Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!Happy New Year, 2018. Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that was office-friendly, informative, and focused on advancing our trade. Over the years I've gotten some encouraging comments from people ranging from those trying to get into our industry, to those who are leading large organizations' security practices. I'm encouraged by you all, and thank you for supporting us. Now, let's get on with 2018. On this first episode of 2018, James and I welcome Ben Kepes who is a long-time friend of mine and and industry analyst. Ben isn't your typical analyst though, because he has a healthy dose of skepticism, an eye for bullsh**, and he's trusted by vendor and buyer alike. Oh, also, he's a Kiwi so he's got that going for him too. Sit back, enjoy, and leave us a comment if you are so moved.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety systems in industrial controls (ICS). Why: You've probably read about it, and depending on what you read you may only have the hype or half the story. Who: As always, Sergio Caltagirone from Dragos is the master at telling a great story, from just the facts. He's part of the team that did the analysis, wrote the narrative, and then ended up on countless phone calls explaining it to executives and national security types. He knows his craft. Links: Dragos blog about the topic: https://dragos.com/blog/trisis/ Fireeye's version: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html We invited him on this special episode to give you the inside story, to separate some of the hyperbole from reality - so listen up.  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "What will get us there". If you've not had a chance to listen to that show, you absolutely should do that first. Haroon shares his perspective including... "The cloud has won" Fundamentals are still hard, we're still largely failing at them Hackers make the best engineers when you give them a problem to solve Where do we go from here, into 2018, is there hope? Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed. Patrick and I discuss resiliency (over actual security) in the grid, and focus on transmission, generation, and "getting it all working again" from a life safety perspective. It's a fascinating discussion, don't miss it!   ** Apologies for some of the audio quality, we had "choppy" issues on Skype and I edited the best I could.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Join James and Rafal, one last time, live from Enfuse Conference (Las Vegas, NV) this past summer. In this episode, we track down a personal friend of Raf's - Bob Kruse, Demisto, VP Sales & Alliances, and talk about the need for the enterprise to automate and orchestrate. Oh, also, Bob pretty much said by 1 year from the recording of that episode he would get an "Automate or Die" tattoo. So just to be on the safe side, we'll give him until next year, about this time. Game on, Bob.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, Grant and Mark join me live and in person in Las Vegas at the Amazon AWS re:Invent conference to talk about the security marketplace, innovation, "the bubble" and more. Here's the announcement we talked about at the opening of the show McAfee announces agreement to buy SkyHigh Networks: https://www.skyhighnetworks.com/mcafee-and-skyhigh/   Guests: Mark Arnold ( @lotusebhat ) Grant Sewell ( @GrantSewell ) Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week James and I are fortunate enough to have one of the best keynote speakers I've ever seen on the show. He's an amazing speaker, a brilliant magician and a sharp dresser - this guy is the real deal. Straight off the keynote stage at the Security Advisor Alliance (SAA) Summit in Denver ... ok maybe not straight off, Vinh Giang joins us to talk about how to influence people while you're up there giving a talk or speech. Grab something to take notes with - trust me, this one is chock full of brilliant nuggets.   Guest: Vinh Giang ( Twitter: @AskVinh and Facebook: https://www.facebook.com/askvinh/ ) is a brilliant self-made public speaker, magician, and all-around snappy dresser.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Ladies and gentlemen - we have our first 3-time guest! Brandon Dunlap, my good friend and industry titan, joins the podcast for his third trip down the rabbit hole. In this episode Brandon Dunlap (@bsdunlap) and I talk through the challenges of security at scale, in person and live from Seattle. In the previous two episodes that Brandon has done on this show we've talked about the challenges of scaling information security teams, and this time we go deep into the strategies that work, where the lines are drawn and some lessons learned form a very successful career doing exactly this - infused at scale.   The previous two appearances of Brandon on this show are: Outsourced by Better - DtSR Episode 202 - Outsourced but Better Managing Security with Outsourced IT - DtSR Episode 158 - Managing Security with Outsourced IT We invite you to listen, take notes, and converse with us on #DtSR on Twitter, or on this post on LinkedIn.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, we have a repeat guess with Robert M. Lee joining our show to talk about the Industrial Internet of Things. Rob's just finished a conference his company, Dragos, Inc, just started to educate and help increase awareness and research for the Industrial Internet of Things. Whether you think you know what the IIOT is, or whether you can admit to yourself you need to be know more - this podcast will have it all. We also reference a podcast with Dr. Timothy Chou (link: DtSR Episode 250 - Deconstructing the Internet of Things ). If you haven't read his book, "Precision" (link: https://www.amazon.com/Precision-Principles-Practices-Solutions-Internet/dp/1329843568 ) it's the basis for a lot of this discussion.   Thanks to Rob again for being on the show!Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Welcome down the Security Rabbithole, friends and colleagues! This week, my guest is Larry Whiteside, Jr. (we know him as the best dressed man in InfoSec). Larry joins the podcast while James is out to discuss the life and times of a CISO. He has extensive experience as a CISO and security leader, working across multiple market verticals from energy to healthcare, in addition to being a former colleague advising CISOs. Larry dispenses his brand of knowledge with a little bit of an edge, a little dose of realism, and a lot of fun. If you've never had the pleasure of working with Larry - it's something I advise you do at some point in your career. He's even been referred to as the "CISO Whisperer" by people who know and have worked with him. All else failing, Larry can always give you fashion advice, and up your sock game. Game on!Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast