Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!This week, James and Raf cover the tail-end of Cyber Security Awareness Month. It's been an interesting week of news and of course let's talk about awareness. Have you completed your mandatory training? -- This weeks' talking points Namaste Health Care security incident, announcement Pay attention to how this article is worded, we've covered this before with Sean and Michael too When you don't know, you have to report the worst-case Focuses spotlight on knowing what's in your environment, and having a plan for not only technical IR but communications How would your organization report? Are you ready to be better? http://www.abc17news.com/news/namaste-health-care-reports-data-breach-unsure-if-the-attacker-had-access-to-files/642247970 DHS Imposes DMARC on Federal Agencies Any time we can add to the security measures over email, bonus We already know email is the #1 way bad things get disseminated This is not set-and-forget, you need to make sure it's working! https://www.bankinfosecurity.com/dhs-imposes-email-security-measures-on-federal-agencies-a-10386 Cyber Security Awareness Training Are we over it yet? Raf says he's always late, and it's always the same thing... does it work? What are some better alternatives? (there have to be better) Does your job offer/mandate awareness training? Does it WORK?! How would you even know?? Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week we're getting the band back together! Michael Santarcangelo joins us for a segment we'll be featuring regularly (look for is every 6 weeks or so) on the leadership perspective. Security could use some leadership, and we will be enlisting Michael to talk about current events and lessons for leadership. Tune in, and you may just end up with something you can use in your day job.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week's Down the Security Rabbithole Podcast asks - "Are you paranoid enough about your privacy? or do you simply not have any?" with a couple of gentlemen who would know. Join James and Raf as we go down the rabbit hole one more time, this time talking about the breadcrumbs, fingerprints, and digital privacy violations you voluntarily give up in your everyday life. It's a little scary, but the trade-off we make for the sake of convenience is very real. Grab your tinfoil hat and your burner phone and enjoy!Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, Harlan Carvey joins James and I to talk about the evolution of Windows forensics over the last decade and half or so. Harlan has more experience than most when it comes to diving into the Windows machine from a forensics perspective and is a well-spoken author of many books and blogs.   Guest Harlan Carvey ( @keydet89 ) - Digital forensics and incident response analyst with past experience in vulnerability assessments and penetration testing. Conducts research into identifying and parsing various digital artifacts from Windows systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. Developer of RegRipper, one of the most widely used tools for Windows Registry analysis. Has developed and teaches several courses, including Windows Forensics, Registry, and Timeline Analysis. Harlan's Blog: http://windowsir.blogspot.com  Harlan on LinkedIn: https://www.linkedin.com/in/harlan-carvey-86a8694b/  Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our legal-eagle Shawn Tuma! We're continuing our policy of not piling on to data breach hysteria, but will be covering some of the legal ramifications of recent disclosures, a possible national data breach law and a few other things that will make this show a must-listen. Shawn's unique perspective and true expert insights give you talking points and a download of facts that you wouldn't get listening to the talking heads and mainstream media. Enjoy, share with your colleagues, subscribe via RSS, and don't forget to talk back to us on Twitter using the hashtag #DtSR.   Thanks for listening!Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This episode, in conjunction with the Security Advisor Alliance ( https://www.securityadvisoralliance.org/ ) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the things security leaders need to know as Travis and Stephen get right to the heart of matters. Required pre-listening... Check out the first episode (way back in the archives) on DtSR Episode 34 - The Inside Scoop on Cyber Liability Insurance ( http://podcast.wh1t3rabbit.net/episode-34-the-inside-scoop-on-cyber-liability-insurance ) with Christine Marciano ( @DataPrivacyRisk ). Then, go grab episode 172, our 2nd foray into this topic titled "The Truth on Cyber Insurance" ( http://podcast.wh1t3rabbit.net/dtsr-episode-172-the-truth-on-cyber-insurance ) with Eran Kahana and L. Keith Burkhardt and dive a little deeper.   As always, thoughts and comments are more than welcome and discussion using the hashtag #DtSR is encouraged!Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Welcome to another Down the Security Rabbithole episode folks! This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and the shenanigans that surround it. We talk through what ML is, some use-cases and further dispell some common myths. We even have a little fun, who knew.   Guests: Alex Pinto ( @Alexcpsec ) Sven Krasser, Ph.D ( @SvenKrasser ) Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On this episode we cover: What we mean by at scale in regards to Office 365 Some pros and cons of the Office 365 platform as it pertains to security and safety Eary warning, early detection, and how easy it is to really break things There's so much more too! We even skipped talking about current events to give this show maximum run-time. Sit back, grab something to take notes with, and listen up. The lesson begins now.   Guest Rudra "Rudy" Mitra - ( @rudramitra ) Rudra is the Director of Information Protection for the Office 365 platform. He works on extremely large-scale projects to ensure the safety and security of client data and the platform itself. LinkedIn profile is here: https://www.linkedin.com/in/rudramitra/ Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". Communicating 'risk' is a nuanced, subtle and often time-based endeavor so we feel like everyone should have at least some background in it. Sit back, relax, and again...start taking notes furiously.   Guest Claire Tille ( @ClaireTills ) - Communication researcher trying to get into information security. I write about applying comm theory to infosec and case studies in my blog (http://cliretills.com). Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we believe security goes awry when it comes to 'big, scary numbers'. Listen in...   -- Top News Maersk says it's going to lose between $200M and $300M from notPetya Depending on which headline you read this is either a catastrophe - or not that big of a deal Seems to be about perspective in their overall guidance to investors, in light of industry trends https://www.cnbc.com/2017/08/16/maersk-says-notpetya-cyberattack-could-cost-300-million.html https://theloadstar.co.uk/maersk-shrugs-off-300m-cost-cyber-attack-freight-rates-soar/ Bottom line, perspective matters Uber is in trouble. Again. FTC has Uber in hot water over less-than strict security of drivers' information Lack of security, privacy and finally a chief security exec Speaks to a broader issue with how start-ups treat security in the overall scheme of "making it" https://www.forbes.com/sites/thomasbrewster/2017/08/15/uber-settles-ftc-complaint-over-secuirty-and-privacy/#5dc3d58b88da Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast