Down the Security Rabbithole Podcast (DtSR)

Prologue: Hey friends, it's Tuesday so time for another dazzling edition of the podcast. This week we welcome Brandon Dunlap - hair model, professional snarkist - back to the show. This is Brandon's fourth trip around the merry-go-round, so I think he holds the record now. Someone may want to fact-check that... Brandon talks about transitioning between roles, managing big orgs, very remotely, and of course "Would you ever go back to a CISO role?" Join us, and you may be able to help solve a mystery. Guest Brandon Dunlap LinkedIn: https://www.linkedin.com/in/bsdunlap/ Twitter: @bsdunlap (Hey, someone remind him that picture is like ... 10 years old!) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue: This week, on episode 408 Shawn Tuma joins us again to talk about the legal side of cyber security. Shawn's one of the premier legal forces on breach law and litigation - you can fact check that - and it's great to have him on the show again. We talk through what's going on in laws, litigation, and whatever else is on his mind. Guest Shawn Tuma: Twitter: @ShawnETuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue: This week, a legend of the InfoSec (or Cyber Security, for some of you) space joins me on the show. Marc Rogers has been the guy heading up Defcon security, and at the helm of the security function for some ... "highly visible" companies doing great amounts of good. Now, he's doing tremendous amounts of good during the global Covid-19 pandemic by providing cyber security services to besieged healthcare firms via the CTI League (check out their open letter here, as it may apply to you.) Guest Marc Rogers Twitter: @MarcWRogers LinkedIn: https://www.linkedin.com/in/marcrogers/ CTI League: https://cti-league.com/    Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue Cybersecurity is one of those industries where the one of the market segments that is the most desperate for support is also one of the segments that is the least supported. The Small and Medium Business (SMB) segment is largely ignored by most security vendors and service providers alike - and yet they need the most help. Kiersten has put in the work to build tools and resources (all free, by the way) for this dramatically underserved market segment. In our episode, we talk about challenges, resources, and opportunities before us. Join us!   Guest Kiersten Todt LinkedIn: https://www.linkedin.com/in/kiersten-e-todt-73b81359/ Cyber Readiness Institute: https://www.cyberreadinessinstitute.org/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue: This week, Rafal welcomes Wayne Reynolds, a veteran of not only our industry, but of the US Marine Corps - where he's been a leader in multiple scenarios. We talk about what makes good leaders, good and bad styles, and the things you need to know if you either WANT to be a leader, or you are looking to find someone who you want to work for. Huge thanks to Wayne for taking time out of his crazy schedule early in the morning to talk with us. Guest Wayne Reynolds LinkedIn: https://www.linkedin.com/in/wayne-reynolds-80593318/ Raf's note: It's been an honor and privilege to work alongside Wayne in a past life - he's a solid human, and a fantastic leader.  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue: This week, on the "Episode Not Found", Rafal and James host Robert Lee from Dragos. It's a conversation about Operational Technologies that includes a deep dive into the business and management side of Industrial Controls and the Energy Sector. Robert gives us a frank, no-spin walkthrough in the good and bad of the space and talks about some of the misunderstandings many of us have. A great episode if you're interested in the non-traditional cybersecurity sector. Guest Robert Lee Twitter: https://twitter.com/RobertMLee LinkedIn: https://www.linkedin.com/in/robmichaellee/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue: This week on the podcast, episode 403 features two good friends of mine Joey Peloquin and John "JP" Pirc. John and I talked about the awful state of the MSSP back in episode 395 (LINK) and I was challenged to do more than just talk about the sorry state of security delivered as a service. So, I called up some friends, and we talked it though. I'm curious - do you agree with us? Let us know on LinkedIn by going to our LinkedIn page, or on twitter using the hashtag #DtSR. Guests Joey Peloquin LinkedIn: https://www.linkedin.com/in/joeypeloquin/ Twitter: https://twitter.com/jdpeloquin John "JP" Pirc LinkedIn: https://www.linkedin.com/in/johnpirc/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue: First, I need to apologize for the quality of my (Rafal) audio. For a reason I don't understand, the Skype central record feature absolutely butchered it - could have been something on my end, I simply don't know. It should be listenable, albeit annoying. Second, huge thanks to Carlos for taking the time out of his busy morning from being a dad and his day job to talk to us. He's got a lot of really interesting and important things to share about his adventures in our industry and community - you should probably listen closely. Lastly - I have t-shirts to give away. If you want one, follow & re-tweet the @DtSR_Podcast handle and we'll pick a few of you (probably at random) to send shirts to. Guest Carlos Perez LikedIn: https://www.linkedin.com/in/carlos-perez-a146b917/ Twitter: https://twitter.com/carlos_perez/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Episode 401 Epilogue: This week, I got to sit down virtually with a long-time friend, and one of the most intelligent and quiet people you'll ever meet in InfoSec. My pal Carl Vincent (some of you may know him by other names) and I chat the transition from Red Team to Blue Team, tools, the state of the industry over the last few years, and just general conversation. The world around us has changed, and it's important to have real conversations with people who shaped the industry in ways you probably didn't know or realize. Guest: Carl Vincent LinkedIn: https://www.linkedin.com/in/mcarlvincent/ Twitter: https://twitter.com/vyrus001 Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Friends and Colleagues! We've made it. Milestone episode 400 of the podcast is here. And for the 400th episode I have none other than Mr. Tom Nichols. He's truly a qualified expert on a topic that needs some serious attention in today's world - expertise. In fact, he's written a book about it. Please enjoy this episode, share it, and I want to thank Tom for taking the time out of his crazy schedule to laugh, educate, and drop a little bit of snark into our day. Guest: Tom Nichols LinkedIn: https://www.linkedin.com/in/tom-nichols-94a7a23/ Twitter: @RadioFreeTom Go get and read his book: https://smile.amazon.com/Death-Expertise-Campaign-Established-Knowledge/dp/0190865970/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast