Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and trends...and he spends some time discussing that with us.   Highlights from this week's show include... We collectively quickly make fun of the SIEM (yesterday, today, and next decade) Sean talks through the "feature companies" that are hitting the market in a recent couple of years Raf brings up the idea that we really don't understand the impact of the technology we create for 10+ years - what does that mean for security? Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues. Highlights from this week's show include... Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business' We make light of the fact that it's a million degrees below zero up north Guest Jenn R. Black ( @JennRBlack ) - With over 18 years of experience within IT and cybersecurity managed services, Jenn helps companies manage their cybersecurity threats, vulnerabilities, and risks to meet regulatory and business needs, while driving process efficiency. As a consultant in a cybersecurity practice, she works closely with clients to define their cyber strategy, create roadmaps and solutions to meet the company’s security objectives.  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp on real-world risk discussions, Jon and Raf have a pretty enlightening chat you will benefit from. Highlights from this week's show include... Jon discusses the concept of a "counterfactual" Jon discusses feedback loops in how incidents are handled Jon and Raf talk through how security professionals discuss 'risk' and what we can do to better the conversation   Guest: Jon Hawes - https://www.linkedin.com/in/jonhawes/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way you think it does.   Highlights from this week's show include... James & Raf talk about how hackers used a "wax hand" to fool a vein auth system Link: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug Fingerprint authentication to start your car?! We take this discussion to task Link: https://www.forbes.com/sites/jeanbaptiste/2018/12/27/hyundai-motor-lets-drivers-use-fingerprints-to-unlock-and-start-new-car/ James & Raf deconstruct the argument for and against biometric security We ask "Does it matter that biometric auth is hackable?" Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, on the DtSR Podcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO of ClearedJobs.net and CyberJobs.com - and she recently ran a volunteerism survey (link: https://cybersecjobs.com/cyber-security-community-volunteering-report) you should probably check out too. Highlights of this week's show include... Kathleen discusses some of the highlights of the survey We discuss some of the things volunteers learn, and why this is critical to our community Several jokes are made We discuss the value of volunteering and its impact on your career and much, much more   Guest Kathleen Smith - @YesItsKathleen - CMO, ClearedJobs.Net/CyberSecJobs.Com, both veteran-owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates, and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cybersecurity world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV’s 2-day career track. Kathleen is well respected within the recruiting community, is the co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we do about it? Highlights from this week's show include... Richard addresses the question of whether we've addressed a fundamentally fatalistic attitude towards security The guys discuss whether the real perimeter, as we go into 2019 Richard schools the guys on identity - and what it's not the perimeter, but something else Guest Richard Bird - Chief Customer Information Officer at Ping Identity - Link: https://www.linkedin.com/in/rbird/ (Yes, Richard is the guy with the smashingly handsome bowties!) Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a sense of what their thoughts are on where good security leaders come from, and the hallmarks of that experience. Highlights from this week's show include... the curious case of the cyber head who doesn't computer Yaron and Setu give us their thoughts on developing security leaders Yaron shares some of his experience building a security program, across industries Yaron and Setu give us a few pieces of insight for current and future security leaders Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and is willing to share. Listen in Highlights from this week's show include... Bob gives a quick history of how he "hacked into hacking" A discussion of breaking into security Bob & Raf discuss security in the mid-market, and how it's fundamentally different than other market segments Bob discusses hiring, talent acquisition and "working from home" in today's job market Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!In another episode LIVE'ish from AWS re:Invent 2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show floor. Highlights from this week's show include... Raf asks Dustin the obvious question - what's a CISO doing at a cloud expo? Dustin discusses some of the cloud transformation challenges for security teams Dustin unveils the three things he is currently concerned most about for security, in the cloud Dustin imparts a final piece of wisdom you won't want to miss...   Rafal's Guest: Dustin Wilcox - Vice President and Chief Information Security Officer at Anthem, Inc. - https://www.linkedin.com/in/dustin-wilcox-4896614/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short conversation is quite interesting...Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast