Send the hosts a message - try it now!Prologue Frankly, we have no idea how we got through 450 episodes without interviewing Rich. No clue. Rich is a man of many talents including a trained responder for situations like we've been facing. He's also a cloud security specialist, and happens to do a half-dozen other things in his "spare time" too. In this episode we chat about what the pandemic has taught cyber security professionals, and what we'll come out the other side looking like. Warnings: Loki spoiler alert - oops, Rafal did this one Explicit language warning - Rich dropped some colorful language, deal with it Guest Rich Mogull LinkedIn: https://www.linkedin.com/in/richmogull/  Twitter: https://twitter.com/rmogull Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue It's been a long time, maybe forever, since James and I sat down and just chatted on the podcast. With all these amazing guests we have on the show it's easy to get caught up in the fun and forget to just have a two-person conversation every once in a while. With that in mind, we did it this week. We sat down, just the two of us, and chatted about the last few hundred episodes, the things that have stayed with us, and some things we wished would "get better" but alas...   Jump in, this is a special episode.Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Sean Scranton joins Shawn Tuma and myself to talk about cyber insurance, specifically, as it is a massive topic of discussion lately. Building on top of the "does cyber insurance even pay out?" question and exploring if cyber insurance will actually change the industry (as Jeremiah hints in episode 447) we traverse a lot of related topics and answer some good questions. This is one of the most informative episodes on this specific topic I've found out there - without all the usual propaganda. Huge thank you to Sean and Shawn for agreeing to take time away from client work to speak with DtSR, and leave this information accessible to my listeners. Guests Sean Scranton LinkedIn: https://www.linkedin.com/in/sean-scranton-2b24948/  Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Twitter: https://twitter.com/shawnetuma Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Vulnerability Management has been a bit of a soapbox for me lately, and this episode brings in two experts on the topic directly from the enterprise to talk about how we prioritization, spreadsheets, and today's big vulnerability problem produces serious issues for enterprise professionals. The problem is as old as our profession, but in spite of the tools, testimonials, and hand-waving it's still a massive problem. Guests Britney Hommertzheim LinkedIn: https://www.linkedin.com/in/bhommertzheim/  Twitter: https://twitter.com/bhommertzheim  Ace Moore Ace is incognito :) Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue On this episode of the podcast I have the pleasure of hosting one of my long-time friends and industry titan - Dawn-Marie "Rie" Hutchinson. She's fresh off of a stint as a CISO, and talking about burnout in our industry and beyond. It's always a pleasure chatting with a friend, but this is an important topic so extra thanks for sharing her knowledge and insights with us; working in a globally diverse and multi-timezone workforce isn't easy, and the lessons are useful! Guest Dawn-Marie "Rie" Hutchinson LinkedIn: https://www.linkedin.com/in/riehutch/  Twitter: https://twitter.com/CISO_Advantage  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue My pal Rock has ventured off on his own, so I wanted to catch up with him and get a quick update on the state of business, but also get a sense for what he's seeing in the industry as he's advising companies and helping them through compliance and regulatory challenges. Fascinating conversation, always fun stuff.   Guest Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/  Twitter: https://twitter.com/rocklambros Twitter: https://twitter.com/rockcyberllc  Website: https://www.rockcyber.com/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prolgue Ladies and Gentlemen - we've hit ** 450 ** episodes. Let me just take a moment and reflect on the number of awesome guests, long hours recording and editing, and all of you phenomenal fans and listeners spreading the show content. Episode 450 feels like the right one to drop an episode with one of my real-life best friends, British sensation, and perennial entrepreneur Vikas Bhatia. We drop the gloves and go after the shitshow that is third party risk management in modern day enterprise. There are answers, but not if you don't address it head-on. Guest Vikas Bhatia LinkedIn: https://www.linkedin.com/in/vikasbhatiauk/  Twitter: https://twitter.com/vikasbhatiauk  Company URL: https://justprotect.co Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue In this episode, our legal eagle Shawn Tuma is back to discuss the Colonial Pipeline incident and whether it could be a watershed moment for US Cyber interests. As Toby Keith's "Courtesy of the Red, White, and Blue" plays in the background, we discuss what's happened, what could happen, and what it all means. Guest Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Twitter: https://twitter.com/shawnetuma/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue You've GOT to hear this! This week on the podcast, I invited Martin Zizi of Aerendir, to talk about how we can use technology to not only distinguish between humans and non-humans (bots?) but also how to identify humans with staggering levels of precision - using commonly available and inexpensive components. He's got humor, an eclectic background, and great knowledge of the topic. Join us! Guest Martin Zizi Bio: Dr. Martin Zizi, MD-Ph.D, deep expertise in Molecular Biophysics and Neurosciences. He is one of the Founders & CEO of Aerendir Mobile Inc. He is the inventor of the NeuroPrint®, a cloudless AI-supported neural-tapping technology that can be used for authentication, identification, encryption, secure TLS, and bot segregation. Following his early years in the United States as a Scientist at the Walter Reed Army Institute of Research where he worked on very advanced projects, he had a 20-years dual-track career, leading both academic and strategic projects as a top scientist in 3 fields and was also a Chief Scientific Officer for Belgian DoD. Martin was a sought-after advisor for the Belgian, the EU governments, international organizations (UN) and the industry. Aerendir Mobile Inc. is his second start-up. He was #2 at another start-up in the Medical technology vertical. LinkedIn: https://www.linkedin.com/in/martinzizi/ Twitter: https://twitter.com/MartinZ_uncut Aerendir Mobile, Inc. LinkedIn: https://www.linkedin.com/company/aerendir-mobile-inc Twitter: https://twitter.com/AerendirMobile/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue I don't know about you, but I have Jeremiah in a list on Twitter that allows me to read/think about some of the things he posts without the noise of the rest of Twitter. Should a company that develops software be held responsible when a bug they missed is exploited? Why do we "Agree" on all those click-through agreements which basically disavow any responsibility, anyway? What about security tools - if they scan and miss a flaw that's later exploited, shouldn't they be liable? These and other salient topics are discussed in fairly great detail without all the usual hype you hear around this topic. Please join us, this is a wonderful episode to listen to more than once. Guest Jeremiah Grossman LinkedIn: https://www.linkedin.com/in/grossmanjeremiah/ Twitter: https://twitter.com/jeremiahg Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast