Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!Welcome down the security rabbithole friends! This week, Andy Kalat takes a few minutes off from recovering to chat and comment on the state of security, and what's different since we first met back in... 2003? Fun episode... It's been a while, Andy! Highlights from this week's show include... Andy and Rafal try and figure out when they first met...in real life Andy points out the problem vendors suffer from "problem-scope-limiting" (this is an interesting one...) Are things getting better? The guys discuss...snark ensues Rafal asks Andy to predict what will change in the next ~5yrs   Guest Andrew Kalat ( @LERG ) - Andy is an IT Security Executive, Co-Host of the Defensive Security Podcast, Speaker, Writer...according to his LinkedIn profile, here. Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!My dear listeners - we have John Steven back on this episode! If you don't remember his first appearance, it's OK, it was a little while ago back on episode 42 ... http://podcast.wh1t3rabbit.net/dt-r-episode-42-threat-modeling so it's been a while! Highlights from this week's show include... John gives us a run-down on the new things since the last episode James & John talk OWASP Top 10 The guys try to understand what happened to Threat Modeling, and security overall, over the last decade So much more, you'll have to listen Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Fans & Listeners! This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter. Highlights from this week's show include... What is Microsoft releasing to help guide secure Azure deployment? Mark and Jeff debate "What exactly is the value of "best practices"?" So much more packed into this extended episode! Links to things you need: Azure security guidance & best practices: https://aka.ms/AzureSecurityArchitecture Microsoft cybersecurity reference strategies: https://aka.ms/CISOWorkshop Things Mark thinks you should have handy: https://aka.ms/MarksList   Guests: Mark Simos ( @MarkSimos ) - Lead Architect, Cybersecurity Solutions Group, Microsoft Jeff Collins - Chief Strategy Officer, Lightstream Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Yes, DtSR took a week off ... we were due. This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our profession, and other important stuff. Sit back, take notes, and enjoy. Highlights from this week's show include... Ira gives a run-through on his career and what's gotten him "here" Ira and Rafal discuss "breaking into security" and how it's being sold now, versus what reality should be Ira gives us his take on training, certifications, career paths and the like Yeah, so much more... Guest Ira Winkler ( @IraWinkler ) - This guy: https://www.linkedin.com/in/irawinkler/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud providers, and a little insight into the evolution of the industry ... or not... Highlights from this week's show include... What are we expecting from AWS RE:INFORCE this inaugural year? Mark gives us his take on the security in the three major public cloud providers Rafal and Mark reminisce about how things were...and where they are in terms of cloud, and security Mark and Rafal laugh about the opportunity security teams have right now...or may be missing Guest: Mark Nunnikhoven ( @marknca ) - Mark's awesome. He's also the Vice President of Cloud Research at Trend Micro. Other stuff he does here: https://www.linkedin.com/in/marknca/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Thank you to Microsoft for sponsoring this show, and our podcast over the years...   Highlights from this week's show include... Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today Rob gives us some context to "trillions of signals" - what does that mean? Rob provides perspective on the pillars of operational excellence required to make Microsoft's vision a reality in damn-near-real-time Rafal and Rob discuss what the ecosystem looks like, and how it's being released into production Rob answers whether Microsoft consumes its own tools… the answer may surprise you Guest: Rob Lefferts - @rob_lefferts - Microsoft Responsibilities/Contributions – As corporate vice president for M365 Security within Experiences and Devices, Rob Lefferts is responsible for ensuring that Microsoft 365 provides a comprehensive and cohesive security experience for our all of our customers. Prior to this role, he led the Windows Enterprise & Security team, where he was responsible for hardening the Windows platform, building intelligent security agents, and driving commercial adoption of Windows 10. Since joining Microsoft in 1997, Lefferts has been instrumental in shaping key products and technologies, from helping develop the original SharePoint Portal Server to leading extensibility efforts for the Office platform to championing the vision for Microsoft 365.  Pre-Microsoft Work Experience – Rob began his career at Claritech, a startup that was born from a Carnegie Mellon research project. He then consulted with the Government of Namibia, Africa. Education – He earned a bachelor’s degree in logic and computation, as well as a master’s degree in computation linguistics, from Carnegie Mellon University. Family/Other Interests – Rob and his wife have two children and live in the Seattle area. Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Show Note: As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra marketing dollars to give, to sponsor an episode while still going through the same vetting process as everyone else. This is one of those shows. This week James and Rafal are joined by Saumitra Das, the Chief Technology Officer for an interesting little start-up called Blue Hexagon. If you find yourself nodding along and interested in hearing more, we encourage you to go check out their website and let them know you hear of them on this show. Highlights from this week's show include... Saumitra shares his insights on AI, machine learning, and the limitations and mis-uses of them We discuss the challenges of finding 'malice' at extremely high volumes, at extremely high rates of speed, and in extremely diverse environments Saumitra previews the methods Blue Hexagon use to approach this problem and potentially start to draw a viable approach Guest Saumitra Das - CTO at Blue Hexagon - https://www.linkedin.com/in/saumitramdas/ Fun fact, Saumitra has over 330 granted patents...how many you got? Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report. Highlights from this week's show include... We all talk patching... why it's hard, what we can do about it, and realities of patching Gabe does more live data analysis We get an insight into how long and how hard this report is to produce Guest Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here: https://www.linkedin.com/in/gabriel-bassett/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report. Highlights from this week's show include... Gabe distinguishes between an incident and a breach - for those of you who need the refresher Gabe dives into the stats to talk about small businesses, and the impact of breaches on them Gabs does some live data science for us, pulling in stats on-the-fly We avoid the 'patching' discussion (that's for the 2nd half) Guest Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here: https://www.linkedin.com/in/gabriel-bassett/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, Tommy McDowell who is the Vice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafal in person, in Dallas. Highlights from this week's show include... Tommy gives us a background on himself, and the RH-ISAC (and it's mission statement, and such) Tommy & Rafal discuss the difficulty in setting up an information sharing center Tommy gives us insights into why retail and hospitality need their own unique threat sharing network   Guest: Tommy McDowell - https://www.linkedin.com/in/tommy-mcdowell-97184116/ - It's easier to just let you go look at Tommy's page on LinkedIn. He's got a storied, and very interesting, career that we could not possibly do justice to here. Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast