Down the Security Rabbithole Podcast (DtSR)

TL;DR:Mark Simos of Microsoft joins Rafal & James this week to talk about why the 'tools-centric' security operations (SecOps) approach is failing us, and what an 'outcome centric' approach means and more importantly, how we get there. We discuss "vision versus execution", the history of "how we got here" and answer some questions we didn't know we had in the process. Mark's a wealth-spring of information on the topic, and his experience and time with the Open Group is huge for the work he's doing now to make tomorrow better for you all. Check out the podcast, and let us know what you think!Article Link (the one we discuss)https://www.linkedin.com/pulse/secops-tools-strategy-2023-part-1-mark-simos/GuestMark Simoshttps://www.linkedin.com/in/marksimos/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:This week's guest is Will Gragido, who has some significant experience developing security products. Will and I (Rafal) have a sit-down for a conversation about security products, their complexity then, now, and in the future. Point solutions, platforms, and portfolios - we discuss all the options you're faced with as a buyer - and attempt to suggest some solutions to the madness.GuestWill GragidoLinkedIn: https://www.linkedin.com/in/gragido/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:This week on the podcast, my buddy Adam Meyers graciously joins the show from his "undisclosed location" deep under the Meyers compound to break apart the latest threat report. I'm sure you've read it, but if you haven't you can get it at the link below. On this show, Adam and Rafal talk about what's in the report, what's not in the report, and the delta which brings up some interesting things in the evolution of threat actors and "bad guys". It's a podcast you don't want to miss because it feels like it's both a bellwether of what you'll be experiencing in your environments shortly, if you aren't already.Check out the show on our new podcast distribution site (BuzzSprout) and update your RSS feeds if you haven't already. Go check out the video (link below), and don't forget to catch it on LinkedIn, and Twitter!CrowdStrike Report: https://www.crowdstrike.com/global-threat-report/YouTube Video Replay: https://youtube.com/live/HN9Qg42HCks?feature=shareGuestAdam MeyersLinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DRThis week, on the podcast, Rafal and James host Brian Chidester and Jordan Burris to talk about the latest National Cyber Security Strategy from the Biden White House. It's an interesting piece of national policy that outlines our cyber security priorities as a nation - and you'll have to forgive me for calling it "aspirational".The four of us discuss the likelyhood of this strategy ever being fully implemented, which pieces are most likely to work and which ones will struggle, and ultimately what will be the result here.This is an important document - and if you're a defender or serious about cyber security at a national level - you should listen in.YouTube video replay: https://youtube.com/live/O8lePu4ings?feature=shareLinks:White house release: https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/Guests:Brian ChidesterLinked: https://www.linkedin.com/in/abchidester/Jordan BurrisLinkedIn: https://www.linkedin.com/in/jordan-burris-60588a70/Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this week's episode of the podcast, James joins me to co-host a great episode with an old friend - Ray Emerly. Ray is a long-time veteran of the CISO chair, and no stranger to working at all aspects of the security leadership role. We talk through a number of important topics, ask him what's changed (and what hasn't) and of course we have a stumper at the end. Listen to the end, or you'll miss a golden nugget.   Guest Raymond Umerly LinkedIn: https://www.linkedin.com/in/rumerley/    Watch the Video on our YouTube channel https://youtube.com/live/x1trGIgZSF0 Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

** This episode is being re-published due to an issue with the RSS feed/provider ** TL;DR: We've talked about cyber insurance a lot here on this podcast, and this episode is yet another angle on the topic. Nate Smolenski joins us to discuss his view, from the perspective of a CISO. This is a great conversation for those who are still investigating Cyber Insurance, or realizing that their policies are astronomical, or trying to right-size their security program along with insurance. Video link: https://youtube.com/live/O0gpapA_r08?feature=share Guest: Nate Smolenski LinkedIn: https://www.linkedin.com/in/nathansmolenski/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

** This episode is being re-published due to an issue with the RSS feed/provider ** TL;DR: This week I brought on David Barton the CTO of HighWire Networks - who knows a few things about a few things. We discuss the complex nature of our business, where things get weird, and how we can work to make them better. We talk about complexity, specifically, and what makes this such a difficult thing for our industry where simple is the arch-enemy of secure. Join us, and catch the video on the YouTube page (smash that subscribe button), or on LinkedIn.   Video Stream (replay): https://youtube.com/live/_rykxVh_VBw?feature=share    Guest: David Barton LinkedIn: https://www.linkedin.com/in/davidbarton1/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR It's been said that the road to hell is paved with good intentions. I feel like this applies to SBOM so much it's scary. All the good intentions in the world seemed to have led us to a place where we have tools that produce inconsistent results, tool sets that aren't necessarily integrated or mission-focused to deliver results, and a lot of confusion. Varun joins us with a boatload of entrepreneurial expertise and an eye for problem-solving so it's an interesting conversation. Join Rafal & James in a conversation that you'll want to listen to a few times, and take notes. Link to YouTube video https://youtube.com/live/pZgiiRQeou0?feature=share  Guest Varun Badhwar LinkedIn: https://www.linkedin.com/in/vbadhwar/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This DtSR podcast brings back a good friend of the show, and one of the most experienced leaders I know - Mr. Jim Tiller. We talk about an interesting topic - the "virtual CISO". vCISO is interesting because as markets tighten, and it becomes more difficult to find and afford good CISOs and security leaders in this market. So how can a company best utilize this part-time resource? We discuss... What are the best ways to utilize vCISO? What questions should you be asking? What are things to look out for? YouTube video https://youtube.com/live/OaYS0yEajQw?feature=share  Guest Jim Tiller LinkedIn: https://www.linkedin.com/in/jimtillersecurity/  Jim's Security Bytes newsletter: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today. Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio. Video Link (unedited, and hilarious): https://youtube.com/live/SuH4uxBiX3E  Guest Sergio Caltagirone LinkedIn: https://www.linkedin.com/in/sergiocaltagirone/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast