In this episode of the PowerShell Podcast, we sit down with Michael Haag, Principal Threat Researcher at Splunk, to dive into PowerShell security, threat detection, and automation. Michael shares his journey from IT support to becoming a security expert, the role of PowerShell in modern cybersecurity, and his work on PowerShell Hunter and Atomic Red Team.
Key topics in this episode include:

• Michael’s journey into security – From IT support to system administration and eventually security research.
• Incident response and PowerShell – How PowerShell is used to detect and mitigate threats.
• PowerShell Hunter – A powerful tool for hunting threats and automating security tasks.
• Atomic Red Team and Atomic Test Harnesses – How these tools help defenders simulate and detect attacks.
• The importance of automation in security – How PowerShell can help security teams manage large-scale environments efficiently.
• Advice for getting into security and automation – Why contributing to open-source and getting involved in the community is key.

Michael also shares his thoughts on the evolving security landscape, how defenders can stay ahead of attackers, and practical steps for IT professionals looking to pivot into cybersecurity.

Bio and Links:
Michael Haag is Principal Threat Research Enginer at Splunk. Michael led the development of Atomic Red Team, an open-source testing platform that security teams can use to assess detection coverage. An avid researcher, he is passionate about understanding and evaluating the limits of defensive systems. His background includes security analysis, threat research, and incident handling.

• Follow Michael on Twitter (@M_Haggis) and GitHub (@MHaggis)
• Check out PowerShell Hunter on GitHub https://github.com/MHaggis/PowerShell-Hunter/
• Learn more about Atomic Red Team https://www.atomicredteam.io/
• Watch Atomics on a Friday, Michael’s security research show on YouTube https://www.youtube.com/@atomicsonafriday
• Join PowerShell Wednesdays every Wednesday at 2 PM EST in the PDQ Discord (discord.gg/pdq)
• The PowerShell Podcast: https://pdq.com/the-powershell-podcast
• The PowerShell Podcast on YouTube: https://youtu.be/F2TbwUS-eRI