Send the hosts a message - try it now!Prologue When in Austin, TX ... meet up with some friends right? This week I have the pleasure of sitting down in-person with Joel whom has been doing the "AppSec thing" for longer than many of you who are reading this have been in our profession. Joel knows a thing or two - so we discuss a thing or two. Philosophy, history, and some ugly truths come out in a conversation that can only happen in-person. Guest Joel Scambray LinkedIn: https://www.linkedin.com/in/joelscambray/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus 1:1. It hurts my brain. So I rectified this situation and here you are. Dave is one of the best humans in the industry, has a few truckloads of knowledge, and you could stand to learn something from him. Give this episode a shot. Warning: Dave drops a pair of F-bombs, and the show goes a little longer than most at >40 minutes. But it's well worth your time. I promise. Guest Dave Marcus Twitter: https://twitter.com/DaveMarcus LinkedIn: https://www.linkedin.com/in/marcusdavid/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue I'm honored to have Gary McGraw on with James and myself on this episode. I hadn't realized, but Gary retired from (what was formerly) Cigital - and by retired I mean "started something new". Gary sucks at retirement, but he's brilliant and has a lot to say about machine learning and its applications, so you should really listen in. No, "AI" isn't going to take over security - but it's work exploring the enormous contributions machine learning make to our lives and how they can be abused.   Guest Gary McGraw Twitter: https://twitter.com/noplasticshower Home: https://www.garymcgraw.com/  Boards he's on: https://www.garymcgraw.com/technology/business/  Info on Berryville Institute: https://berryvilleiml.com/  ARA for ML: https://berryvilleiml.com/results/ara.pdf  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we keep amassing in our applications. How bad is the problem, and what can be done? Tune in and find out what we think. Guest Chris Eng LinkedIn: https://www.linkedin.com/in/chris-eng-ab51331/  Twitter: https://twitter.com/chriseng  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week, the show is back after a brief spring break, and we have with us Dmitri Alperovitch - who has taken on a new venture in his latest role. We discuss cybersecurity policy, government's role in private enterprise defense, and why you should probably never run your own MS Exchange Server. Lots of great content from the always informative and entertaining Dmitri. Guest Dmitri Alperovitch LinkedIn: https://www.linkedin.com/in/dmitrialperovitch/ Twitter: https://twitter.com/DAlperovitch Silverado Policy Accelerator: https://silverado.org/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue ** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth, our diplomats are likely a target 24x7x365. ** This week, Lonnie Price joins me and James on the show for an intriguing talking through some very, very cool stuff. Now, this episode is special. Of course, every episode is special but some are more special than others. In this edition of the show we're talking to someone who keeps state secrets, well ... secret, as America's diplomats travel internally and abroad. I can safely say I had no idea how much there was to concern yourself with beyond just encryption. Guest Lonnie Price LinkedIn: https://www.linkedin.com/in/lonniejprice/ Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale? Rafal's guest, Ari Jacoby of Deduce has some ideas.  Ari talks about the broader ATO problem, and suggests some of the reasons it's gotten this bad (...how bad is it?...) and what companies that are not in the Fortune 250 can do to protect themselves - and you. Guest Ari Jacoby Deduce: https://www.deduce.com/  LinkedIn: https://www.linkedin.com/in/arijacoby/  Twitter: https://twitter.com/arijacoby  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotely worked together. OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actually intelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically.   Guest Zach Wasserman LinkedIn: https://www.linkedin.com/in/zacharywasserman/ Twitter: https://twitter.com/thezachw  Fleet Open Source Device Management: https://fleetdm.com/  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why.   Guest Yuri Bobbert LinkedIn: https://www.linkedin.com/in/yuribobbert/ His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f/?trackingId=%2Fwm4S897TnSMTgkDszCDJQ%3D%3D  Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right? This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing.   Guest DJ McArthur LinkedIn: https://www.linkedin.com/in/dj-mcarthur-74364b24/ Twitter: https://twitter.com/djmca5280 Support the show>>> If you're reading this, consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast