Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!Prologue Episode 435 is packed with OpenSource goodness, talking about WordPress and WPScan with Ryan Dewhurst. Ryan started WPScan (a tool you probably use as a security practitioner) and has now made a business out of it. He spends a half-hour discussing the product, his road, and Wordpress/security in general and includes some plans for the future. Guest Ryan Dewhurst LinkedIn: https://www.linkedin.com/in/ryandewhurst/ Twitter: https://twitter.com/ethicalhack3r Website: https://wpvulndb.com/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week, Jennifer Fernick of NCC Group joins me to talk about her work with open source software and security. With a storied career, Jennifer is well-qualified to talk about some really interesting topics, but finding bugs in open source software, at the scale we need it to be done, is a monumental task.  If you're a developer and keen on innovation and open-source, and know security or are interested in learning more - I encourage you to go check out the Open Source Security Foundation here: https://openssf.org/  Guest Jennifer Fernick LinkedIn: https://www.linkedin.com/in/jenniferfernick/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue: This week, Gary Latham joins the podcast to talk about taking the reigns of the Security Advisor Alliance, at a pivotal time for the organization. If you don't know about the SAA, I highly encourage you to check it out here: https://www.securityadvisoralliance.org/    Guest Gary Latham LinkedIn: https://www.linkedin.com/in/gary-latham-8bb62925/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last time Robb was on the show (which was in 2016!). Of course they talk about the "big hack", and retreat into identity, Zero Trust, and the challenges of mid-market companies trying to do their own security. The lesson here? "The more we learn, the more we recognize we know very little." Guest Robb Reck LinkedIn: https://www.linkedin.com/in/robbreck/ Twitter: @RobbReck Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week on DtSR, an old friend Jamison Utter joins Rafal to talk about medical IoT devices, and what makes them different -- and of course, how we can better protect them. Jamison's company, Medigate, is a healthcare security and medical analytics company - and it's an interesting discussion on how this type of IoT differs from others with security implications. You'll want to listen in, since the "Internet of Things" discussion is getting very varied, and you need to keep up. Guest Jamison Utter LinkedIn: https://www.linkedin.com/in/jamisonutter/ Twitter: https://twitter.com/jamison_utter Company website: https://medigate.io   Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue David was a guest on the podcast many years ago, back in episode 7. We had a great conversation and it's interesting to see how so many of the topics have evolved in the last nearly a decade. Or not. Guest David Elfering LinkedIn: https://www.linkedin.com/in/aroundomaha/ Twitter: https://twitter.com/icxc  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!You Gotta Hear This! [YGHT] This special edition of the Down the Security Rabbithole Podcast is the first of it's kind. For 2021 I've decided to throw in a bonus episode here and there that doesn't necessarily fit the typical format when I find something interesting, or a topic or person worth your time. Right now, with CrowdSec is that time. Philippe Humeau is a wealth of information and the CEO of CrowdSec - a company that's picking up where someone else left off and making crowd-sourced security intelligence, free if you're a contributor to the system. Brilliant stuff... jump in and listen. Guest Philippe Humeau LinkedIn: https://www.linkedin.com/in/philippehumeau/  Twitter: https://twitter.com/philippe_humeau  Check out CrowdSec LinkedIn: https://www.linkedin.com/company/crowdsec/ Hub: https://hub.crowdsec.net/?_ga=2.115542209.614917574.1610075573-377858623.1610075573 Twitter: https://twitter.com/Crowd_Security  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue Let's start 2021 off right with a returning guest whose name you will want to remember. Joep (pronounced like "soup" but with a "you") Gommers the founder and CEO of EclecticIQ joins Rafal to talk about threat intelligence - from platforms to TIPs, use-cases, implementations, limitations, and the move to TIM. It's a fun conversation that looks at where "threat intelligence" started, and where it's gone over the last 5 years or so. If you're a threat intel analyst, another consumer, or even a vendor, you'll want to listen up carefully and maybe take notes. By the way we need a "TIM-enabled NextGen SOC Platform" sticker to be made up, with "Tim the Enchanter" as the key figure ... this should happen. Someone has to have the talent! Guest Joep Gommers LinkedIn: https://www.linkedin.com/in/joepgommers/ Twitter: https://twitter.com/joepgommers  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue This week, on the last episode of 2020, Michael Coates joins Rafal to talk about wire-speed-data-protection. Sort of like CASB but more universal. Interestingly, Rafal and Michael talk through how DLP has evolved and into what, and some interesting developments along the way - then the promise of something better. Guest Michael Coates LinkedIn: https://www.linkedin.com/in/mcoates/ Twitter: https://twitter.com/_mwc Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Prologue First and foremost, thank you to Prevailion for giving us some of Karim's time, and content for this episode. Adversary intelligence is critical to protection and defense, so the methods and means in which it's gathered, refined, and provided back into the industry is always a great topic of discussion. I can't stress enough how much I recommend going and doing this - https://www.prevailion.com/claim-your-apex-platform-account/ which is free and can give you an idea of whether you have some of those pesky "bad actors" running around your infrastructure stealing your critical assets. Guest Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/ Is YOUR org compromised?: https://www.prevailion.com/claim-your-apex-platform-account/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast