

Down the Security Rabbithole Podcast (DtSR)
Rafal (Wh1t3Rabbit) Los
This is Cybersecurity's premier podcast. Running strong since 2011 Rafal Los, James Jardine, and Jim Tiller bring a no-nonsense, non-commercial approach to our profession. DtSR brings interviews and discussion with people you want to meet, and stories you have to hear. So whether you're just starting out, or are decades deep into your career, you'll always learn something on this show.On Twitter/X: https://twitter.com/@DtSR_PodcastOn YouTube: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqOn LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Episodes
Mentioned books

Apr 2, 2019 • 38min
DtSR Episode 340 - Diana Kelley from RSA 2019
This week, Down the Security Rabbithole Podcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features Diana Kelley, of Microsoft, talking about the latest security report and other goodies. Highlights from this week's show include... Diana discusses the highlights from the latest Microsoft Security Intelligence Report Raf provides an opinion on how Microsoft could totally own the endpoint space Rafal & Diana dive back into passwords...apparently, we just can't get away from them Diana tells a really interesting story about Microsoft Windows Hello and twins Guest Diana Kelley - @DianaKelley14 - Microsoft Enterprise Cybersecurity Group Leadership team member. Represent Microsoft at global security conferences, author-industry analysis, white papers, and blogs on Microsoft security strategy and response to cyber threats. Contribute to the all up security messaging and provide insight into the strategic vision and direction for the company in close partnership with marketing, business groups, and engineering, as well as working closing with the security PR and AR teams. Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Mar 28, 2019 • 48min
DtSR Episode 339 - Insuring Against Acts of Cyber War
This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show. Highlights from this week's show include... This news story - https://www.infosecurity-magazine.com/news/zurich-refuses-to-pay-out-for/ George & Shawn discuss the language of cyber policies We discuss language, inclusions, exclusions, and such George brings up Information vs Cyber, security Other links related to this podcast: https://www.hstoday.us/subject-matter-areas/cybersecurity/perspective-economic-strength-and-cybersecurity-interplay-in-u-s-china-trade-policy/ https://www.hstoday.us/subject-matter-areas/cybersecurity/perspective-5g-and-the-scrutiny-of-huawei-could-herald-cybersecurity-shift/ https://www.bizcatalyst360.com/tearing-us-apart-at-ludicrous-speed/ https://www.bizcatalyst360.com/economic-leverage-a-smarter-user-two-things-to-improve-cybersecurity/ https://www.itspmagazine.com/from-the-newsroom/command-of-the-cyber-sea Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Mar 19, 2019 • 35min
DtSR Episode 338 - Failure of Risk Management
This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone... Highlights from this week's show include... Phil talks up "The failure of risk management" We discuss the realities of risk management Raf asks "How do we make more informed risk decisions?" Raf and Phil talk through thread models and why they're relevant ...and so much more Guest Phil Beyer - https://www.linkedin.com/in/pjbeyer/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Mar 12, 2019 • 40min
DtSR Episode 337 - Insights on Cyber Talent
This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her professional career. We discuss all kinds of interesting and relevant topics... Highlights from this week's show include... Deidre presents her new "human model" for hiring, staffing, and retaining excellent talent We discuss the difference between a good leader, and just a good manager and why those aren't the same We discuss the pay gap, why it's still a thing, and what's to be done about it Deidre discusses the challenges women face in cybersecurity, and what's changing Guest: Deidre Diamond: (@DeidreDiamond) - https://www.linkedin.com/in/deidrediamond/ in her own words: Combining my 21 years of experience working in technology and staffing, my love for the cybersecurity community, and a genuine enthusiasm for people; I created Cyber Security Network (http://www.cybersn.com), a company transforming the way Cyber Security Professionals approach job searches. CyberSN.com will remove the frustration from job-hunting, and aid in interpersonal connections and education. Throughout my career, I have built large-scale sales and operations teams that achieved high performances. Creating cultures based on an anything is possible attitude allows people to achieve above and beyond the usual. By establishing an open communication framework throughout an organization; I have created cultures of positive energy, career advancement, and kindness, that enables teams to reach beyond peak performance and have fun at work. Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Feb 26, 2019 • 41min
DtSR Episode 336 - Energy Sector Security Update Q1-2019
This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big picture" security issues. Highlights from this week's show include... Patrick gives us a "state of the union" update on what's going on in the power industry with security Raf asks "are we getting better... or worse?" Patrick discusses IoT, IIoT, and "everything has an IP address" Patrick tells a story about his recent encounter with a 386 & DOS 2.2 (if you know what this is, you're old) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Feb 19, 2019 • 32min
DtSR Episode 335 - Ranking the Adversaries
This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report that Crowdstrike is releasing. The Crowdstrike 2019 Global Threat Report is a must-read with some very interesting topics covered. Dmitri joins Rafal to talk specifically about the ranking of threat actors, and what it means to you. Highlights from this week's show include... Dmitri explains "breakout time" and why it's important Dmitri gives a walk-through of the methodology used to rank your global adversaries Dmitri & Rafal talk through who's on first, and what's up with China Rafal & Dmitri talk about what this report means to you sitting at your desk playing defender Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Feb 12, 2019 • 38min
DtSR Episode 334 - Compliance and Operational Process
This week, on the DtSR Podcast, Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty interesting story - you should listen. Highlights from this week's show include... Matt talks us through how he got into being an auditor Matt and Raf compare and contrast compliance and security (yes, really) An uncomfortable discussion on market consolidation ensues Matt gets put on the spot for leading and trailing indicators, provides some insights Guest: Matthew Herring - @MatthewDHerring - Found on LinkedIn here: https://www.linkedin.com/in/matthew-herring-cissp-63277038/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Feb 5, 2019 • 48min
DtSR Episode 333 - Security Evolution and Trends
This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and trends...and he spends some time discussing that with us. Highlights from this week's show include... We collectively quickly make fun of the SIEM (yesterday, today, and next decade) Sean talks through the "feature companies" that are hitting the market in a recent couple of years Raf brings up the idea that we really don't understand the impact of the technology we create for 10+ years - what does that mean for security? Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Jan 30, 2019 • 40min
DtSR Episode 332 - Security in Transformation
This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues. Highlights from this week's show include... Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business' We make light of the fact that it's a million degrees below zero up north Guest Jenn R. Black ( @JennRBlack ) - With over 18 years of experience within IT and cybersecurity managed services, Jenn helps companies manage their cybersecurity threats, vulnerabilities, and risks to meet regulatory and business needs, while driving process efficiency. As a consultant in a cybersecurity practice, she works closely with clients to define their cyber strategy, create roadmaps and solutions to meet the company’s security objectives. Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Jan 23, 2019 • 41min
DtSR Episode 331 - Incident Response and Counterfactuals
This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp on real-world risk discussions, Jon and Raf have a pretty enlightening chat you will benefit from. Highlights from this week's show include... Jon discusses the concept of a "counterfactual" Jon discusses feedback loops in how incidents are handled Jon and Raf talk through how security professionals discuss 'risk' and what we can do to better the conversation Guest: Jon Hawes - https://www.linkedin.com/in/jonhawes/ Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast