Down the Security Rabbithole Podcast (DtSR)

TL;DR: This week's podcast features the wisdom and wit of Merlin Namuth - currently serving as the CISO for the city & county of Denver. Merlin provides insights into how he views the first 90 days of a CISO's role with a new organization, frameworks and processes he goes through to get his bearings and start a successful residency.YouTube Video: https://youtube.com/live/8y7bsKlBBXE?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

In this engaging discussion featuring Chase Cunningham, a retired Navy chief and cryptologist with a wealth of experience from the NSA, he dismantles outdated security dogmas. Topics include the pressing need for basic security practices amidst complex tech environments and how organizations can effectively implement a zero trust model. Cunningham emphasizes the importance of asset visibility and a red team approach to combat cybersecurity challenges. His insights reveal the necessity of strong leadership and clarity in navigating today's security landscape.

In this discussion, Kevin Fielder, the Chief Security Officer for NatWest Box and Mettle, shares his expertise in cybersecurity and cloud-native technologies. He highlights the importance of integrating security practices with business goals, advocating for automation in development. The conversation navigates the challenges of vendor relationships and the significance of strategic partnerships in enhancing security. Reflecting on past experiences, Fielder underscores the need for effective communication across teams to bridge gaps and align security measures with organizational objectives.

TL;DR: This week is a real treat! Eva Georgieva - a seasoned cybersecurity automation engineer - joins me, James, and Jim to talk about automation in cyber. We talk about challenges, what to automate first, good versus bad automation, and even get a little practical.YouTube: https://youtube.com/live/lA20Mgl3AxEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's episode features a long-time-coming discussion with Richard Bird discussing his book "Famous with 12 people", and the "influencer culture" in cybersecurity. It's an interesting discussion on how our industry works, and who makes it really turn.YouTube: https://youtube.com/live/hk42GbjzDZQ?feature=shareHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Matt Shufeldt, a seasoned cybersecurity expert, dives into the crucial topic of specialization in the field. He discusses the pitfalls of over-specialization and its impact on career trajectories. The conversation highlights the value of flexibility, contrasting super generalists with specialists, and emphasizes the need for adaptable skillsets in a rapidly evolving industry. Shufeldt also touches on the importance of bringing a long-term perspective to security leadership and fostering technological capabilities with an agile mindset.

TL;DR: On this episode Amanda Berlin, Senior Product manager at Blumira, joins Jim and Rafal to talk about her career, the second edition of her book, and building products for SMBs that "don't suck". The unfortunate fact is that there aren't a lot of products designed for the unique challenges of companies that can't afford an army of security analysts, or consultants.YouTube Video: https://youtube.com/live/rvXqjBU5M4kHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Kayla Williams, CISO of Devo, joins Rafal & James on this episode to talk about her career path, the importance of the "financial perspective" and the need for well-rounded security leaders who understand business first and foremost. A wonderful episode for leaders and those who want to be.YouTube Video: https://youtube.com/live/axl8V-ayMjUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Oh boy. Welcome to 2025, and the first podcast of the year is off to a flyer. Robert "RSnake" Hansen & Patrick Dennis join Jim and I to talk about "trust" - and we touch on everything from AI to politics and everything in between.What state is trust in, and why is it really bad? And ... now what?!Required background reading:Patrick's original post: https://www.extrahop.com/blog/how-brittle-is-trust-in-an-era-of-continuous-compromiseMy hot-take on current state of trust: https://blogwh1t3rabbit.medium.com/burned-out-ontrust-e4d32e40b3d0YouTube Video: https://youtube.com/live/zzXKZU4-BGQHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this lengthy and very informal episode of the podcast, James, Jim and I close out the year with James Robinson (CISO of Netskope) and Rock Lambros (Founder of Rock Cyber, and Author) as we discuss a wide range of topics you're going to have to listen in to get the details of. Wrap up 2024 by joining us for the EOY episode, and spread the new year cheer.YouTube Video: https://youtube.com/live/kT3FmXKsz5EHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast