Down the Security Rabbithole Podcast (DtSR)
This is Cybersecurity's premier podcast. Running strong since 2011 Rafal Los, James Jardine, and Jim Tiller bring a no-nonsense, non-commercial approach to our profession. DtSR brings interviews and discussion with people you want to meet, and stories you have to hear. So whether you're just starting out, or are decades deep into your career, you'll always learn something on this show.On Twitter/X: https://twitter.com/@DtSR_PodcastOn YouTube: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqOn LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Latest episodes
May 4, 2021 • 52min
DtSR Episode 445 - TPA Non-Random Cyber Thoughts with Dave Marcus
Send the hosts a message - try it now!Prologue I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus 1:1. It hurts my brain. So I rectified this situation and here you are. Dave is one of the best humans in the industry, has a few truckloads of knowledge, and you could stand to learn something from him. Give this episode a shot. Warning: Dave drops a pair of F-bombs, and the show goes a little longer than most at >40 minutes. But it's well worth your time. I promise. Guest Dave Marcus Twitter: https://twitter.com/DaveMarcus LinkedIn: https://www.linkedin.com/in/marcusdavid/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Apr 27, 2021 • 47min
DtSR Episode 444 - TPA Gary is Awful at Retirement
Send the hosts a message - try it now!Prologue I'm honored to have Gary McGraw on with James and myself on this episode. I hadn't realized, but Gary retired from (what was formerly) Cigital - and by retired I mean "started something new". Gary sucks at retirement, but he's brilliant and has a lot to say about machine learning and its applications, so you should really listen in. No, "AI" isn't going to take over security - but it's work exploring the enormous contributions machine learning make to our lives and how they can be abused. Guest Gary McGraw Twitter: https://twitter.com/noplasticshower Home: https://www.garymcgraw.com/ Boards he's on: https://www.garymcgraw.com/technology/business/ Info on Berryville Institute: https://berryvilleiml.com/ ARA for ML: https://berryvilleiml.com/results/ara.pdf Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Apr 20, 2021 • 46min
DtSR Episode 443 - TPA Addressing AppSec Tech Debt
Send the hosts a message - try it now!Prologue Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we keep amassing in our applications. How bad is the problem, and what can be done? Tune in and find out what we think. Guest Chris Eng LinkedIn: https://www.linkedin.com/in/chris-eng-ab51331/ Twitter: https://twitter.com/chriseng Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Apr 13, 2021 • 40min
DtSR Episode 442 - S11E15 - TPA Fighting the Good Fight
Send the hosts a message - try it now!Prologue This week, the show is back after a brief spring break, and we have with us Dmitri Alperovitch - who has taken on a new venture in his latest role. We discuss cybersecurity policy, government's role in private enterprise defense, and why you should probably never run your own MS Exchange Server. Lots of great content from the always informative and entertaining Dmitri. Guest Dmitri Alperovitch LinkedIn: https://www.linkedin.com/in/dmitrialperovitch/ Twitter: https://twitter.com/DAlperovitch Silverado Policy Accelerator: https://silverado.org/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Mar 29, 2021 • 43min
DtSR Episode 441 - TPA State Secrets and Diplomatic Protection
Send the hosts a message - try it now!Prologue ** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth, our diplomats are likely a target 24x7x365. ** This week, Lonnie Price joins me and James on the show for an intriguing talking through some very, very cool stuff. Now, this episode is special. Of course, every episode is special but some are more special than others. In this edition of the show we're talking to someone who keeps state secrets, well ... secret, as America's diplomats travel internally and abroad. I can safely say I had no idea how much there was to concern yourself with beyond just encryption. Guest Lonnie Price LinkedIn: https://www.linkedin.com/in/lonniejprice/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Mar 23, 2021 • 41min
DtSR Episode 440 - TPA Fighting Back Against ATO
Send the hosts a message - try it now!Prologue Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale? Rafal's guest, Ari Jacoby of Deduce has some ideas. Ari talks about the broader ATO problem, and suggests some of the reasons it's gotten this bad (...how bad is it?...) and what companies that are not in the Fortune 250 can do to protect themselves - and you. Guest Ari Jacoby Deduce: https://www.deduce.com/ LinkedIn: https://www.linkedin.com/in/arijacoby/ Twitter: https://twitter.com/arijacoby Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Mar 16, 2021 • 41min
DtSR Episode 439 - TPA Open Source Endpoint Defense
Send the hosts a message - try it now!Prologue OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotely worked together. OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actually intelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically. Guest Zach Wasserman LinkedIn: https://www.linkedin.com/in/zacharywasserman/ Twitter: https://twitter.com/thezachw Fleet Open Source Device Management: https://fleetdm.com/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Mar 9, 2021 • 48min
DtSR Episode 438 - TPA Implementing Zero Trust Principles
Send the hosts a message - try it now!Prologue This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why. Guest Yuri Bobbert LinkedIn: https://www.linkedin.com/in/yuribobbert/ His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f/?trackingId=%2Fwm4S897TnSMTgkDszCDJQ%3D%3D Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Mar 2, 2021 • 41min
DtSR Episode 437 - TPA Healthcare IT Under Siege
Send the hosts a message - try it now!Prologue This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right? This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing. Guest DJ McArthur LinkedIn: https://www.linkedin.com/in/dj-mcarthur-74364b24/ Twitter: https://twitter.com/djmca5280 Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
Feb 23, 2021 • 44min
DtSR Episode 436 - TPA A Dev Perspective on AppSec
Send the hosts a message - try it now!Prologue Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey joins us to talk about AppSec from his perspective - that of a life-long developer that's moved into software security. It's been an interesting journey, and while some of the things we discuss aren't necessarily revelations - listen for the subtle clues about what software security teams are doing wrong in the corporate enterprise... you'll hear it. Guest Rey Bango LinkedIn: https://www.linkedin.com/in/reybango/ Twitter: @ReyBango Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast
