Trace Id is missing

Expert profile: Justin Turner

Principal Group Manager, Microsoft Security Research
 A man with a beard standing in front of a stadium.

You can’t defend something that you don’t see or understand.

Justin Turner
Principal Group Manager, Microsoft Security Research

Justin Turner began his career building and breaking communications networks for the United States Army. This allowed him to travel the world and work in places like Iraq, Bahrain, and Kuwait. When his active-duty adventure ended, Justin transitioned to civilian life in Florida in 2006. The job was similar—building, hacking, and breaking things—but this time, he was with the MITRE Corporation.

In 2011, he got a call from a former Army commander about a role at SecureWorks exclusively focused on the commercial side of cybersecurity.

His initial role was in threat intelligence production, looking across customer data sets and responding to questions on malicious files or malware. That included doing analysis and investigating active threat campaigns.

“At the time, banking Trojans were prevalent. Some might remember the Zeus banking Trojan. A lot of remote access tools really came to bear around that time. A couple years after that, I was asked to help develop a threat hunting practice for the company. This was before threat hunting existed in the market as a service like it does now.”

When Microsoft decided to launch Defender Experts for Hunting, Justin received another call from a former colleague and friend. He said, “we’re launching a new service for Microsoft Security, I can’t think of anybody better for this role.”

Justin says the three challenges that persist across his 20 years of experience in cybersecurity are:
  • Configuration management
  • Patching
  • Device visibility

“Across the board, misconfigurations are a monumental challenge. Our network environment has dramatically changed, we went from server mainframe environments, which had thin client edges, to everyone owning a personal computer. Fast forward to today, there are countless network connected devices from smart homes to manufacturing environments to personal devices. Maintaining a secure baseline across that is a challenge, sustaining patch levels adds another layer of the problem.”

As the complexity and size of the networks grow, so does the number of vulnerabilities, Justin explains.

“Our customers with expanding blended environments try to keep up with patching. It’s easy for us to say, ‘just patch’ but it’s a massively challenging problem that takes a lot of time and continued investment.”

The third challenge is visibility. Justin says many of the customer conversations he has center around a problem that occurred because the customer didn’t know that a vulnerable system exposed to the internet was operating in their network.

“Recently, for a conference, I took an intrusion from decades ago then looked at an intrusion from a week ago. I put the two side-by-side and asked, ‘Which one of these happened in 1986 and which one of these happened last week?’

No one could tell because the two looked so similar. The attack was a software vulnerability that nobody knew existed. It was a misconfiguration of the server, poor auditing and logging, with little to no patch management. The technical details of the problems are different now, but the fundamentals are the same. You can’t defend something that you don’t see or understand.”

Related articles

Cyberthreats increasingly target the world’s biggest event stages

Complex and target-rich, major sporting events and world-renown activities present opportunities for threat actors to disrupt travel, commerce, communication and emergency services, and more. Learn how to manage the vast, external attack surface and defend world event infrastructures.

61% increase in phishing attacks. Know your modern attack surface

To manage an increasingly complex attack surface, organizations must develop a comprehensive security posture. With six key attack surface areas, this report will show you how the right threat intelligence can help tilt the playing field in favor of defenders.

Insights from trillions of daily security signals

Microsoft security experts illuminate today’s threat landscape, providing insights on emerging trends as well as historically persistent threats in the 2022 Microsoft Digital Defense Report.

Follow Microsoft