file server? That’s running underneath my desk. So. W I got all of these questions of over the whole spectrum. 


It’s been interesting because there are valid use cases, right? Which discount any of them. And especially when it comes to security, I find the. I don’t want to say less mature, but the like legacy use cases, if you want to [00:12:00] call them that I find them probably more exciting. Yeah. 


Ashish Rajan: Right. Wait, let me ask you this then. 


One of the previous episodes we had diner Jenka from my, I think she used to work for Microsoft. She came across a use case where Microsoft access was to be. Moving to Azure. Did you have any of those use cases when you think of legacy, what’s the most legacy application that you’ve been looking at, or someone asks you that they want to move into Azure? 


David O’Brien: When somebody did ask me, so we’ve got that mainframe here and I’ll just say don’t, don’t touch it. 


Ashish Rajan: Yeah. I don’t think compute by compute any cloud provider can have enough compute for a mainframe at this point in time. I don’t think so. Yeah. I guess it’s still struggling to get over that battle. 


We’re still working with SAP still, which is again, another beast to deal with, but maybe they’ve gone with SAP first and then go into mainframe. But so the most legacy one has been. Yeah, something like that as 


David O’Brien: well. Yeah. Really odd sequence where they couldn’t figure out which managed service of sequence server to use on. 


Then that’s the really [00:13:00] odd five, which is still running on windows server 2000. And I always tell people to look, the 2000 actually means something. It means it’s not 20 years olds 


Ashish Rajan: wait. So Microsoft Azure is still supports toward 2000 or 


David O’Brien: that’s usually customers ask and I’ve got this thing on prem. 


How do I move that over to the cloud? And yeah, you’d be surprised. What all would take is still running on prem. Sometimes on accents. I have not come across access yet. 


Ashish Rajan: Maybe it could be a Canada thing that Microsoft access is still there. Yeah. But it would be, I would definitely shock me because I was, I haven’t heard access for a very long time. 


And when I heard that on the episode, like Ford, someone has Microsoft access as a database, like yeah. I mean, yeah, if it was used back in the day, but ages ago, with the with this also. It’s always interesting to find. Are you finding a lot of people on multicloud as well? And is multicloud really a thing you’ve seen in the Azure space? 


Quite a bit. And the people you’re working with, people who are Kamia came and asked you questions. 


David O’Brien: Yeah. [00:14:00] So Hmm. Yes. Multicloud is a thing. When we talk about enterprise. Yeah, it’s the, the, the thing is we always have to start defining what multicloud actually means. Is it multi cloud across the enterprise, but the enterprise is using mud, the clouds, or are we saying we need. 


That application that we’re running, that needs needs to be able to run on much the cup facts at the same time. Right? So the, the format on the enterprise using multiple cloud providers for different things, that’s definitely a thing. And we see that a lot. And that’s why Microsoft is building that products. 


So open that. That they can actually go and get that consolidated view across everything. Oh, okay. Yeah, because Microsoft’s focus or one of the focuses big focuses is the enterprise and they understand that enterprises for whatever reason go multicloud. Right? Yeah. The second use case one application running on mud, the cloud providers. 


I’m very [00:15:00] skeptic. 


Ashish Rajan: Yeah, you have problems. There was, at that point is people are looking at one part of it is going to be in Google cloud. Another part in Azure and another part on. Say I AWS or something else that, yeah, that’s really complicated from an architecture perspective as well. 


David O’Brien: Yes. And it might be fine to use, I don’t know, something on AWS CC to one tier on Sundance, and then it kicks off and as a function, maybe a different tier, but as soon as we start talking about one tier of an application running on, might’ve picked up provider. 


That that’s a total nightmare to deploy that, to architect that, like people always say, oh, containers a container. Sure. But that’s where it stops. And it’s just completely different to even though it’s Kubernetes underneath, they’re completely different on functionality wise. Oh, Yeah, I think nothing of that is going to help you. 


Ashish Rajan: Yeah. And I think that’s what maybe a lot of people are going with Terraform as a one language for orchestration in the whole enterprise. That way it works across AWS. It works across Azure. But [00:16:00] to your point, it’s completely different code. You’re talking at completely different API. You’re basically making a spaghetti out of your environment by allowing something like that as well. 


But yeah, well, it’s, it’s, it’s a topic which you can go on for hours as well. With the Microsoft ignite and you mentioned Sentinel as a security product, and you also mentioned some of the questions you get is how do I secure my workload on Azure? What do you recommend as for people who may be starting on Azure? 


And they’re coming from an AWS or Google cloud background. What do you recommend as like a basic sanitation thing for people to go and secure their first for clothes? Or maybe even start from the beginning? Like how do you sign up and make it secure? And then you go to the next level of putting in stuff there. 


David O’Brien: So that’s actually a Microsoft article on on their docks, which actually targets AWS administrator. Oh, right. 


I think it’s good. It’s AWS at this point. I’m not sure if GTP is on in there, but as an AWS administrator, so you can go onto that article and see where I’m used to land [00:17:00] that what’s the equivalent to Landa on. So that helps to translate a couple of use cases. Apart from that. There’s some really good free learn. 


So Microsoft learn on learning paths that are really interactive, where you can go from fundamental. Like again, the very basic services like networking and storage and virtual machines. All to hate to translate your knowledge over to me. They even give you like sandbox environments. So you can in your browser on the left, you’ve got the left on the left. 


You’ve got the, documentation and the instructions that you should run through. And on the light, this is. 


Ashish Rajan: Oh, yes. So if I sign up for Azure, I guess cause I think the other thing that I was going to bring up was Microsoft security centers as well. And that, I think that’s almost like B, so the way I understand it and after exactly what you said, you kind of use some demo or some playground or sandpit to just see what it’s like, but after you’ve done all of that, is [00:18:00] there. 


It basic sanitation thing. You’d recommend that people do like send security center or something. Similar 


David O’Brien: security center. What’s really where as soon as you’ve got some, 


Ashish Rajan: ah, right. Okay. So if you don’t have work, no. Are you basically doing all this learning first, bringing a subscription? Ah, right. Makes it make sense. 


David O’Brien: Can already without a workload, tell you where you doing this and that, but you shouldn’t be doing that. What I would look at is adviser, which is another free service inside of Azula that could tell you that tensive things fake. Venture machines are under utilized, so it can hit your right size or your virtual machines have a public IP address on them with a network security group, which is open to the internet. 


You shouldn’t be doing that. So it gives you all these, like, not just into the right. 


Ashish Rajan: Ah, so for someone who’s working in the Azure space and maybe a security person or a cloud security engineer, how do they, how do you recommend them manage security across their Azure work workload and dumb self? Like ongoing compliance compliance is probably a very wrong word, but [00:19:00] more just feel that they’re safe and that nothing is creating. 


David O’Brien: Yeah. So that’s where adviser and security center comment, security center, for example. And you mentioned compliance. So I’m going to mention that security center does have, a way to show you how compliant you are against PCI fights. Oh, right. So you can go in to the security center. That’s on the security center though. 


Think right now that capabilities then preview, but it works. So it scans your whole environment from an infrastructure point of view. That’s important. They don’t go into your app code, for example. But from an info point of view, they would list out which things are not complied with PCI 27,001. Right. 


That’s a really, really good, way to understand what you’re doing, what you’re not doing, what you shouldn’t be doing. And, and I always turned my customer. Look at it, even if you don’t have to be PCI compliant, PCI is really lots of best [00:20:00] practices. 


Ashish Rajan: That’s true. That’s true. 


David O’Brien: A lot of these best practices are shouldn’t be optional, but you should really be doing them. 


Whether you have to be PCI compliant or not 


Ashish Rajan: true. Just on the compliance piece, right? How do you. I think it’s an interesting one that I find that previously we were talking about maturity, but, and now we’ve spoken about measuring security, but how do you assess maturity in your Azure environment? 


David O’Brien: Good question. 


Ashish Rajan: Maybe we have to come back to that one. 


David O’Brien: That’s when human beings. 


Ashish Rajan: Yeah. Okay. Like I think maybe what’s an example of a low maturity was as a high maturity in your case. What do you recommend? What’s a 40 of seen 


David O’Brien: from, in my opinion, that has not much to do with the service of skill using it’s the way you use the Sabbath. 


So it’s, it can be really mature, but everything’s a virtual machine in my. Yeah, cause he might be constrained by the application that you’re using, but the way you are using those switch machines, you’re using the you’re deploying those virtual machines. Aren’t you maintaining those switch machines over time and be fully [00:21:00] automated. 


Nobody has access to the environment. Everything goes, fail code reviews and pipeline. And everything is locked and audited. Yeah. That would be really mature. Same on the other side, you could be everything Kubernetes and everything is a function service. But this is a functions are straight on the internet. 


You know, application that caused these functions, the function of authentication code is in the URI. Yeah. It could be really immature doing these more mature services, 


Ashish Rajan: right? Yeah. Just because you’re using a mature service. 


David O’Brien: Yeah. So just because you’re using. Function doesn’t necessarily mean your environment, a small mature. 


Ashish Rajan: Yeah. No, that, that, that makes sense as well. If you’re still like uploading a file on a console and just not troubleshooting automatically, I guess that’s another sign of maturity as well, I guess you buy for, but for the sake of maturity, you’re calling or I’m using functions, but how you’re using it is probably the that’s for the maturity. 


David O’Brien: Exactly and the thing on the [00:22:00] virtual machine, example, a lot of people are used to using jump boxes and bastion hosts or desktop gateway or Linux junk box. And I think maturity also comes in when we look at patterns that PPE. And how they adapt to new patterns of arriving in the cloud. So Microsoft now has zero bastion, which is your hosted as checkbox, right? 


You deploy that resource or virtual machine, a resource, and you can connect to your virtual machine without a public IP without VPN, without any of that. In your browser, so, oh, so there’s no tunneling there. Snow SSH tunnel, none of that anymore. 


Ashish Rajan: Well, is this a new thing? 


David O’Brien: Yeah. It’s, it’s fairly new. Yeah, we’ve been using it so it’s in preview, but it works and using it for our customers for the last six months or so now. 


Right. 


Ashish Rajan: That’s that’s that’s game changing though, because that’s like every standard that I’ve seen for any thought for all of them have like a bastion thing, [00:23:00] because, well, you need a break glass, but having that as a service, wow. That’s changed the game and student preview. 


David O’Brien: It’s in preview at the moment. 


But they’re working on it all the time on this new features coming out constantly. And it works really, really well. And it’s a bit like systems manager, session manager, systems manager, session manager only gives you the command line and that’s it, which is fine on Linux because that’s what you get. 


On last turn, you get your foot RDP session 


Ashish Rajan: in your browser, you know? Wow. That, that definitely is a game changer. I’ll be curious to see how that, how that goes and if AWS comes with their own version of it as well, another question that I keep all, sorry, it’ll do that. 


David O’Brien: I’m sorry, which means you can use it on your phone because you don’t need an IDP client or a 


Ashish Rajan: oh yeah. So all those late night calls that you get there, you don’t have to get out from your bed and log into a computer. Just basically open up, open up your browser on the mobile phone and just log in from there. Yes, I’m looking at it. 


So the question that I was not asked was. Another question. One of the audience member has one of the listeners that stream she asked me [00:24:00] over LinkedIn was how do you deal with shadow? I, well, I’ll shadow it, but shadow cloud accounts and Azure. What’s your recommendation on that? It is a thing though, right? 


Yeah. Okay. 


David O’Brien: All you need is a kind of cat, right? Yeah. Yeah. 


Ashish Rajan: Perfect. So. 


David O’Brien: Well, if you don’t know about, then there’s no way to do anything about it. Right. There’s certain ways to, I don’t know if, to, for, to find them, cause. People do have to somehow knock into them into the subsequent chain site. And if they’re using their work account for that, which they probably would, then these subscriptions become a member of your AAD, tenant, you as a tenant. 


So if you had something like centenary and EBIT and your a tenant, then that would be. To learn that there’s something that just new, something new that popped up somewhere 


Ashish Rajan: also central, it can pick up an Azure account or Azure subscription, which is probably not in the existing tenant. 


David O’Brien: Yeah. So, so because of what be part of the tenant you lock in. 


Would show a subscription [00:25:00] ID that you don’t know about. You could respond to that. And as a few medically right now, if not set that one up before. 


Ashish Rajan: Yeah. But that definitely sounds like a good solution, especially because your point in an Azure ecosystem, you’re already collecting all logs from your on-prem as well as Azure system. 


Or even, I guess to your point, it could be even Splunk or anything as well. You can still find out what the URL have subscription ID in there, or how would they, would you be able to, so that would 


David O’Brien: be part of the header and I’m pretty sure. So the head of the. 


Ashish Rajan: Oh, right. Okay. So I actually, I don’t know if Splunk would work in that case then, because that’s all HDB information, right? 


Yeah. Well, one more thing for for all of us to solve. I guess once we, once we get. Yeah, cool. I was gonna move to our next section and it’s a quarter of a MythBuster section, right. And I think we’ve kind of covered this already, but what is the most common cloud security myths that you have? 


David O’Brien: Where the the cloud is insecure 


Ashish Rajan: kind of expected that one. 


Yeah. How do you address that? Usually? 


David O’Brien: So it, the cloud is not [00:26:00] insecure, right? Provide us, they have list probably as tall as I am. Which, well, it’s somebody who’s really tired because. That long with the certifications, right? They have the DOD, the DOJ, the us military running on these cloud environments. 


So the cloud, it says it’s secure. But it’s only as secure as you make it. Right. So it’s very easy for me to create a virtual machine with a public IP, which is open to the internet. Microsoft. It’s not going to stop me doing that. But for example, when we start talking about encryption, because people say, oh, we need to encrypt as a free, when addressed pretty much everything is already encrypted on this. 


Yeah. There’s no, there’s no asking you. Do you want the storage account to be encrypted? It just is right there. That’s not an option. Just like secret server. They have their TDS. Their transplant data and crunch. There’s no way to turn it off, which is actually an issue on RDS because an idea secret server, you [00:27:00] need enterprise for that. 


Ashish Rajan: All of a sudden cryption being default. Doesn’t stop people from storing plain text passwords in a SQL server. You can anchor your plain text password to still appendix password. 


David O’Brien: Yep, exactly. And that’s what I mean, right? The infrastructure, the cloud itself is super secure, but you can do all of these bad practices, by having plain text password. 


Encrypted at rest, but in transit, that’s the plain text passwords. So you can do all of that. And Microsoft is not going to stop you because depending on what it is, it might be, find it use case. Right. So Microsoft enables you to have a super secure environment and actually not that difficult. Once you start thinking in cloud tents and start leaving your legacy, thinking of on premises, behind a lot of things already out of the box. 


And in some cases it’s literally a tech tick box that you have to take, but you need to know that you need to ticket. 


Ashish Rajan: So wait, what are people not asking enough about cloud security then in European? 


David O’Brien: So I [00:28:00] think a lot of people see security as an afterthought, so they start designing the environments. 


And then at some point put that environment it’s already there in front of a security person. And then on these issues come up. So I think it’s not so much. What do they not ask the, who do you talk to? Like usually you might ask these questions too late. Had you asked that question earlier on with somebody else or maybe got Ashish in really early into your project? 


And she’s taught you where you don’t have to build all this big, like, environment over here to make your environment secure. It’s literally a tick box. So do you have to check. with the jump box is a bastion now. 


Ashish Rajan: That’s right. Yeah. That’s a great service. And thanks for the plugins for anyone who needs services I’m available. 


Well, this is a great, a high for me to move into my next section, which is unique on segment. What is your like, What is your superpower in terms of which is actually, maybe let me switch this around a bit. It’s [00:29:00] usually part of my fun, fun question. Right? What do you spend most time on when you were not working on cloud? 


David O’Brien: Oh, when I’m not working on cloud, on center for work. Yes. 


Ashish Rajan: It doesn’t have to be just like something that you’re passionate about. Ah, 


David O’Brien: well so I’ve been flying for over 18 years. So I’ve got a pilot’s license and, I can talk just as much about planes as I can talk about clouds. 


Ashish Rajan: Yeah. W w w then, and the next one is what is something that you’re proud of, but not on your socials, LinkedIn or Twitter or your website? 


David O’Brien: Whew. Wow. 


Ashish Rajan: The difficult one, right? It’s like, it’s one of those moments. 


David O’Brien: Think the it’s sort of on that social it’s, but I think it’s the steps I took over the last years and where, so we moved continents. Yeah. Same on history as you have. And I think I’m really proud of that, that my wife. Took these steps. I’m really proud of the framework that I’ve got here and the opportunities that we build as part of moving continents. 


Oh, cool. No, 


Ashish Rajan: that’s a great answer, man. Hashtag immigrant life. The final question is [00:30:00] what’s your favorite cuisine or restaurant that you can share with the viewers or audience? 


David O’Brien: Oh, okay. So restaurant favorite restaurant. So one in Sydney, that I just been to on Thursday, actually. So Keogh is a Japanese restaurant. 


I love Japanese food. It’s very close to dining Harbor and really, really good. The other one we’ve just been there last night, actually. 


And they do all of it is gluten-free. And they they’re quite recess and then. Really, really good, 


very they have Mac and cheese and beef cheeks and like not really a like country cuisine, like from a country, but, like pretty much everything makes like a good fusion, but really good. Really good quality. 


Ashish Rajan: Yeah, I will do it. That’s why we’re friends, man. Well, that’s the end of the episode, but thanks so much for your time. 


Really appreciate it. Where can people find you? Where can people find you online? 


David O’Brien: Yeah. So on Twitter at David underscore O’Brien, I’ve got my [00:31:00] person had been knock on David’s hyphen O’Brien dot net and my company timeless is on Silas X I U s.com.edu. 


Ashish Rajan: Perfect. And thanks so much for your time again. 


I really appreciate it. Thank you very 


David O’Brien: much.