Send the hosts a message - try it now!TL;DR On this episode, we welcome Josh Grossman - who has a pretty interesting perspective on AppSec, or Software Security, or (cringe) "DevSecOps". Josh has a bit of an edge on the subject, so he fits in with myself & James perfectly. We talk about where things stand from the vendor perspective, building programs, and why it takes to make a real impact, versus continuing to push a very large boulder up a very steep hill. Oh, hey, want to be on the show? Let us know a topic and your background and let's talk. Guest Josh Grossman LinkedIn: https://www.linkedin.com/in/joshcgrossman/  Twitter: https://twitter.com/JoshCGrossman  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR This week on 2023's first live-streamed episode (technical our first recorded in '23) our friend Larry Whiteside, Jr. joins us to talk about the prospects for 2023 and beyond. We discuss trends, make some rather sad predictions, and attempt to be hopeful about what the new year could bring us - if we don't find a way to walk ourselves off a cliff, first. It's a light discussion, that dives into some deep topics, and ultimately ends with some hope... 'ish. Join us! Oh, hey, since some of you are looking for a new opportunity in the new year, Larry's hiring (check out his LinkedIn page). Guest Larry Whiteside, Jr. LinkedIn: https://www.linkedin.com/in/larrywhitesidejr/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR Shawn Tuma, our favorite cyber legal eagle, joins Rafal & James to talk about the sorts of things we learned about 2022, in what could be confused for a year-in-review episode. We saw ransomware, big incidents, but overall ... things weren't the worst out there. If you missed our live-stream on LInkedIn (link below) you can replay that any time, or listen to this episode as a podcast. For 2023, I'm going to be tweaking some things to get us talking, sharing, and hopefully an even better experience of the podcast you already love. LinkedIn Live-stream re-play: https://www.linkedin.com/video/event/urn:li:ugcPost:7013670254237163520/  Guest Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Twitter: https://twitter.com/shawnetuma/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week James and I are joined by my good friend and many-timer on the podcast Brandon Dunlap, and our mad genius and serial entrepreneur pal Paul Calatayud to talk about all of these guarantees, warranties, and insurance. It's a strange discussion but quite necessary as the industry is littered with some of these offerings by providers and various software (security) vendors. These guarantees and warranties are made to make you feel better, but rest assured lawyers wrote these and there's always a catch. The insurance conversation, that's a little different (way different) and Paul's got some interesting things to say here. Don't miss a great episode!   Guests Paul Calatayud LinkedIn: https://www.linkedin.com/in/whitehat/ Brandon Dunlap LinkedIn: https://www.linkedin.com/in/bsdunlap/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Karim Hijazi joins Rafal & James this week on the podcast to talk about some interesting trends and developments in the world of bad actors. It's an interesting update including some things I wasn't expecting to hear about how threat actors "hit back at" incident responders and threat hunters. This is a good conversation about the current threat landscape with an eye on the Russian hackers out there, and pretty good listening for anyone who wants an added dose of situational awareness. Links: Sneaky Hackers Reverse Defense Mitigations When Detected - https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/  https://cybernews.com/editorial/russian-hacktivist-real-dangers/ Guest Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This is a very interesting episode... Gadi Evron joins James and me on this slightly technically difficult (the IPoCP - IP over Carrier Pigeon - was awful at times) episode to talk about the CISO role and the potential liabilities that lie within. Whether we're talking about the Joe Sullivan case (and we're not, or we try not to), or we're generalizing about employment and legal culpability - this show traverses a lot of land and it's all worth your time. Hopefully if I did an OK job, you won't notice all the edits :) Pre-reading Blog post from Gadi & Team 8: https://team8.vc/rethink/cyber/cisos-guide-to-legal-risks-and-liabilities/  The CISO guide: https://lp.team8.vc/cisosguide  Guest Gadi Evron LinkedIn: https://www.linkedin.com/in/gadievron/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue It's always a pleasure when I can get some friends together and banter on about a topic we all find interesting. This week's topic was supposed to be released a bit later, but it couldn't wait. We had so much fun that I thought it needed publication right now. The premise is simple - have you looked around at how many security vendors there are and just asked yourself ... "Are we solving anything, or just adding to the mess?" That's what we did on this podcast. And yeah, we'd know because we have some life experience in this industry. Required Reading: https://www.linkedin.com/pulse/security-tools-crash-coming-mark-curphey/  Guests Mark Curphey LinkedIn: https://www.linkedin.com/in/curphey/  Jim Tiller LinkedIn: https://www.linkedin.com/in/jitiller/  Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/  Vikas Bhatia LinkedIn: https://www.linkedin.com/in/vikasbhatiauk/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue On this episode Rafal & James re-visit the concepts of machine learning, "artificial intelligence", and applicability to cyber security from Sven Krasser, Chief Scientist at CrowdStrike. Dr Krasser has been working on algorithms and computers analyzing massive amounts of data since the early 2000's so his analysis of today's "state of the art" and projections for the future are likely spot on. We have a little fun poking at industry buzzwords and make some real projections for where things are moving. If you're trying to sift through the hype and asking yourself is any of the "AI + ML" hype is real, right now, listen to this podcast. Some of your questions are likely answered here.   Guest Sven Krasser, Ph. D. - SVP & Chief Data Scientist at Crowdstrike LinkedIn: https://www.linkedin.com/in/svenkrasser/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This podcast has attempted to go down-market a few times, with some success in discussing the important issues that service providers and security vendors oddly ignore. If you're not in the enterprise, you get ignored by 90%+ of the security vendor space, that's just fact, and that means that you're left to fend for yourself at the worst scale possible. That's unfortunate, in the long run, because as all the vendors chase enterprise vendors, they at the same time lament the poor state of downmarket security. This podcast addresses something that may be able to help. A long-time colleague and friend has started a company and has a philosophy that we think y'all should hear about. I'm going to encourage you to give ContraForce a look -- not just because they're named after one of my favorite video games of all time -- but because they are working hard to solve a fundamental problem that we have in the security space...small companies have big problems too. Guest Stanislav Golubchik LinkedIn: https://www.linkedin.com/in/stan-golubchik/ Company LinkedIn: https://www.linkedin.com/company/contraforce/ Company website: https://www.contraforce.com/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Are you sick of hearing "Zero Trust"? Do you, like us, also feel like it's a marketing buzzword, and then a cute concept that has a very difficult time in reality? Yeah, this episode is for you. David Fairman and Jason Clark, join Rafal to talk about what is essentially continuous signals evaluation, least privilege, and default deny with segmentation. All those things we love, and haven't done right. Guests Jason Clark LinkedIn: https://www.linkedin.com/in/jasonclarkfl/  David Fairman LinkedIn: https://www.linkedin.com/in/dfairman/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast