Down the Security Rabbithole Podcast

Fans & Listeners!

This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter.

Highlights from this …

Yes, DtSR took a week off ... we were due.

This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our …

This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud …

Thank you to Microsoft for sponsoring this show, and our podcast over the years...

Highlights from this week's show include...

• Rob discusses what …

Show Note: As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra …

Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the …

Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

…

This week, Tommy McDowell who is the Vice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafal in person, in …

This week, Rafal gets the rare occasion of sitting down face-to-face with someone and do an interview in person. Andy Green is a great if not sharky fellow, who helped me get over my PG rating for this podcast. So ... …

This week on the podcast, Rafal gets some one on one time with Raffael Marty ... and it's #RaffCon.

Highlights from this week's show include...

• …

This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation …

This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO …

This week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much.

…

This week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise …

This week, Down the Security Rabbithole Podcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features …

This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show.

…

This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone... 

This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her …

This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big …

This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report that Crowdstrike is releasing. The Crowdstrike 2019 Global Threat Report is a must-read with some very …

This week, on the DtSR Podcast, Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty …

This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and …

This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of …

This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp …

This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way …

This week, on the DtSR Podcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO …

This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we …

This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, …

This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, …

In another episode LIVE'ish from AWS re:Invent 2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show …

At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short …

This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at www.armor.com!

This …

On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national …

This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly.

Highlights from this …

** Go Vote **

Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky.

This week, Rob Graham joins Rafal and James (who's back!) to talk about …

This week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics.

Highlights from …

This week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, …

This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, …

While James is away, Raf will podcast all day ...or something like that.

Highlights from this week's show include:

• Bill talks about what it's like …

So, it's October 2018, and it's National Cyber Security Awareness Month. Again.

James and I have a bit of an issue with this, as you'd guess. Why are we still talking about awareness when we need action? Are there …

On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. …

This week, on DtSR Episode 314, the infamous (that's more than famous) John Strand joins us. No, not the male model ...the guy who's been an InfoSec …

Friends welcome to yet another edition of the Down the Security Rabbithole Podcast - as we invite perennial favorite, Shawn Tuma onto the show! Shawn …

This week Down the Security Rabbithole Podcast welcomes two very cool ladies from the InfoSec realm. First Ann Johnson of Microsoft (if you don't …

This week we dive into the world of the web browser. A brief history, some discussion about what's wrong and how it's broken - and a few suggestions for what to do next. This is a complicated discussion - so you can bet …

This week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security …

This week Nate Smolenski - Director, Cloud Architecture Services - joins us for an insightful discussion on the concept of digital transformation for …

Friends, this week's episode is truly unique. We talk to a gentleman whose job it is to think big, and into the future in a big way.

Jeremy Nulik is …

On this episode of the Down the Security Rabbithole Podcast, Rafal is in Chicago for a few days and visiting with a long-time friend and colleague, …

This week, we tackle a topic that should not have taken 306 episodes to get to - balancing family and work while growing a career in Information …

Do you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you, and …

This week, James and I interview a former Optiv colleague and advisor to many Fortune 250 CISOs in his long career, our friend Ron Kurisczak. Ron's …

Thanks to my friend Brian Wrozek for joining us this week on Down the Security Rabbithole Podcast. Brian's long career as a CISO has broken several …

This week, as DtSR rolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad …

This week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a …

Thank you, listeners!

Down the Security Rabbithole has reached milestone episode #300.

In this episode, James and Rafal sit down with the nothing …

Special thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure!

Highlights from this week's show include...

• …

Two more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe).

Highlights from this week's show …

Before you listen to this podcast ... go grab this report: https://www.kennasecurity.com/prioritization-to-prediction-report/ from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this …

This week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in …

This week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud …

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at …

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at …

This week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide …

[This week's episode and fantastic discussion on endpoint security is sponsored by Nyotron]. DtSR listeners already know we don't do advertisements or traditional sponsorship - so when we bring in a sponsored guest it's …

This week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in …

This week, join DtSR as Rafal sits down across the virtual table with the one and only Robert Hansen. Rob (aka @Rsnake ) discusses his roots of being an almost-bad-guy, to the security of browsers, and privacy. Plus we …

This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an …

In case y'all don't read LinkedIn or Twitter - Rafal recently joined Armor (Armor.com), so what better time to interview the CEO Chris Drake than right now.

So this week, Chris Drake joins us in the studio to talk about …

This week's DtSR Podcast sits down in the offices of Shawn Tuma to discuss an update on the law with regards to data breaches, or incidents - and what the differences between. We talk through current events, past …

We have a treat for you folks this week!

On episode 285 of the podcast I'm joined by three well repected, forward thinking, and …

This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's …

This week an old friend, Vinnie Liu of Bishop Fox, joins Raf and James to talk about the history of App Sec. We started trying to test ourselves …

Join us this week on Down the Security Rabbithole as Barrett Lyon (who knows a thing or two about DDoS) is our guest to talk about the evolution of …

This week, go Down the Security Rabbithole with James and Raf as they host Robert Sell. Robert took 3rd place at the Defcon SECTF (Social Engineering …

This week, Chris Rosen from IBM joins us to talk about cloud containers - and the security (or lack thereof) of them. There is a paradigm change coming which significantly impacts security - if we're ready for it. Chris …

This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and …

Welcome Down the Security Rabbithole. This week we bring Jeff Schilling from Armor to talk about Spectre and Meltdown - the two hottest topics of the …

Happy New Year, 2018.

Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that …

What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety …

For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "

This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed.

Patrick and …

Join James and Rafal, one last time, live from Enfuse Conference (Las Vegas, NV) this past summer.

In this episode, we track down a personal friend of Raf's - Bob Kruse, Demisto, VP Sales & Alliances, and talk about …

This week, Grant and Mark join me live and in person in Las Vegas at the Amazon AWS re:Invent conference to talk about the security marketplace, innovation, "the bubble" and more.

Here's the announcement we talked about …

This week James and I are fortunate enough to have one of the best keynote speakers I've ever seen on the show. He's an amazing speaker, a brilliant magician and a sharp dresser - this guy is the real deal.

Straight off …

Ladies and gentlemen - we have our first 3-time guest! Brandon Dunlap, my good friend and industry titan, joins the podcast for his third trip down …

This week, we have a repeat guess with Robert M. Lee joining our show to talk about the Industrial Internet of Things. Rob's just finished a conference his company, Dragos, Inc, just started to educate and help increase …

Welcome down the Security Rabbithole, friends and colleagues!

This week, my guest is Larry Whiteside, Jr. (we know him as the best dressed man in …

This week, James and Raf cover the tail-end of Cyber Security Awareness Month. It's been an interesting week of news and of course let's talk about awareness.

Have you completed your mandatory training?

-- This weeks' …

This week we're getting the band back together!

Michael Santarcangelo joins us for a segment we'll be featuring regularly (look for is every 6 weeks …

This week's Down the Security Rabbithole Podcast asks - "Are you paranoid enough about your privacy? or do you simply not have any?" with a couple of …

This week, Harlan Carvey joins James and I to talk about the evolution of Windows forensics over the last decade and half or so. Harlan has more …

On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our …

This episode, in conjunction with the Security Advisor Alliance ( https://www.securityadvisoralliance.org/ ) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the …

Welcome to another Down the Security Rabbithole episode folks!

This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and …

This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On …

As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". …

This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we …

This episode of Down the Security Rabbithole Podcast was recorded live and in person in Las Vegas at the Black Hat Conference 2017. Raf had a chance …

This week - Rick Howard joins us and goes on the record to talk about the Security Canon and a few other interesting things you're just going to have …

This week on the Down the Security Rabbithole Podcast, John Nye ( @EndIsNye_Com ) to talk about the human aspect of the cyber security equation. …

This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. …

On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.

• Blue Cross Blue Shield of …

In this smasher of an episode James and I are joined by Lesley Carhart live from Enfuse Conference in Las Vegas to talk about the DFIR (Digital Forensics and Incident Response) as a broad field. There is SO much to talk …

This week on Down the Security Rabbithole Episode 251 (wow, can you believe we've published 251 full episodes?!) James and I host a roundtable of …

Fresh off of his closing keynote at Enfuse Conference 2017 in Las Vegas, Dr. Timothy Chou joins us to talk about the difference between the Internet of People and the Internet of Things.

Even though many people talk …

This week, James and i try out a new format for the show. We hope you enjoy the blend of news commentary and an interview. 

News

• More car …

This podcast episode was recorded live to tape from Enfuse Conference 2017 from Las Vegas. If you didn't get a chance go get out this year to one of the premier DFIR (Digital Forensics and Incident Response) conferences …

Live once again from Enfuse Conference 2017 in Las Vegas, James and I interview Amber Schroader, the President and CEO of Paraben. This interview happened because you all voted and asked for it..ok and because she's a …

As James and I continue to publish our Enfuse Conference 2017 series of episodes we are this week joined by Theresa Payton. Theresa is the former CIO of the George W. Bush White House Administration, and now on the …

Continuing our series recorded live at Enfuse Conference 2017 in Law Vegas, this episode features two USC students who are part of a large contingent here to learn and make connections.

Tatiana and Ayman join us to talk …

Today, CEO Patrick Dennis joins the Down the Security Rabbithole Podcast right after his keynote to talk about the conference, what's going on at …

We kick off a week of on-the-scene podcasts live'ish from Enfuse Conference 2017, hosted by Guidance Software in Las Vegas, Nevada with Lori Chavez VP of Corporate Marketing. She is the brains responsible for the …

This week we are live from Enfuse Conference 2017 in Las Vegas, Nevada.

Special thanks to Guidance Software for having us out and getting us access …

• As of recording, it is reported that 200,000 computers were infected.
• Patch for flaw was …

This week - live and in person from Denver, Colorado and the RMISC Conference I interview Stephen E. Coury the CISO of the County and City of Denver. …

• In October, 2017, all HTTP sites will be marked ‘Not Secure’ while in incognito mode.
• • Incognito mode …

This week the team gets together to talk Management and Leadership in the security industry and in general. Our very own Michael Santarcangelo joins us as our featured guest to dispense knowledge on leadership by the …

• Tornado sirens in Dallas all simultaneously went off
• Suspected hijacking of …

This week the Down the Security Rabbithole podcast hosts Sven Krasser of CrowdStrike. Sven is an actual machine learning data science expert (as …

• Most ‘typical’ users simply don’t understand security because it’s …

This week, on the Down the Security Rabbithole Podcast, Michael and I are back with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from …

• Cybercrime is reported as a $450B drag on the economy; the absolute number sounds big
• …

Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 ( …

A Note on the Passing of a Legend

• Howard Schmidt passed away this week
• Long, distinguished career as one of the CISOs who “got it”
• He will be missed …

This week, the interview is extra special because we have a guest I've personally been following for a long while, and I finally got a chance to …

This week, fresh on the close of RSA Conference 2017 James, Michael and I discuss the happenings of the conference, lessons, and features along with some inside anecdotes you won't get from anywhere else. Of course, we …

This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating …

It is that time of year of W-2 Scams

• There have been multiple reports of companies releasing W-2s through email scams.
• Link: …

On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the …

Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled)

Link: …

This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing …

St. Jude, MedSec and the FDA

• FDA, St. Jude go through disclosure/fix cycle
• No mention of MedSec - interesting for discussion; did they have an …

Welcome to the first Down the Security Rabbithole Podcast episode of 2017!

We would like to kick off this year, and the run to episode 250 with an …

Merry Christmas, Happy New Year everyone!

May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the …

On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be …

Federal Government Disproves the Myth of Cyber Talent Shortage

• If the government can find and hire them - they exist
• What does that mean for the …

This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's …

DHS Releases Strategic Principles for Securing the Internet of Things

• …

This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off …

It is election day.. Have you voted?

Beware, IPhone Users: Fake retail apps are surging before the holidays

• The issue of brand protection and …

This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are …

The Massive DDoS That Hit Dyn.Org

• Massive DDoS disrupts a ton of popular websites (Netflix, Twitter, etc)
• IoT used to amplify attack
• What does this …

This week, #DtSR takes a trip down Software Security lane or as some call it "How are we still writing code with bugs that we found relatively concrete fixes for in the late 90's?" (I may have been watching too many …

• …

Grab a cup of coffee, jack in your earphones and listen up.

DtSR Episode 214 is addressing the issue of breaches, and their material financial impact to an organization.

The premise is simple - when you have a breach, …

Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If you’re up to discuss …

In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.

Mike has loads of …

Chrome to label more sites as insecure in 2017

• Link: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
• Focus on sites that …

In this episode James and I invite Vlad Klasnja from Optiv's Office of the CISO, and Hudson Harris, Chief Privacy Officer at HarrisLOGIC, to talk about data protection. From defining the concept to providing some …

NewsCast for Tuesday August 30th, 2016

Clinic Won’t pay breach protection for victims

• …

This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk …

Quick note from Michael about the Straight Talk Framework & Program -- >

• Get your free copy at …

In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk …

Quick note from Michael about the Straight Talk Framework -- >

• I’ve separated the framework from the programs; the framework is free and …

This week, Chris Romeo joins Michael, James and I to talk about changing the security posture of an organization by changing culture. This episode …

Ransomware that's 100% pure JavaScript? Sort of...

• Slightly misleading article
• Generally a Windows-based attack (go where the users are)
• …

This week on the Down the Security Rabbithole podcast, Brandon Dunlap is back for his second show. Following up on Episode 158 where we discussed …

** Our 200th numbered episode! **

A note from Raf:

 Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our …

In this episode..

The "Nuclear Bomb" analogy isn't working, stop using it"

• …

On this episode of the Down the Security Rabbithole podcast, Dawn-Marie Hutchinson, currently an Executive Director within the Optiv Office of the …

In this episode...

Are people "going offline" as a result of increasing dangers of the Internet?

• This article makes the case for yes: …

On this episode of the Down the Security Rabbithole podcast, I get the pleasure of sitting down with one of my all-time favorite Chief Security …

This week the gang's all here to talk about some news happenings. Michael, James and I talk through some of the stories we've been tracking.

Have something you've been reading and want to talk about? Hit us on Twitter …

In this episode...

Michael and I welcome back Shawn Tuma, our resident Cyber Law Expert from the great state of Texas. We discuss some of the recent cases (unlocking an iPhone!) and some of the tough issues facing the …

In this episode..

ImageTragick - major flaw in open source image processing toolkit

• ImageTragick is CVE-2016-3714
• Logo & Website: …

In this episode...

Join our guest Larry Whiteside, Michael and I as we record live from InfoSec World 2016 in sunny Orlando, Florida! We talk through the life of a CISO, and the challenges of being in the Healthcare and …

In this episode...

Only about a third of companies know how many vendors access their systems

• nearly every company is at risk for a third party …

In this episode, James, Michael and I are live from InfoSec World 2016 and we get the pleasure of interviewing Lance James fresh off the keynote …

In this episode...

Pros examine mossack-fonseca breach: Wordpress plugin, Drupal likely suspects

• Plug-ins seem to be a universal weakness
• Many …

Intro song: "Josh Gabriel - Deep Down"; Intro/Outro v/o courtesy of @ToddHaverkos

In this episode...

• BadLock bug (which now has a website, a graphic, and more hype than Bieber) is out there
  • Is the bug really worth all this hype?
  • …

In this episode

I posed some questions to Joey, an InfoSec professional who had recently moved into a CISO role in a midwest retail company:

• Let's …

In this episode...

The FTC is getting into providing guidance on password changes

• Well OK, this isn't really guidance, it's just a blog
• But - does …

In this episode, we wind down from RSA Conference 2016 and talk with Jonathan and Michael, both security executives and leaders at their respective companies whom were both out at RSA Conf and share with us some of …

This is RSA Conference week, so while Rafal is out in San Francisco trying to make it through another one, James and Michael break down the news events that you may have missed.

300,000 Homes affected by security …

In this episode...

• Michael and I moderate what turns out to be an expert-filled panel discussion on the real issues of the Apple vs FBI debate
• Shawn …

In this episode

Class action lawsuit against SuperValu dismissed

• No damage (use of stolen information) so there's no case?
• As time passes, risk of …

In this episode...

• Andrew discusses a few of the key challenges making it difficult for the healthcare sector right now
• Robb, Andrew and Raf discuss …

In this episode

Employees may face penalties if they misinterpret security policies?

• Human behavior still seen as the biggest weakness
• Employers …

In this episode

• What goes us here - so where are we?
• Where do we go, and how? (addressing stunt hacking)
• We discuss how we can influence outcomes, …

In this episode

FTC imposes a $250,000 fine for "false advertising" of encryption

• Interesting case, where there really was 'false advertising'
• Would …

We open up our 2016 year interviewing Shawn Tuma on the show. Shawn is our legal eagle, and a regular contributor to the podcast. This episode ran a …

In this episode...

Juniper has a backdoor problem

• 2 separate issues, auth bypass & VPN weakness
• backdoor discovered in Juniper devices
• lots of …

In this episode...

• We discuss what in the world is going on in the healthcare space, and why they’re such a target for attackers
• Dustin discusses …

In this episode...

1. Vizio is getting sued, over data their TVs collect?
   • James provided security tips on the local news station and one of those tips …

Thanks for joining us! This is a very important episode with true experts on the topic of cyber insurance. I was lucky enough to get an attorney and a VP of an insurance firm who specialize in the topic and their depth …

In this episode

I interview Mike Daugherty - author of The Devil Inside the Beltway [Amazon.com link] live from the Security Advisor Alliance first-ever Summit in Dallas, TX. Mike was kind enough to sit down with me …

In this episode

• We start a constructive discussion addressing the problem of the ‘talent shortage’
• The panel discusses the general lack of …

In this episode...

• Is this seriously the FBI suggestion to companies hit with ransomware?
  • …

In this episode

• Rob & Liam discuss the practical applications of threat intelligence for today's enterprise
• We discuss what enterprise threat …

In this episode...

• Turn any old car into a "smart car" for $200 with this new miracle device
  • "BACKED BY FROGVENTURES, VOYOMOTIVE IS TACKLING THE …

In this episode...

• Raf sits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.
• …

In this episode...

• Standard & Poor's Adding Cybersecurity to Ratings
  • The headline
    • In a report issued this week, the rating agency says it …

In this episode...

• Raf asks why we talking about global supply chain, 3rd party risk again
• Josh discusses what little things we are not thinking …

In this episode...

• Patreon got hacked, but it's OK
  • This is a lesson in how to do security in a reasonable manner
  • Great response, good security
  • …

In this episode...

• Kirby tells us what OSINT is
• We discuss how much we are giving away on digital channels?
• We discuss if there is such a thing as …

On this episode of the NewsCast

• Intel forms new Automotive Security Research Board (ASRB) to focus on security of their automotive platform
  • …

In this episode...

• Brandon, Michael and I discuss the challenges of leadership and how leadership is more than just telling people what to do. …

In this episode

• Court strikes down Wyndham's challenge to FTC power
  • We have covered this before
  • Wyndham argued due proces and lack of case law - …

In this MicroCast, live from HTCIA Conference 2015 in Orlando, FL, Michael and I quickly set the stage for a conversation on conference speaker/attendee engagement. 

[Raf] One of my biggest pet peeves as a speaker is …

In this episode...

• We discuss what life is like as the CISO when you have all the responsibility for, but no administrative access (or hands on …

In this episode...

• Just when you thought America's neutered "chip & sign" was a safe
  • …

In this episode...

• We discuss the ever-growing need for strong leadership in security
• I ask whether experience and longevity in a position naturally …

In this episode...

• The Belgian government's internal phishing test has "gone off the rails" a bit
  • Used a legitimate entity to test against
  • Panic …

In this episode

• Raf asks - Why haven’t we solved the same old software security bugs?
• James asks how a security team gets out of the way and still …

In this episode...

• "Hackers remotely kill a Jeep!"
  • Lots to talk about
  • Basics of segmentation weren't followed, aren't followed
  • Discussion on …

In this episode

• Talent shortage - is it real, and how bad is it?
• We discuss: what does negative unemployment actually mean?
• Michael asks- ecurity is …

In this episode...

• Peter Morin joins us to talk through the upcoming HTCIA International 2015 Conference in sunny Orlando, Florida.
• We talk …

In this episode...

• Appears as though Windows 10 WiFi Sense could have some issues with WiFi -- more on this as it develops
  • Why is the default …

In this episode

• We take a little peek inside the mind of a CEO, from the security perspective
• We discuss the state of information security in the …

In this episode

With me gone, James and Michael run feral!

• It's June, so here are the top 3 security priorities for CISOs for 2015 (yes in June)
  • …

In this episode...

• What is the Security Advisor Alliance?
• We discuss some of the issues facing CISOs today
• Clayton gives us his perspective on how …

In this episode...

• Facebook has released PGP-encryption-enabled email communications
  • The anti-privacy platform will now encrypt emails to you if …

In this episode...

• Defenders are set up to fail? how and why
• How do we fill forensics and IR positions?What skills and qualifications do …

Apologies to anyone who is having issues downloading this episode!

In this episode...

• The ACLU encourages the government to get into bug bounties
  • …

In this episode...

• David Shearer, Executive Director for ISC2 joins us to talk about the results of the ISC2 2015 Information Security Workforce …

In this episode...

• Netflix launched FIDO (not that one, or that one, no the other one)
  • Focused on automating incident response practices
  • FIDO is an …

In this episode...

• A quick walk-through of Rob’s talk (“Hacker ghost stories”), and why it’s completely relevant today
• Simple things that work
  • …

In this episode...

• A join Ponemon Institute & IBM Security study shows that, surprise surprise, developers are "neglecting security"
  • The study …

In this episode...

• What about public safety, where do we draw the line on open research?
• Self-regulation? Disclosure? What are our options…

In this episode...

• Friend and security researcher Chris Roberts steps into it... 
  • A poorly-conceived tweet, followed by mass hysteria
  • Most everyone …

In this episode...

• Where do you even start with “threat intelligence”?
• Ryan talks about context, and why it’s *the* most important thing when it …

In this episode...

• TrueCrypt security audit results are good news, right? 
  • Why are some of the most depended-upon 
  • …

In this episode...

• Jon Callas gives a little of his background and his current role
• We talk through why cryptography is so hard, and so broken today

Remember folks, as you listen reach out to us on Twitter and hit the hashtag #DtSR to continue the conversation, and speak your mind! Let's hear what …

In this episode...

• Michael C and the team talk bout "going back to basics" and the need for security fundamentals
• Michael C talks a little about why …

In this episode--

• Law firm hit and crippled by ransomware, decides it's not paying the ransom.
  • They aren't quite sure what got encrypted
  • But they …

In this episode...

• We learn the origins of "RSnake" as told by Rob himself
• Rob gives us a peek into the dark side, from his contacts and experiences

In this episode--

• Would you be OK with your credit card company tracking you, to decrease fraud rates? Visa wants to track your smartphone.
  • …

In this episode

• Traveler's Insurance files suit against a web developmeent company for failing to provide adequate security, resulting in a breach …

Topics covered

• Massive breach at American Health Insurer Anthem - from the "haven't we done this once before?" department as Queen - Another One …

This is the 7th installment (call it a rebirth) of the MicroCast. Short and to the point, Michael and James talk about the phrase breached companies use - "We take your security seriously..."

 .. join the conversation …

Fans - If you haven't booked your ticket for InfoSec World 2015 in sunny Orlando, FL check this out. Register using our code CLD15/RABBIT for 15% off.

If you want a chance to go for FREE, listen to Episode 127 for your …

** There is a special gift for our listeners in this episode, from our friends at InfoSec World 2015! Listen to find out how you can go for free.

 We …

In this episode...

• The blog post that started it all - …

Welcome to a new year of the Down the Security Rabbithole Podcast! We are kicking off this year with a guest on this morning's program, Phil Beyer…

Hi everyone! Welcome to the very first episode of the Down the Security Rabbithole Podcast for 2015! On this opening episode, Jeff Man joins us to …

Hey everyone! We're almost done with 2014 and another new year is right around the corner. We thought this was the perfect time to sit back, relax a little and reflect on the year that was...and boy was it ever!

Jack …

In this episode

Attorney and CFAA expert Shawn Tuma joins us to talk about the US vs. Salinas case where Mr. Salinas was threatened with 440 years in jail, and now plead down to a misdemeanor. Prosecutorial discretion, …

Topics covered

• The unfolding case of the Sony Pictures Entertainment breach
  • http://blog.wh1t3rabbit.net/2014/12/when-press-aids-enemy.html
  • …

In this episode

• Michelle explains to us what Enterprise Architecture is, and what it isn't
• Michelle gives her take on how both security and …

Topics covered

• Sony Pictures is having a very, very bad couple of days - and it could keep getting worse.
  • …

In this episode

• We revisit the 'human' side of hacking
• Chris tells us all about the Defcon CTF his team has hosted
• We discuss the role human nature …

Note: The hashtag for the show on Twitter has changed, please connect with us using #DtSR going forward. Thanks!

Topics covered

• Update: Home Depot …

In this episode

• Adam and Dmitri discuss what is (and what isn't) threat intelligence
• We discuss strategic, tactical and operational security …

In this episode

• Jeff explains a little bit about who Norse is, and why they were potentially targeted with a DDoS
• We discuss what a DDoS is, how it …

Topics covered

• Banks urging shoppers not to avoid breached retailers - Companies that get breached impact card holders minimally, at least as far as …

In this episode

• Chris attempts to explain the consternation with 'security research' right now
• Kevin gives his perspective and why he doesn't quite …

Topics covered

• The FBI paid a visit to the "researcher" who revealed (and tinkered with) the hacked Yahoo! servers - we discuss the various aspects …

In this episode

• Ron gives us a brief history of Tenable and TVM for the enterprise
• Ron answers "How do you make network security obtainable and …

Topics covered

• The petition on WhiteHouse.gov titled "Unlock public access to research on software safety through DMCA and CFAA reform" and ...well …

Thank you to Shawn Tuma - an attorney specializing in CFAA and a good friend of our show - for stopping by and lending his expertise on this episode. …

In this episode

• DREAMR: What is it, and why is it so important to Enterprise Security today?
• Examples of aligning business and security requirements …

Topics covered

• Hacker flees US for non-extradition country - why?
  • http://blog.erratasec.com/2014/09/hacker-weev-has-left-united-states.html
  • …

In this episode

• Separating the hype from reality of the Chinese hacking threat
• The escalation of economic tensions between US & China, over …

Topics covered

• Apple has been making news, issuing guidance, and refuting a hack - all around iCloud
  • …

In this episode

• We discuss the largest challenges in the state government sector
• Brian discusses balancing the need for openness versus …

Topics covered

• Community health systems and UPS Stores breached - an analysis and contrast of the two breaches, the data, and the common message
  • …

In this episode

• Jason tells us why he isn't hating on compliance
• Jason talks about how security people are often the source of the issues
• Jason …

Topics covered

• Survey shows CISOs still struggle for respect (from business peers)
  • …

In this episode

• Who is J.W. Goerlich (redux from episode - 
• How did he get to where he is now?
• How does the security executive deal with the "moving …

Topics covered

• Certificate pinning back in the spotlight with the GMail iOS app having some difficulties, but there is a bigger issue here. We …

In this episode

• Jim Tiller - a few things you probably didn't know?
• In the last 15 years, what has changed, and what hasn't?
• Why isn't security …

Topics covered

• Florida Information Protection Acf of 2014 is in the books, and it brings "sweeping changes" to the data breach disclosure process in …

In this episode

• Who is Dan Geer (just in case you live in a cave and don't know)
• Dan's definition of security - "The absence of unmitigatable …

Topics covered

• Your server may have a hardware flaw that exposes your baseband management interface to the world - …

In this episode

• What exactly is "GRR"?


• What sorts of things can GRR do?


• What is a hunt, and how does it scale across tens of thousands of machines?


• How …

Note: I want to thank Will Gragido for stopping by this morning to talk over the news with us. Always great to have someone with a fresh perspective, …

My apologies for some of the skips in this episode - we had some difficulty with the recording and ultimately I hope it doesn't take away from Joe's …

Note: Today, Kim Halavakoski joined us on the show to provide perspective all the way from Finland! We appreciate his international addition to the show, and hope the listeners enjoy the added brainpower.

Topics …

In this episode

• Jeff explains the background of the relationship between the US government, ICANN and IANA
• What is the ITU and why is this $0 …

Announcements:

• I want to thank Circle City Con as a sponsor for the show! I have one more ticket to give away ... so watch the #DtR hashtag on …

In this episode

• Dan gives us the reality of living in what is commonly termed "the post-breach" world
• Dan and Robin talk through the explosion in …

Topics dicussed

• Microsoft has issued a patch for the massive MS IE flaw - for WindowsXP! - …

In this episode

• We discuss some of the new techniques auto insurance companies are using to custom-tailor rates to drivers
• Our guest discusses some …

Topics discussed

• The big story - "Heartbleed"
  • …

In this episode

• Advanced Threat Actors - more or less a threat right now than before? (how much is hype?)
• Advanced Persistent Threat - is it really …

Topics covered

• WindowsXP is officially, for real, definitely end of life - http://windows.microsoft.com/en-us/windows/end-support-help
• Google Nest …

In this episode

• Rise of DDoS
  • Where did it come from
  • What's next
  • Why does it work
  • Spoofer project
  • 3-DOS attacks
• Quantum computing
  • What is it
  • How …

Topics covered

• The FTC jumps into the breech (pun intended) and may try and levy fines against Target, and future breach victims - …

In this episode

• what is the promise of automation, and where did we go wrong (or right?)
• the problems with 'volume' (of logging) and the loss of …

Topics covered

• Target CIO resigns, new central CISO and CCO roles created; but what's really going on here? - …

In this episode

• Does is make sense, in a mathematical and practical senes, to look for 'probability of exploit'?
• How does 'game theory' apply here?
• …

Topics covered

• Apple had a "Goto Fail" failure - yes people at Apple Computer still use Goto statements in 2014 - …

In this episode

• Jay and Bob talk about their new book
• A discussion on using data as 'supporting evidence' rather than gut feelings
• Do we have …

Topics covered

• In the wake of the Target & Nieman Marcus breaches - is chip+pin really a priority right now, and does it solve the real problem? …

In this episode

• David discusses what it's like working for a law firm (in the UK)
• A quick wade through the UK Data Protection Act (mostly Principle …

Special thanks to Michael Santarcangelo ( @catalyst ) for stopping by the show and guest-hosting with James and I! We had fun, and I think you'll all …

In this episode

• Did the Target/Neiman/? breach finally create a catalyst for change?
• The card system, payment processing infrastructure clearly …

I can't believe it's 2014 already, and we're rolling through our 3rd calendar year! As we grow and you "regulars" mount, James and I want to thank …

In this episode

• Chris Wysopal - who is that masked man?
• Putting some reality to the state-sponsored backdoors (Huawei) and supply-chain compromise
• …

In this episode

• Will gives us a lay of the land on the state of "state sponsored" and advanced threats
• We discuss collective advances in malware
• We …

Hello! This is a special episode in that it's our year-end wrap-up. We bring together 3 of the industry's best to talk about the year that was, the things that made were on your mind, and maybe give us a hint at what is …

Folks, if you work with, design, or implement embedded systems this is one episode you don't want to miss. Fair warning, it's a little bit long at …

Special thanks to Steve Ragan ( @SteveD3 ) for sitting in this morning and providing his perspective as a journalist.

Topics Covered

• "Leaked" FBI …

I want to thank Carolyn Kopprasch and the @BufferApp team for getting back to me, and agreeing to not only join the podcast, but also field questions …

I'm back! Maybe a little sleep-deprived and a tad grumpier than usual, but back to talk news!

Topics Covered

• Microsoft unveils the new Digital …

In this episode...

• We revisit some of the topics Eric & I talked about nearly 2 years ago at ISSA International, Baltimore.
• Eric discusses the …

Hey all - Raf here and I wanted to thank James for flying solo as my wife and I celebrate the brith of Niccolai and Isabella our new twins! I'll be …

Special thank you to the US District Attorney's office for the Southern District of California for a fantastic interview and for letting us pick …

In this episode

• We get a peek into the first member of English Royalty that we've ever had on the podcast
• Baroness Neville-Jones discusses the …

Thanks to Josh Corman for joining us this morning ... always nice to have Josh's experience and brain power on the show.

Topics Covered

• Gargantuan …

In this episode...

• James and I host legitimate Polynesian royalty (a princess....) really!
• Katie gives us the skinny on Microsoft's 10 year …

Big thanks to the soon-to-be-regular peanut gallery ... @JoeKnape and @BeauWoods for jumping in this morning and breaking it down with James and I.

…

In this episode...

• Dave Kennedy wraps up DerbyCon 2013, and gives us the statistic you don't want to tell your management
• Dave announces the top …

I want to thank Mr. Josh Corman ( @JoshCorman ) for guest-commentating today's episode, and lending his expertise and industry leadership point of …

For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

In this episode...

• Mike explains once and for all how the BSides namesake came to be
• We talk about how the industry has evolved over the last 10+ …

Today I had the pleasure of sitting down with one old friend, and one new. As a speaker at the HTCIA International conference, and the CISO Summit - …

I want to thank our guests - Beau Woods and Joe Knape for joining us this morning. It was great to have these two well-versed commentators on the …

Every once in a while this podcast has a guest who makes us truly feel blessed to be doing this - Rob Dubois is one of those people. If you don't …

Since James is out this week with something called "work", I've pulled in two friends (affectionately known as "The Joshes") Josh Marpet and Josh C. …

In this episode...

• Rob gives us a little history lesson
• Rob keeps going on the history lesson, IDS, open vs. closed circuits
• We discuss "defense in …

Topics Covered

• The trash bin that stalked me (seriously, only in London) - …

In this episode...

• Dave reminisces a bit...
• Dave discusses 'digitall signed malware' and that it means
• We discuss whether it's true that 'all …

Ladies and gentlemen, we are over the 50 episodes mark!  If you've enjoyed the podcast, please go rate us in the iTunes store, or leave us a note here. Have you checked out past episodes?! There are some gems in there, …

Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into …

Topics Covered

• 9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrook
• …

In this episode...

• We get a little insight into the mind of Tomer, and how he thinks about security
• We get an insight into what HP Software IT …

*Apologies for this very important episode getting out a bit late ladies and gents, experienced a loss in the family so things were a little slow to …

In this episode...

• The gang discusses the issues with the rapid escalation of connectivity in modern-day industrial control systems
• What specialized …

This week, James is flying solo on the microphone catching you up on all the latest news and BIG stories since I'm at HP Discover, Las Vegas and …

In this episode...

• We discuss the true nature of many of the security products decisions CISOs have to make every day
• Frank and Raf make very poorly …

It's June already?! Where has the first half of 2013 gone? James and I break down the last 2 weeks of interesting InfoSec news in a short "Monday …

In this episode...

• John discusses some of the foundational principles of Threat Modeling
• We talk about why threat modeling is like your time in high …

Welcome to Monday, May 20th 2013 as James and I discuss the last 2 weeks' worth of Information Security news and relate it (attemptively) to your enterprise day-job. This week was a bit on the lighter side, with the …

In this episode...

• Kevin, James and I discuss why penetration testing reports are often so worthless
• Kevin and I disagree. Then we agree, sort of.
• …

It's another beautiful Monday (somewhere) and we've got the news of the last 2 weeks covered, and we're breaking it down for you. The news this week …

In this episode...

Live (live-to-tape) from 44Con, London, England.

It's amazing, listening to this episode recorded at 44Con last fall, how little the landscape of enterprise security has changed. I took some time …

It's Monday April 22nd, 2013, and here are the topics from the last 2 weeks James ( @jardinesoftware ) and I ( @Wh1t3Rabbit ) will be talking about as we Monday-morning-quarterback the last 2 weeks in Information …

In this episode...

• A critical discussion on the available 'cyber intelligence' reports from various vendors
• How hard is attribution in cyber space, …

In this second episode of our Monday morning InfoSec quarterbacking, James and I actually got through the news items we had lined up in just about 20 …

First ...a milestone.

I want to take this time to formally welcome Mr. James Jardine, of SecureIdeas, as my permanent co-host to the podcast. James has experience podcasting as he already co-pilots the Professionally …

Welcome to the Down the Rabbithole NewsCast!

Join me in welcoming James Jardine ( @JardineSoftware) of Secure Ideas to the show as a permanent …

In this episode...

• We discuss "big data", what the heck it really is, and whether it's something new, something old, or something marketing made up
• …

Synopsis

This timely podcast is right on the heels of the US vs. Cotterman decision from the 9th Circuit Court of Appeals. One of the watershed decisions on privacy and digital law, this is an extremely important case …

Synopsis

Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of …

Synopsis

Shawn and I have been trying to get together to record an episode for what seems like forever. We first started talking about the CFAA …

Synopsis

I sat down with Bill at ISSA International in Anaheim, CA in the fall of 2012 to discuss what it's like, and what types of challenges he faces in the fast-paced, hybrid world of security at Netflix. We talked …

Synopsis

To kick off January on the Down the Rabbithole podcast I have Mikko Hypponen, the "malware adventurer" and Chief Resarch Officer from …

Synopsis

This microcast episode was recorded live from hackfest.ca 2012, on location in Quebec. The conference is a phenomenal success for the challenges they face (primarily non-English speaking region, small market, …

Synopsis

This episode is special because it's been a long-time-in-the-making interview with Brad Arkin of Adobe. This is the organization that many of the hacker community like to hate, and pick on - without realizing …

Synopsis

LIVE from day 2 of the ISSA International conference 2012, in Anaheim, California I cornered Eric Cowperthwaite after a much-anticipated year-long wait... and we talked about his prediction that in the next 2 …

Syhopsis

When I caught up with these two gentlemen in Amsterdam over the week of Black Hat 2012, I knew we wouldn't run out of things to talk about! …

Synopsis

This week we went free-form with two of my favorite InfoSec insiders ...people you probably follow on Twitter but can't quite place.  Here …

Synopsis

Today's podcast discussion is with someone who has one of the toughest jobs in the security world... Patrick helps organizations that generate and deliver the power that runs our gadgets and critical systems …

Synopsis

This episode is a mini-episode recorded live from the social media lounge at HP Discover Las Vegas 2012.  It was an incredible show, where I caught up with Marc and Matt - two guys who are really from opposite …

Synopsis

In this episode we ask the big question of "Can security be a part of the 'build/deploy faster!' culture?"  We discuss the need to separate …

Synopsis

This episode was recorded in June '12, live from the show floor at HP Discover Las Vegas, 2012 and the talk of the town was once again DevOps.  Gene and I have had 2 prior conversations on the topic, but we're …

Synopsis

This episode is special, not because it's more Info Security stuff, but because we take a far departure from the world of bits and bugs to the world of the pick-pocket and thief.  Sitting down with Bob Arno is …

Synopsis

I caught up with my friend Kellman Meghu at BSides Detroit as the conference was coming to a close and we finally got to sit down and have a fun conversation about chaos, and what sorts of things enterprises …

Synopsis

Greetings fans, this episode promises to be a great one with the likes of Adam Shostack starting off talking about what the whole concept of …

Synopsis

Last winter, on a frigid afternoon I got a chance to sit down with 2 of my favorite Iowa locals, Kevin and Kenneth to talk about the tenuous relationship between QA and Information Security.  Earlier in the day …

Greetings friends!  I am taking some time to do something a little out of the ordinary right now... I'm coming to you from beautiful Las Vegas, …

Synopsis

This episode of Down the Rabbithole microcast (~15 minutes length) was recorded live at the Ohio Information Security Summit.

Albert and …

Synopsis

In this episode, streamed live and recorded for your listening pleasure, I'm joined by @SpaceRog and @Shpantzer from Security BSides Delaware.  What started out as an off-the-cuff discussion on the 'Cyber …

Synopsis

It's rare that I get to be a spectator at a podcast, but in this case I was listening to some of the conversations and talks being given at …

Synopsis

In this short microcast we rap about the THOTCON 0x3 experience, why we think the Chicago community has taken off so much, and what sorts of interesting things make THOTCON, and the local hacker con here in …

Synopsis

This episode I sit down with Dave Frederickon who has a unique viewpoint on cloud computing from a Canadian point of view, as well as a VP of the HP Canada business.  I pose some tough questions to Dave …

Synopsis

On this episode of Down the Rabbithole I get the distinct pleasure of sitting down with one of Silicon Valley's top attorneys to talk Cloud …

Summary

This 1 hour podcast was recorded live at the March 7th, Chicago Cloud Security Alliance chapter meeting, where we were fortunate enough to have a panel of attorneys discuss the issues with cloud security from a …

Synopsis

The guest on this podcast will blow your mind ... literally.  He is none other than the "human hacker" himself, Christopher Hadnagy, who has written a book and now runs social-engineer.org.  Chris is a …

Synopsis

I had the pleasure of sitting down with Nathaniel Dean, someone I had met through a mutual colleague's introduction, and hear about a neat …

Synopsis

  We were "live to tape" (as Adam says) from HP's Master the Cloud event in Calgary.  As we wrap up the road tour in the frozen city of Calgary I had the pleasure of sitting down with a comedian and celebrity, …

Synopsis

World-renowned author, researcher, speaker and founder of legendary TripWire joins me semi-live from LASCON in Austin, Texas to talk about his current project(s) [The DevOps Cookbook, and When IT Fails: A …

Synopsis

I sat down at the HP Master the Cloud (hp.com/go/cloud) event in Toronto, Canada to answer some Twitter-based questions, talk about the trade show, and listen to some of the fantastic things Victor and his team …

Synopsis

  This special episode of Down the Rabbithole is sponsored exclusively by HP Canada, and I wanted to thank them for hosting this fantastic …

Synopsis

  This month's cal lkicks off 2012 with a big question - "Do security professionals follow their own policies?" ... and as we talk through …

Synopsis

This episode with Jeff was awesome, recorded at the OWASP LASCON security conference, I got a chance to sit down with Jeff in person and talk shop.  I always learn something, but in this podcast Jeff dispensed …

Synopsis

  This is the third and final part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk …

Synopsis

  This is the second part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what …

Synopsis

  This is the first part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what …

Synopsis

  On this edition of the podcast, Kris Herrin joins me from the ISSA International Conference to talk about his unenviable role as Chief …

Synopsis

  My guest David Elfering (@icxc on Twitter) and I go all over the map covering various SecBiz related topic, and come up with a fantastic …

Synopsis

  In this edition of the podcast, I sit down with Jeff Moss (@TheDarkTangent) to talk about all of the interesting evolutions currently …

Synopsis

  This is perhaps the most important podcast I've recorded to date, and probably will record for some time.  The guests on my show in this episodes are not only privacy experts, but people who deal with digital …

Synopsis

  This week I host Bryan Stiekes, a distinguished technologist with HP ...and not a security guy by trade.  Bryan has been a part of IT for …

Synopsis

  This is the first MicroCast, a new 15-minute format jammed packed with a series of great topics.  This time around, Jack Nichelson joins me and tells us how Bruce Lee feels about IT Security (this is a great …

Synopsis

  This is a special episode for anyone who's feeling like "Information Security" in their small business is impossible.  My guests and I talk through how to make information security a proper entity that can …

Synopsis

  Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. …

Synopsis

This edition of the podcast doesn't hold back.  We ask "Can someone be hacked out of business?" and as usual we don't really like the …

This is the inaugural podcast episode of Down the Rabbithole.

Our podcast focuses on security, but from a business perspective and shines a light on …

Phil Cox joins Rafal (aka Wh1t3 Rabbit) and Martin McKeay and a gallery of others dicussing the issues with the very nebulous term "Cloud Security", …