Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!Prologue This week, the guy with the best vendor hoodies ever is back! Philippe Humeau of Crowdsec joins us again to talk about some of the data his team have gathered, analyzed, and are using to crowd-source protection in the form of block lists. Anton Chuvakin joins us to bring his useful manner of snarkasm, just to keep us honest. Guests Philippe Humeau LinkedIn: https://www.linkedin.com/in/philippehumeau/  Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue I read an article the other day that got me thinking, and inspired me to get Wesley onto the podcast to talk about SOAR. Yes, SOAR is absolutely boring -  but that's OK, isn't it? What's the actual purpose of SOAR technology, and where is it being utilized today? Are we getting the most of this, or is it just a boring fad? All this and more on today's show. Guest Wesley Belleman LinkedIn: https://www.linkedin.com/in/cyberwes/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue We open this episode with an acknowledgement of the crisis in Ukraine, as Putin's madness is unleashed. We stand with the brave people of Ukraine as they defend themselves from unprecedented evil. That said, this week James and I bring Grant Sewell onto the show. Grant has experience being a "behind the scenes" CISO, and more recently in a customer-facing role. We discuss the evolution of the CISO into a "trust officer" and the focus that takes. Guest Grant Sewell LinkedIn: https://www.linkedin.com/in/grantsewell/  Twitter: https://twitter.com/grantsewell  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!LinkedIn Live stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6895440886222643201/  DtSR LinkedIn Page (subscribe here!): https://www.linkedin.com/company/down-the-security-rabbithole-podcast/  Prologue This week is a slightly longer (oops) episode of the DtSR Podcast with a three-timer, Adam Meyers of Crowdstrike. Adam joins James and Rafal to talk about the latest Global Threat Report and all the trends and insights. There is a lot of good insight here, and if you want to catch the LIVE (recorded) video you can get that too! Don't forget to subscribe to our DtSR page on LinkedIn to get all the latest content. Guest Adam Meyers LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/ Twitter: https://twitter.com/adam_cyber Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week I'm so thankful that James and I have the opportunity to talk to the authors of "The CISO Evolution" -- a fantastic book for anyone who wants to be, or is working as, a security leader. Rock and Matt join us to talk about the book, share some insights, and maybe answer a tough question or two. Guests: Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/  Rock Cyber: https://www.linkedin.com/company/rockcyber/  Matthew Sharp LinkedIn: https://www.linkedin.com/in/ciso-mba/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Continuing our thread on the software supply chain and SBoM (Software Bill of Materials) we bring in Ed Moyle who is writing a series on the subject for his column. Ed brings up some very interesting points on some key aspects of software supply chain including feasibility and asks that difficult question "So what if you get it?" Guest Ed Moyle LinkedIn: https://www.linkedin.com/in/edmoyle/  Must-read article: https://www.techtarget.com/searchsecurity/tip/4-software-supply-chain-security-best-practices  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue SBoM ("Software Bill of Materials") is the new rage. Everyone's talking about it. What it means is you're expecting a list of software components and includes, libraries, etc that make up the software you're buying or using. The problem is, in real life, SBoM is exceptionally difficult and maybe even slightly impractical. Listen in as Rafal & James discuss SBoM in real-life scenarios with Paul Caiazzo -- a guy who's trying to make this idea work in his day-job. Guest Paul Caiazzo LinkedIn: https://www.linkedin.com/in/pcaiazzo/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Back in episode 469 ( https://ftwr.libsyn.com/dtsr-episode-469-yght-they-hacked-ransomware ) we brought Steve Perkins of Nubeva ("Cloud Go" in Portuguese) to talk about a very interesting "accidental" development. They'd figured out a way to steal encryption keys from ransomware, thus rendering it potentially toothless. Well, now Steve's back with a product, and a way to reverse ransomware's encryption with minimal friction and without paying the ransom. So ... yeah. Listen in.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise known as "features", in the various platforms? On this show, we're interested in learning more about Timur's research and what he's uncovered. You'll want to do what I did, check your phone's NFC payments settings, once this show is over.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds. Building resilient and secure clouds isn't just about security, it's about design and architecture that adheres to good practices. Microsoft's CAF is fantastic place to start - listen here to learn more. Guest Mark Simos LinkedIn: https://www.linkedin.com/in/marksimos/  Twitter: @marksimos Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast