Down The Security Rabbithole

  • Author: Vários
  • Narrator: Vários
  • Publisher: Podcast
  • Duration: 398:36:06
  • More information



Security. Some assembly required.Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.Read the blog > along on Twitter >


  • DtSR Episode 263 - Legal Update Q3 2017

    26/09/2017 Duration: 45min

    On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our legal-eagle Shawn Tuma! We're continuing our policy of not piling on to data breach hysteria, but will be covering some of the legal ramifications of recent disclosures, a possible national data breach law and a few other things that will make this show a must-listen. Shawn's unique perspective and true expert insights give you talking points and a download of facts that you wouldn't get listening to the talking heads and mainstream media. Enjoy, share with your colleagues, subscribe via RSS, and don't forget to talk back to us on Twitter using the hashtag #DtSR.   Thanks for listening!

  • DtSR Episode 262 - Deeper Down the Cyber Liability Insurance Rabbithole

    20/09/2017 Duration: 50min

    This episode, in conjunction with the Security Advisor Alliance ( ) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the things security leaders need to know as Travis and Stephen get right to the heart of matters. Required pre-listening... Check out the first episode (way back in the archives) on DtSR Episode 34 - The Inside Scoop on Cyber Liability Insurance ( ) with Christine Marciano ( @DataPrivacyRisk ). Then, go grab episode 172, our 2nd foray into this topic titled "The Truth on Cyber Insurance" ( ) with Eran Kahana and L. Keith Burkhardt and dive a little deeper.   As always, thoughts and comments are more than welcome and discussion using the hashtag #DtSR is encouraged!

  • DtSR Episode 261 - Deeper Down the ML Rabbit Hole

    13/09/2017 Duration: 54min

    Welcome to another Down the Security Rabbithole episode folks! This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and the shenanigans that surround it. We talk through what ML is, some use-cases and further dispell some common myths. We even have a little fun, who knew.   Guests: Alex Pinto ( @Alexcpsec ) Sven Krasser, Ph.D ( @SvenKrasser )

  • DtSR Episode 260 - The Immense Challenge of Protecting Office 365

    05/09/2017 Duration: 42min

    This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On this episode we cover: What we mean by at scale in regards to Office 365 Some pros and cons of the Office 365 platform as it pertains to security and safety Eary warning, early detection, and how easy it is to really break things There's so much more too! We even skipped talking about current events to give this show maximum run-time. Sit back, grab something to take notes with, and listen up. The lesson begins now.   Guest Rudra "Rudy" Mitra - ( @rudramitra ) Rudra is the Director of Information Protection for the Office 365 platform. He works on extremely large-scale projects to ensure the safety and security of client data and the platform itself. LinkedIn profile is here:

  • DtSR Episode 259 - Risk Communication Primer

    31/08/2017 Duration: 49min

    As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". Communicating 'risk' is a nuanced, subtle and often time-based endeavor so we feel like everyone should have at least some background in it. Sit back, relax, and again...start taking notes furiously.   Guest Claire Tille ( @ClaireTills ) - Communication researcher trying to get into information security. I write about applying comm theory to infosec and case studies in my blog (

  • DtSR Episode 258 - Big Scary Numbers

    22/08/2017 Duration: 51min

    This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we believe security goes awry when it comes to 'big, scary numbers'. Listen in...   -- Top News Maersk says it's going to lose between $200M and $300M from notPetya Depending on which headline you read this is either a catastrophe - or not that big of a deal Seems to be about perspective in their overall guidance to investors, in light of industry trends Bottom line, perspective matters Uber is in trouble. Again. FTC has Uber in hot water over less-than strict security of drivers' information Lack of security, privacy and finally a chief security exec Speaks to a broader issue with how start-ups treat security in the overall scheme of "making it"

  • DtSR Episode 257 - Software Ate the Perimeter

    16/08/2017 Duration: 49min

    This episode of Down the Security Rabbithole Podcast was recorded live and in person in Las Vegas at the Black Hat Conference 2017. Raf had a chance to sit down across the microphone from Jason Garbis of Cryptzone to talk about a the software defined perimeter. SDP is a relatively new space many of us in security aren't familiar with, so we decided we'd record a primer on the topic, narrated by someone who is expertly involved in the practitioner side (through the CSA, Cloud Security Alliance) developing the standards and the provider side (Cryptzone) developing products and services towards the specification. This is a more technical-focused podcast than many of our others, so sit back, grab a notepad and get ready to learn something. For more of Jason's work, check out this link: Guest Jason Garbis - Vice President of Products for Cryptzone, where he's responsible for the company's product strategy and product management. Garbis has over 25 years of experi

  • DtSR Episode 256 - Rick Howard on the Record

    09/08/2017 Duration: 49min

    This week - Rick Howard joins us and goes on the record to talk about the Security Canon and a few other interesting things you're just going to have to listen to, in order to find out. — Top News Adobe is end-of-life'ing Flash I'll pause while you catch your breath Wait, it's not until 2020 Also there's more Developers targeted by malicious Chrome extension Just like security people and "commoners" developers fall for it At least it was caught, and removed...   Here's what we talked about with Rick Howard...   The Cyber Security Canon Check it out Reading material for newbies and others of us Patrolling Cyberspace — my homework The Cyber Threat Alliance Sharing intelligence - amongst competing vendors Palo Alto leading the endeavor, with a group of 6 Some things are above competition — that’s worthy of a clap If y

  • DtSR Episode 255 - Security and Human Nature

    01/08/2017 Duration: 46min

    This week on the Down the Security Rabbithole Podcast, John Nye ( @EndIsNye_Com ) to talk about the human aspect of the cyber security equation. Getting away from blaming the user, we talk through the human nature side of the business with a focus on social aspects and behavior modification. A fascinating discussion you'll want to listen to over and over again, for sure!

  • DtSR Episode 254 - Lowdown and Dirty ICS

    25/07/2017 Duration: 01h02min

    This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics.   Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago.   Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in that sector.   Thanks again for joining us, Sergio!

  • DtSR Episode 253 - Defending the Small-to-Medium Enterprise

    18/07/2017 Duration: 52min

    On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.   Blue Cross Blue Shield of Alabama sends out USB sticks Security elitists up in arms We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content? To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives So what do we suggest? More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against? MySpace has a major account password reset flaw, allowing account take-over Wait ... MySpace is still around? But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username How many of our sites have this problem, or worse?

  • DtSR Episode 252 - DFIR with Lesley Carhart

    11/07/2017 Duration: 51min

    In this smasher of an episode James and I are joined by Lesley Carhart live from Enfuse Conference in Las Vegas to talk about the DFIR (Digital Forensics and Incident Response) as a broad field. There is SO much to talk about here, you'll want to listen twice. Make sure that if you missed Enfuse this past year, you don't miss 2018. It's a great conference where you get to meet and talk with folks like Lesley and many others in this field.

  • DtSR Episode 251 - General Data Protection Regulation (GDPR)

    27/06/2017 Duration: 50min

    This week on Down the Security Rabbithole Episode 251 (wow, can you believe we've published 251 full episodes?!) James and I host a roundtable of privacy and data protection experts and talk about the looming EU regulation known affectionately as GDPR. The Global Data Protection Regulation (GDPR for short) impacts all companies that either do business with EU citizens, or operate in the EU. Basically, everyone. It's a huge deal and there really isn't a "wait and see" option. Listen in, and if you have feedback provide it!   Does anyone really read these show notes? Reply on Twitter with #DtSR!   Guests: James Keese - Dawn-Marie Hutchinson - Stephen Edmonds -

  • DtSR Episode 250 - Deconstructing the Internet of Things

    20/06/2017 Duration: 56min

    Fresh off of his closing keynote at Enfuse Conference 2017 in Las Vegas, Dr. Timothy Chou joins us to talk about the difference between the Internet of People and the Internet of Things. Even though many people talk about the IoT we still fail to understand the gravity and enormity of the problem we face and how information security professionals are so far behind the 8-ball here. Dr. Chou spend some time with us to dispense wisdom interlaced with humor to make it stick.   Guest: Dr Timothy Chou is a technologist, a lecturer, and published author. He has written a book called  "Precision: Principles, Practices and Solutions for the Internet of Things" that delves into an Internet of Things many don't really understand yet. While most of us focus on the Internet of People (gadgets and things meant to be operated by people) Dr. Chou focuses on the IoT where people aren't just optional, they're unnecessary. LinkedIn:

  • DtSR Episode 249 - Finding a Way

    13/06/2017 Duration: 51min

    This week, James and i try out a new format for the show. We hope you enjoy the blend of news commentary and an interview.    News More car vulnerabilities - this time in a Subaru No stunt hacking involved A repeat vulnerability means there's potentially a bigger SDLC issue Responsibly disclosed, fixed ... if a tree falls... Link: The 5th Amendment and your phone passcode This issue is sticky Passcodes, fingerprints, etc - all need consistent law We need a lawyer Link: Guest Kevin Pope ( @screamingbyte ) - Kevin is a long-time friend of the show, and someone who has a fantastic story only he can tell. From struggling to thriving and the story to get there.

  • DtSR Episode 248 - Nick Hyatt On Ransomware

    06/06/2017 Duration: 51min

    This podcast episode was recorded live to tape from Enfuse Conference 2017 from Las Vegas. If you didn't get a chance go get out this year to one of the premier DFIR (Digital Forensics and Incident Response) conferences you missed a heck of an event.  James and I want to thank Guidance Software for the invitation, for having us out, and for access to some truly amazing guests for this series of recordings. For #248 sit back and listen to Nick Hyatt talk with James and Raf about ransomware - fresh from his Enfuse Conference talk to your ears.   Enjoy and as always please hit us up on Twitter at #DtSR.   Guest: Nick Hyatt ( @Skelet0wn3d ) - Nick is currently the Senior Incident Management Consultant at Optiv Security, Inc. responsible for incident response, threat hunting, digital forensics, and malware forensics using a variety of skills and tools. He has hands-on knowledge and understanding of malware forensics, observation, removal, and threat hunting. Additionally, Nick has hands-on experience with digital

  • DtSR Episode 247 - Internet of Things Forensics

    30/05/2017 Duration: 45min

    Live once again from Enfuse Conference 2017 in Las Vegas, James and I interview Amber Schroader, the President and CEO of Paraben. This interview happened because you all voted and asked for it..ok and because she's a fantastic person to interview. Be prepared for a little humor and a lot of knowledge.   Special thanks again to Enfuse and the Guidance Software team for having us out and getting us access to some downright amazing guests!

  • DtSR FeatureCast - Enfuse Conf 2017 - Theresa Payton

    26/05/2017 Duration: 18min

    As James and I continue to publish our Enfuse Conference 2017 series of episodes we are this week joined by Theresa Payton. Theresa is the former CIO of the George W. Bush White House Administration, and now on the show Hunted where she runs a team of cyber trackers.   Guest: Theresa Payton ( @TrackerPayton) - Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy. As CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of Dark Cubed, a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover strategic opportunities and identify new and emerging threats. Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White

  • DtSR FeatureCast - Enfuse Conf 2017 - DFIR Students

    24/05/2017 Duration: 30min

    Continuing our series recorded live at Enfuse Conference 2017 in Law Vegas, this episode features two USC students who are part of a large contingent here to learn and make connections. Tatiana and Ayman join us to talk about how they got here, what they are planning for their future along with some general thoughts on DFIR and our industry!   Guests: Tatiana Santos ( @tatitasantita ) Ayman Siraj ( @aymansiraj )

  • DtSR FeatureCast - Enfuse Conf 2017 - Keynote Patrick Dennis

    24/05/2017 Duration: 23min

    Today, CEO Patrick Dennis joins the Down the Security Rabbithole Podcast right after his keynote to talk about the conference, what's going on at Guidance, and the state of defense. This is a FeatureCast so we get right to the point in an easy-to-listen format.   Thanks for listening!

page 15 from 29