In this special Talking Security episode, recorded live from Microsoft HQ during the MVP Summit, hosts Frans Oudendorp and Pouyan Khabazi sit down with Ofer Shezaf, the mastermind behind Microsoft Sentinel—the first truly cloud-native SIEM.

With over 30 years in cybersecurity, Ofer takes us on a journey through the evolution of InfoSec, shares the origin story of Sentinel, and unpacks what it takes to grow a billion-dollar product. From the early days of SIEM to the role of AI in modern detection and response, this episode is packed with insights, strategy, and a few fun stories along the way.

Whether you're a seasoned SOC analyst, a cloud architect, or just curious about how Sentinel became a cornerstone of modern cyber defense—this one’s for you.

👉 Topics covered:

- Why existing SIEMs weren’t enough—and how Sentinel changed the game

- Lessons from building and scaling a $1B+ cybersecurity product

- Real vs. perceived risk in product strategy

- The role of community and open-source in shaping the future of cyber defense

- Ofer’s advice for the next generation of cybersecurity leaders

Grab your Favorito drink, and let’s talk security! 🔐

In this episode of the Talking Security Podcast, we sit down with Itai Cohen from the Microsoft Defender for Cloud Apps team to explore the evolution of SaaS Security — from the traditional CASB (Cloud Access Security Broker) model to a broader, more proactive security strategy.

We cover:

• Why CASB isn’t enough anymore and what the future of SaaS Security looks like
• The growing threat of OAuth abuse — and why it’s such a hot target for attackers
• New innovations from Microsoft like Attack Path Analysis and Advanced Hunting for OAuth threats
• How Exposure Management is helping organizations proactively reduce SaaS risk

🎧 Whether you're a security architect, IT decision-maker, or Microsoft 365 enthusiast, this episode will help you rethink how you protect your SaaS environments.

👇 Don’t forget to like, subscribe, and share with your network.

📬 Got feedback or topics you'd like us to cover? Let us know in the comments or reach out via TalkingSecurity.nl!

Outline of the recording

0:00 - Intro

0:22 - Introduction of this episode

2:05 - Introduction of Itai Cohen - Microsoft

2:29 - What was the original goal of Microsoft Defender for Cloud Apps as a CASB solution?

4:10 - Why is Microsoft adding more capabilities on top of the traditional CASB model towards a broader SaaS Security approach?

6:08 - How do you see today’s SaaS threat landscape compared to when CASB solutions first appeared?

10:11 - Why is OAuth has become such an attractive attack vector?

13:53 - What are typical OAuth attack paths, and how do attackers exploit them?

14:50 - Microsoft blog - https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/protect-saas-apps-from-oauth-threats-with-attack-path-advanced-hunting-and-more/4395997-, you announced new capabilities to detect OAuth threats. Can you give us an overview of what’s new?

16:16 - How does Attack Path Analysis help customers better understand and mitigate OAuth risks?

19:10 - Advanced Hunting is now available for OAuth threats — how can security teams leverage this capability?

22:36 - What are some common mistakes you see organizations make when it comes to OAuth permissions and consent management?

26:40 - Exposure Management - How does Microsoft Defender for Cloud Apps contribute to a broader exposure management approach, and how can customers use it

31:47 - How do you see the role of SaaS Security evolving within the wider Exposure Management strategy that Microsoft is building?

33:09 - How does SaaS Security fit into Microsoft’s broader security strategy, alongside Defender XDR and Entra ID?

35:33 - SaaS Security is overlooked? Why?

40:42 - If you weren’t working in security, what would you be doing instead?

42:20 - Closing the episode

43:23 - Outro

#SaaSSecurity #MicrosoftDefender #OAuth #CASB #CloudSecurity #TalkingSecurityPodcast

Join Frans Oudendorp and Pouyan Khabazi in this special episode of Talking Security – Let’s Talk, where we sit down with Javier Soriano, Principal Product Manager for Microsoft Sentinel.

We dive deep into:

- The evolution of Sentinel from day zero to today

- The new Sentinel Data Lake and how it transforms long-term log retention and investigations

- Why Sentinel Graph matters for SOC teams

- The Model Context Protocol (MCP) and its role in agentic AI workflows

- What’s next for cloud-native security: automation, AI, and new operating models

If you’re curious about the future of Microsoft Sentinel and want practical insights for your security team, this episode is packed with value.

👉 Subscribe for more conversations on Microsoft Security, Modern Workplace, and cloud innovations.

#MicrosoftSentinel #TalkingSecurity #CloudSecurity #DataLake #CyberSecurity #ai

Chapters: