1044 episodes
- How can Azure Policies help you? While at Techorama in Belgium, Richard sat down with Barbara Forbes to discuss how Azure Policies have evolved and the techniques sysadmins are using to improve security, cost controls, efficiency, and more. Barbara talks about how the default policies are designed to get folks started in Azure quickly - not necessarily optimally. And there are plenty of policy templates out there, but before you implement them, it's worthwhile to review each policy and ask the question "why?" Keeping good documentation on policies makes it easier to know intent, especially when it comes to changing them - and you'll need to change them! There are a number of ways to apply policies, but in the end, they are just more Infrastructure-as-Code, and so easily repeatable. Azure Policies are there to help you provide freedom with guardrails if you implement them carefully!
Links
Azure Policy
Microsoft Cloud Security Benchmark
Azure Management Groups
Azure Bicep
Terraform on Azure
Recorded May 12, 2026 - How are supply-chain attacks evolving? Richard chats with Mackenzie Jackson about his work helping companies protect their software supply chains from malware attacks. Mackenzie discusses the vulnerability of developers to attacks, since their accounts are often highly privileged and invariably contain access to exploitable secrets. The conversation digs into the challenges of securing various code distribution mechanisms like npm and how you can protect your organization - starting with, don't install packages as soon as they are released! There are effective tools for detecting malware in code, but they take time. Waiting 48 hours can eliminate a lot of risk!
Links
Aikido Software
Trivy
Claude Mythos
OpenClaw
Shai-Hulud Guidance
ClawHub
Open Source Malware
Windows Update Management
Recorded June 15, 2026 - How can sysadmins help software developers work securely and make more secure applications? While at NDC in Toronto, Richard sat down with Tanya Janca of SheCodesPurple to discuss what admins can do to help address the security challenges software developers face. Tanya talks about securing development environment and pipelines - developers routinely work from high privilege accounts because their tools require it, and as a result, have become the targets of black hats to get access to accounts, keys, and other exploitable resources. There are plenty of tools available to help work through the issues, including the latest AI-powered tools. LLMs can also help generate more secure code in the first place, and Tanya has created a set of prompts you can use to create more secure software. The threat landscape is shifting with these tools, and we need to act quickly to resist the new attacks!
Links
SheHacksPurple
Canadian Guidance on Resisting Supply Chain Attacks
OWASP Top 10 Security Risks for 2025
Prompts for Generating Secure Code
Recorded May 8, 2026 - The 47-day certificate is coming! While at NDC in Toronto, Richard received an update from Todd Gardner about his show last year: certificate authorities are moving toward SSL certificates that last only 47 days! Todd talks about the first decrease in duration that has already passed - as of March 2026, the longest duration certificate you can buy from certificate authorities is 200 days. At the core of these changes is the problem that certificate revocation just isn't working properly, so a short certificate lifespan is the effective solution. Short certificate lifespans make automation to replace certificates essential - and that's where CertKit and other tools come in!
Links
Lets Encrypt
ACME Client Implementations
CertKit
Apple's 398 Day Rule
Microsoft SHA-1 Retirement
Google Transparency Logs
Perfect Forward Secrecy
Recorded May 8, 2026 - What can go wrong with machine learning? While at NDC in Toronto, Richard chatted with Megan Robertson about her experience with machine learning projects, often using retail datasets, and where they can go wrong. Megan talks about getting clear expectations and metrics for projects, so you know when you succeed, but then digs into the specifics of problems in machine learning, such as overfitting on test data. Your results are only as good as the data you put in, so a lot of focus goes into building good sets, carefully developing the model with those sets, and using techniques like cross-validation to ensure the model is behaving appropriately. There's a lot that can go wrong, but the results with an effective model can be very powerful - it is worth the effort!
Links
Cross Validate Model
Megan's Website
Recorded May 7, 2026
More Business podcasts
Trending Business podcasts
About RunAs Radio
RunAs Radio is a weekly Internet Audio Talk Show for IT Professionals working with Microsoft products.
Podcast websiteListen to RunAs Radio, Good Bad Billionaire and many other podcasts from around the world with the radio.net app

Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features
Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features


RunAs Radio
Scan code,
download the app,
start listening.
download the app,
start listening.
RunAs Radio: Podcasts in Family































