Shows
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 539 - SBOM Paving the Road of Good IntentSend the hosts a message - try it now!TL;DR It's been said that the road to hell is paved with good intentions. I feel like this applies to SBOM so much it's scary. All the good intentions in the world seemed to have led us to a place where we have tools that produce inconsistent results, tool sets that aren't necessarily integrated or mission-focused to deliver results, and a lot of confusion. Varun joins us with a boatload of entrepreneurial expertise and an eye for problem-solving so it's an interesting conversation. ...2023-02-2147 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 535 - Let's Ask AI Security QuestionsSend the hosts a message - try it now!TL;DR A few days ago, my pal Kevin asked me if I had seen the LinkedIn post by Helen Patton that asked an interesting question of the podcast space... Her post made me think - why the heck not? So, I did. Thanks to Helen, whose idea this was - I hope you get a chance to watch and enjoy the outcome of your request ... we had far too much fun recording it. Here on this episode - which I promise you is 100...2023-01-241h 02
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 532 - Its the End of 2022 As We Know ItSend the hosts a message - try it now!TL;DR Shawn Tuma, our favorite cyber legal eagle, joins Rafal & James to talk about the sorts of things we learned about 2022, in what could be confused for a year-in-review episode. We saw ransomware, big incidents, but overall ... things weren't the worst out there. If you missed our live-stream on LInkedIn (link below) you can replay that any time, or listen to this episode as a podcast. For 2023, I'm going to be tweaking some things to get us talking, sharing, and hopefully an even better experience...2023-01-0450 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 530 - The Bold and the InvasiveSend the hosts a message - try it now!Prologue Karim Hijazi joins Rafal & James this week on the podcast to talk about some interesting trends and developments in the world of bad actors. It's an interesting update including some things I wasn't expecting to hear about how threat actors "hit back at" incident responders and threat hunters. This is a good conversation about the current threat landscape with an eye on the Russian hackers out there, and pretty good listening for anyone who wants an added dose of situational awareness. Links:...2022-12-1348 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 527 - Fun With Machines LearningSend the hosts a message - try it now!Prologue On this episode Rafal & James re-visit the concepts of machine learning, "artificial intelligence", and applicability to cyber security from Sven Krasser, Chief Scientist at CrowdStrike. Dr Krasser has been working on algorithms and computers analyzing massive amounts of data since the early 2000's so his analysis of today's "state of the art" and projections for the future are likely spot on. We have a little fun poking at industry buzzwords and make some real projections for where things are moving. If you're trying...2022-11-2246 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 525 - Practical Zero TrustSend the hosts a message - try it now!Prologue Are you sick of hearing "Zero Trust"? Do you, like us, also feel like it's a marketing buzzword, and then a cute concept that has a very difficult time in reality? Yeah, this episode is for you. David Fairman and Jason Clark, join Rafal to talk about what is essentially continuous signals evaluation, least privilege, and default deny with segmentation. All those things we love, and haven't done right. Guests Jason Clark LinkedIn: https://www.linkedin.com/in/jasonclarkfl/ David F...2022-11-0838 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 523 - Practical SASE for the MassesSend the hosts a message - try it now!Prologue Today's guest helps James and Rafal attempt to unravel the completely confusing space of "modern remote access". Some call it SASE, some SSE, some ZTE and some are completely mad and still use the term VPN. Who knows who's right, or why any one is preferred over the other ...except Carlos Salas from NordLayer. Listen in, and give it some thought. Maybe you'll understand this big mess a little better by the end of the episode. Guest Carlos Salas, Engineering Manager, NordLayer...2022-10-2537 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 519 - Insights From an Industry LeaderSend the hosts a message - try it now!Prologue This week, Rafal takes the show on the road (literally) to Las Vegas for Fal.Con '22 -- this is CrowdStrike's premier global get-together of customers, partners, and industry experts to showcase some innovation and share ideas and insights. I wanted to say a big thank you to CrowdStrike -- all the folks who helped make this happen and continue to support this podcast and provide access to these fantastic guests. Thank you to Nick Lowe, Geeta Schmidt, Kapil Raina, and...2022-09-281h 01
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 518 - Go Big or Go HomeSend the hosts a message - try it now!Prologue Solving problems is a challenge not everyone is up for. The industry is littered with people and companies that bring small-time solutions to an industry begging and pleading for actual solutions. Jason Clark of Netskope, and long-time friend, joins James and Rafal to talk about the mindset and approach needed to solve BIG problems that change the game, change the landscape, and change our lives. Guest Jason Clark LinkedIn: https://www.linkedin.com/in/jasonclarkfl/ Digital Disruption with Geoff Nielson Discover ho...2022-09-2044 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 516 - Breaking Bad on EASSend the hosts a message - try it now!Prologue Fresh off his presentation at Defcon 2022, Ken Pyle joins Rafal to talk about the Emergency Alert System (EAS) he's been hacking since 2019 and discusses findings, challenges, and the work left to do. It's a fascinating conversation that will leave you wondering - how do we fix this clear and present problem, and more importantly...where else should we be looking? Guest Ken Pyle LinkedIn: https://www.linkedin.com/in/ken-pyle/ LinkedIn Stream (recorded): https://www.linkedin.com/video/event/urn...2022-09-0647 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 514 - Adam Explains EverythingSend the hosts a message - try it now!Prologue We've covered "threat intelligence" on the show a few times now, but the evolving nature of what threat data is, how it's useful, and how it enables defenders of a specific type identify malicious activity keep it interesting. This time around Adam Meyers of CrowdStrike joins Rafal to discuss threat intelligence, threat hunting, and clarifies some of the mis-conceptions and utilities around the topic. A good conversation for those defending their infrastructure and useful data points from someone who is a recognized expert. Adam joins...2022-08-2341 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 512 - Why is Enterprise Security Program Maturity so Tough?Send the hosts a message - try it now!Prologue This week, long-time friend and well-known industry personality, Jessica Hebenstreit joins Rafal to talk about her journey in consulting to very large security programs and why maturity is elusive in many of those programs. As it turns out, maturity is influenced by many factors but highly dependent on actually solving problems and being able to show progress. This is an interesting conversation for anyone who wants to understand what's inside the head of a former practitioner who has ventured into the field to help others...2022-08-0942 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 511 - Managing Technical TeamsSend the hosts a message - try it now!Prologue This week on the podcast, the one and only Tom Eston joins Rafal & James to talk about managing teams. Tom is a well-known personality who runs the "Shared Security Show" podcast -- which has been running even longer than we have, give them a listen if you don't already. Tom talks about the difficulties of managing, coping with various types of personalities, and helping employees thrive while finding the right balance between in-office and remote. Great show if you're in a leadership position...2022-08-0241 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 508 - DNS Under Siege, So What?Send the hosts a message - try it now!Prologue DNS is a big topic, and you may be asking yourself why. Well, as we noted in a recent show ( https://ftwr.libsyn.com/dtsr-episode-504-dns-turns-40 ) DNS is officially middle-aged. And with that middle-age comes some more problems. These issues have caused a situation where it's increasingly evident that DNS needs to evolve, mature, or simply revise (2.0?) itself ... but into what? And why? Listen to Ken Carnesi from DNSFilter who joins James & Rafal to talk about the challenges and the future, and why it's still...2022-07-1243 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 507 - Beyond NDR: Of Badguys and BottlenecksSend the hosts a message - try it now!Prologue Let's start with NDR - Network Detection and Response - because it's not new, but the discussions lately have been very interesting. Is it still relevant? Does it have a place in today's hybrid and cloud world? Well, in this conversation with Raja Mukerji, co-founder of ExtraHop, Rafal tackles these questions and gets some interesting answers. For those of you who have followed for a while - I have a surprise reveal for you at the end.Support the show2022-07-0537 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 505 - Reflections on RSA Conference 2022Send the hosts a message - try it now!Prologue RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard. Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry. Guests Tyler Moffitt LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/ Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/ Matt Rose LinkedIn: https://www.li...2022-06-211h 01
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 502 - Why Can't Gov Figure Out Supplier SecuritySend the hosts a message - try it now!Prologue CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're probaby alll too familiar. For some, it's hell. For the rest, it's mostly insane. Jacob joins Rafal & James to educate us, and give us the reality of this set of standards. Guest Jacob Horne LinkedIn: https://www.linkedin.com/in/jacob-horne-cissp/ Support the show>>> Please consider clicking the link above to support the s...2022-05-2453 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 501 - Netskope's Bad SaaS ReportSend the hosts a message - try it now!Prologue This week, on the first post-500 episode, we welcome Netskope's Ray Canzanese to talk about the Cloud & Threat Report they just published ( https://www.netskope.com/netskope-threat-labs/cloud-threat-report ) which has some interesting bits in it. Ray discusses the details and some of the things that you won't find in the text of the report. Good conversation as Rafal & James break down the headlines.Support the show>>> Please consider clicking the link above to support the show!...2022-05-1741 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 496 - How to Win Friends and Influence CISOsSend the hosts a message - try it now!Prologue Have you noticed that the relationship between buyer and seller, or more precisely, between CISO and seller is... eh ... tenuous lately? OK, maybe it's a lot worse than that in some cases. Why is that? How did we get here? And how do we fix a relationship that is quite clearly necessary, but just so broken? Yaron Levi, long-time industry veteran joins Rafal to discuss the challenges and opportunities of the CISO - vendor relationship. Guest Yaron Levi LinkedIn: https://www.linkedin.c...2022-04-1249 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 489 - Crowdstrike Global Threat Report Feb 22Send the hosts a message - try it now!LinkedIn Live stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6895440886222643201/ DtSR LinkedIn Page (subscribe here!): https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Prologue This week is a slightly longer (oops) episode of the DtSR Podcast with a three-timer, Adam Meyers of Crowdstrike. Adam joins James and Rafal to talk about the latest Global Threat Report and all the trends and insights. There is a lot of good insight here, and if you want to catch the LIVE (recorded) vi...2022-02-2253 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 486 - SBOM in the Real WorldSend the hosts a message - try it now!Prologue SBoM ("Software Bill of Materials") is the new rage. Everyone's talking about it. What it means is you're expecting a list of software components and includes, libraries, etc that make up the software you're buying or using. The problem is, in real life, SBoM is exceptionally difficult and maybe even slightly impractical. Listen in as Rafal & James discuss SBoM in real-life scenarios with Paul Caiazzo -- a guy who's trying to make this idea work in his day-job. Guest Paul...2022-02-0244 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 479 - Productivity of Jump Boxes and Bastion HostsSend the hosts a message - try it now!Prologue In a technically deeper episode, Ev joins Rafal to discuss how security has made productivity challenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev asks us to image an entirely new paradigm of productive access to necessary resources - so listen in and dream big with us. Guest: Ev Kontsevoy LinkedIn: https://www.linkedin.com/in/kontsevoy/ Teleport: https://www.linkedin.com/company/go-teleport/ Support the sho...2021-12-1444 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 474 - Unraveling Mountains of EvidenceSend the hosts a message - try it now!Prologue Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual! Straight from Enfuse Chuck Dodson joins Rafal & James to talk about digital evidence collection, management, and processing in the realm of law enforcement. A fascinating look at the law enforcement side of things, and a topic perspective most of us never have occasion to think about, unless you're in the fight. Guest Chuck Dodson https://www.linkedin.com/in/chuckdodson/ OpenText World...2021-11-1840 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 470 - Security Leadership Insights from AnnSend the hosts a message - try it now!Prologue On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to talk about leadership, and sports apparently. Thanks to the NJ Chapter of ISC2 ( https://www.linkedin.com/groups/4425593/ )for submitting questions and Ken for joining us to guest-host. On this episodes, we ask Ann to talk to us about leadership challenges, and what's in store for the future. Also, we briefly talk sports teams and discover Ann...2021-10-2645 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 469 - YGHT They Hacked RansomwareSend the hosts a message - try it now!Prologue This week on a ridiculously awesome episode of the DtSR Podcast the one and only Mr. Steve Perkins of Nubeva joins Rafal & James to talk about something worth shouting about. They've figured out how to beat ransomware... yes, there are a few 'catch' things, but the tech seems solid and the possibilities endless. Give this episode a listen, then scroll below to click the links, and give this a look for yourself! Guest Steve Perkins LinkedIn: https://www.linkedin.com...2021-10-1946 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 467 - TPA Chips and SLSASend the hosts a message - try it now!Prologue This week, Kim Lewandowski joins Rafal & James to talk about Google's latest contribution to the Open Source software movement - Supply-chain Levels for Software Artifacts (SLSA). We have a great conversation, and I hope you guys go watch the video (when it comes out) and check out the axe in the background. I never did find the interesting logo Kim talks about- maybe one of you will find it and post it to #DtSR on Twitter! Guest Kim Lewandowski LinkedIn: https://www...2021-10-0537 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 466 - TPA Vulnerability Management Goat RodeoSend the hosts a message - try it now!Prologue This week, fresh off his Twitter rant, Travis McPeak joins Rafal to talk about the goat rodeo that vulnerability management in the enterprise. Travis talks about the multitude of reasons vulnerability management is so difficult, and what we can be done about the whole mess. Great episode, lots of great discussion and big thanks to Travis for the contribution to the topic. This needs more discussion, folks! Guest Travis McPeak LinkedIn: https://www.linkedin.com/in/travismcpeak/ Twitter: @TravisMcPeak Sup...2021-09-2839 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 463 - TPA Human Security EngineeringSend the hosts a message - try it now!Prologue This week our friend Ira Winkler joins Rafal & James to talk about the human element in cyber security. Ira, like us, absolutely loathes the phrase "stupid user" - so you'll want to hear what he's working on, and his comments on the space.Support the show>>> Please consider clicking the link above to support the show!...2021-09-0739 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 459 - TPA A Defenders Endpoint PerspectiveSend the hosts a message - try it now!Prologue Big thanks this week to OpenText for providing access to Fabian Franco (go check out his bio below). He joins James & Rafal to talk about protecting endpoints, and some of the interesting things that go along with state-of-the-art detection and response capabilities. Also, if you'd be so kind as to support those who keep this show going, go check out the OpenText link below and give it a click, won't you? Why are there so many acronyms for endpoint defense? What do EPP...2021-08-1736 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 456 - TPA The Pandemic Meat GrinderSend the hosts a message - try it now!Prologue Frankly, we have no idea how we got through 450 episodes without interviewing Rich. No clue. Rich is a man of many talents including a trained responder for situations like we've been facing. He's also a cloud security specialist, and happens to do a half-dozen other things in his "spare time" too. In this episode we chat about what the pandemic has taught cyber security professionals, and what we'll come out the other side looking like. Warnings: Loki spoiler alert - oops, Rafal...2021-07-2748 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 440 - TPA Fighting Back Against ATOSend the hosts a message - try it now!Prologue Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale? Rafal's guest, Ari Jacoby of Deduce has some ideas. Ari talks about the broader ATO problem, and suggests some of t...2021-03-2341 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 438 - TPA Implementing Zero Trust PrinciplesSend the hosts a message - try it now!Prologue This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why. Guest Yuri Bobbert LinkedIn: https://www.linkedin.com/in/yuribobbert/ His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f...2021-03-0947 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 437 - TPA Healthcare IT Under SiegeSend the hosts a message - try it now!Prologue This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right? This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing. Guest DJ McArthur L...2021-03-0240 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 432 - TPA Identity and TrustSend the hosts a message - try it now!Prologue On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last time Robb was on the show (which was in 2016!). Of course they talk about the "big hack", and retreat into identity, Zero Trust, and the challenges of mid-market companies trying to do their own security. The lesson here? "The more we learn, the more we recognize we know very little." Guest Robb Reck LinkedIn: https://www.linkedin...2021-01-2640 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 431 - TPA Medical IOTSend the hosts a message - try it now!Prologue This week on DtSR, an old friend Jamison Utter joins Rafal to talk about medical IoT devices, and what makes them different -- and of course, how we can better protect them. Jamison's company, Medigate, is a healthcare security and medical analytics company - and it's an interesting discussion on how this type of IoT differs from others with security implications. You'll want to listen in, since the "Internet of Things" discussion is getting very varied, and you need to keep up. Guest...2021-01-1937 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 428 - TPA TIM-enabled NextGen SOC PlatformsSend the hosts a message - try it now!Prologue Let's start 2021 off right with a returning guest whose name you will want to remember. Joep (pronounced like "soup" but with a "you") Gommers the founder and CEO of EclecticIQ joins Rafal to talk about threat intelligence - from platforms to TIPs, use-cases, implementations, limitations, and the move to TIM. It's a fun conversation that looks at where "threat intelligence" started, and where it's gone over the last 5 years or so. If you're a threat intel analyst, another consumer, or even a vendor, you'll want...2021-01-0533 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 427 - TPA Security Beyond the RegExpSend the hosts a message - try it now!Prologue This week, on the last episode of 2020, Michael Coates joins Rafal to talk about wire-speed-data-protection. Sort of like CASB but more universal. Interestingly, Rafal and Michael talk through how DLP has evolved and into what, and some interesting developments along the way - then the promise of something better. Guest Michael Coates LinkedIn: https://www.linkedin.com/in/mcoates/ Twitter: https://twitter.com/_mwc Support the show>>> Please consider clicking the link above to support the show!...2020-12-2941 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 424 - SOC Fight 2020Send the hosts a message - try it now!Prologue Fill up your coffee cup, find a comfortable seat, and get ready to dive into this show! Richard & Anton join James and Rafal to discuss the SOC and it's evolution (or not) in today's enterprise. What are the major issues with SOCs today? What will the SOC of tomorrow be like? Does anyone know why Anton's hair is so nutty? These and other questions will be answered, maybe, on this show... so listen in and please give us some love on the socials.2020-12-0850 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 419 - TPA CISOs in Covid TimesSend the hosts a message - try it now!Prologue This week James and Rafal have the pleasure of being joined by Allan Alford, from his work-cave somewhere near Dallas, TX to talk about what we're hearing and seeing as we advise CISOs during the times that Covid brings. We discuss budgets, priorities, and "good enough" security strategy in a weird time in our industry and world. Guest Allan Alford LinkedIn: https://www.linkedin.com/in/allanalford/ Twitter: https://twitter.com/AllanAlfordinTX/ Support the show>>> Please consider clicking the l...2020-11-0341 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 418 - TPA Another Security Inflection PointSend the hosts a message - try it now!Prologue This week on DtSR, John Steven joins Rafal & James to talk about an inflection point in security that's happening right now. As you may notice, everything about security is changing, especially in the AppSec space... listen in and you'll hear John's thoughts on a very interesting time to be in the industry. Evolve, or die... Guest John Steven LinkedIn: https://www.linkedin.com/in/m1splacedsoul/ Twitter: https://twitter.com/m1splacedsoul Support the show>>> Please consider cli...2020-10-2738 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 412 - TPA Consolidation Integration and Good EnoughSend the hosts a message - try it now!Prologue: This week David Soto joins Rafal and James to talk about how throughout his career the cybersecurity landscape has evolved and the tools have consolidated, integrated, and how we're perhaps still misunderstanding "good enough". David of course has a very long and storied career where he's carried multiple roles from CISO to a consultant, so he has a depth of experience most of us don't get. He's great to listen to, as he shares his knowledge - tune in! Guest: D...2020-09-1546 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 405 - Hallmarks of Good LeadersSend the hosts a message - try it now!Prologue: This week, Rafal welcomes Wayne Reynolds, a veteran of not only our industry, but of the US Marine Corps - where he's been a leader in multiple scenarios. We talk about what makes good leaders, good and bad styles, and the things you need to know if you either WANT to be a leader, or you are looking to find someone who you want to work for. Huge thanks to Wayne for taking time out of his crazy schedule early in the morning to talk...2020-07-2830 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 404 - The Wacky Wild World of OTSend the hosts a message - try it now!Prologue: This week, on the "Episode Not Found", Rafal and James host Robert Lee from Dragos. It's a conversation about Operational Technologies that includes a deep dive into the business and management side of Industrial Controls and the Energy Sector. Robert gives us a frank, no-spin walkthrough in the good and bad of the space and talks about some of the misunderstandings many of us have. A great episode if you're interested in the non-traditional cybersecurity sector. Guest Robert Lee Twitter: https://twitter...2020-07-2143 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 402 - Life Security AdulthoodSend the hosts a message - try it now!Prologue: First, I need to apologize for the quality of my (Rafal) audio. For a reason I don't understand, the Skype central record feature absolutely butchered it - could have been something on my end, I simply don't know. It should be listenable, albeit annoying. Second, huge thanks to Carlos for taking the time out of his busy morning from being a dad and his day job to talk to us. He's got a lot of really interesting and important things to share about...2020-07-0743 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 397 - Modern-ish Vulnerability ManagementSend the hosts a message - try it now!Welcome Down the Security Rabbithole to yet another edition of the DtSR Podcast. We we roll on towards milestone episode 400 James and Rafal discuss a topic that doesn't get nearly enough airplay - vulnerability management. This isn't just your dad's vulnerability scanning though, or is it? Have we done anything exciting in this space in the last 15 years? Maybe... kind of...but the problem is much harder. Guest Ed Bellis Twitter: @ebellis LinkedIn: https://www.linkedin.com/in/bellis/ Support the show...2020-06-0242 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 396 - Verizon DBIR 2020 AnalysisSend the hosts a message - try it now!It's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we need to learn. Link to the report: https://enterprise.verizon.com/resources/reports/dbir/ Guest: Gabriel Bassett LinkedIn: https://www.linkedin.com/in/gabriel-bassett/ Twitter: https://twitter.com/gdbassett/ Support the show>>> Please consider clicking the link above to support the show!...2020-05-2751 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 395 - Can We Fix the MSSPSend the hosts a message - try it now!Special thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode! This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask: "Hey John, how's the hair?" It's great to be able to spend time with old friends and just talk about solving some long-standing problems our industry faces. One of the perennial favorites is why MSSPs are all terrible. Well - we have some...2020-05-1947 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 394 - High Profile Healthcare Security LeadershipSend the hosts a message - try it now!Episode 394 Rafal & James host Keith Duemling from the Cleveland Clinic (talk about high-profile jobs!) to talk about security in the healthcare space, challenges, the future, and other random topics. Keith has spent a large part of his career leading healthcare organizations, so he has a lot to share. Listen in! Guest Keith Duemling - Director of Cybersecurity Technology Protection at the Cleveland Clinic LinkedIn: https://www.linkedin.com/in/keithduemling/ Twitter: @KeithDuemling Support the show>>> Please consider clicking the link...2020-05-1237 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 393 - Smartish CitiesSend the hosts a message - try it now!Guess who's back, back again ... James is back, so listen in! So James is officially back after a bit of a hiatus from the podcast, and on this episode him and Rafal sit down over a fun interview with Matt Lewis Research Director for the UK with NCC Group. Matt is the primary author on a report on "Smart Cities", and it's definitely something you should read. We talk about the report, discuss the true nature of a smart city and what it means to...2020-05-0542 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 384 - Zero Trust Redux 2020Send the hosts a message - try it now!This week Rafal hosts Dr. Chase Cunningham, Forrester analyst and all-around security badass to redux Zero Trust. The last time we tackled the topic was Episode 222 with John Kindervag back in 2016 - so it's time to see what's new. Zero trust is more than just firewall rules, and it encompasses a lot of security technologies we don't even think about - so this update is a great primer for 2020. Guest: Dr. Chase Cunningham - https://www.linkedin.com/in/dr-chase-cunningham-54b26243/ Support...2020-03-0338 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 383 - The Jennifer Ayers InterviewSend the hosts a message - try it now!Join Rafal & James this week, as they welcome Jennifer Ayers. Jennifer is the Vice President of Overwatch and Security Response at Crowdstrike. Rafal and Jennifer worked together "back in the day" so the conversation starts with a little storytelling from the old days, and then works its way into Jennifer's fantastic career and lessons learned over the years in her various leadership positions. Guest Jennifer Ayers - https://www.linkedin.com/in/jnayers/ Support the show>>> Please consider clicking the...2020-02-2747 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 379 - IoT Transforming LESend the hosts a message - try it now!This week, in our final (for real this time) episode recorded LIVE from Enfuse Conference 2019, courtesy of OpenText, we chat with Brian Chidester. It's a fascinating conversation about what the IoT world can (and is) do for law enforcement and government ... think smart cities + Cops. Highlights from this week's episode include... Brian shatters any last shred of privacy I could believe in through the millions of IoT devices out there 'for our protection' Brian reminds us hackers set of Tornado alarms around Dallas ... Brian and R...2020-01-2124 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 378 - Trending on CISOsSend the hosts a message - try it now!In our final "Live from Enfuse 2019" episode, I had the pleasure of sitting down with Paul Shomo to talk about some of the things he's talked to CISOs about as he travels and advises on behalf of OpenText. It's a pretty interesting conversation... Once again, thanks to OpenText for having the DtSR Podcast in Vegas! Highlights from this week's episode include... Paul and Rafal disagree on whether the cloud transformation is "almost over" or "just begun" Paul brings up the challenge of API...2020-01-1436 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 376 - Protecting Our Kids OnlineSend the hosts a message - try it now!Merry Christmas, and a Happy New Year listeners of the Down the Security Rabbithole Podcast! This week the show focuses on one of the most important things any of us really have - our children. Protecting kids in an increasingly digital world is tough, but not impossible. We decided to bring Theresa Desuyo from Qustodio on the show this week to discuss what her company is doing, and the broader theme of protecting children online. Apologies in advance for Theresa's audio quality. Couldn't fix...2019-12-2433 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 375 - Malcolm in the Middle (of a Career)Send the hosts a message - try it now!This week, DtSR is joined by Malcolm Harkins - former CISO of Intel and industry insider extraordinaire. Malcolm shares insights from his long and distinguished career so pull up a virtual chair, grab your notebook, and pull over because this is one that's a great listen. Highlights from this week's episode include... Rafal asks Malcolm why he doesn't job-hop like most CISOs Malcolm and Raf discuss the "feature economy" Raf asks Malcolm to predict the future Guest Malcolm Harkins ( @ProtectToEnable ) - Chief Security...2019-12-1839 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 374 - Mike Daugherty Looks In the Rearview MirrorSend the hosts a message - try it now!This week, on a very special show recorded from his home studio in Atlanta, Rafal welcomes Mike Daugherty back onto the show to tell the story of his crazy journey and battle with the FTC. Highlights from this week's episode include... Mike gives a recap of the road to where he got Rafal and Mike discuss the last few years since episode 171: "When the FTC Attacks" Rafal & Mike discuss the New Yorker article: https://www.newyorker.com/magazine/2019/11/04/a-cybersecurity-firms-sharp-rise-and-stunning-collapse Guest Mike Daugherty...2019-12-1145 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 372 - Not the Rise of the MachinesSend the hosts a message - try it now!This week on #DtSR (live from Las Vegas, Enfuse 2019 Conference) Rafal chats with Nick Patience of 451 Group. Nick has some expertise in ML and provides context and content that is badly needed to dispel the crazy marketing hype out there. Highlights from this week's episode include... Nick answers the "What is ML/AI, and what is it not?" We think Nick insulted machines by calling their learning potentially "shallow" (haha) Nick gives us the retail applications of machine learning - grocery stores and similar things...2019-11-2638 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 371 - Advancing SOC-as-a-ServiceSend the hosts a message - try it now!First, and foremost, thank you to OpenText for having the #DtSR Podcast live and in-person in Las Vegas. Enfuse is a fantastic conference bringing together security operations professionals (forensics, threat hunters, SOC analysts), privacy, and legal professionals under one banner. It's a fantastic opportunity to hear some very involved talks, hear about the state-of-the-art, and join the conversation. Also ... the people you will meet there are amazing - guests and staff. Highlights from this week's episode include... Kevin gives us an educated, experience-based...2019-11-1938 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 370 - Gamifying InfoSecSend the hosts a message - try it now!Down the Security Rabbithole is back for Episode 370, and this week's podcast focuses on gamification, and it's applications to InfoSec. Big thanks to Chloé for joining us and sharing her knowledge. She's a legitimate expert in the field, so give this a listen. Highlights from this week's episode include... Chloé explains gamification Rafal and James ask some tough questions Chloé explains how games help us learn Much more, tune in! Guest Chloé Messdaghi ( @ChloeMessdaghi ) - VP of Strategy at Point3...2019-11-1244 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 369 - Ransomware's EndSend the hosts a message - try it now!Welcome to episode 369! This week Rafal talks ransomware and welcomes Oussama El-Hilali, Chief Technology Officer at Arcserve, and Chester Wisniewski, Principal Research Scientist at Sophos to the podcast. Highlights from this week's episode include... Chester hits us with some staggering facts and figures about ransomware Rafal asks if companies should pay the ransom …and ducks Oussama explains why backup companies and anti-malware companies should be besties Guests Oussama El-Hilali - https://www.linkedin.com/in/oussama-el-hilali/ Chester Wisniewski - https://www.linkedi...2019-11-0542 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 368 - Contain(er) Your SecuritySend the hosts a message - try it now!Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the (still) UK, and James is back too! What a treat... join us and read the show notes! Highlights from this week's episode include... Liz explains containers, security, and gives us a foundation Liz explains the fundamental stages of securing containers Liz explains the model of different types of containers and the things you need to worry about Rafal asks "where do you install the agent?" ...2019-10-3042 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 367 - Cloud BabiesSend the hosts a message - try it now!This week, #DtSR Podcast is recorded live from Dallas at the Armor SecureCon inaugural user conference. Rafal had the occasion (and good fortune) to get a few minutes to sit down with Jeff Collins (CSO, Lightstream) and Kristopher Russo (Security Architect, Herman Miller) and chat cloud. P.S. - We love in-person conversations! Highlights from this week's episode include... Jeff talks about Lightstream's cloud foundational framework and why it's a must-do if you're thinking cloud Kristopher some inner wisdom on architecture and business al...2019-10-2228 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 365 - Mountains of DataSend the hosts a message - try it now!Welcome back to another episode ... this one sets up DtSRs appearance at the Enfuse Conference 2019 in Las Vegas in November. Give this topic a listen, as it doesn't matter whether you're in legal, compliance, or security - you need to understand this topic well. We want to thank Opentext for sponsoring DtSR's trip out to Las Vegas for the conference, and of course we encourage you to join us out in the desert for another really well-done conference on the intersection of law, compliance, privacy, and s...2019-10-0835 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 364 - Interviewing Jerry ArcherSend the hosts a message - try it now!Welcome! This episode of Down the Security Rabbithole Podcast was recorded live from Dallas, TX where the Security Advisor Alliance Summit 2019 was happening. One of the hardest working men in the business, Mr. Jerry Archer, stopped by and took a few minutes off his schedule to let Rafal interview him and get some of those amazing nuggets of wisdom and experience into your ears. Feedback, as always, is welcome! Highlights from this week's show include... Jerry sets the background for his...2019-10-0134 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 363 - That Oh Shit MomentSend the hosts a message - try it now!This episode was recorded live from the Security Advisor Alliance Summit, 2019 in blistering hot Dallas, TX. If you don't know what the Alliance is, or are asking yourself why you should bother, click here and find out why this is one of those organizations that you must be part of if you're serious about cybersecurity. Highlights from this week's episode include... Graeme introduces himself Rafal & Graeme talk about security at scale Graeme discusses some of the insights of the Equifax breach Graeme dispenses know...2019-09-2539 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 362 - Real Security is HardSend the hosts a message - try it now!Friends & Colleagues, this week I have the pleasure of being joined by one of my good friends and industry veteran - the one and only Jim Tiller. We revisit the things we talked about in Episode 102 and get an update on the state of security from a guy who would know. Pre-requisite listening: Episode 102 - http://ftwr.libsyn.com/dtr-episode-102-security-leaders-series-jim-tiller Highlights from this week's show include... Jim & Rafal talk about the "feature economy" that is the security vendor marketplace today Ji...2019-09-1746 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 361 - Your Adversary Problem in 2019Send the hosts a message - try it now!This week Adam Meyers joins James & Rafal to talk about the Crowdstrike Mobile Threat Landscape Report 2019 - https://www.crowdstrike.com/resources/reports/mobile-threat-report-2019/ and the learnings and lessons therein. Highlights from this week's episode include... Adam gives us the lowdown on adversaries, in 2019 Adam bakes some bread Rafal asks who the biggest and baddest attackers are So much more... check out the link above, read the report! Guest: Adam Meyers - https://www.linkedin.com/in/adam-meyers-7a58481/ - VP, Intel...2019-09-1137 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 360 - Thwarting Bots and FraudsSend the hosts a message - try it now!This week, Rafal sits down in person with Sam Bouso of Precognitive, in Chicago headquarters to talk about some very cool tech that's probably only on the periphery of security. Give it a listen! Highlights from this week's show include... Sam discusses the problem that bots and fraud pose to not only digital commerce but overall digital interaction Sam and Rafal talk through the various buzzwords (machine learning, AI, etc) and their real applications here Sam talks through how algorithms and massive data sets can...2019-08-2741 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 359 - Mind the Diversity GapSend the hosts a message - try it now!This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time. Highlights from this week's show include... Rafal and Alyssa discuss the very real problems the lack of diversity in technology creates A jab is taken at the TSA ...because it's just too easy Alyssa revisits the 'castle analogy' for InfoSec and why it's so tough to get right Much more fun... you'll h...2019-08-2030 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 358 - No More Crappy Job HuntsSend the hosts a message - try it now!This week on another jammed-packed episode, Rafal takes to Black Hat 2019 to interview some interesting guests that have something unique to tell you. We start with Deidre Diamond, the lady behind CyberSN - and why she's reinventing the way you get your next InfoSec job. Highlights from this week's show include... Deidre tells us a little bit about what's new at CyberSN Rafal & Deidre discuss the insane InfoSec job market Deidre explains why how she's planning on eliminating hiring bias in the InfoSec w...2019-08-1533 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 357 - Hacker Summer Camp 2019Send the hosts a message - try it now!This week, James and I sit down to think (and talk) through Black Hat (and Defcon) 2019. "Hacker Summer Camp" as it's affectionately known in the industry, is a rite of every summer...but is it delivering value to attendees, do we have the right audience, and is the content worthwhile? This and more... Highlights from this week's show include... Raf and James reminisce about summer camp days gone by Rafal addresses Dino's excellent-sounding keynote (abstract) Raf & James discuss the hype (or more precisely, t...2019-08-0532 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 356 - Its Been a While AndySend the hosts a message - try it now!Welcome down the security rabbithole friends! This week, Andy Kalat takes a few minutes off from recovering to chat and comment on the state of security, and what's different since we first met back in... 2003? Fun episode... It's been a while, Andy! Highlights from this week's show include... Andy and Rafal try and figure out when they first met...in real life Andy points out the problem vendors suffer from "problem-scope-limiting" (this is an interesting one...) Are things getting better? The guys discuss...snark ensues...2019-07-3039 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 355 - Threat Modeling Rides AgainSend the hosts a message - try it now!My dear listeners - we have John Steven back on this episode! If you don't remember his first appearance, it's OK, it was a little while ago back on episode 42 ... http://podcast.wh1t3rabbit.net/dt-r-episode-42-threat-modeling so it's been a while! Highlights from this week's show include... John gives us a run-down on the new things since the last episode James & John talk OWASP Top 10 The guys try to understand what happened to Threat Modeling, and security overall, over the last decade So muc...2019-07-2349 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 353 - Ira Winkler on PointSend the hosts a message - try it now!Yes, DtSR took a week off ... we were due. This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our profession, and other important stuff. Sit back, take notes, and enjoy. Highlights from this week's show include... Ira gives a run-through on his career and what's gotten him "here" Ira and Rafal discuss "breaking into security" and how it's being sold now, versus what reality should be Ira gives us his take on training, certifications, c...2019-07-0956 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 352 - AWS REInforce Warm Up EpisodeSend the hosts a message - try it now!This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud providers, and a little insight into the evolution of the industry ... or not... Highlights from this week's show include... What are we expecting from AWS RE:INFORCE this inaugural year? Mark gives us his take on the security in the three major public cloud providers Rafal and Mark reminisce about how things were...and where they are in terms...2019-06-2447 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 351 - Deeper Into the Microsoft Security EcosystemSend the hosts a message - try it now!Thank you to Microsoft for sponsoring this show, and our podcast over the years... Highlights from this week's show include... Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today Rob gives us some context to "trillions of signals" - what does that mean? Rob provides perspective on the pillars of operational excellence required to make Microsoft's vision a reality in damn-near-real-time Rafal and Rob discuss what the ecosystem looks like, and how it's being released into production Rob a...2019-06-1938 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 350 - Deep Learning on Deep PacketsSend the hosts a message - try it now!Show Note: As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra marketing dollars to give, to sponsor an episode while still going through the same vetting process as everyone else. This is one of those shows. This week James and Rafal are joined by Saumitra Das, the Chief Technology Officer for an interesting little start-up called Blue Hexagon. If you f...2019-06-1148 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 347 - Inside the RH-ISACSend the hosts a message - try it now!This week, Tommy McDowell who is the Vice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafal in person, in Dallas. Highlights from this week's show include... Tommy gives us a background on himself, and the RH-ISAC (and it's mission statement, and such) Tommy & Rafal discuss the difficulty in setting up an information sharing center Tommy gives us insights into why retail and hospitality need their own unique threat sharing network Guest: Tommy McDowell - https://www.link...2019-05-2137 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 335 - Ranking the AdversariesSend the hosts a message - try it now!This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report that Crowdstrike is releasing. The Crowdstrike 2019 Global Threat Report is a must-read with some very interesting topics covered. Dmitri joins Rafal to talk specifically about the ranking of threat actors, and what it means to you. Highlights from this week's show include... Dmitri explains "breakout time" and why it's important Dmitri gives a walk-through of the methodology used to rank your global adversaries Dmitri & Rafa...2019-02-1931 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 332 - Security in TransformationSend the hosts a message - try it now!This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues. Highlights from this week's show include... Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business' We make light of the fact that it's a...2019-01-3040 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 318 - War, Cyber and PolicySend the hosts a message - try it now!This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, international leaders are speaking out and making bold statements that impact policy on a global level. This topic needed to be addressed with some folks who have actual expertise in the matter - and with the understanding that what we have here are opinions and interpretations. Highlights from this week's show include: A lively discussion on t...2018-10-1838 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 310 - RFP POC OMGSend the hosts a message - try it now!This week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security tools and services. Listen close if you're on the enterprise side, and listen closer if you're selling to them. Highlights from this week's show include... We address the difficulties of evaluating or replacing technologies or services Rafal takes you into the "better" trap, and how you can avoid it We discuss defining concrete problem statements James & Rafal talk through the challenges o...2018-08-2333 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 279 - Deeper Down the SDP RabbitholeSend the hosts a message - try it now!This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and related infrastructure. Related DtSR listening: Zero Trust Model w/ John Kindervag: http://podcast.wh1t3rabbit.net/dtsr-episode-222-zero-trust-security-model Software Ate the Perimeter w/Jason Garbis: http://podcast.wh1t3rabbit.net/dtsr-episode-257-software-ate-the-perimeter Support the show>>> Please consider clicking the link ab...2018-01-1744 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 262 - Deeper Down the Cyber Liability Insurance RabbitholeSend the hosts a message - try it now!This episode, in conjunction with the Security Advisor Alliance ( https://www.securityadvisoralliance.org/ ) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the things security leaders need to know as Travis and Stephen get right to the heart of matters. Required pre-listening... Check out the first episode (way back in the archives) on DtSR Episode 34 - The Inside Scoop on Cyber Liability Insurance ( http://podcast.wh1t3rabbit.net/episode-34-the-inside-scoop-on-cyber-liability-insurance ) with Christine Marciano ( @DataPrivacyRisk ). Then...2017-09-2050 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 238 - March 2017 Update with Shawn TumaSend the hosts a message - try it now!This week, on the Down the Security Rabbithole Podcast, Michael and I are back with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from Dallas, breaks down the latest issues that affect Cyber Security and the Law - with that business perspective you've come to expect from our podcast. As always, we love hearing from you and if you have questions don't hesitate to hit us up on Twitter using hashtag #DtSR or you can always hit up Michael (@catalyst), myself (@Wh1t3Rabbit) or S...2017-03-2859 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 236 - Enterprise Architecture 2017Send the hosts a message - try it now!Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 ( http://podcast.wh1t3rabbit.net/dtsr-episode-122-enterprise-architectures-role-in-security ). This episode is a revisitation on Enterprise Architecture and it's importance to security with a perspective on enterprise tech stack, business segmentation and micro services in a modern distributed enterprise. Marie-Michelle's experience and extensive insight into the topic should give you something to think about as you go back to your day job in security....2017-03-1444 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 235 - NewsCast for March 7th 2017Send the hosts a message - try it now!A Note on the Passing of a Legend Howard Schmidt passed away this week Long, distinguished career as one of the CISOs who “got it” He will be missed in government and private industry - he was on our show too (December 2015) http://podcast.wh1t3rabbit.net/dtsr-episode-166-cyber-security-from-board-room-to-white-house Are SysAdmins Violating the CFAA? This is, by all accounts, an insane criminal defense...or is it? Can what sounds like a stretch logically, be used maliciously by employers? The law is about intent - does...2017-03-0849 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 229 - NewsCast for January 24th 2017Send the hosts a message - try it now!Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled) Link: https://devops.com/2017-social-security-blogger-awards-open-voting/ Digital transformation forces businesses to rethink cybersecurity A change where operations are being held accountable for security James has commented on this before. In order to get better security, it needs to be embedded in the teams within the organization, not just the security team. Link:http://www.ci...2017-01-2545 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 123 - NewsCast for December 15th, 2014Send the hosts a message - try it now!Topics coveredThe unfolding case of the Sony Pictures Entertainment breachhttp://blog.wh1t3rabbit.net/2014/12/when-press-aids-enemy.htmlhttp://www.thedailybeast.com/articles/2014/12/12/shocking-new-reveals-from-sony-hack-j-law-pitt-clooney-and-comparing-fincher-to-hitler.htmlhttp://www.csoonline.com/article/2857455/business-continuity/fbi-says-theres-nothing-linking-north-korea-to-sony-hack.htmlhttp://www.csoonline.com/article/2854672/business-continuity/the-breach-at-sony-pictures-is-no-longer-just-an-it-issue.htmlThe phishing scam that succeeded at hitting a big chunk of Wall Street - it probably would have fooled you too. Here's what we've learnedhttp://arstechnica.com/security/2014/12/phishing-scam-that-penetrated-wall-street-just-might-work-against-you-too/Iranian hackers hit Las Vegas behemoth with a sophisticated attacked ... wait it was a Visual Basic base?!http://arstechnica.com/security/2014/12...2014-12-1543 min
Down the Security Rabbithole Podcast (DtSR)DtR Episode 113 - NewsCast for October 6th, 2014Send the hosts a message - try it now!Topics coveredThe petition on WhiteHouse.gov titled "Unlock public access to research on software safety through DMCA and CFAA reform" and ...well we talk about it with an attorney and some necessary skepticismhttps://petitions.whitehouse.gov/petition/unlock-public-access-research-software-safety-through-dmca-and-cfaa-reform/DHzwhzLDMy take: http://blog.wh1t3rabbit.net/2014/10/to-reform-and-institutionalize-research.htmlA Marriott property in Nashville (Gaylord Opryland) will pay $600,000 in an FCC settlement for jamming/blocking guests' personal WiFi hotspotshttp://www.fcc.gov/document/marriott-pay-600k-resolve-wifi-blocking-investigationA Pakistani man has been indicted in Virginia for selling "StealthGenie", an app designed sp...2014-10-0647 min
Down the Security Rabbithole Podcast (DtSR)DtR Episode 97 - NewsCast for June 16th, 2014Send the hosts a message - try it now!Note: I want to thank Will Gragido for stopping by this morning to talk over the news with us. Always great to have someone with a fresh perspective, I hope you enjoy the show. Topics CoveredDon't like Google Glass (or similar devices) on your network? Kick them off - http://mashable.com/2014/06/04/glassholes-wifi-jamming/The FAA has issued an order for Boeing to 'protect the planes from computer hackers' ... but what is really going on here? - http://www.usatoday.com/story/news/nati...2014-06-1652 min
Down the Security Rabbithole Podcast (DtSR)DtR Episode 95 - NewsCast for June 2nd, 2014Send the hosts a message - try it now!Note: Today, Kim Halavakoski joined us on the show to provide perspective all the way from Finland! We appreciate his international addition to the show, and hope the listeners enjoy the added brainpower. Topics coveredFacebook's next major update will turn your mobile device into an always-on listening tool for FaceBook. This is a good time to remind you that you are the product, not the customer - http://www.ibtimes.com/facebook-microphone-update-store-data-social-media-giant-confirms-new-feature-will-1588916In a blow to security professionals' ego everywhere, investors apparently aren...2014-06-0247 min
Down the Security Rabbithole Podcast (DtSR)DtR Episode 86 - From DDoS to Quantum Computing [Guest: Prof Alan Woodward]Send the hosts a message - try it now!In this episodeRise of DDoSWhere did it come fromWhat's nextWhy does it workSpoofer project3-DOS attacksQuantum computingWhat is itHow is it different than what we commonly use todayWhat problems does it solveHow practical is itThe dark webWhere did it come fromLegitimate uses, turn into nefarious use-casesAlternatives, adoption and optionsGuestProf. Alan Woodward ( @ProfWoodward ) - Alan is not only a subject matter expert in computing, computer security and the impact technology has on business but brings to his roles a very broad range of ex...2014-03-3147 min
Down the Security Rabbithole Podcast (DtSR)DtR Episode 61 - NewsCast for October 7th, 2013Send the hosts a message - try it now!Big thanks to the soon-to-be-regular peanut gallery ... @JoeKnape and @BeauWoods for jumping in this morning and breaking it down with James and I.As a personal message to those of you who listen and our community - please ...remember we all live in a giant glass house, and throwing rocks is a bad, bad idea. I've said it before and I'm looking right at the media for this one (ahem...) - unless you've been in a high-stress environment and have successfully thwarted every attack, please don't...2013-10-0746 min
Down the Security Rabbithole Podcast (DtSR)* DtR Episode 50 - The Emergence of Geopolitics in InfoSecSend the hosts a message - try it now!Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into the future! At this point, I'd like to encourage you to listen to some of the fascinating guests we've had on this show, people I'm proud to have had a chat with, in the past archives... suggest guests, or just leave us a comment./Wh1t3RabbitIn this episode...We try and discuss...2013-07-2242 min
Down the Security Rabbithole Podcast (DtSR)DtR Episode 37 - NewsCast for April 22nd 2013Send the hosts a message - try it now!It's Monday April 22nd, 2013, and here are the topics from the last 2 weeks James ( @jardinesoftware ) and I ( @Wh1t3Rabbit ) will be talking about as we Monday-morning-quarterback the last 2 weeks in Information Security... Fair warning, we have way too many topics to fit into 20 minutes... so went a little bit longer but both feel it's well worth your time. Laugh, cry, and be informed.Topics CoveredMicrosoft rolls out 2-factor authentication - James points out that Microsoft has rolled out authenticator-agnostic, robust 2-factor authentication... if...2013-04-2233 min
Down the Security Rabbithole Podcast (DtSR)Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 3)Send the hosts a message - try it now!Synopsis This is the third and final part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what significant things happened in 2011, and what we should be looking forward to in 2012. No predictions, no propaganda, just hard-hitting, amusing, and often nostalgic discussion about the realities of living in an ever-more connected world as we go into 2012. I hope you enjoy the podcast series if you missed it live. In the future, look for announcements of live epis...2012-01-0931 min
Down the Security Rabbithole Podcast (DtSR)Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 2)Send the hosts a message - try it now!Synopsis This is the second part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what significant things happened in 2011, and what we should be looking forward to in 2012. No predictions, no propaganda, just hard-hitting, amusing, and often nostalgic discussion about the realities of living in an ever-more connected world as we go into 2012. I hope you enjoy the podcast series if you missed it live. In the future, look for announcements of live episodes on my...2011-12-2830 min
Down the Security Rabbithole Podcast (DtSR)Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 1)Send the hosts a message - try it now!Synopsis This is the first part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what significant things happened in 2011, and what we should be looking forward to in 2012. No predictions, no propaganda, just hard-hitting, amusing, and often nostalgic discussion about the realities of living in an ever-more connected world as we go into 2012. I hope you enjoy the podcast series if you missed it live. In the future, look for announcements of live episodes on my...2011-12-2628 min
Down the Security Rabbithole Podcast (DtSR)Down the Rabbithole - Episode 2 - "Can You Be Hacked Out of Business?"Send the hosts a message - try it now!SynopsisThis edition of the podcast doesn't hold back. We ask "Can someone be hacked out of business?" and as usual we don't really like the answers we come up with. While Martin, Rob and I have been in most every aspect of security for just over a combined 3 decades, we end up with a conslusion that I don't think any of us are comfortable with ...at least not that we were willing to say out loud, until now. So is it possible? Is DigiNotar being "hack...2011-09-2935 min