Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!SynopsisIt's rare that I get to be a spectator at a podcast, but in this case I was listening to some of the conversations and talks being given at Chicago's very own THOTCON 0x3, and decided it would be valueable to you to get some of the conversation movers on the microphone.  We started talking about the applicability of information security conferences to your "day job", got into a discussion on "hallway con" and then went down the rabbithole on some interesting tangential topics ... and of course the fresh rap from DualCore was awesome.  I hope you enjoy the episode ...GuestsGeorgia Weidman - Georgia is a independent consultant, penetration tester and mobile device hacker.Ken Swick - Ken is a security manager from the Financial Services vertical with many years experience in defending corporate networks, and bringing business value to information security programs.DualCore - DualCore ... what can I say - dropping raps like packets straight to your ears ... DualCore music is what you should hear.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SynopsisIn this short microcast we rap about the THOTCON 0x3 experience, why we think the Chicago community has taken off so much, and what sorts of interesting things make THOTCON, and the local hacker con here in Chicago, so attractive to people from around the world.  Yes, there is comedy involved...GuestsTodd - Audio genius, InfoSec luminary, pen tester ...better known to his Twitter fans as @PhoobarBen - Ben is a Chicago suburban staple, first time on the microphone, otherwise known on Twitter as @Ben0xASupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SynopsisThis episode I sit down with Dave Frederickon who has a unique viewpoint on cloud computing from a Canadian point of view, as well as a VP of the HP Canada business.  I pose some tough questions to Dave including "Is 'cloud' just marketing hype?" and other discussion topics and we have a good chat on the reality of cloud computing, who's adopting it and how it's changing and revolutionizing Information Technology at the pace of business.  This is another great podcast in the cloud series, and you should not miss it!GuestDave Frederickson - (Vice President & General Manager Enetrprise Servers, Storage & Networking Business at HP Canada) - Dave Frederickson is the VP of the ESSN group and is located in HP Canada's HQ in Mississauga, Ontario.  He is responsible for leading sales, pre-sales, channels, marketing and product management teams, achieving top and bottom line and market share objectives.  His role also includes responsibility for Enterprise marketing for HP and linking HP services and software.  He is a board member of Sharcnet and Schulich Corporate and Social Reponsibility.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SynopsisOn this episode of Down the Rabbithole I get the distinct pleasure of sitting down with one of Silicon Valley's top attorneys to talk Cloud Computing T's and C's ...and let me tell you this was a wild ride.  I learned a lot, including the fact that I know a famous legal court case about a tugboat captain and the use of radar ... and what all that CAPSLOCK PRINT ON SOFTWARE LICENSE AGREEMENTS means ...and so very much more.  Join me, and learn a little bit more about the legal aspects of cloud, before you find out the hard way.  This is a do not miss episode.GuestMark Radcliffe [DLA Piper] - Mark F. Radcliffe concentrates in strategic intellectual property advice, private financing, corporate partnering, software licensing, Internet licensing and copyright and trademark.Leading international legal publishers consistently rank Mr. Radcliffe among the top lawyers in his profession. The respected English publishers Chambers and Partners has repeatedly named him in Chambers USA: America's Leading Lawyers for Business, and has described him as "outstanding" and "a leader in open source-related matters." Legal 500 also recognizes him, commenting: "His expertise in providing strategic IP advice, with particular specialism in open-source matters, has won him plaudits. Indeed, one client describes him as 'probably the best lawyer in his field.'"More on Mark on his profile page: http://www.dlapiper.com/mark_radcliffe/Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SummaryThis 1 hour podcast was recorded live at the March 7th, Chicago Cloud Security Alliance chapter meeting, where we were fortunate enough to have a panel of attorneys discuss the issues with cloud security from a legal perspective.  I hope you find the content stimulating, if not a little bit worrisome.Apologies for some of the flaws in the audio, but this was an ad-hoc recording and I didn't have time to clean up the taps and paper shuffling that the super-sensitive microphone picked up.This was the first recording using the mobile Zoom H4n, and I think you'll agree it's an amazing piece of tech.This podcast is posted as-is, and hosting is provided courtesy of HP.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SynopsisThe guest on this podcast will blow your mind ... literally.  He is none other than the "human hacker" himself, Christopher Hadnagy, who has written a book and now runs social-engineer.org.  Chris is a long-time friend of mine and an invaluable resource in the psy-ops James Bond style social engineering world.  Chris knows his stuff, and he's willing to teach you if you're willing to listen... so buckle down and get educated on social engineering background, tricks and even the 6 things your company must do to prevent being a victim of social engineering attacks.  Oh ... and let's not forget, somewhere in this episode Chris makes you an offer you can't refuse, just for you Down the Rabbithole listeners, how cool is that?  If you've ever thought about taking a class, or having your organization fortified against social engineering attacks but didn't think it was within your budget - listen to this podcast ... Guest Christopher Hadnagy - Chris, or as his friends on Twitter know him - @HumanHacker - is a fountain of knowledge on social engineering and the art and science behind corporate-level offense and defense using the human mind.  Chris has written a book called Social Engineering: The art of human hacking, and runs social-engineer.org contributing to community through teaching, speaking and writing as well as hosting a heck of a podcast on the fascinating topic of social engineering.  Chris's organization offers SE penetration testing, education and is at the forefront of social engineering tactics for the defensive good.LinksThe official social engineering portal - Social-Engineer.orgRegister for social engineering training & services through Chris's organization hereSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SynopsisI had the pleasure of sitting down with Nathaniel Dean, someone I had met through a mutual colleague's introduction, and hear about a neat concept that takes the software security program to a new level.  Interestingly enough, Nathaniel runs a red team but it's guaranteed to be unlike any red team you've probably ever worked with.  The crazy thing?  It's working.  We talk through the mechanics, psychology, and business implications of what he's driving, and how he's rollig up his sleeves and getting it done which is probably more important than anything else.Jack in and get a 25-minute does of knowledge from someone I know you'll learn something from.GuestNathaniel Dean - Business Information Security Officer at a major financial institution.  Nathaniel has been managing and building programs in this space for a long time, and his experience shows.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!Synopsis  We were "live to tape" (as Adam says) from HP's Master the Cloud event in Calgary.  As we wrap up the road tour in the frozen city of Calgary I had the pleasure of sitting down with a comedian and celebrity, a technical expert on virtualization from HP, and the manager of Intel's advanced server technologies team.  This was a wild, off-the-rails discussion and you can really tell we were just having a good time and excited to wrap up the tour.  Great topics of discussion...Topics covered in this episode include...Hypervisors and their value to cloud computing, virtualization and hackingWhy are hypervisors critical to cloud computing?Will Intel build a hypervisor into the silicone?How robust driver stacks keep hypervisors 'safe' on the software level..."Raising the bar" on security (analogies of a department store)Virtualization of compute resources & BYOD ...slightly off the railsFederation of identities, and applied to social media Special GuestsJake Smith (Advanced Server Technologies Manager at Intel Corp.) - Jake was a keynote speaker at HP's "Master the Cloud" tour across Canada speaking about Intel's vision for a more connected, more virtualized, and more secure Cloud Computing environment; including Intel's partnerships with HP and some of the advancements they have embarked on together.  Jake can be found on LinkedIn here: http://www.linkedin.com/in/jakesmith42Adam Growe (Celebrity host of Cash Cab Canada) - Adam is the host of Canada's "Cash Cab" show on the Discovery Channel.  Additionally, Adam has his own quiz show ("The Adam Growe Quiz Show") and is a recognized celebrity, accomplished comedian and emcee, and has the uncanny gift to derail any boring IT conversation! Adam can be found on FaceBook here: http://fb.com/AdamGrowe and on his own site: http://adamgrowe.com - on behalf of HP I wish to thank Adam for his presence and making us all chuckle.Emrah Alpa (HP TippingPoint technical specialist) - Emrah in addition to being an accomplished DJ is the Northwest Canada regional HP TippingPoint technical expert. LinksHP TippingPoint Secure Virtualization Framework (SVF) - Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SynopsisWorld-renowned author, researcher, speaker and founder of legendary TripWire joins me semi-live from LASCON in Austin, Texas to talk about his current project(s) [The DevOps Cookbook, and When IT Fails: A Novel], and his book Visible Ops and how this can all be applied to security in today's tough business climate.  Gene and I discuss what in the DNA of well-performing (or "agile") IT organizations, based on Gene's research and experience, enables them to not only perform better, but also serve the business faster.  These high-performing organizations all have things in common, and you may be shocked to hear it's not heaps of money, or resources, or "powerful" CISOs.  The experience was a pleasure and I guarantee you'll learn something from this podcast, and I highly encourage you to add Gene's books as a staple of your career-building library.Guest"The real" Gene Kim - I am working on my third and fourth books, "When IT Fails: The Novel" and "The DevOps Cookbook," scheduled to be published in June 2012. Both are the culmination of over 13 years of researching both high-performing and low-performing IT organizations, as well as benchmarking over 1500 IT organizations to help inform what behaviors simultaneously advance business and information security objectives.  LinkedIn profile, just in case you have never had the pleasure - http://realgenekim.me.LinksSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!SynopsisI sat down at the HP Master the Cloud (hp.com/go/cloud) event in Toronto, Canada to answer some Twitter-based questions, talk about the trade show, and listen to some of the fantastic things Victor and his team are working on right now in their incubator ... and it was a really great 20 minutes.  We covered the questions below (posted directly from Twitter, special thanks to all who participated) and talked about technology, the evolution of security, and how organizations can take advantage of this shift as technology turns the corner in a new operating and delivery paradigm.  Is cloud right for everyone?  Probably not.  Is cloud right in every situation?  Probably not.  This is exactly why you need to listen to Victor ... this is definitely a worthwhile way to spend 20 minutes of your time.Questions from Twitter"What's your perspective on letting the entire Internet pen test your service in a sandboxed environment?" -- HackBlat (@HackBlat)Virtual processing is great, but how are we supposed to layer on data privacy? IoW - w/the "To the Cloud!" rush, why aren't there any (effective) integration patterns emerging? Lift & Drop is bad for data. -- awpiii (@awpiii)How does one establish bandwidth requirements when establishing a pipe to a cloud service? -- RonService (@RonService)Vendor routinely sell something not using themselves. What percentage of HP infrastructure is running in public cloud offering? -- brew_ninja (@brew_ninja)GuestVictor Garcia (CTO HP Canada) - Victor is the Chief Technology Officer for HP's Canada business, leading the business in technology & business strategy, incubation and commercialization of new technologies, strategic alliances, and systems integration as well as business management.  Victor's LinkedIn profile is here.Links"The security poverty line" from Wendy Nather of the 451 Group (podcast with Alan Shimel) - https://gpodder.net/podcast/securityexe-powered-by-the-ciso-group-with-alan-shimel-1/security-below-the-poverty-line-with-wendy-nSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast