Cover image of Down the Security Rabbithole Podcast
(69)

Rank #60 in Tech News category

Technology
News
Tech News

Down the Security Rabbithole Podcast

Updated 3 days ago

Rank #60 in Tech News category

Technology
News
Tech News
Read more

Follow the Wh1t3 Rabbit ... attention technology and business leaders!The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

Read more

Follow the Wh1t3 Rabbit ... attention technology and business leaders!The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

iTunes Ratings

69 Ratings
Average Ratings
51
7
2
5
4

It’s all about that intro

By Phantom Physics - Sep 11 2019
Read more
This is by far my fav cyber podcast. Thank you James and Ralf.

Consistently excellent podcast

By thigley986 - Feb 16 2017
Read more
One of my go to security podcasts. Consistently high quality!

iTunes Ratings

69 Ratings
Average Ratings
51
7
2
5
4

It’s all about that intro

By Phantom Physics - Sep 11 2019
Read more
This is by far my fav cyber podcast. Thank you James and Ralf.

Consistently excellent podcast

By thigley986 - Feb 16 2017
Read more
One of my go to security podcasts. Consistently high quality!
Cover image of Down the Security Rabbithole Podcast

Down the Security Rabbithole Podcast

Latest release on Jan 28, 2020

Read more

Follow the Wh1t3 Rabbit ... attention technology and business leaders!The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

Rank #1: DtR Episode 94 - ICANN, Tor, and Internet Freedom

Podcast cover
Read more

In this episode

  • Jeff explains the background of the relationship between the US government, ICANN and IANA
  • What is the ITU and why is this $0 contract handoff to the ITU such a big deal?
  • What impact did Edward Snowden's actions have on the issue?
  • The potential issues with DNS, cross-border censorship and DNS
  • The importance of Tor, Freenet and challenges of implementation
  • Discussing the evolution of services like Tor through "nation-state firewalls"
  • Changing the image of anonymous services
  • Making Tor and similar services more user-friendly, and more prevalent

Guest:

  • Jeff Moss ( @TheDarkTangent ) - Jeff, also known as The Dark Tangent, is an American hacker, computer security expert and internet security expert who founded the Black Hat and DEF CON computer Hacker conferences. His Wikipedia page can be found here.

May 26 2014

41mins

Play

Rank #2: DtSR Episode 288 - Experienced Opinions

Podcast cover
Read more

This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an industry old-timer (sorry buddy, we're old) and has some seriously valid opinions on many things. We discuss some interesting topics, and apologize for nothing.

Highlights from this week's show include...

  • It's conference season again... and time for more buzzword bingo
  • Marketing people are the worst...except we're all complicit
  • Threat Intelligence. Again. Still. Yep.
  • Let's go hunting for threats - who should have a threat hunt team, and why
  • Mergers, acquisitions, and the future of our industry

Guest

  • Will Gragido ( @WGragido ) - Will Gragido is a seasoned security professional with over 20 years’ experience in networking and information security. Will’s extensive background is the result of his service as a United States Marine, a consultant with the world renowned International Network Services, Internet Security Systems (now IBM ISS), McAfee, Damballa, Cassandra Security, RSA Netwitness, Carbon Black, Digital Shadows and now Digital Guardian where he leads the organization’s Advanced Threat Protection Product Line as its Director.

Mar 20 2018

50mins

Play

Rank #3: DtSR Episode 171 - When the FTC Attacks

Podcast cover
Read more

In this episode

I interview Mike Daugherty - author of The Devil Inside the Beltway [Amazon.com link] live from the Security Advisor Alliance first-ever Summit in Dallas, TX. Mike was kind enough to sit down with me (twice, thanks to a tech failure) and tell his absolutely surreal story of what happened to him, his company at the hands of what can only be described as an insane situation.

If you own a business, or manage a business, or work in enterprise -- you need to hear Mike's story. If it wasn't documented and video recorded, you'd never believe it's true.

Truth be told, I've been a supporter of the FTC as an advocate for the victims of breaches - the person who's information is stolen. After hearing Mike's story... I have had my mind completely changed.

Nov 30 2015

55mins

Play

Rank #4: DtSR Episode 236 - Enterprise Architecture 2017

Podcast cover
Read more

Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 ( http://podcast.wh1t3rabbit.net/dtsr-episode-122-enterprise-architectures-role-in-security ).

This episode is a revisitation on Enterprise Architecture and it's importance to security with a perspective on enterprise tech stack, business segmentation and micro services in a modern distributed enterprise. Marie-Michelle's experience and extensive insight into the topic should give you something to think about as you go back to your day job in security.

Guest: Marie-Michelle Strah ( @CyberSlate ) - Marie-Michelle Strah. PhD is currently Senior Principal in the Enterprise Architecture Group at Infosys Ltd and based in New York City. A highly collaborative, diplomatic and inspiring thought leader Michelle is able to effectively drive business and technology strategy and business insights across corporate boundaries and departmental silos. A seasoned management and technology consultant, she specializes in strategy development, cloud transformation enterprise information modernization and innovation management efforts to drive global growth while minimizing cost and risk in complex organizations. She has PhD from Cornell University, was a Javits Fellow and is a US Army veteran. Connect with Michelle on Skype/Twitter/Instagram/Snapchat @cyberslate | http://cyberslate.me

Mar 14 2017

44mins

Play

Rank #5: DtSR Episode 162 - OSINT and Privacy in a Digital World

Podcast cover
Read more

In this episode...

  • Kirby tells us what OSINT is
  • We discuss how much we are giving away on digital channels?
  • We discuss if there is such a thing as anonymity anymore
  • Location sharing in apps — the bad, the ugly, the scary
  • Kirby and Michael discuss “checking up on your executives”
  • Raf talks about “logo pages” — why do these still exist?!
  • Kirby gives us some thoughts on OPSEC
  • Kirby leaves us with a dose of reality about privacy in today’s world

Guest

  • Kirby Plessas ( @kirbstr ) - Kirby is the CEO of Plessas Experts Network, Inc. She did some things before this too, but we can't tell you about them or we'd have to black-bag you and send you to Gitmo. You can get her LinkedIn bio here: https://www.linkedin.com/in/kirbyp.

Sep 28 2015

33mins

Play

Rank #6: DtSR Episode 164 - 3rd Party and Supply Chain Risks

Podcast cover
Read more

In this episode...

Guest:

  • Josh Douglas - CTO for Raytheon Cyber Products – has nearly two decades of experience in helping global enterprises and government agencies secure their most prized business/mission assets. During his past 9 years at Raytheon, he has overseen Raytheon’s Cyber Security Intelligence Operations, Malware Concepts, Security Infrastructure Operations and Research Technologies tasked to produce effective forward-looking cyber software solutions to contain and control advanced threats. These solutions are used to help commercial and government entities protect their enterprises and the global cyber supply chain from ever-changing advanced persistent threats and malware.Prior to joining Raytheon, Joshua has a successful track record in network security operations and engineering management positions, securing enterprise environments while promoting contextual response. Prior employers include Enterasys Networks, Kronos, Genuity, MIT Lincoln Laboratory and other prominent enterprises. Joshua earned a Bachelor of Science Degree in Computer Science from Appalachian State University and currently holds a number of technical computer and network security certifications. LinkedIn: https://www.linkedin.com/in/jdouglas

Oct 12 2015

31mins

Play

Rank #7: DtSR Episode 344 - You've Probably Been Pwned

Podcast cover
Read more

This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation later (joking, Troy!).

Highlights from this week's show include...

  • Troy gives a run-down on HaveIBeenPwned
  • We talk through some of the interesting use-cases for HaveIBeenPwned data
  • Troy gives perspective on usernames, passwords, and other important things technology/security related

Guest

  • Troy Hunt ( @TroyHunt ) - Troy is a Microsoft Regional Director and Most Valuable Professionalawardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.

    I created HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.

    Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today's modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!

May 01 2019

40mins

Play

Rank #8: DtR Episode 90 - Things Your Auto Insurance Knows [Anonymous guest]

Podcast cover
Read more

In this episode

  • We discuss some of the new techniques auto insurance companies are using to custom-tailor rates to drivers
  • Our guest discusses some of the capabilities of the widgets available
  • Our guest discusses the 'call home' functions, and potential mis-use
  • We use 'big data' seriously
  • We talk about 'big data' and security - for real
  • Our guest gives us a realistic view about the type of data that's out there about your driving, habits, and tracking

Guest

  • Our guest is an industry insider, who for obvious reasons chose not to identify himself. We respect the guest's position, and kindly ask that our listeners do as well.

Apr 28 2014

26mins

Play

Rank #9: DtR Episode 80 - Lies, Damned Lies, and #InfoSec Statistics [Guests: Jay Jacobs, Bob Rudis]

Podcast cover
Read more

In this episode

  • Jay and Bob talk about their new book
  • A discussion on using data as 'supporting evidence' rather than gut feelings
  • Do we have actuarial quality data to answer key security questions?
  • A discussion on "asking the right question", and why it's THE single most important thing to do
  • Bob attempts to ask security professionals to use data we already have, to be data-driven
  • Jay tells us why he wouldn't consider "SQL Injection" a "HIGH" risk ranking - and why data challenges what you THINK you know
  • Quick shout out to Allison Miller on finding the little needles in the big, big haystack
  • We think about why security as an industry needs to start looking outside of itself to get its data - now
  • Jay discusses how there is a definite skills shortage in working with large data sets, and doing analysis
  • I ask whether there is a chicken and egg problem in large-scale data analysis
  • Bob brings up the "kill chain" and whether we really need real-time data analysis for attacks
  • Bob makes a pitch for having a "Cyber CDC" ... stop laughing
  • Jay laments the absolute bonkers problems dealing with information sharing (when you don't have any to share)
  • Jay urges you to "count and compare"

Guests

Feb 17 2014

58mins

Play

Rank #10: DtSR Episode 166 - Cyber Security From Board Room to White House

Podcast cover
Read more

In this episode...

  • Raf sits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.
  • Howard & Raf talk through challenges of cyber security in the board room
  • Howard gives us some of the challenges that government faces, from his experience
  • Don't miss this episode!

Guest

  • Howard A. Schmidt ( @HowardAS ) - Former Supervisory Special Agent,Director of Computer Crime and Information Warfare, AF OSI, Former CSO Microsoft Corp. Former Chairman of White House Critical Infrastructure Protection Board, VP, CISO eBay Inc. Special Agent, US Army CID (Reserves). Law Enforcement Officer Chandler Police Department, AZ

Oct 26 2015

24mins

Play

Rank #11: DtSR Episode 232 - Security, Fraud, Digital Payments

Podcast cover
Read more

This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating discussion, we discuss many of the topics security executives and leaders are talking about right now - but as you have come to expect this is less about 'security' and more about protecting what matters.

We want to thank Neira for taking the time out of her busy schedule to join us on the show, and encourage discussion on the topics we covered - if you listen, and you have an opinion (I know you do) then let's discuss using the hashtag #DtSR on twitter.

Guest

  • Neira Jones (@NeiraJones) - Independent Advisor & International Speaker| Payments | Digital Innovation | Information Security | Fraud Non-Executive Director, Cognosec Chairman, Comcarde Chairman Advisory Board, Ensygnia Advisory Board Member & Ambassador, Emerging Payments Association Partner, Global Cyber Alliance

Feb 15 2017

58mins

Play

Rank #12: DtSR Episode 351 - Deeper Into the Microsoft Security Ecosystem

Podcast cover
Read more

Thank you to Microsoft for sponsoring this show, and our podcast over the years...

Highlights from this week's show include...

  • Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today
  • Rob gives us some context to "trillions of signals" - what does that mean?
  • Rob provides perspective on the pillars of operational excellence required to make Microsoft's vision a reality in damn-near-real-time
  • Rafal and Rob discuss what the ecosystem looks like, and how it's being released into production Rob answers whether Microsoft consumes its own tools… the answer may surprise you

Guest:

  • Rob Lefferts - @rob_lefferts -

    Microsoft Responsibilities/Contributions – As corporate vice president for M365 Security within Experiences and Devices, Rob Lefferts is responsible for ensuring that Microsoft 365 provides a comprehensive and cohesive security experience for our all of our customers. Prior to this role, he led the Windows Enterprise & Security team, where he was responsible for hardening the Windows platform, building intelligent security agents, and driving commercial adoption of Windows 10. Since joining Microsoft in 1997, Lefferts has been instrumental in shaping key products and technologies, from helping develop the original SharePoint Portal Server to leading extensibility efforts for the Office platform to championing the vision for Microsoft 365. 

    Pre-Microsoft Work Experience – Rob began his career at Claritech, a startup that was born from a Carnegie Mellon research project. He then consulted with the Government of Namibia, Africa.

    Education – He earned a bachelor’s degree in logic and computation, as well as a master’s degree in computation linguistics, from Carnegie Mellon University.

    Family/Other Interests – Rob and his wife have two children and live in the Seattle area.

Jun 19 2019

38mins

Play

Rank #13: DtSR Episode 226 - Targeted Threats Facts From Fiction

Podcast cover
Read more

Welcome to the first Down the Security Rabbithole Podcast episode of 2017!

We would like to kick off this year, and the run to episode 250 with an episode that dissects the facts from the fiction on the topic of "Advanced Threats". With all the talk in the news about the Russians "hacking the US election" (yes, that's absolutely silly to call it that) and talk of retaliation, it's important to have a frank discussion on the merits of the concept of advanced threats.

Sit back, grab a coffee and listen. I know you'll want to listen to this one more than once!

If you have a moment, and you actually read the show notes, we would love it if you could give us a rating on iTunes or actually leave a comment on the podcast page. Get engaged on Twitter, using the hashtag #DtSR!

Guest Biography

Sergio Caltagirone hunts evil.  He spends his days hunting hackers and his evenings hunting human traffickers.  After 9 years with the US Government, over 3 years at Microsoft and now at Dragos, Sergio not only hunted the most sophisticated targeted hackers in the world but also applied that intelligence to protect billions of users worldwide and safeguarding civilization through the protection of critical infrastructure and industrial control systems.  He co-created the Diamond Model of Intrusion Analysis proudly helping thousands of others bring more pain to adversaries by strengthening hunters and intelligence analysts. He also proudly serves as the Technical Director of the Global Emancipation Network, a Non-Governmental Organization, leading a world-class all-volunteer team hunting human traffickers and finding their victims through data science and analytics working towards saving tens of millions of lives.

You can find Sergio on Twitter at @cnoanalysis

Links

Jan 03 2017

57mins

Play

Rank #14: DtSR Episode 347 - Inside the RH-ISAC

Podcast cover
Read more

This week, Tommy McDowell who is the Vice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafal in person, in Dallas.

Highlights from this week's show include...

  • Tommy gives us a background on himself, and the RH-ISAC (and it's mission statement, and such)
  • Tommy & Rafal discuss the difficulty in setting up an information sharing center
  • Tommy gives us insights into why retail and hospitality need their own unique threat sharing network

Guest:

May 21 2019

36mins

Play

Rank #15: DtR Episode 89 - NewsCast for April 21st, 2014

Podcast cover
Read more

Topics discussed

Apr 21 2014

33mins

Play

Rank #16: DtR Episode 82 - Likely Threats [Guests: Lisa Leet, Russell Thomas, Bob Blakley]

Podcast cover
Read more

In this episode

  • Does is make sense, in a mathematical and practical senes, to look for 'probability of exploit'?
  • How does 'game theory' apply here?
  • How do intelligent adversaries figure into these mathematical models?
  • Is probabilistic risk analysis compatible with a game theory approach?
  • Discussing how adaptive adversaries figure into our mathematical models of predictability...
  • How do we use any of this to figure out path priorities in the enterprise space?
  • An interesting analogy to the credit scoring systems we all use today
  • An interesting discussion of 'unknowns' and 'black swans'
  • Fantastic *practical* advice for getting this data-science-backed analysis to work for YOUR organization

Guests

  • Lisa Leet - Lisa is a wife of 17 years, a mother of 5 years to boy/girl twins, and an employee of 7 years on the Information Security team at a Minneapolis-based financial services firm. She is also an intern at Stamford Risk Analytics (Stamford, CT), pursuing studies at Stanford University, prepping for her CISSP Exam on July 15th, taking MOOCs, and reading at least twelve books concurrently including a 1600-pager on Python. In her free time she volunteers on the Board of Directors for SIRA (Society of Information Risk Analysts) and participates in awesome podcasts like DtR.
  • Russell Thomas ( @MrMeritology ) - Russell is a Security Data Scientist in financial services, and a PhD student in Computational Social Sciences.  His focus is on the intersection of information security and business and economic decision making.  He’s “MrMeritology” on Twitter, and blogs at “Exploring Possibility Space” (http://exploringpossibilityspace.blogspot.com/).
  • Bob Blakley - Bob has been in the security industry for more than 35 years.  He's led the OMG CORBAsecurity, SAML, and OATH standardization efforts, and currently chairs the NSTIC Identity Ecosystem Steering Group.  He's in the drama department at a large multinational financial institution.

Mar 03 2014

43mins

Play

Rank #17: DtSR Episode 228 - Another Look at Endpoint Security

Podcast cover
Read more

This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing risk/usability and how some of the things you've heard about endpoint may simply be ... wrong.

Join James and I as we let Paul endow us with his wisdom and experience... take some notes, this one's going to be good.

Guest

  • Paul Hershberger - @pjhersh13 - Director IT Global Security Risk and Compliance at The Mosaic Company.

Jan 18 2017

51mins

Play

Rank #18: DtR Episode 76 - Payment Industry Turmoil [Guests: Laura Claytor & Alfred Portengen]

Podcast cover
Read more

In this episode

  • Did the Target/Neiman/? breach finally create a catalyst for change?
  • The card system, payment processing infrastructure clearly wasn't designed with defensibility in mind ... who should be changing that?
  • Are today's fraud rates finally getting high enough such that card processors, issuers, banks need to depart from the status quo?
  • Are the days of "zero fraud liability" to the end consumer coming to an end?
  • What about chip & pin? Is the risk less?
  • What kinds of pains will the industry go through to make security on payment systems better?
  • How is the commercial payments industry different from the consumer?
  • Do end users of credit accounts ultimately care about breaches?

Guests

  • Laura Claytor ( @the.hgic ) - Laura is a security specialist and veteran within a large US-based banking organization, and is based in the southwest United States
  • Alfred Portengen - ( @alfredportengen ) - Alfred has a deep bredth of experience in architecture and security specialty within a multi-national banking organization, he is based in the Netherlands

Jan 20 2014

39mins

Play

Rank #19: DtSR Episode 348 - Verizon 2019 DBIR Double-Live Part 1

Podcast cover
Read more

Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

Highlights from this week's show include...

  • Gabe distinguishes between an incident and a breach - for those of you who need the refresher
  • Gabe dives into the stats to talk about small businesses, and the impact of breaches on them
  • Gabs does some live data science for us, pulling in stats on-the-fly
  • We avoid the 'patching' discussion (that's for the 2nd half)

Guest

May 29 2019

32mins

Play

Rank #20: DtR Episode 84 - Rise of the Security Machines [Guest: Alex Pinto]

Podcast cover
Read more

In this episode

  • what is the promise of automation, and where did we go wrong (or right?)
  • the problems with 'volume' (of logging) and the loss of expressiveness
  • a dive into 'exploratory based monitoring'
  • how does log-based data analysis scale?
  • baselines, and why 'anomaly detection' has failed us
  • does machine learning solve the 'hands on keyboard' (continuous tuning) problem with SIEM?
  • does today's 'threat intelligence' provide value, and is it really useful?
  • decrying the tools - and blaming the victims
  • what is machine learning good at, and what won't it be great at?
  • log everything!

Guest

  • Alex Pinto ( @alexcpsec ) - Alex has almost 15 years dedicated to Information Security solutions architecture, strategic advisory and security monitoring. He has been a speaker at major conferences such as BlackHat USA, DefCon, BSides Las Vegas and BayThreat.He has been researching and exploring the applications of machine learning and predictive analytics into information security data sources, such as logs and threat intelligence feeds.He launched MLSec Project (https://www.mlsecproject.org) in 2013 to develop and provide practical implementations of machine learning algorithms to support the information security monitoring practice. The goal is to use algoritmic automation to fight the challenges that we currently face in trying to make sense of day-to-day usage of SIEM solutions.

Mar 17 2014

48mins

Play

DtSR Episode 380 - Gadi Tells It Like It Is

Podcast cover
Read more

Welcome to episode 380 of the DtSR Podcast.

We have a special treat for you this episode, with long-time friend Gadi Evron, and he holds nothing back in his start discussion of our industry. We virtually guarantee this will quickly be your favorite episode...or at least your top 5.

Highlights from this week's episode include...

  • Gadi unloads on the 'attackers in the spotlight' nature of security conferences
  • Gadi & Raf chat about 25 years of incidents and what it's leading up to
  • Gadi is clearly not a fan of "Just do the basics"
  • Raf & Gadi decide we're clearly going to have to do this again...

Guest

Jan 28 2020

46mins

Play

DtSR Episode 379 - IoT Transforming LE

Podcast cover
Read more

This week, in our final (for real this time) episode recorded LIVE from Enfuse Conference 2019, courtesy of OpenText, we chat with Brian Chidester. It's a fascinating conversation about what the IoT world can (and is) do for law enforcement and government ... think smart cities + Cops.

Highlights from this week's episode include...

  • Brian shatters any last shred of privacy I could believe in through the millions of IoT devices out there 'for our protection'
  • Brian reminds us hackers set of Tornado alarms around Dallas ... 
  • Brian and Rafal muse about FOIA in the digital age
  • Brian talks about advances like 'connected firearms'

Guest

Jan 21 2020

24mins

Play

DtSR Episode 378 - Trending on CISOs

Podcast cover
Read more

In our final "Live from Enfuse 2019" episode, I had the pleasure of sitting down with Paul Shomo to talk about some of the things he's talked to CISOs about as he travels and advises on behalf of OpenText. It's a pretty interesting conversation...

Once again, thanks to OpenText for having the DtSR Podcast in Vegas!

Highlights from this week's episode include...

Guest

Jan 14 2020

36mins

Play

DtSR Episode 377 - The Global War for Soft Power

Podcast cover
Read more

Welcome to 2020, as Down the Security Rabbithole rolls on!

This week we're back with a timely episode on the global war for soft power, with Andrea Limbago, Chief Social Scientist from Virtru. This is an interesting episode, touching on some topics such as privacy and censorship, and very timely.

Highlights from this week's episode include...

  • Andrea gives us a run-down on "soft power" and why it's important
  • Raf starts down a rabbithole and gets "dropped"
  • Andrea discusses how privacy regulation is impacting this space

Guest

Jan 07 2020

41mins

Play

DtSR Episode 376 - Protecting Our Kids Online

Podcast cover
Read more

Merry Christmas, and a Happy New Year listeners of the Down the Security Rabbithole Podcast!

This week the show focuses on one of the most important things any of us really have - our children. Protecting kids in an increasingly digital world is tough, but not impossible. We decided to bring Theresa Desuyo from Qustodio on the show this week to discuss what her company is doing, and the broader theme of protecting children online.

Apologies in advance for Theresa's audio quality. Couldn't fix that in post.

Highlights from this week's episode include...

  • Rafal takes a shot at a sinister human being
  • Theresa talks through some of the more ominous things kids can face online
  • James is curious
  • Theresa gives us a look into the crystal ball...

Guest

  • Theresa Desuyo of Qustodio -

    Theresa is Qustodio’s Digital Family expert, leading Qustodio’s insights into how to best generate talking points around technology use adapted to each family’s reality. In addition, she leads growth, partnerships and operations in the US. Before joining Qustodio, Theresa worked in gamification for enterprises and a social enterprise, leveraging technologies to engage employees and for cause marketing initiatives respectively.

    She holds a B.A. from UCLA and an MBA from ESADE, is fluent in Spanish, Catalán and native English speaker from California.

    As a mother of 3 school-aged children (13, 11, and 5), decisions around technology use is an everyday topic and different for every child. She believes in educating kids and openly discussing the good and the risks associated to digital devices and the internet for them to build the resilience needed today.

Read her professional bio here: https://www.linkedin.com/in/theresadesuyo/ 

Dec 24 2019

33mins

Play

DtSR Episode 375 - Malcolm in the Middle (of a Career)

Podcast cover
Read more

This week, DtSR is joined by Malcolm Harkins - former CISO of Intel and industry insider extraordinaire. Malcolm shares insights from his long and distinguished career so pull up a virtual chair, grab your notebook, and pull over because this is one that's a great listen.

Highlights from this week's episode include...

  • Rafal asks Malcolm why he doesn't job-hop like most CISOs
  • Malcolm and Raf discuss the "feature economy"
  • Raf asks Malcolm to predict the future

Guest

Dec 18 2019

39mins

Play

DtSR Episode 374 - Mike Daugherty Looks In the Rearview Mirror

Podcast cover
Read more

This week, on a very special show recorded from his home studio in Atlanta, Rafal welcomes Mike Daugherty back onto the show to tell the story of his crazy journey and battle with the FTC.

Highlights from this week's episode include...

Guest

Dec 11 2019

45mins

Play

DtSR Episode 373 - Internet of Increasingly Smart Things

Podcast cover
Read more

Welcome back for another great episode. This week we have a boomerang guest, Amber Schroader, recorded live in Las Vegas at Enfuse 2019.

Highlights from this week's episode include...

  • Amber wants a rockstar moment, but no confetti canons
  • Amber dissects Apple, Android, and "other" mobile OSes
  • We discuss machine-to-machine interactions
  • ...so much more to discuss here!

Guest:

Dec 03 2019

41mins

Play

DtSR Episode 372 - Not the Rise of the Machines

Podcast cover
Read more

This week on #DtSR (live from Las Vegas, Enfuse 2019 Conference) Rafal chats with Nick Patience of 451 Group. Nick has some expertise in ML and provides context and content that is badly needed to dispel the crazy marketing hype out there.

Highlights from this week's episode include...

  • Nick answers the "What is ML/AI, and what is it not?"
  • We think Nick insulted machines by calling their learning potentially "shallow" (haha)
  • Nick gives us the retail applications of machine learning - grocery stores and similar things
  • Nick talks about "automating the mundane vs automating the complex" as problem spaces where ML is applicable
  • Nick explains ML is just software - but it's different from other software

Guest

Nov 26 2019

38mins

Play

DtSR Episode 371 - Advancing SOC-as-a-Service

Podcast cover
Read more

First, and foremost, thank you to OpenText for having the #DtSR Podcast live and in-person in Las Vegas. Enfuse is a fantastic conference bringing together security operations professionals (forensics, threat hunters, SOC analysts), privacy, and legal professionals under one banner. It's a fantastic opportunity to hear some very involved talks, hear about the state-of-the-art, and join the conversation.

Also ... the people you will meet there are amazing - guests and staff.

Highlights from this week's episode include...

  • Kevin gives us an educated, experience-based opinion on threat intelligence, threat hunting, and other various key terms
  • Rafal make some snarky comments about "your mess for less" MSSPs
  • Rafal and Kevin attempt to discuss the analyst shortage - do we solve it with tech or people?

Guest

Nov 19 2019

38mins

Play

DtSR - This Just In - OpenText and Reveille Announcement Nov 2019

Podcast cover
Read more

Dropping in for a quick announcement - you heard it here first!

This week a few different announcements went out from OpenText, but this one caught my attention because it could honestly and truly be a game-changer for security and legal teams when it comes to breaches.

Going beyond the typical EDR solution, this announcement may be able to shine light into the questions security and legal professionals need answered in the case of a breach. Check it out.

Official Name: OpenText™ Content Security for EnCase™ by Reveille.

Press release: https://www.opentext.com/about/press-releases?id=6A68BD4D22384A45A910DEFBD22BECBD

Guests:

  • Paul Shomo, Senior Security Architect, OpenText  
  • Brian Dewyer, CTO, Reveille Software

Nov 13 2019

11mins

Play

DtSR Episode 370 - Gamifying InfoSec

Podcast cover
Read more

Down the Security Rabbithole is back for Episode 370, and this week's podcast focuses on gamification, and it's applications to InfoSec. Big thanks to Chloé for joining us and sharing her knowledge. She's a legitimate expert in the field, so give this a listen.

Highlights from this week's episode include...

  • Chloé explains gamification
  • Rafal and James ask some tough questions
  • Chloé explains how games help us learn
  • Much more, tune in!

Guest

  • Chloé Messdaghi ( @ChloeMessdaghi ) - VP of Strategy at Point3 Security. She is a security researcher advocate who supports safe harbor and strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to change the statistics of women in InfoSec. She co-founded Women of Security (WoSEC) and heads the SF Bay Area chapter. As well, she created WomenHackerz, a global online community that provides support and resources for hundreds of women hackers at all levels https://www.linkedin.com/in/messdaghi/

Nov 12 2019

44mins

Play

DtSR Episode 369 - Ransomware's End

Podcast cover
Read more

Welcome to episode 369!

This week Rafal talks ransomware and welcomes Oussama El-Hilali, Chief Technology Officer at Arcserve, and Chester Wisniewski, Principal Research Scientist at Sophos to the podcast.

Highlights from this week's episode include...

  • Chester hits us with some staggering facts and figures about ransomware
  • Rafal asks if companies should pay the ransom …and ducks
  • Oussama explains why backup companies and anti-malware companies should be besties

Guests

  1. Oussama El-Hilali - https://www.linkedin.com/in/oussama-el-hilali/
  2. Chester Wisniewski - https://www.linkedin.com/in/chester-wisniewski-b428241/

Links

Nov 05 2019

42mins

Play

DtSR Episode 368 - Contain(er) Your Security

Podcast cover
Read more

Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the (still) UK, and James is back too! What a treat... join us and read the show notes!

Highlights from this week's episode include...

  • Liz explains containers, security, and gives us a foundation
  • Liz explains the fundamental stages of securing containers
  • Liz explains the model of different types of containers and the things you need to worry about
  • Rafal asks "where do you install the agent?"

Guest

  • Liz Rice - ( @LizRice ) - Liz Rice leads Aqua’s technology evangelism activities in the cloud-native ecosystem. She is an active member of the open source community, and an award-winning speaker known for her live-coding demos. She is currently co-chair of KubeCon & CloudNativeCon. Prior to getting immersed in containers she built up a wealth of software development, team, and product management experience working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP with companies including Skype, Last.fm and Metaswitch Networks. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift. Find her on LinkedIn: https://www.linkedin.com/in/lizrice/

Oct 30 2019

42mins

Play

DtSR Episode 367 - Cloud Babies

Podcast cover
Read more

This week, #DtSR Podcast is recorded live from Dallas at the Armor SecureCon inaugural user conference. Rafal had the occasion (and good fortune) to get a few minutes to sit down with Jeff Collins (CSO, Lightstream) and Kristopher Russo (Security Architect, Herman Miller) and chat cloud.

P.S. - We love in-person conversations!

Highlights from this week's episode include...

  • Jeff talks about Lightstream's cloud foundational framework and why it's a must-do if you're thinking cloud
  • Kristopher some inner wisdom on architecture and business alignment
  • Rafal makes a snarky comment about frameworks

Guests

Oct 22 2019

28mins

Play

DtSR Episode 366 - D I Why and How

Podcast cover
Read more

Welcome Down the Security Rabbithole, to the DtSR Podcast.

This week, Zac Rosenbauer joins us to talk about what it's like to be "the IT guy" who also has to be vigilant of security in a fast-paced startup...based on Google's cloud platform. It's a riveting episode that will give you some good guideposts if you're about to DIY.

Highlights from this week's episode include...

  • Zac introduces what it's like to work in a rapidly evolving startup
  • We discuss some of the DIY that Zac has had to work with
  • Wait ... compliance...

Guest

Oct 15 2019

38mins

Play

DtSR Episode 365 - Mountains of Data

Podcast cover
Read more

Welcome back to another episode ... this one sets up DtSRs appearance at the Enfuse Conference 2019 in Las Vegas in November. Give this topic a listen, as it doesn't matter whether you're in legal, compliance, or security - you need to understand this topic well.

We want to thank Opentext for sponsoring DtSR's trip out to Las Vegas for the conference, and of course we encourage you to join us out in the desert for another really well-done conference on the intersection of law, compliance, privacy, and security.

Highlights from this week's show include...

  • Anthony uses the phrase "data exhaust"
  • We get a peek into the intersection of big data, and big forensics
  • Anthony, James, and Rafal discuss 'real time identification' that's way beyond what your IPS can do
  • Anthony gives an insider peek into Enfuse 2019 including a keynote by James Clapper

Guest

Oct 08 2019

35mins

Play

DtSR Episode 364 - Interviewing Jerry Archer

Podcast cover
Read more

Welcome!

This episode of Down the Security Rabbithole Podcast was recorded live from Dallas, TX where the Security Advisor Alliance Summit 2019 was happening. One of the hardest working men in the business, Mr. Jerry Archer, stopped by and took a few minutes off his schedule to let Rafal interview him and get some of those amazing nuggets of wisdom and experience into your ears.

Feedback, as always, is welcome!

Highlights from this week's show include...

  • Jerry sets the background for his knowledge by dropping his 40+ years experience
  • Jerry talks about risk management and reporting to the board
  • Jerry goes a little crazy talking about his budget
  • ...so much more!

Big thanks to Sidney, AJ, Jerry and the rest of the SAA crew for having me aboard and letting me add some value to this very worthy cause. Folks, if you aren't a part of this thing, go to https://www.securityadvisoralliance.org/ and find your cause.

Guest

Oct 01 2019

34mins

Play

DtSR Episode 363 - That Oh Shit Moment

Podcast cover
Read more

This episode was recorded live from the Security Advisor Alliance Summit, 2019 in blistering hot Dallas, TX. If you don't know what the Alliance is, or are asking yourself why you should bother, click here and find out why this is one of those organizations that you must be part of if you're serious about cybersecurity.

Highlights from this week's episode include...

  • Graeme introduces himself
  • Rafal & Graeme talk about security at scale
  • Graeme discusses some of the insights of the Equifax breach
  • Graeme dispenses knowledge and experience by the truckload

Guest

Sep 25 2019

39mins

Play

DtSR Episode 362 - Real Security is Hard

Podcast cover
Read more

Friends & Colleagues, this week I have the pleasure of being joined by one of my good friends and industry veteran - the one and only Jim Tiller. We revisit the things we talked about in Episode 102 and get an update on the state of security from a guy who would know.

Pre-requisite listening: Episode 102 - http://ftwr.libsyn.com/dtr-episode-102-security-leaders-series-jim-tiller

Highlights from this week's show include...

  • Jim & Rafal talk about the "feature economy" that is the security vendor marketplace today
  • Jim explains the statement "Complexity is the camouflage for bad guys"
  • Jim explains what he believes security organizations have accomplished in the last 5 years
  • Rafal & Jim lament the 'fundamentals'

Guest

Sep 17 2019

45mins

Play

iTunes Ratings

69 Ratings
Average Ratings
51
7
2
5
4

It’s all about that intro

By Phantom Physics - Sep 11 2019
Read more
This is by far my fav cyber podcast. Thank you James and Ralf.

Consistently excellent podcast

By thigley986 - Feb 16 2017
Read more
One of my go to security podcasts. Consistently high quality!