Down the Security Rabbithole Podcast (DtSR)

This week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a fascinating conversation that winds through the fringes and often unexplored corners of enterprise security. Check it out, and special thanks to Julie for taking the time out of her busy schedule.   Highlights from this week's show include... A brief glimpse into the impact of enterprise security on global fraud Julie talks through identity, and how enterprise security can positively impact fraud Account takeovers - the thing we all fear but struggle to solve Balancing security and usability, convenience Guest Julie Conroy - ( https://www.linkedin.com/in/julie-conroy-6997/ ): Julie is an experienced product management executive with a proven track record of revenue growth and innovation. Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Thank you, listeners! Down the Security Rabbithole has reached milestone episode #300. In this episode, James and Rafal sit down with the nothing more than an open mic and talk through topics the podcast has previously covered, and others we still have yet to cover.   Join us. And a personal thank you to all of our guests over the past 300+ episodes... we are looking forward to much more great content to come!Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Special thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure!   Highlights from this week's show include... Chris and I talk about measuring 'risk' We discuss 'brittle systems' which apparently are still alive and kicking Risk analysis, cloud computing, and your business   Guest Chris Abramson ( @cabramson50 ) - Director, Information Security Delivery & Engineering; Team oriented Enterprise Information Security Management professional seeking to improve the security of organizations through education and practice. Qualifications include a bachelors degree in computer science; CISM, CISA, CEH and ECSA certification. Understanding of Industry, State and Federal regulatory standards. Ten years of experience in the creation and deployment of Information Security solutions for protecting the networks, systems and data assets of a fortune 50 company. Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Two more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe).   Highlights from this week's show include... Applications of DoD security in a non-DoD world The meaning and elements of the risk equation Understanding (making sense of) the risk equation Swimming in the swamp of marketing literature AppSec as an area of expertise (again, and again, and again)   Go see Jeff at Circle City Con if you're attending. He's giving a talk ( https://circlecitycon.com/talks/rethinking_cyber_security_given_the_spectre_of_a_meltdown_someone_hold_my_beer/ ) titled "(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)"Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Before you listen to this podcast ... go grab this report: https://www.kennasecurity.com/prioritization-to-prediction-report/ from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this show.   Highlights from this week's show include... A high-level walkthrough of the model that authors developed, and the many interesting insights Why what you're doing now is probably as good as random chance A deeper discussion on cause and effect of patches, and trying to do everything So much more! While you're listening to the show, hit us up on Twitter using the hashtag #DtSR or tweet to @DtSR_Podcast!   Guests Jay Jacobs ( @JayJacobs ) Wade Baker ( @WadeBaker ) Michael Roytman ( @MRoytman ) Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in bullsh*t we convince ourselves of - this podcast is a riveting (although slightly longer) episode of free-flowing discussion.   Highlights from this week's show include... We discuss #eFail - and the circus maximus of ridiculousness that it currently is Adrian gives us some views on believing our own nonsense We attempt to discuss how we got to this point Much more! Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud computing, DevOps, and some silly things security folks are doing to undermine themselves in the brave new world. Highlights from this week's show include... A brief discussion on moose and Canada Why none of us believe "DevSecOps" is a thing Deploying security into modern code development practices Much, much, much more   Guest Mark Nunnikhoven ( @MarkNCA ) - Vice President, Cloud Research at Trend Micro. Mark has way too many credentials and accolades to list here, go read his LinkedIn page, or check out "Mornings with Mark" on his Twitter feed daily. [Mark on LinkedIn] Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at https://microsoft.com/rsa and if you really want to check out something amazing where IoT and cloud collide, check out https://microsoft.com/azure-sphere. On this second special episode of the podcast live from RSA 2018, Raf sits down at RSA Conference 2018 with a gentleman you may not know but you should, Avi Ben-Menahem. We discuss what it's like in terms of effort, scope, and sheer talent, to take on the monumental task of securing the Azure public cloud platform. Avi shares his insights, and drops us some interesting tidbits on the day in the life of someone working at truly hyper scale. Again, special thanks to Jessica and the Microsoft team for some truly unprecedented access.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at https://microsoft.com/rsa and if you really want to check out something amazing where IoT and cloud collide, check out https://microsoft.com/azure-sphere. On this very special episode of the podcast, Raf sits down at RSA Conference 2018 with the one and only Diana Kelley to talk data integrity, crisis communication, and fear-based selling in security. Again, special thanks to Jessica and the Microsoft.   Guest Diana Kelley ( @DianaKelley14 ) - Diana is the Cybersecurity Field CTO for Microsoft, a cybersecurity thought leader, practitioner, executive advisor, architect, speaker, author and co-founder of SecurityCurve. More here: https://www.linkedin.com/in/dianakelleysecuritycurve/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide some much-needed commentary on the industry, conferences, and survival. Highlights from this week's show include... A quick overview of RSA Conference Getting value, learning something, or whatever else Buzzwords, and navigating marketing speak Attendee personas: buyer, attendee, vendor - there is a huge difference in how you experience a conference from these angles Feature, product, or startup (sometimes they're the same thing!) Tips, tricks and ideas for having a successful experience Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast