Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!** This episode is being re-published due to an issue with the RSS feed/provider ** TL;DR: This week I brought on David Barton the CTO of HighWire Networks - who knows a few things about a few things. We discuss the complex nature of our business, where things get weird, and how we can work to make them better. We talk about complexity, specifically, and what makes this such a difficult thing for our industry where simple is the arch-enemy of secure. Join us, and catch the video on the YouTube page (smash that subscribe button), or on LinkedIn.   Video Stream (replay): https://youtube.com/live/_rykxVh_VBw?feature=share    Guest: David Barton LinkedIn: https://www.linkedin.com/in/davidbarton1/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR It's been said that the road to hell is paved with good intentions. I feel like this applies to SBOM so much it's scary. All the good intentions in the world seemed to have led us to a place where we have tools that produce inconsistent results, tool sets that aren't necessarily integrated or mission-focused to deliver results, and a lot of confusion. Varun joins us with a boatload of entrepreneurial expertise and an eye for problem-solving so it's an interesting conversation. Join Rafal & James in a conversation that you'll want to listen to a few times, and take notes. Link to YouTube video https://youtube.com/live/pZgiiRQeou0?feature=share  Guest Varun Badhwar LinkedIn: https://www.linkedin.com/in/vbadhwar/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: This DtSR podcast brings back a good friend of the show, and one of the most experienced leaders I know - Mr. Jim Tiller. We talk about an interesting topic - the "virtual CISO". vCISO is interesting because as markets tighten, and it becomes more difficult to find and afford good CISOs and security leaders in this market. So how can a company best utilize this part-time resource? We discuss... What are the best ways to utilize vCISO? What questions should you be asking? What are things to look out for? YouTube video https://youtube.com/live/OaYS0yEajQw?feature=share  Guest Jim Tiller LinkedIn: https://www.linkedin.com/in/jimtillersecurity/  Jim's Security Bytes newsletter: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today. Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio. Video Link (unedited, and hilarious): https://youtube.com/live/SuH4uxBiX3E  Guest Sergio Caltagirone LinkedIn: https://www.linkedin.com/in/sergiocaltagirone/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

The podcast discusses the evolution and challenges of incident response automation, the merging of software systems for improved security, the importance of data correlation and XDR in cybersecurity incidents, the Defend ontology in cybersecurity defense strategies, and concludes with casual conversations and farewells.

Send the hosts a message - try it now!TL;DR A few days ago, my pal Kevin asked me if I had seen the LinkedIn post by Helen Patton that asked an interesting question of the podcast space... Her post made me think - why the heck not? So, I did. Thanks to Helen, whose idea this was - I hope you get a chance to watch and enjoy the outcome of your request ... we had far too much fun recording it. Here on this episode - which I promise you is 100x better on video, we have Anton Chuvakin, Kevin Thompson, and Jeff Collins joining Rafal & James on the podcast to have a little fun and ask "ChatGPT" some questions. Anton drove the screen share, and we had a lot of fun. I have to wonder - how did some of those answers (you'll know when you see/hear them) make it on there. Holy cow... wow. LinkedIn video replay - https://www.linkedin.com/video/event/urn:li:ugcPost:7021885147977314304/  Guests Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/  Jeff Collins LinkedIn: https://www.linkedin.com/in/jmcollins/  Kevin Thompson LinkedIn: https://www.linkedin.com/in/blackfist/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR On this episode, we welcome Josh Grossman - who has a pretty interesting perspective on AppSec, or Software Security, or (cringe) "DevSecOps". Josh has a bit of an edge on the subject, so he fits in with myself & James perfectly. We talk about where things stand from the vendor perspective, building programs, and why it takes to make a real impact, versus continuing to push a very large boulder up a very steep hill. Oh, hey, want to be on the show? Let us know a topic and your background and let's talk. Guest Josh Grossman LinkedIn: https://www.linkedin.com/in/joshcgrossman/  Twitter: https://twitter.com/JoshCGrossman  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR This week on 2023's first live-streamed episode (technical our first recorded in '23) our friend Larry Whiteside, Jr. joins us to talk about the prospects for 2023 and beyond. We discuss trends, make some rather sad predictions, and attempt to be hopeful about what the new year could bring us - if we don't find a way to walk ourselves off a cliff, first. It's a light discussion, that dives into some deep topics, and ultimately ends with some hope... 'ish. Join us! Oh, hey, since some of you are looking for a new opportunity in the new year, Larry's hiring (check out his LinkedIn page). Guest Larry Whiteside, Jr. LinkedIn: https://www.linkedin.com/in/larrywhitesidejr/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR Shawn Tuma, our favorite cyber legal eagle, joins Rafal & James to talk about the sorts of things we learned about 2022, in what could be confused for a year-in-review episode. We saw ransomware, big incidents, but overall ... things weren't the worst out there. If you missed our live-stream on LInkedIn (link below) you can replay that any time, or listen to this episode as a podcast. For 2023, I'm going to be tweaking some things to get us talking, sharing, and hopefully an even better experience of the podcast you already love. LinkedIn Live-stream re-play: https://www.linkedin.com/video/event/urn:li:ugcPost:7013670254237163520/  Guest Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Twitter: https://twitter.com/shawnetuma/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week James and I are joined by my good friend and many-timer on the podcast Brandon Dunlap, and our mad genius and serial entrepreneur pal Paul Calatayud to talk about all of these guarantees, warranties, and insurance. It's a strange discussion but quite necessary as the industry is littered with some of these offerings by providers and various software (security) vendors. These guarantees and warranties are made to make you feel better, but rest assured lawyers wrote these and there's always a catch. The insurance conversation, that's a little different (way different) and Paul's got some interesting things to say here. Don't miss a great episode!   Guests Paul Calatayud LinkedIn: https://www.linkedin.com/in/whitehat/ Brandon Dunlap LinkedIn: https://www.linkedin.com/in/bsdunlap/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast