Down the Security Rabbithole Podcast (DtSR)

This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way you think it does.   Highlights from this week's show include... James & Raf talk about how hackers used a "wax hand" to fool a vein auth system Link: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug Fingerprint authentication to start your car?! We take this discussion to task Link: https://www.forbes.com/sites/jeanbaptiste/2018/12/27/hyundai-motor-lets-drivers-use-fingerprints-to-unlock-and-start-new-car/ James & Raf deconstruct the argument for and against biometric security We ask "Does it matter that biometric auth is hackable?" Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week, on the DtSR Podcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO of ClearedJobs.net and CyberJobs.com - and she recently ran a volunteerism survey (link: https://cybersecjobs.com/cyber-security-community-volunteering-report) you should probably check out too. Highlights of this week's show include... Kathleen discusses some of the highlights of the survey We discuss some of the things volunteers learn, and why this is critical to our community Several jokes are made We discuss the value of volunteering and its impact on your career and much, much more   Guest Kathleen Smith - @YesItsKathleen - CMO, ClearedJobs.Net/CyberSecJobs.Com, both veteran-owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates, and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cybersecurity world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV’s 2-day career track. Kathleen is well respected within the recruiting community, is the co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we do about it? Highlights from this week's show include... Richard addresses the question of whether we've addressed a fundamentally fatalistic attitude towards security The guys discuss whether the real perimeter, as we go into 2019 Richard schools the guys on identity - and what it's not the perimeter, but something else Guest Richard Bird - Chief Customer Information Officer at Ping Identity - Link: https://www.linkedin.com/in/rbird/ (Yes, Richard is the guy with the smashingly handsome bowties!) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a sense of what their thoughts are on where good security leaders come from, and the hallmarks of that experience. Highlights from this week's show include... the curious case of the cyber head who doesn't computer Yaron and Setu give us their thoughts on developing security leaders Yaron shares some of his experience building a security program, across industries Yaron and Setu give us a few pieces of insight for current and future security leaders Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and is willing to share. Listen in Highlights from this week's show include... Bob gives a quick history of how he "hacked into hacking" A discussion of breaking into security Bob & Raf discuss security in the mid-market, and how it's fundamentally different than other market segments Bob discusses hiring, talent acquisition and "working from home" in today's job market Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

In another episode LIVE'ish from AWS re:Invent 2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show floor. Highlights from this week's show include... Raf asks Dustin the obvious question - what's a CISO doing at a cloud expo? Dustin discusses some of the cloud transformation challenges for security teams Dustin unveils the three things he is currently concerned most about for security, in the cloud Dustin imparts a final piece of wisdom you won't want to miss...   Rafal's Guest: Dustin Wilcox - Vice President and Chief Information Security Officer at Anthem, Inc. - https://www.linkedin.com/in/dustin-wilcox-4896614/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short conversation is quite interesting...Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at www.armor.com!   This week's show is a multi-part release from AWS re:Invent 2018. We sit down with two of Armor's solutions consultants to discuss trends, insights from day 0, and discuss anticipated moves and market shifts. Expect this to be an insightful episode where we dive into cloud security from a development and security perspective.  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national enterprise.   Highlights from this week's show include... Richard talks to us about his background We discuss the unique challenges of a multinational enterprise Richard gives us some wisdom on how to approach "the business" Richard provides some advice for keeping prioritization and sanity Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly. Highlights from this week's show include... A base platform for the discussion on ethics Moral relativism, applied to cyber Law vs ethics Cultural ethics and relativism "Hacking back" - yes we went there Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast