Send the hosts a message - try it now!Prologue We've covered "threat intelligence" on the show a few times now, but the evolving nature of what threat data is, how it's useful, and how it enables defenders of a specific type identify malicious activity keep it interesting. This time around Adam Meyers of CrowdStrike joins Rafal to discuss threat intelligence, threat hunting, and clarifies some of the mis-conceptions and utilities around the topic. A good conversation for those defending their infrastructure and useful data points from someone who is a recognized expert. Adam joins us from his bunker, with all the elements you'd expect from Adam, so it's definitely worth your time to listen closely. Check out Fal.Con, where you can catch the cutting-edge on CrowdStrike kit, industry knowledge, and hear some great industry speakers. Rafal will be there speaking on the topic of operationalizing and making the SOC more effective and efficient at small scale, check it out (link below). Guest Adam Meyers LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/  CrowdStrike: https://www.crowdstrike.com Fal.Con: https://www.crowdstrike.com/events/fal-con/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue "Just do the basics!" "Remember the security fundamentals." ...sick of hearing those catch phrases without anything to actually get it DONE? Yeah, us too. This week we're joined by John Scimone of Dell Technologies to talk about his take on fundamentals both security and IT. His approach is not unique, per se, but it's one that works and it's repeatable. More importantly, he's willing to share his expertise and what he's done to be successful in raising the bar to his level of "good enough" -- so unless you've gotten where YOU want to be in those security fundamentals, it's time to listen to John's podcast and take notes. Take lots of notes. By the way, if you want the video on LinkedIn Live where you can post questions too, click here: https://www.linkedin.com/video/event/urn:li:ugcPost:6953043382164209664/ Guest John Scimone - President, Chief Security Officer at Dell Technologies LinkedIn: https://www.linkedin.com/in/john-scimone-0b2041a1/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week, long-time friend and well-known industry personality, Jessica Hebenstreit joins Rafal to talk about her journey in consulting to very large security programs and why maturity is elusive in many of those programs. As it turns out, maturity is influenced by many factors but highly dependent on actually solving problems and being able to show progress. This is an interesting conversation for anyone who wants to understand what's inside the head of a former practitioner who has ventured into the field to help others solve large-scale, complex, problems. Guest Jessica Hebenstreit LinkedIn: https://www.linkedin.com/in/jessicahebenstreit/  LinkedIn Live stream: (video!) https://www.linkedin.com/video/event/urn:li:ugcPost:6960010458405756928/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week on the podcast, the one and only Tom Eston joins Rafal & James to talk about managing teams. Tom is a well-known personality who runs the "Shared Security Show" podcast -- which has been running even longer than we have, give them a listen if you don't already. Tom talks about the difficulties of managing, coping with various types of personalities, and helping employees thrive while finding the right balance between in-office and remote. Great show if you're in a leadership position, or hoping to be, managing technical teams. Guest Tom Eston https://www.linkedin.com/in/tomeston/ The Shared Security Show https://sharedsecurity.net/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue It's always a pleasure to have someone on the show who is an expert in their trade, someone who has experience, expertise, and depth of understanding like few others. In this case, James and I host Jim tiller - one of the people I consider a mentor and long-time friend, who is all of those things and more. Jim is a quintessential expert on cybersecurity services - and in this discussion we push some of the buttons that really get him talking, passionate, and dispensing wisdom. I hope you brought a notepad, because you'll want to be taking notes. This episode is for those out there who work in, or manage, services organizations. Truckloads of information here... Guest Jim Tiller https://www.linkedin.com/in/jitiller/  Subscribe to Security Bytes: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue James has been talking about "shift left" for a while so when Jeff Williams posted interesting research on LinkedIn - we jumped on an opportunity to have him on the show to talk about the subject. Let's face it, everyone is shifting left, and most of this is just marketing nonsense, but some of it is actually an attempt to push security "earlier" into the cycles - but is that good? Does it even make sense? Jeff kills one of my favorite, go-to, security myths about software security...and a fun discussion ensues. Join us, and maybe add to the conversation! Guest Jeff Williams LinkedIn: https://www.linkedin.com/in/planetlevel/ The post that started the discussion: https://www.linkedin.com/feed/update/urn:li:activity:6948662117398962177?updateEntityUrn=urn%3Ali%3Afs_feedUpdate%3A%28V2%2Curn%3Ali%3Aactivity%3A6948662117398962177%29  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue DNS is a big topic, and you may be asking yourself why. Well, as we noted in a recent show ( https://ftwr.libsyn.com/dtsr-episode-504-dns-turns-40 ) DNS is officially middle-aged. And with that middle-age comes some more problems. These issues have caused a situation where it's increasingly evident that DNS needs to evolve, mature, or simply revise (2.0?) itself ... but into what? And why? Listen to Ken Carnesi from DNSFilter who joins James & Rafal to talk about the challenges and the future, and why it's still such a sh*tshow today. Guest Ken Carnesi LinkedIn: https://www.linkedin.com/in/kencarnesi/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Let's start with NDR - Network Detection and Response - because it's not new, but the discussions lately have been very interesting. Is it still relevant? Does it have a place in today's hybrid and cloud world? Well, in this conversation with Raja Mukerji, co-founder of ExtraHop, Rafal tackles these questions and gets some interesting answers. For those of you who have followed for a while - I have a surprise reveal for you at the end.Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue As some of you know, I've been either in the AppSec space, or adjacent, since the fairly early days. I built a program at GE a million years ago, and worked selling dynamic web app testing software for many years. If you've been in the space, you can feel a little bit hopeless with all the different options, tools, and advice only to look at the stale OWASP Top 10 and wonder ...why aren't things improving? Matt Rose joins me in a post-RSA conversation about ASPM (Application Security Posture Management), and before you dismiss it as another analyst buzzword, let's talk about why this may actually (and finally) start to solve some of the complex issues around developing, releasing, and maintaining reasonably secure software. This is a space I've been passionate about for a long time, and I feel like everyone should listen to this. Guest Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard. Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry. Guests Tyler Moffitt LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/  Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/  Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/  Dr. Khawaja Saeed LinkedIn: https://www.linkedin.com/in/khawaja-asjad-saeed-29b2a6a/  Ray Canzanese LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/  Deidre Diamond LinkedIn: https://www.linkedin.com/in/deidrediamond/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast