Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!Prologue: First, I need to apologize for the quality of my (Rafal) audio. For a reason I don't understand, the Skype central record feature absolutely butchered it - could have been something on my end, I simply don't know. It should be listenable, albeit annoying. Second, huge thanks to Carlos for taking the time out of his busy morning from being a dad and his day job to talk to us. He's got a lot of really interesting and important things to share about his adventures in our industry and community - you should probably listen closely. Lastly - I have t-shirts to give away. If you want one, follow & re-tweet the @DtSR_Podcast handle and we'll pick a few of you (probably at random) to send shirts to. Guest Carlos Perez LikedIn: https://www.linkedin.com/in/carlos-perez-a146b917/ Twitter: https://twitter.com/carlos_perez/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Episode 401 Epilogue: This week, I got to sit down virtually with a long-time friend, and one of the most intelligent and quiet people you'll ever meet in InfoSec. My pal Carl Vincent (some of you may know him by other names) and I chat the transition from Red Team to Blue Team, tools, the state of the industry over the last few years, and just general conversation. The world around us has changed, and it's important to have real conversations with people who shaped the industry in ways you probably didn't know or realize. Guest: Carl Vincent LinkedIn: https://www.linkedin.com/in/mcarlvincent/ Twitter: https://twitter.com/vyrus001 Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Friends and Colleagues! We've made it. Milestone episode 400 of the podcast is here. And for the 400th episode I have none other than Mr. Tom Nichols. He's truly a qualified expert on a topic that needs some serious attention in today's world - expertise. In fact, he's written a book about it. Please enjoy this episode, share it, and I want to thank Tom for taking the time out of his crazy schedule to laugh, educate, and drop a little bit of snark into our day. Guest: Tom Nichols LinkedIn: https://www.linkedin.com/in/tom-nichols-94a7a23/ Twitter: @RadioFreeTom Go get and read his book: https://smile.amazon.com/Death-Expertise-Campaign-Established-Knowledge/dp/0190865970/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Episode 399 ... what a crazy ride it's been. This week we have Brian Chidester - you may recall we had a chat with him on episode 379 which was recorded live at EnFuse Conference 2019 - back to talk about some of the things he's been hearing state and local security leadership talk about. Great conversation, lots of topics covered... you'll enjoy it. Also, next up - EPISODE 400! Guest Brian Chidester LinkedIn: https://www.linkedin.com/in/abchidester/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, episode 398 features our Leadership Series and the one and only Allan Alford. Allan has spent a long career building various security practices, advising boards, and generally doing great things. While we're at it, you should go check out and sign up for the RSS feed of "Defense In Depth" podcast that Allan is a co-host on. They have a great tagline: "Couples therapy for security vendors and practitioners". Check them out here: https://www.linkedin.com/company/ciso-security-vendor-relationship-series/ Guest: Allan Alford LinkedIn: https://www.linkedin.com/in/allanalford/ Defense In Depth Podcast: https://cisoseries.com/category/defense-in-depth Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Welcome Down the Security Rabbithole to yet another edition of the DtSR Podcast. We we roll on towards milestone episode 400 James and Rafal discuss a topic that doesn't get nearly enough airplay - vulnerability management. This isn't just your dad's vulnerability scanning though, or is it? Have we done anything exciting in this space in the last 15 years? Maybe... kind of...but the problem is much harder. Guest Ed Bellis Twitter: @ebellis LinkedIn: https://www.linkedin.com/in/bellis/   Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!It's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we need to learn. Link to the report: https://enterprise.verizon.com/resources/reports/dbir/ Guest: Gabriel Bassett LinkedIn: https://www.linkedin.com/in/gabriel-bassett/ Twitter: https://twitter.com/gdbassett/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Special thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode! This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask: "Hey John, how's the hair?" It's great to be able to spend time with old friends and just talk about solving some long-standing problems our industry faces. One of the perennial favorites is why MSSPs are all terrible. Well - we have some ideas! Listen in if you've ever been frustrated with your MSSP... and are maybe interested in how the industry can collectively do better. Guest John Pirc LinkedIn: https://www.linkedin.com/in/johnpirc/ Rafal's personal note: John's a badass who has more experience in solving broad-scale problems and helping customers and companies through some difficult challenges. His advice is sage... you should probably listen in Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Episode 394 Rafal & James host Keith Duemling from the Cleveland Clinic (talk about high-profile jobs!) to talk about security in the healthcare space, challenges, the future, and other random topics. Keith has spent a large part of his career leading healthcare organizations, so he has a lot to share. Listen in! Guest Keith Duemling - Director of Cybersecurity Technology Protection at the Cleveland Clinic LinkedIn: https://www.linkedin.com/in/keithduemling/ Twitter: @KeithDuemling Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Guess who's back, back again ... James is back, so listen in! So James is officially back after a bit of a hiatus from the podcast, and on this episode him and Rafal sit down over a fun interview with Matt Lewis Research Director for the UK with NCC Group. Matt is the primary author on a report on "Smart Cities", and it's definitely something you should read. We talk about the report, discuss the true nature of a smart city and what it means to live in one. Pay particular attention to how difficult it was not to jump right into Die Hard 4 references... although we eventually broke down and did it anyway. Links Check out the NCC Group report on smart cities, right here: http://www.mynewsdesk.com/nccgroup/documents/ncc-group-a-blueprint-for-secure-smart-cities-whitepaper-95577  Guest Bio Matt Lewis is Research Director for the UK with NCC Group (https://www.nccgroup.trust/us/) – a security consultancy that has over 35 global offices, 2,000 employees and 15,000 clients. He’s worked in Cyber Security for over 18 years since his Computer Science academic studies, which focused on formal methods for system specification and design. Since then Matt has worked in various roles across Defence, Intelligence, Commercial and Big 4. He specializes in security consultancy, scenario-based penetration testing, vulnerability research and development of security testing tools and methodologies. His consultancy, testing and research experience spans multiple technologies across all sectors and many FTSE 100 and Forbes 2000 companies. He has vast experience in facilitating security assurance within the Government sector. Matt is a public speaker with global recognition of his knowledge and expertise in biometric security. He regularly presents at international conferences and seminars on all manner of cybersecurity-related topics.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast