@brianbaldock.bsky.social
Microsoft Senior Program Manager | Cybersecurity, Identity and AI
ICYMI: My latest post on identity design for AI agents is still fresh.
OBO flow vs service creds, secrets, and audit trails, all covered.
Still relevant. Still useful.
blog.brianbaldock.net/recipe-desig...
#CyberSecurity #AgenticAI
New post: Designing Identity for Agentic AI.
How do agents securely access systems like SQL Server?
I break down two flows (OBO + service creds) + give you a practical checklist.
Check it out π blog.brianbaldock.net/recipe-desig...
#ZeroTrust #AIIdentity
Last week I shared what breaking into my own systems taught me as a defender. From missed file permissions to my first reverse shellβit was eye-opening.
What moment shifted your view on defense?
Catch the full post here: blog.brianbaldock.net/a-better-def...
New blog just dropped: How breaking in made me a better defender.
Offensive security taught me more than I expected; reverse shells, overlooked basics, and how fragile assumptions really are.
What changed your view on defense?
π blog.brianbaldock.net/a-better-def...
Push fatigue + phishing = breach.
Learn how to upgrade your MFA game with phishing-resistant options that actually work.
blog.brianbaldock.net/mfa-beyond-p...
#ZeroTrust #MFA #CyberSecurity
Tap-to-approve MFA isnβt good enough.
Read how real breaches happenβand how to prevent them.
blog.brianbaldock.net/mfa-beyond-p...
#CyberSec #Microsoft365 #Identity
Air-gapped networks arenβt as secure as many think. Stuxnet proved that. Insider threats prove that. Meanwhile, HTTPS/TLS provides a controlled, encrypted tunnelβsimilar to a VPN. Itβs time to rethink our approach to security.
Read more in my latest blog post: buff.ly/4hDd9dU
#CyberSecurity #VPN
Went live with @Merrill last week to break down the new Conditional Access deployment guide + setup.cloud.microsoft. Super slick way to deploy CA right. π
Catch the replay here: www.linkedin.com/events/entra...
#EntraID #Microsoft365 #Security
A place where words are the only thing that matters.
No accounts. No tracking. No judgment. Just sticky notes floating forever.
Welcome to LeaveA.Gripe
π Do you trust Microsoft with your emails and files? Then why not security?
Defender for Endpointβs cloud intelligence is just as safeβand more critical than ever. Proxies arenβt the problemβtheyβre the solution. Hereβs how to enable Defender securely in 2025:
π Disconnected doesnβt have to mean unprotected.
With streamlined allow-listing, Defender for Endpoint can work seamlessly in restricted networksβbut proxies are still a must. Learn how to do it securely: blog.brianbaldock.net/mde-proxies-...
#MDE #Proxies #CyberSecurity
No filters. No replies. No moderation.
Just raw, anonymous thoughts pinned to an infinite digital board.
Itβs called LeaveA.Gripeβan art project about expression without expectations.
Drop a thought: LeaveA.Gripe
Ever wanted to post something and not care what happens next?
Welcome to LeaveA.Gripeβan infinite pinup board for the internet. No replies, no likes, no moderation. Just words floating in the void.
Try it: LeaveA.Gripe
π Defender for Endpoint + Proxies = Secure Cloud Protection
Still avoiding Defenderβs cloud intelligence because of a disconnected network? Proxies make it work! Hereβs how to configure them securely and get full cloud-powered protection in 2025:
VPNs are widely trusted for security, but HTTPS/TLS achieves many of the same security goalsβjust at the application layer. If we trust VPNs, why dismiss HTTPS/TLS as βopen internetβ?
I break down the misconceptions in my latest post: buff.ly/4hDd9dU
#CyberSecurity #ThreatIntel #Encryption
Self-hosting an AI chatbot? Easier than you think.
I built one with Docker, NGINX, and my RTX 3080βfast, secure, and fully local.
Hereβs how: https://buff.ly/40WeBlT
#AI #SelfHosted #LLM #Docker #NGINX
No data center? No problem.
I built an AI chatbot with Docker, an RTX 3080, and NGINXβsecure, fast, and fully local.
Check it out: https://buff.ly/40WeBlT
#AI #SelfHosted #LLM #Docker #NGINX
If a service like Defender for Endpoint requires an internet connection, does that mean itβs exposed? No. HTTPS/TLS encryption functions much like a VPNβrestricting access to trusted services with encryption at different layers. I break this down in my latest post:
14.02.2025 13:37 β π 0 π 0 π¬ 0 π 0
Huh what - local inference with docker? Yup.
β
Local inference with vLLM
β
Secured with NGINX & Certbot
β
Fast, private, and free
Hereβs how: https://buff.ly/42CUF8N
#AI #SelfHosted #Docker #LLM #APIFree
Got a gaming PC? Turn it into an AI chatbot with Docker.
I used my RTX 3080 to self-host an LLMβno APIs, no cloud costs.
Hereβs the full guide: https://buff.ly/40WeBlT
#AI #Docker #LLM #SelfHosted
Took me a while to get this setup working, but the final results are solid. If youβre into AI, Docker, or self-hosting, check it out and let me know what youβd do differently!
02.02.2025 15:07 β π 0 π 0 π¬ 0 π 0I'd argue that they are a global necessity.
01.02.2025 15:21 β π 5 π 0 π¬ 0 π 0
Just published a blog on self-hosting an AI chatbot with Docker, vLLM, ChatUI, and GPU acceleration. Covers the full setup, troubleshooting, and lessons learned.
Check it out here: https://buff.ly/40WeBlT
#AI #Docker #SelfHosting #HomeLab
Working on a new blog post, this one's a big one - lots of good details for making a full on custom inference homelab for playing with AI models, stay tuned.
31.01.2025 12:15 β π 1 π 0 π¬ 0 π 0It's ready, just built out a 3 node proxmox cluster running my full lab and a node specific for AI workloads. Gonna be a fun holiday! Time to try out some uncensored models.
20.12.2024 04:30 β π 1 π 0 π¬ 0 π 0π Donβt wait for cyberattacksβstop them with Microsoft Defender XDR!
Join our webinar to see:
β
AI-powered threat detection
β
Live demos & Q&A
π
Register now: https://buff.ly/4ignxZP
π¨ Stop cyberattacks with Microsoft Defender XDR!
Join our webinar to see AI-powered tools stop threats across identities, devices, and data before damage happens.
β
Live demos
β
Q&A
β
Security insights
π
Register now:
Universal Continuous Access Evaluation (UCAE) is now in Public Preview! π Real-time access policy enforcement that adapts instantly to risksβno more waiting for token expiration. Think smarter, faster Zero Trust. Security Service Edge for the win! #UCAE #Microsoft
π
In 1903, Nevil Maskelyne staged the first wireless hack, disrupting John Ambrose Flemingβs demo of Guglielmo Marconiβs "secure" telegraph. He sent Morse code insults to expose its flaws, proving even the earliest wireless tech wasnβt immune to attacks. #Hackersbehacking
02.12.2024 10:52 β π 0 π 0 π¬ 0 π 0
