Ep. 160, PowerShell as a defender’s secret weapon with Michael Haag
Aired March 3, 2025 | 45 min
In this episode of The PowerShell Podcast, we sit down with Michael Haag, Principal Threat Researcher at Splunk, to dive into PowerShell security, threat detection, and automation. Michael shares his journey from IT support to becoming a security expert, the role of PowerShell in modern cybersecurity, and his work on PowerShell Hunter and Atomic Red Team.
Key topics in this episode include the following:
- Michael’s journey into security: From IT support to system administration and eventually security research.
- Incident response and PowerShell: How PowerShell is used to detect and mitigate threats.
- PowerShell Hunter: A powerful tool for hunting threats and automating security tasks.
- Atomic Red Team and Atomic Test Harnesses: How these tools help defenders simulate and detect attacks.
- The importance of automation in security: How PowerShell can help security teams manage large-scale environments efficiently.
- Advice for getting into security and automation: Why contributing to open-source and getting involved in the community is key.
Michael also shares his thoughts on the evolving security landscape, how defenders can stay ahead of attackers, and practical steps for IT professionals looking to pivot into cybersecurity.
Meet our guest
Michael Haag
Michael Haag is a principal threat research engineer at Splunk. Michael led the development of Atomic Red Team, an open-source testing platform that security teams can use to assess detection coverage. An avid researcher, he is passionate about understanding and evaluating the limits of defensive systems. His background includes security analysis, threat research, and incident handling.
Meet our host
Andrew Pla
Andrew Pla, a seasoned IT professional with over 10 years of experience, has spent the last 5 years mastering PowerShell. An ardent member of the PowerShell community and a Microsoft MVP, he loves sharing his knowledge and leveraging automation to solve complex problems. You can always find him connecting with others on the PDQ Discord and troubleshooting, with the firm belief that a problem shared is a problem halved.
