Down the Security Rabbithole Podcast

387 EpisodesProduced by Rafal Los (Wh1t3Rabbit)

Follow the Wh1t3 Rabbit ... attention technology and business leaders!The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on releva… read more

episodes iconAll Episodes

DtSR Episode 354 - Pragmatic Azure Security

July 18th, 2019


Fans & Listeners!

This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter.

Highlights from this …

DtSR Episode 353 - Ira Winkler on Point

July 9th, 2019


Yes, DtSR took a week off ... we were due.

This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our …

DtSR Episode 352 - AWS REInforce Warm Up Episode

June 24th, 2019


This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud …

DtSR Episode 351 - Deeper Into the Microsoft Security Ecosystem

June 19th, 2019


Thank you to Microsoft for sponsoring this show, and our podcast over the years...


Highlights from this week's show include...

  • Rob discusses what …

DtSR Episode 350 - Deep Learning on Deep Packets

June 11th, 2019


Show Note: As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra …

DtSR Episode 349 - Verizon 2019 DBIR Double-Live Part 2

June 4th, 2019


Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the …

DtSR Episode 348 - Verizon 2019 DBIR Double-Live Part 1

May 29th, 2019


Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

DtSR Episode 347 - Inside the RH-ISAC

May 21st, 2019


This week, Tommy McDowell who is the Vice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafal in person, in …

DtSR Episode 346 - Green Waxes Mostly Academically

May 14th, 2019


This week, Rafal gets the rare occasion of sitting down face-to-face with someone and do an interview in person. Andy Green is a great if not sharky fellow, who helped me get over my PG rating for this podcast. So ... …

DtSR Episode 345 - RaffCon the Podcast

May 7th, 2019


This week on the podcast, Rafal gets some one on one time with Raffael Marty ... and it's #RaffCon.


Highlights from this week's show include...

DtSR Episode 344 - You've Probably Been Pwned

May 1st, 2019


This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation …

DtSR Episode 343 - The 31st Human Right

April 23rd, 2019


This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO …

DtSR Episode 342 - Michael Coates Has Things to Say

April 16th, 2019


This week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much.

DtSR Episode 341 - Discussing Security Reference Architecture

April 9th, 2019


This week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise …

DtSR Episode 340 - Diana Kelley from RSA 2019

April 2nd, 2019


This week, Down the Security Rabbithole Podcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features …

DtSR Episode 339 - Insuring Against Acts of Cyber War

March 28th, 2019


This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show.


DtSR Episode 338 - Failure of Risk Management

March 19th, 2019


This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone... 

DtSR Episode 337 - Insights on Cyber Talent

March 12th, 2019


This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her …

DtSR Episode 336 - Energy Sector Security Update Q1-2019

February 26th, 2019


This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big …

DtSR Episode 335 - Ranking the Adversaries

February 19th, 2019


This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report that Crowdstrike is releasing. The Crowdstrike 2019 Global Threat Report is a must-read with some very …

DtSR Episode 334 - Compliance and Operational Process

February 12th, 2019


This week, on the DtSR Podcast, Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty …

DtSR Episode 333 - Security Evolution and Trends

February 5th, 2019


This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and …

DtSR Episode 332 - Security in Transformation

January 30th, 2019


This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of …

DtSR Episode 331 - Incident Response and Counterfactuals

January 23rd, 2019


This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp …

DtSR Episode 330 - Biometrics for Authentication

January 15th, 2019


This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way …

DtSR Episode 329 - Volunteering Your Career

January 9th, 2019


This week, on the DtSR Podcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO …

DtSR Episode 328 - Who Who Who Are You

January 2nd, 2019


This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we …

DtSR Episode 327 - Experienced Security Leadership

December 19th, 2018


This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, …

DtSR Episode 326 - MidMarket Security

December 11th, 2018


This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, …

DtSR Episode 325 - A CISO at AWS reInvent 2018

December 5th, 2018


In another episode LIVE'ish from AWS re:Invent 2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show …

DtSR Episode 324-1 - AWS reInvent 2018 Delivering Security

November 28th, 2018


At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short …

DtSR Episode 324 - AWS reInvent 2018 Preamble

November 27th, 2018


This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at!


This …

DtSR Episode 323 - Security of a Global Enterprise

November 20th, 2018


On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national …

DtSR Episode 322 - The Ethics of Cyber Security Panel

November 15th, 2018


This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly.

Highlights from this …

DtSR Episode 321 - Putting Threats In Perspective

November 6th, 2018


** Go Vote **

Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky.

This week, Rob Graham joins Rafal and James (who's back!) to talk about …

DtSR Episode 320 - Specializing in Forensics

November 2nd, 2018


This week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics.


Highlights from …

DtSR Episode 319 - Striking Out On Your Own

October 23rd, 2018


This week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, …

DtSR Episode 318 - War, Cyber and Policy

October 18th, 2018


This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, …

DtSR Episode 317 - Protecting Higher Education

October 9th, 2018


While James is away, Raf will podcast all day ...or something like that.


Highlights from this week's show include:

  • Bill talks about what it's like …

DtSR Episode 316 - NCSAM 2018

October 3rd, 2018


So, it's October 2018, and it's National Cyber Security Awareness Month. Again.

James and I have a bit of an issue with this, as you'd guess. Why are we still talking about awareness when we need action? Are there …

DtSR Episode 315 - Women in Cybersecurity-Mary Cheney

September 25th, 2018


On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. …

DtSR Episode 314 - None of This Crap is Secure

September 18th, 2018


This week, on DtSR Episode 314, the infamous (that's more than famous) John Strand joins us. No, not the male model ...the guy who's been an InfoSec …

DtSR Episode 313 - Cyber Law Update Sept 2018

September 11th, 2018


Friends welcome to yet another edition of the Down the Security Rabbithole Podcast - as we invite perennial favorite, Shawn Tuma onto the show! Shawn …

DtSR Episode 312 - Ann Johnson on Mental Health

September 5th, 2018


This week Down the Security Rabbithole Podcast welcomes two very cool ladies from the InfoSec realm. First Ann Johnson of Microsoft (if you don't …

DtSR Episode 311 - Further the Browser

August 29th, 2018


This week we dive into the world of the web browser. A brief history, some discussion about what's wrong and how it's broken - and a few suggestions for what to do next. This is a complicated discussion - so you can bet …

DtSR Episode 310 - RFP POC OMG

August 23rd, 2018


This week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security …

DtSR Episode 309 - Digital Transformation, Take 2

August 14th, 2018


This week Nate Smolenski - Director, Cloud Architecture Services - joins us for an insightful discussion on the concept of digital transformation for …

DtSR Episode 308 - Theoretical and Applied Futurism

August 8th, 2018


Friends, this week's episode is truly unique. We talk to a gentleman whose job it is to think big, and into the future in a big way.

Jeremy Nulik is …

DtSR Episode 307 - Building and Teaching in Chicago

August 1st, 2018


On this episode of the Down the Security Rabbithole Podcast, Rafal is in Chicago for a few days and visiting with a long-time friend and colleague, …

DtSR Episode 306 - Balancing Family and Career

July 25th, 2018


This week, we tackle a topic that should not have taken 306 episodes to get to - balancing family and work while growing a career in Information …

DtSR Episode 305 - Security for the Mid-market

July 17th, 2018


Do you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you, and …

DtSR Episode 304 - Transforming Security

July 11th, 2018


This week, James and I interview a former Optiv colleague and advisor to many Fortune 250 CISOs in his long career, our friend Ron Kurisczak. Ron's …

DtSR Episode 303 - Advising Security Leadership

July 3rd, 2018


Thanks to my friend Brian Wrozek for joining us this week on Down the Security Rabbithole Podcast. Brian's long career as a CISO has broken several …

DtSR Episode 302 - InfoSec Superhero Syndrome

June 26th, 2018


This week, as DtSR rolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad …

DtSR Episode 301 - Julie Conroy on eFraud and Identity

June 19th, 2018


This week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a …

DtSR Episode 300 - Reminiscing

June 14th, 2018


Thank you, listeners!

Down the Security Rabbithole has reached milestone episode #300.

In this episode, James and Rafal sit down with the nothing …

DtSR Episode 299 - Leadership Lessons w Chris Abramson

June 5th, 2018


Special thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure!


Highlights from this week's show include...

DtSR Episode 298 - Overcoming the Language Barrier

May 29th, 2018


Two more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe).


Highlights from this week's show …

DtSR Episode 297 - A Model for Prioritizing Patching Efforts

May 22nd, 2018


Before you listen to this podcast ... go grab this report: from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this …

DtSR Episode 296 - Hype Machine Off the Rails

May 15th, 2018


This week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in …

DtSR Episode 295 - DevSecOps is Not a Thing

May 9th, 2018


This week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud …

DtSR Episode 294 - Securing Azure

May 2nd, 2018


* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at 

DtSR Episode 293 - Diana Kelley from RSA 2018

April 24th, 2018


* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at

DtSR Episode 292 - Navigating Industry Conferences (RSA)

April 17th, 2018


This week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide …

DtSR Episode 291 - A New Perspective On Endpoint (Nyotron)

April 10th, 2018


[This week's episode and fantastic discussion on endpoint security is sponsored by Nyotron]. DtSR listeners already know we don't do advertisements or traditional sponsorship - so when we bring in a sponsored guest it's …

DtSR Episode 290 - What Ails the CMS

April 3rd, 2018


This week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in …

DtSR Episode 289 - Neither Security Nor Privacy

March 27th, 2018


This week, join DtSR as Rafal sits down across the virtual table with the one and only Robert Hansen. Rob (aka @Rsnake ) discusses his roots of being an almost-bad-guy, to the security of browsers, and privacy. Plus we …

DtSR Episode 288 - Experienced Opinions

March 20th, 2018


This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an …

DtSR Episode 287 - Armored and Battle Tested

March 13th, 2018


In case y'all don't read LinkedIn or Twitter - Rafal recently joined Armor (, so what better time to interview the CEO Chris Drake than right now.

So this week, Chris Drake joins us in the studio to talk about …

DtSR Episode 286 - Breach vs Incident vs Lawyers

March 6th, 2018


This week's DtSR Podcast sits down in the offices of Shawn Tuma to discuss an update on the law with regards to data breaches, or incidents - and what the differences between. We talk through current events, past …

DtSR Episode 285 - Alt-Tab Alt-Tab Swivel-Chair

February 27th, 2018


We have a treat for you folks this week!

On episode 285 of the podcast I'm joined by three well repected, forward thinking, and …

DtSR Episode 284 - MSS SOS

February 20th, 2018


This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's …

DtSR Episode 283 - Testing Security Into Applications

February 13th, 2018


This week an old friend, Vinnie Liu of Bishop Fox, joins Raf and James to talk about the history of App Sec. We started trying to test ourselves …

DtSR Episode 282 - DDoS - Past, Present, and Future

February 6th, 2018


Join us this week on Down the Security Rabbithole as Barrett Lyon (who knows a thing or two about DDoS) is our guest to talk about the evolution of …

DtSR Episode 281 - Exploiting and Defending Human Behavior

January 30th, 2018


This week, go Down the Security Rabbithole with James and Raf as they host Robert Sell. Robert took 3rd place at the Defcon SECTF (Social Engineering …

DtSR Episode 280 - A Cloud Container Security Primer

January 22nd, 2018


This week, Chris Rosen from IBM joins us to talk about cloud containers - and the security (or lack thereof) of them. There is a paradigm change coming which significantly impacts security - if we're ready for it. Chris …

DtSR Episode 279 - Deeper Down the SDP Rabbithole

January 16th, 2018


This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and …

DtSR Episode 278 - The Meltdown Over Spectre

January 9th, 2018


Welcome Down the Security Rabbithole. This week we bring Jeff Schilling from Armor to talk about Spectre and Meltdown - the two hottest topics of the …

DtSR Episode 277 - An Outside In Look at Security and Innovation

January 2nd, 2018


Happy New Year, 2018.

Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that …

DtSR Episode 276 - Game Changer in ICS (no FUD edition)

December 26th, 2017


What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety …

DtSR Episode 275 - Beyond 2017 A New Hope

December 19th, 2017


For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "

DtSR Episode 274 - Let's Talk Power Grid

December 13th, 2017


This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed.

Patrick and …

DtSR Episode 273 - Automate or Die (w/Demisto)

December 5th, 2017


Join James and Rafal, one last time, live from Enfuse Conference (Las Vegas, NV) this past summer.

In this episode, we track down a personal friend of Raf's - Bob Kruse, Demisto, VP Sales & Alliances, and talk about …

DtSR Episode 272 - Innovation, Startups, and the Security Bubble

November 28th, 2017


This week, Grant and Mark join me live and in person in Las Vegas at the Amazon AWS re:Invent conference to talk about the security marketplace, innovation, "the bubble" and more.

Here's the announcement we talked about …

DtSR Episode 271 - The Secrets of Influence Through Communication

November 21st, 2017


This week James and I are fortunate enough to have one of the best keynote speakers I've ever seen on the show. He's an amazing speaker, a brilliant magician and a sharp dresser - this guy is the real deal.

Straight off …

DtSR Episode 270 - Secrets of InfoSec at Scale

November 15th, 2017


Ladies and gentlemen - we have our first 3-time guest! Brandon Dunlap, my good friend and industry titan, joins the podcast for his third trip down …

DtSR Episode 269 - Industrial Internet of Things (IIOT)

November 7th, 2017


This week, we have a repeat guess with Robert M. Lee joining our show to talk about the Industrial Internet of Things. Rob's just finished a conference his company, Dragos, Inc, just started to educate and help increase …

DtSR Episode 268 - CISOs Survival Guide

October 31st, 2017


Welcome down the Security Rabbithole, friends and colleagues!

This week, my guest is Larry Whiteside, Jr. (we know him as the best dressed man in …

DtSR Episode 267 - Cyber Security Awareness Month Wrap

October 24th, 2017


This week, James and Raf cover the tail-end of Cyber Security Awareness Month. It's been an interesting week of news and of course let's talk about awareness.

Have you completed your mandatory training?

-- This weeks' …

DtSR Episode 266 - Leadership Perspective with Michael

October 17th, 2017


This week we're getting the band back together!

Michael Santarcangelo joins us for a segment we'll be featuring regularly (look for is every 6 weeks …

DtSR Episode 265 - Privacy and Paranoia

October 10th, 2017


This week's Down the Security Rabbithole Podcast asks - "Are you paranoid enough about your privacy? or do you simply not have any?" with a couple of …

DtSR Episode 264 - Windows Forensics Then and Now

October 3rd, 2017


This week, Harlan Carvey joins James and I to talk about the evolution of Windows forensics over the last decade and half or so. Harlan has more …

DtSR Episode 263 - Legal Update Q3 2017

September 26th, 2017


On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our …

DtSR Episode 262 - Deeper Down the Cyber Liability Insurance Rabbithole

September 20th, 2017


This episode, in conjunction with the Security Advisor Alliance ( ) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the …

DtSR Episode 261 - Deeper Down the ML Rabbit Hole

September 13th, 2017


Welcome to another Down the Security Rabbithole episode folks!

This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and …

DtSR Episode 260 - The Immense Challenge of Protecting Office 365

September 5th, 2017


This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On …

DtSR Episode 259 - Risk Communication Primer

August 31st, 2017


As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". …

DtSR Episode 258 - Big Scary Numbers

August 22nd, 2017


This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we …

DtSR Episode 257 - Software Ate the Perimeter

August 16th, 2017


This episode of Down the Security Rabbithole Podcast was recorded live and in person in Las Vegas at the Black Hat Conference 2017. Raf had a chance …

DtSR Episode 256 - Rick Howard on the Record

August 9th, 2017


This week - Rick Howard joins us and goes on the record to talk about the Security Canon and a few other interesting things you're just going to have …

DtSR Episode 255 - Security and Human Nature

August 1st, 2017


This week on the Down the Security Rabbithole Podcast, John Nye ( @EndIsNye_Com ) to talk about the human aspect of the cyber security equation. …

DtSR Episode 254 - Lowdown and Dirty ICS

July 25th, 2017


This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. …

DtSR Episode 253 - Defending the Small-to-Medium Enterprise

July 18th, 2017


On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.


  • Blue Cross Blue Shield of …

DtSR Episode 252 - DFIR with Lesley Carhart

July 11th, 2017


In this smasher of an episode James and I are joined by Lesley Carhart live from Enfuse Conference in Las Vegas to talk about the DFIR (Digital Forensics and Incident Response) as a broad field. There is SO much to talk …

DtSR Episode 251 - General Data Protection Regulation (GDPR)

June 27th, 2017


This week on Down the Security Rabbithole Episode 251 (wow, can you believe we've published 251 full episodes?!) James and I host a roundtable of …

DtSR Episode 250 - Deconstructing the Internet of Things

June 20th, 2017


Fresh off of his closing keynote at Enfuse Conference 2017 in Las Vegas, Dr. Timothy Chou joins us to talk about the difference between the Internet of People and the Internet of Things.

Even though many people talk …

DtSR Episode 249 - Finding a Way

June 13th, 2017


This week, James and i try out a new format for the show. We hope you enjoy the blend of news commentary and an interview. 



  • More car …

DtSR Episode 248 - Nick Hyatt On Ransomware

June 6th, 2017


This podcast episode was recorded live to tape from Enfuse Conference 2017 from Las Vegas. If you didn't get a chance go get out this year to one of the premier DFIR (Digital Forensics and Incident Response) conferences …

DtSR Episode 247 - Internet of Things Forensics

May 30th, 2017


Live once again from Enfuse Conference 2017 in Las Vegas, James and I interview Amber Schroader, the President and CEO of Paraben. This interview happened because you all voted and asked for it..ok and because she's a …

DtSR FeatureCast - Enfuse Conf 2017 - Theresa Payton

May 26th, 2017


As James and I continue to publish our Enfuse Conference 2017 series of episodes we are this week joined by Theresa Payton. Theresa is the former CIO of the George W. Bush White House Administration, and now on the …

DtSR FeatureCast - Enfuse Conf 2017 - DFIR Students

May 24th, 2017


Continuing our series recorded live at Enfuse Conference 2017 in Law Vegas, this episode features two USC students who are part of a large contingent here to learn and make connections.

Tatiana and Ayman join us to talk …

DtSR FeatureCast - Enfuse Conf 2017 - Keynote Patrick Dennis

May 24th, 2017


Today, CEO Patrick Dennis joins the Down the Security Rabbithole Podcast right after his keynote to talk about the conference, what's going on at …

DtSR FeatureCast - Enfuse Conf 2017 - Preamble

May 23rd, 2017


We kick off a week of on-the-scene podcasts live'ish from Enfuse Conference 2017, hosted by Guidance Software in Las Vegas, Nevada with Lori Chavez VP of Corporate Marketing. She is the brains responsible for the …

DtSR Episode 246 - Finding and Responding to Badness

May 23rd, 2017


This week we are live from Enfuse Conference 2017 in Las Vegas, Nevada.

Special thanks to Guidance Software for having us out and getting us access …

DtSR Episode 245 - NewsCast for March 16th 2017

May 16th, 2017

Microsoft warns ransomware cyber-attack is a wakeup call
  • As of recording, it is reported that 200,000 computers were infected.
  • Patch for flaw was …

DtSR Episode 244 - A Government CISOs Perspective

May 10th, 2017


This week - live and in person from Denver, Colorado and the RMISC Conference I interview Stephen E. Coury the CISO of the County and City of Denver. …

DtSR Episode 243 - NewsCast for May 2nd 2017

May 2nd, 2017

Chrome to mark more HTTP pages ‘Not Secure’
  • In October, 2017, all HTTP sites will be marked ‘Not Secure’ while in incognito mode.
    • Incognito mode …

DtSR Episode 242 - Management and Leadership

April 26th, 2017


This week the team gets together to talk Management and Leadership in the security industry and in general. Our very own Michael Santarcangelo joins us as our featured guest to dispense knowledge on leadership by the …

DtSR Episode 241 - NewsCast for April 18th 2017

April 18th, 2017

NewsCast for Tuesday April 18th, 2017


Dallas Tornado Sirens Hijacked
  • Tornado sirens in Dallas all simultaneously went off
  • Suspected hijacking of …

DtSR Episode 240 - The Truth About Machine Learning

April 11th, 2017


This week the Down the Security Rabbithole podcast hosts Sven Krasser of CrowdStrike. Sven is an actual machine learning data science expert (as …

DtSR Episode 239 - NewsCast for April 4th 2017

April 6th, 2017

Pew Center Survey Finds Americans Lack Understanding of Cybersecurity Measures
  • Most ‘typical’ users simply don’t understand security because it’s …

DtSR Episode 238 - March 2017 Update with Shawn Tuma

March 28th, 2017


This week, on the Down the Security Rabbithole Podcast, Michael and I are back with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from …

DtSR Episode 237 - NewsCast for March 21st 2017

March 21st, 2017

The Cost of Cybercrime - Let’s Take a Different Perspective
  • Cybercrime is reported as a $450B drag on the economy; the absolute number sounds big

DtSR Episode 236 - Enterprise Architecture 2017

March 14th, 2017


Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 ( 

DtSR Episode 235 - NewsCast for March 7th 2017

March 8th, 2017


A Note on the Passing of a Legend

  • Howard Schmidt passed away this week
  • Long, distinguished career as one of the CISOs who “got it”
  • He will be missed …

DtSR Episode 234 - Straight Talk on National Security

March 1st, 2017


This week, the interview is extra special because we have a guest I've personally been following for a long while, and I finally got a chance to …

DtSR Episode 233 - Reflecting on RSA Conference 2017

February 21st, 2017


This week, fresh on the close of RSA Conference 2017 James, Michael and I discuss the happenings of the conference, lessons, and features along with some inside anecdotes you won't get from anywhere else. Of course, we …

DtSR Episode 232 - Security, Fraud, Digital Payments

February 15th, 2017


This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating …

DtSR Episode 231 - NewsCast for February 7th 2017

February 8th, 2017


It is that time of year of W-2 Scams

  • There have been multiple reports of companies releasing W-2s through email scams.
  • Link:

DtSR Episode 230 - The IoT You Got for Christmas

January 31st, 2017


On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the …

DtSR Episode 229 - NewsCast for January 24th 2017

January 25th, 2017


Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled)


DtSR Episode 228 - Another Look at Endpoint Security

January 18th, 2017


This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing …

DtSR Episode 227 - NewsCast for January 10th 2017

January 12th, 2017


St. Jude, MedSec and the FDA

  • FDA, St. Jude go through disclosure/fix cycle
  • No mention of MedSec - interesting for discussion; did they have an …

DtSR Episode 226 - Targeted Threats Facts From Fiction

January 3rd, 2017


Welcome to the first Down the Security Rabbithole Podcast episode of 2017!

We would like to kick off this year, and the run to episode 250 with an …

DtSR Episode 225 - NewsCast for December 20th 2016

December 20th, 2016


Merry Christmas, Happy New Year everyone!


May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the …

DtSR Episode 224 - Pointing the Finger of Responsibility

December 13th, 2016


On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be …

DtSR Episode 223 - NewsCast for December 6th 2016

December 6th, 2016


Federal Government Disproves the Myth of Cyber Talent Shortage

  • If the government can find and hire them - they exist
  • What does that mean for the …

DtSR Episode 222 - Zero Trust Security Model

November 30th, 2016


This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's …

DtSR Episode 221 - NewsCast for Nov 22 2016

November 22nd, 2016


DHS Releases Strategic Principles for Securing the Internet of Things

DtSR Episode 220 - Blaming the Breach Victim

November 15th, 2016


This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off …

DtSR Episode 219 - NewsCast for Nov 8th 2016

November 8th, 2016


It is election day.. Have you voted?


Beware, IPhone Users: Fake retail apps are surging before the holidays

  • The issue of brand protection and …

DtSR Episode 218 - The Business of Security

November 1st, 2016


This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are …

DtSR Episode 217 - NewsCast for October 25th 2016

October 25th, 2016


The Massive DDoS That Hit Dyn.Org

  • Massive DDoS disrupts a ton of popular websites (Netflix, Twitter, etc)
  • IoT used to amplify attack
  • What does this …

DtSR Episode 216 - Why Software Insecurity is Still a Thing

October 19th, 2016


This week, #DtSR takes a trip down Software Security lane or as some call it "How are we still writing code with bugs that we found relatively concrete fixes for in the late 90's?" (I may have been watching too many …

DtSR Episode 215 - NewsCast for October 11th 2016

October 11th, 2016

‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests

DtSR Episode 214 - Financial Impact of Breaches

October 4th, 2016


Grab a cup of coffee, jack in your earphones and listen up.

DtSR Episode 214 is addressing the issue of breaches, and their material financial impact to an organization.

The premise is simple - when you have a breach, …

DtSR Episode 213 - NewsCast for September 27th 2016

September 27th, 2016


Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If you’re up to discuss …

DtSR Episode 212 - Insider Threat Primer

September 20th, 2016


In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.

Mike has loads of …

DtSR Episode 210 - Data Protection Primer

September 7th, 2016


In this episode James and I invite Vlad Klasnja from Optiv's Office of the CISO, and Hudson Harris, Chief Privacy Officer at HarrisLOGIC, to talk about data protection. From defining the concept to providing some …

DtSR Episode 209 - NewsCast for August 29th 2016

August 30th, 2016


NewsCast for Tuesday August 30th, 2016


Clinic Won’t pay breach protection for victims

DtSR Episode 208 - Beyond the Ransomware Economy

August 23rd, 2016


This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk …

DtSR Episode 207 - NewsCast for August 16th 2016

August 18th, 2016


Quick note from Michael about the Straight Talk Framework & Program -- >

  • Get your free copy at

DtSR Episode 206 - Vulnerabilities, Disclosure, Ethics, Research and Security

August 10th, 2016


In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk …

DtSR Episode 205 - NewsCast for August 2nd 2016

August 6th, 2016


Quick note from Michael about the Straight Talk Framework -- >

  • I’ve separated the framework from the programs; the framework is free and …

DtSR Episode 204 - On Changing Culture

July 26th, 2016


This week, Chris Romeo joins Michael, James and I to talk about changing the security posture of an organization by changing culture. This episode …

DtSR Episode 203 - NewsCast for July 19th 2016

July 19th, 2016


Ransomware that's 100% pure JavaScript? Sort of...

  • Slightly misleading article
  • Generally a Windows-based attack (go where the users are)

DtSR Episode 202 - Outsourced but Better

July 12th, 2016


This week on the Down the Security Rabbithole podcast, Brandon Dunlap is back for his second show. Following up on Episode 158 where we discussed …

DtSR Episode 200 - Privacy, Security, Risk and Law Collide

June 28th, 2016


** Our 200th numbered episode! **


A note from Raf:

 Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our …

DtSR Episode 199 - NewsCast for June 21st 2016

June 21st, 2016


In this episode..


The "Nuclear Bomb" analogy isn't working, stop using it"

DtSR Episode 198 - What Legal Counsel Wishes CISOs Knew

June 14th, 2016


On this episode of the Down the Security Rabbithole podcast, Dawn-Marie Hutchinson, currently an Executive Director within the Optiv Office of the …

DtSR Episode 197 - NewsCast for June 7th 2016

June 7th, 2016


In this episode...



Are people "going offline" as a result of increasing dangers of the Internet?

  • This article makes the case for yes: 

DtSR Episode 196 - Jason Witty

May 31st, 2016


On this episode of the Down the Security Rabbithole podcast, I get the pleasure of sitting down with one of my all-time favorite Chief Security …

DtSR Episode 195 - NewsCast for May 24th 2016

May 24th, 2016


This week the gang's all here to talk about some news happenings. Michael, James and I talk through some of the stories we've been tracking.

Have something you've been reading and want to talk about? Hit us on Twitter …

DtSR Episode 194 - Update on Cyberlaw w Shawn Tuma

May 17th, 2016


In this episode...


Michael and I welcome back Shawn Tuma, our resident Cyber Law Expert from the great state of Texas. We discuss some of the recent cases (unlocking an iPhone!) and some of the tough issues facing the …

DtSR Episode 193 - NewsCast for May 10th, 2016

May 10th, 2016


In this episode..


ImageTragick - major flaw in open source image processing toolkit

  • ImageTragick is CVE-2016-3714
  • Logo & Website:

DtSR Episode 192 - Healthcare and Critical Infrastructure Security

May 4th, 2016


In this episode...

Join our guest Larry Whiteside, Michael and I as we record live from InfoSec World 2016 in sunny Orlando, Florida! We talk through the life of a CISO, and the challenges of being in the Healthcare and …

DtSR Episode 191 - NewsCast for April 26th 2016

April 26th, 2016


In this episode...

Only about a third of companies know how many vendors access their systems

  • nearly every company is at risk for a third party …

DtSR Episode 190 - Interview with Lance James

April 20th, 2016


In this episode, James, Michael and I are live from InfoSec World 2016 and we get the pleasure of interviewing Lance James fresh off the keynote …

DtSR Episode 189 - NewsCast for April 12th 2016

April 12th, 2016


In this episode...


Pros examine mossack-fonseca breach: Wordpress plugin, Drupal likely suspects

  • Plug-ins seem to be a universal weakness
  • Many …

DtSR Episode 188 - Security Talent Truths

April 5th, 2016


Intro song: "Josh Gabriel - Deep Down"; Intro/Outro v/o courtesy of @ToddHaverkos

DtSR Episode 187 - NewsCast for March 29th, 2016

March 29th, 2016


In this episode...

  • BadLock bug (which now has a website, a graphic, and more hype than Bieber) is out there
    • Is the bug really worth all this hype?

DtSR Episode 186 - Becoming a CISO

March 22nd, 2016


In this episode


I posed some questions to Joey, an InfoSec professional who had recently moved into a CISO role in a midwest retail company:

  • Let's …

DtSR Episode 185 - NewsCast for March 15th 2016

March 21st, 2016


In this episode...


The FTC is getting into providing guidance on password changes

  • Well OK, this isn't really guidance, it's just a blog
  • But - does …

DtSR Episode 184 - A CISO Post-RSA WrapUp

March 16th, 2016


In this episode, we wind down from RSA Conference 2016 and talk with Jonathan and Michael, both security executives and leaders at their respective companies whom were both out at RSA Conf and share with us some of …

DtSR Episode 183 - NewsCast for March 1st 2016

March 1st, 2016


This is RSA Conference week, so while Rafal is out in San Francisco trying to make it through another one, James and Michael break down the news events that you may have missed.


300,000 Homes affected by security …

DtSR Episode 182 - Apple Versus the FBI

February 23rd, 2016


In this episode...

  • Michael and I moderate what turns out to be an expert-filled panel discussion on the real issues of the Apple vs FBI debate
  • Shawn …

DtSR Episode 181 - NewsCast for Feb 16 2016

February 16th, 2016


In this episode


Class action lawsuit against SuperValu dismissed

  • No damage (use of stolen information) so there's no case?
  • As time passes, risk of …

DtSR Episode 180 - From the CISO Perspective

February 9th, 2016


In this episode...

  • Andrew discusses a few of the key challenges making it difficult for the healthcare sector right now
  • Robb, Andrew and Raf discuss …

DtSR Episode 179 - NewsCast for Feb 2nd 2016

February 2nd, 2016


In this episode


Employees may face penalties if they misinterpret security policies?

  • Human behavior still seen as the biggest weakness
  • Employers …

DtSR Episode 178 - What Will Get Us There

January 26th, 2016


In this episode

  • What goes us here - so where are we?
  • Where do we go, and how? (addressing stunt hacking)
  • We discuss how we can influence outcomes, …

DtSR Episode 177 - NewsCast for January 19th, 2016

January 19th, 2016


In this episode

FTC imposes a $250,000 fine for "false advertising" of encryption

  • Interesting case, where there really was 'false advertising'
  • Would …

DtSR Episode 176 - 2015 InfoSec Legal Review

January 13th, 2016


We open up our 2016 year interviewing Shawn Tuma on the show. Shawn is our legal eagle, and a regular contributor to the podcast. This episode ran a …

DtSR Episode 175 - NewsCast for January 5th 2016

January 5th, 2016


In this episode...


Juniper has a backdoor problem

  • 2 separate issues, auth bypass & VPN weakness
  • backdoor discovered in Juniper devices
  • lots of …

DtSR Episode 174 - Health Check on Healthcare InfoSec

December 28th, 2015


In this episode...

  • We discuss what in the world is going on in the healthcare space, and why they’re such a target for attackers
  • Dustin discusses …

DtSR Episode 173 - NewsCast for December 14th 2015

December 14th, 2015


In this episode...

  1. Vizio is getting sued, over data their TVs collect?
    • James provided security tips on the local news station and one of those tips …

DtSR Episode 172 - The Truth on Cyber Insurance

December 7th, 2015


Thanks for joining us! This is a very important episode with true experts on the topic of cyber insurance. I was lucky enough to get an attorney and a VP of an insurance firm who specialize in the topic and their depth …

DtSR Episode 171 - When the FTC Attacks

November 30th, 2015


In this episode

I interview Mike Daugherty - author of The Devil Inside the Beltway [ link] live from the Security Advisor Alliance first-ever Summit in Dallas, TX. Mike was kind enough to sit down with me …

DtSR Episode 170 - Minneapolis CISO Summit Roundtable 1

November 23rd, 2015


In this episode

  • We start a constructive discussion addressing the problem of the ‘talent shortage’
  • The panel discusses the general lack of …

DtSR Episode 169 - NewsCast for November 16th 2015

November 16th, 2015


In this episode...

  • Is this seriously the FBI suggestion to companies hit with ransomware?

DtSR Episode 168 - Practical Enterprise Threat Intelligence

November 9th, 2015


In this episode

  • Rob & Liam discuss the practical applications of threat intelligence for today's enterprise
  • We discuss what enterprise threat …

DtSR Episode 167 - NewsCast for Nov 2nd 2015

November 2nd, 2015


In this episode...

  • Turn any old car into a "smart car" for $200 with this new miracle device

DtSR Episode 166 - Cyber Security From Board Room to White House

October 26th, 2015


In this episode...

  • Raf sits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.

DtSR Episode 165 - NewsCast for October 19th, 2015

October 19th, 2015


In this episode...

  • Standard & Poor's Adding Cybersecurity to Ratings
    • The headline
      • In a report issued this week, the rating agency says it …

DtSR Episode 164 - 3rd Party and Supply Chain Risks

October 12th, 2015


In this episode...

  • Raf asks why we talking about global supply chain, 3rd party risk again
  • Josh discusses what little things we are not thinking …

DtSR Episode 163 - NewsCast for October 5th, 2015

October 5th, 2015


In this episode...

  • Patreon got hacked, but it's OK
    • This is a lesson in how to do security in a reasonable manner
    • Great response, good security

DtSR Episode 162 - OSINT and Privacy in a Digital World

September 28th, 2015


In this episode...

  • Kirby tells us what OSINT is
  • We discuss how much we are giving away on digital channels?
  • We discuss if there is such a thing as …

DtSR Episode 161 - NewsCast for Sept 21st, 2015

September 21st, 2015


On this episode of the NewsCast

  • Intel forms new Automotive Security Research Board (ASRB) to focus on security of their automotive platform

DtSR Episode 160 - Leadership from a Navy SEAL

September 14th, 2015


In this episode...

  • Brandon, Michael and I discuss the challenges of leadership and how leadership is more than just telling people what to do. …

DtSR Episode 159 - NewsCast for Sept 7th 2015

September 7th, 2015


In this episode

  • Court strikes down Wyndham's challenge to FTC power
    • We have covered this before
    • Wyndham argued due proces and lack of case law - …

DtSR MicroCast 08 - Conference Engagement

September 1st, 2015


In this MicroCast, live from HTCIA Conference 2015 in Orlando, FL, Michael and I quickly set the stage for a conversation on conference speaker/attendee engagement. 

[Raf] One of my biggest pet peeves as a speaker is …

DtSR Episode 158 - Managing Security with Outsourced IT

August 31st, 2015


In this episode...

  • We discuss what life is like as the CISO when you have all the responsibility for, but no administrative access (or hands on …

DtSR Episode 157 - NewsCast for Aug 24th, 2015

August 24th, 2015


In this episode...

  • Just when you thought America's neutered "chip & sign" was a safe

DtSR Episode 156 - Leadership Defined Measured and Discussed

August 17th, 2015


In this episode...

  • We discuss the ever-growing need for strong leadership in security
  • I ask whether experience and longevity in a position naturally …

DtSR Episode 155 - NewsCast for Aug 10th, 2015

August 10th, 2015


In this episode...

  • The Belgian government's internal phishing test has "gone off the rails" a bit
    • Used a legitimate entity to test against
    • Panic …

DtSR Episode 154 - Enterprise Software Security Reloaded

August 3rd, 2015


In this episode

  • Raf asks - Why haven’t we solved the same old software security bugs?
  • James asks how a security team gets out of the way and still …

DtSR Episode 153 - NewsCast for July 27th, 2015

July 27th, 2015


In this episode...

  • "Hackers remotely kill a Jeep!"
    • Lots to talk about
    • Basics of segmentation weren't followed, aren't followed
    • Discussion on …

DtSR Episode 152 - The Great InfoSec Talent Shortage

July 20th, 2015


In this episode

  • Talent shortage - is it real, and how bad is it?
  • We discuss: what does negative unemployment actually mean?
  • Michael asks- ecurity is …

DtSR FeatureCast - HTCIA International Conference 2015 Preview

July 15th, 2015


In this episode...


  • Peter Morin joins us to talk through the upcoming HTCIA International 2015 Conference in sunny Orlando, Florida.
  • We talk …

DtSR Episode 151 - NewsCast for July 13th, 2015

July 13th, 2015


In this episode...

  • Appears as though Windows 10 WiFi Sense could have some issues with WiFi -- more on this as it develops
    • Why is the default …

DtSR Episode 150 - A CEOs Perspective

July 6th, 2015


In this episode

  • We take a little peek inside the mind of a CEO, from the security perspective
  • We discuss the state of information security in the …

DtSR Episode 149 - NewsCast for June 29th 2015

June 29th, 2015


In this episode

With me gone, James and Michael run feral!

  • It's June, so here are the top 3 security priorities for CISOs for 2015 (yes in June)

DtSR Episode 148 - Focus on the CISO

June 22nd, 2015


In this episode...

  • What is the Security Advisor Alliance?
  • We discuss some of the issues facing CISOs today
  • Clayton gives us his perspective on how …

DtSR Episode 147 - NewsCast for June 15th, 2015

June 15th, 2015


In this episode...

  • Facebook has released PGP-encryption-enabled email communications
    • The anti-privacy platform will now encrypt emails to you if …

DtSR Episode 146 - State of Enterprise Incident Response

June 8th, 2015


In this episode...

  • Defenders are set up to fail? how and why
  • How do we fill forensics and IR positions?What skills and qualifications do …

DtSR Episode 145 - NewsCast for June 1st, 2015

June 1st, 2015


Apologies to anyone who is having issues downloading this episode!

In this episode...

  • The ACLU encourages the government to get into bug bounties

DtSR Episode 144 - Insights from the ISC2 2015 Survey

May 25th, 2015


In this episode...

DtSR Episode 143 - NewsCast for May 18th, 2015

May 18th, 2015


In this episode...

  • Netflix launched FIDO (not that one, or that one, no the other one)
    • Focused on automating incident response practices
    • FIDO is an …

DtSR Episode 142 - Basics and Fundamentals, That Win

May 11th, 2015


In this episode...

  • A quick walk-through of Rob’s talk (“Hacker ghost stories”), and why it’s completely relevant today
  • Simple things that work

DtSR Episode 141 - NewsCast for May 4th, 2015

May 4th, 2015


In this episode...

  • A join Ponemon Institute & IBM Security study shows that, surprise surprise, developers are "neglecting security"
    • The study …

DtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015

April 27th, 2015


In this episode...

  • What about public safety, where do we draw the line on open research?
  • Self-regulation? Disclosure? What are our options…

DtSR Episode 139 - NewsCast for April 20th, 2015

April 20th, 2015


In this episode...

  • Friend and security researcher Chris Roberts steps into it... 
    • A poorly-conceived tweet, followed by mass hysteria
    • Most everyone …

DtSR Episode 138 - Useful Knowledge on Intelligence

April 13th, 2015


In this episode...

  • Where do you even start with “threat intelligence”?
  • Ryan talks about context, and why it’s *the* most important thing when it …

DtSR Episode 137 - NewsCast for April 6th, 2015

April 6th, 2015


In this episode...

  • TrueCrypt security audit results are good news, right? 
    • Why are some of the most depended-upon 

DtSR Episode 136 - Crypto and Privacy with Jon Callas

March 30th, 2015


In this episode...

  • Jon Callas gives a little of his background and his current role
  • We talk through why cryptography is so hard, and so broken today

DtSR Episode 135 - NewsCast for March 23rd, 2015

March 23rd, 2015


Remember folks, as you listen reach out to us on Twitter and hit the hashtag #DtSR to continue the conversation, and speak your mind! Let's hear what …

DtSR Episode 134 - Fundamental Security

March 16th, 2015


In this episode...

  • Michael C and the team talk bout "going back to basics" and the need for security fundamentals
  • Michael C talks a little about why …

DtSR Episode 133 - NewsCast for March 9th, 2015

March 9th, 2015


In this episode--

  • Law firm hit and crippled by ransomware, decides it's not paying the ransom.
    • They aren't quite sure what got encrypted
    • But they …

DtSR Episode 132 - Good Guys, Bad Guys, and Reality

March 2nd, 2015


In this episode...

  • We learn the origins of "RSnake" as told by Rob himself
  • Rob gives us a peek into the dark side, from his contacts and experiences

DtSR Episode 131 - NewsCast for February 23rd, 2015

February 23rd, 2015


In this episode--

  • Would you be OK with your credit card company tracking you, to decrease fraud rates? Visa wants to track your smartphone.

DtSR Episode 130 - Where Law and Cyber Collide

February 16th, 2015


In this episode

  • Traveler's Insurance files suit against a web developmeent company for failing to provide adequate security, resulting in a breach …

DtSR Episode 129 - NewsCast for February 9th, 2015

February 9th, 2015


Topics covered

  • Massive breach at American Health Insurer Anthem - from the "haven't we done this once before?" department as Queen - Another One …

DtSR MicroCast 07 - Taking Security Seriously

February 8th, 2015


This is the 7th installment (call it a rebirth) of the MicroCast. Short and to the point, Michael and James talk about the phrase breached companies use - "We take your security seriously..."

 .. join the conversation …

DtSR Episode 128 - When Breach, Buy the Dip

February 2nd, 2015


Fans - If you haven't booked your ticket for InfoSec World 2015 in sunny Orlando, FL check this out. Register using our code CLD15/RABBIT for 15% off.

If you want a chance to go for FREE, listen to Episode 127 for your …

DtSR Episode 127 - NewsCast for January 26th, 2015

January 26th, 2015


** There is a special gift for our listeners in this episode, from our friends at InfoSec World 2015! Listen to find out how you can go for free.

 We …

DtSR Episode 126 - The Defense Always Loses

January 19th, 2015


In this episode...

  • The blog post that started it all - 

DtSR Episode 125 - NewsCast for January 12th, 2015

January 13th, 2015


Welcome to a new year of the Down the Security Rabbithole Podcast! We are kicking off this year with a guest on this morning's program, Phil Beyer

DtSR Episode 124 - PCI DSS and Security (Yes, Really)

January 5th, 2015


Hi everyone! Welcome to the very first episode of the Down the Security Rabbithole Podcast for 2015! On this opening episode, Jeff Man joins us to …

DtSR FeatureCast - 2014 Year in Review

December 29th, 2014


Hey everyone! We're almost done with 2014 and another new year is right around the corner. We thought this was the perfect time to sit back, relax a little and reflect on the year that was...and boy was it ever!

Jack …

DtSR FeatureCast - US vs. Salinas ft. Shawn Tuma

December 22nd, 2014


In this episode

Attorney and CFAA expert Shawn Tuma joins us to talk about the US vs. Salinas case where Mr. Salinas was threatened with 440 years in jail, and now plead down to a misdemeanor. Prosecutorial discretion, …

DtSR Episode 122 - Enterprise Architecture's Role in Security

December 8th, 2014


In this episode

  • Michelle explains to us what Enterprise Architecture is, and what it isn't
  • Michelle gives her take on how both security and …

DtSR Episode 121 - NewsCast for December 1st, 2014

December 1st, 2014


Topics covered

  • Sony Pictures is having a very, very bad couple of days - and it could keep getting worse.

DtSR Episode 120 - Hacking the Human (again)

November 24th, 2014


In this episode

  • We revisit the 'human' side of hacking
  • Chris tells us all about the Defcon CTF his team has hosted
  • We discuss the role human nature …

DtR Episode 119 - NewsCast for November 17th, 2014

November 17th, 2014


Note: The hashtag for the show on Twitter has changed, please connect with us using #DtSR going forward. Thanks!


Topics covered

  • Update: Home Depot …

DtR Episode 118 - Demystifying Threat Intelligence

November 10th, 2014


In this episode

  • Adam and Dmitri discuss what is (and what isn't) threat intelligence
  • We discuss strategic, tactical and operational security …

DtR FeatureCast - Norse Corp DDoS - Nov 7 2014

November 7th, 2014


In this episode

  • Jeff explains a little bit about who Norse is, and why they were potentially targeted with a DDoS
  • We discuss what a DDoS is, how it …

DtR Episode 117 - NewsCast for November 3, 2014

November 3rd, 2014


Topics covered

  • Banks urging shoppers not to avoid breached retailers - Companies that get breached impact card holders minimally, at least as far as …

DtR Episode 116 - Lines in the Sand on Security Research

October 27th, 2014


In this episode

  • Chris attempts to explain the consternation with 'security research' right now
  • Kevin gives his perspective and why he doesn't quite …

DtR Episode 115 - NewsCast for October 20th, 2014

October 20th, 2014


Topics covered

  • The FBI paid a visit to the "researcher" who revealed (and tinkered with) the hacked Yahoo! servers - we discuss the various aspects …

DtR Episode 114 - Threat and Vulnerability Management

October 13th, 2014


In this episode

  • Ron gives us a brief history of Tenable and TVM for the enterprise
  • Ron answers "How do you make network security obtainable and …

DtR Episode 113 - NewsCast for October 6th, 2014

October 6th, 2014


Topics covered

  • The petition on titled "Unlock public access to research on software safety through DMCA and CFAA reform" and ...well …

DtR FeatureCast - CFAA, Shellshock and Security Research - October 2nd 2014

October 2nd, 2014


Thank you to Shawn Tuma - an attorney specializing in CFAA and a good friend of our show - for stopping by and lending his expertise on this episode. …

DtR Episode 112 - DREAMR Framework

September 29th, 2014


In this episode

  • DREAMR: What is it, and why is it so important to Enterprise Security today?
  • Examples of aligning business and security requirements …

DtR Episode 110 - Red Dragon Rising

September 15th, 2014


In this episode

  • Separating the hype from reality of the Chinese hacking threat
  • The escalation of economic tensions between US & China, over …

DtR Episode 109 - NewsCast for September 8th, 2014

September 8th, 2014


Topics covered

  • Apple has been making news, issuing guidance, and refuting a hack - all around iCloud

DtR Episode 108 - Security in State Government

September 1st, 2014


In this episode

  • We discuss the largest challenges in the state government sector
  • Brian discusses balancing the need for openness versus …

DtR Episode 107 - NewsCast for August 25, 2014

August 25th, 2014


Topics covered

  • Community health systems and UPS Stores breached - an analysis and contrast of the two breaches, the data, and the common message

DtR Episode 106 - My Compliance is Better Than Your Security

August 18th, 2014


In this episode

  • Jason tells us why he isn't hating on compliance
  • Jason talks about how security people are often the source of the issues
  • Jason …

DtR Episode 105 - NewsCast for August 11, 2014

August 11th, 2014


Topics covered

  • Survey shows CISOs still struggle for respect (from business peers)

DtR Episode 104 - JW Goerlich - Security Leaders Series

August 4th, 2014


In this episode

  • Who is J.W. Goerlich (redux from episode - 
  • How did he get to where he is now?
  • How does the security executive deal with the "moving …

DtR Episode 103 - NewsCast for July 28th, 2014

July 28th, 2014


Topics covered

  • Certificate pinning back in the spotlight with the GMail iOS app having some difficulties, but there is a bigger issue here. We …

DtR Episode 102 - Security Leaders Series - Jim Tiller

July 21st, 2014


In this episode

  • Jim Tiller - a few things you probably didn't know?
  • In the last 15 years, what has changed, and what hasn't?
  • Why isn't security …

DtR Episode 101 - NewsCast for July 14th, 2014

July 14th, 2014


Topics covered

  • Florida Information Protection Acf of 2014 is in the books, and it brings "sweeping changes" to the data breach disclosure process in …

DtR Episode 100 - Security Wisdom from Dan Geer

July 7th, 2014


In this episode

  • Who is Dan Geer (just in case you live in a cave and don't know)
  • Dan's definition of security - "The absence of unmitigatable …

DtR Episode 99 - NewsCast for June 30th, 2014

June 30th, 2014


Topics covered

  • Your server may have a hardware flaw that exposes your baseband management interface to the world - 

DtR Episode 98 - Grr (Grr Rapid Response)

June 23rd, 2014


In this episode

  • What exactly is "GRR"?

  • What sorts of things can GRR do?

  • What is a hunt, and how does it scale across tens of thousands of machines?

  • How …

DtR Episode 97 - NewsCast for June 16th, 2014

June 16th, 2014


Note: I want to thank Will Gragido for stopping by this morning to talk over the news with us. Always great to have someone with a fresh perspective, …

DtR Episode 96 - A CIO Talks About CISOs

June 9th, 2014


My apologies for some of the skips in this episode - we had some difficulty with the recording and ultimately I hope it doesn't take away from Joe's …

DtR Episode 95 - NewsCast for June 2nd, 2014

June 2nd, 2014


Note: Today, Kim Halavakoski joined us on the show to provide perspective all the way from Finland! We appreciate his international addition to the show, and hope the listeners enjoy the added brainpower.


Topics …

DtR Episode 94 - ICANN, Tor, and Internet Freedom

May 26th, 2014


In this episode

  • Jeff explains the background of the relationship between the US government, ICANN and IANA
  • What is the ITU and why is this $0 …

DtR Episode 93 - NewsCast for May 19th, 2014

May 19th, 2014



  • I want to thank Circle City Con as a sponsor for the show! I have one more ticket to give away ... so watch the #DtR hashtag on …

DtR Episode 92 - Rapid Incident Response [Guests: Robin Jackson, Dan Moore]

May 12th, 2014


In this episode

  • Dan gives us the reality of living in what is commonly termed "the post-breach" world
  • Dan and Robin talk through the explosion in …

DtR Episode 91 - NewsCast for May 5th, 2014

May 5th, 2014


Topics dicussed

  • Microsoft has issued a patch for the massive MS IE flaw - for WindowsXP! - 

DtR Episode 90 - Things Your Auto Insurance Knows [Anonymous guest]

April 28th, 2014


In this episode

  • We discuss some of the new techniques auto insurance companies are using to custom-tailor rates to drivers
  • Our guest discusses some …

DtR Episode 88 - Advanced Threat Actors [Panel Discussion]

April 14th, 2014


In this episode

  • Advanced Threat Actors - more or less a threat right now than before? (how much is hype?)
  • Advanced Persistent Threat - is it really …

DtR Episode 87 - NewsCast for April 7th, 2014

April 8th, 2014


Topics covered

DtR Episode 86 - From DDoS to Quantum Computing [Guest: Prof Alan Woodward]

March 31st, 2014


In this episode

  • Rise of DDoS
    • Where did it come from
    • What's next
    • Why does it work
    • Spoofer project
    • 3-DOS attacks
  • Quantum computing
    • What is it
    • How …

DtR Episode 85 - NewsCast for March 24th, 2014

March 24th, 2014


Topics covered

  • The FTC jumps into the breech (pun intended) and may try and levy fines against Target, and future breach victims -

DtR Episode 84 - Rise of the Security Machines [Guest: Alex Pinto]

March 17th, 2014


In this episode

  • what is the promise of automation, and where did we go wrong (or right?)
  • the problems with 'volume' (of logging) and the loss of …

DtR Episode 83 - NewsCast for March 10th, 2014

March 10th, 2014


Topics covered

  • Target CIO resigns, new central CISO and CCO roles created; but what's really going on here? - 

DtR Episode 82 - Likely Threats [Guests: Lisa Leet, Russell Thomas, Bob Blakley]

March 3rd, 2014


In this episode

  • Does is make sense, in a mathematical and practical senes, to look for 'probability of exploit'?
  • How does 'game theory' apply here?

DtR Episode 81 - NewsCast for February 24th, 2014

February 24th, 2014


Topics covered

  • Apple had a "Goto Fail" failure - yes people at Apple Computer still use Goto statements in 2014 - 

DtR Episode 80 - Lies, Damned Lies, and #InfoSec Statistics [Guests: Jay Jacobs, Bob Rudis]

February 17th, 2014


In this episode

  • Jay and Bob talk about their new book
  • A discussion on using data as 'supporting evidence' rather than gut feelings
  • Do we have …

DtR Episode 79 - NewsCast for February 10th, 2014

February 10th, 2014


Topics covered

  • In the wake of the Target & Nieman Marcus breaches - is chip+pin really a priority right now, and does it solve the real problem? …

DtR Episode 78 - Legal Professional Privilege [Guest: David Prince]

February 3rd, 2014


In this episode

  • David discusses what it's like working for a law firm (in the UK)
  • A quick wade through the UK Data Protection Act (mostly Principle …

DtR Episode 77 - NewsCast for January 27th, 2014

January 27th, 2014


Special thanks to Michael Santarcangelo ( @catalyst ) for stopping by the show and guest-hosting with James and I! We had fun, and I think you'll all …

DtR Episode 76 - Payment Industry Turmoil [Guests: Laura Claytor & Alfred Portengen]

January 20th, 2014


In this episode

  • Did the Target/Neiman/? breach finally create a catalyst for change?
  • The card system, payment processing infrastructure clearly …

DtR Episode 75 - NewsCast for January 13th, 2014

January 13th, 2014


I can't believe it's 2014 already, and we're rolling through our 3rd calendar year! As we grow and you "regulars" mount, James and I want to thank …

DtR Episode 74 - Supply Chain [In]Security

January 6th, 2014


In this episode

  • Chris Wysopal - who is that masked man?
  • Putting some reality to the state-sponsored backdoors (Huawei) and supply-chain compromise

DtR Episode 72 - Applied Threat Research and Defense

December 23rd, 2013


In this episode

  • Will gives us a lay of the land on the state of "state sponsored" and advanced threats
  • We discuss collective advances in malware
  • We …

DtR Episode 71 - The 2013 Year in Review

December 16th, 2013


Hello! This is a special episode in that it's our year-end wrap-up. We bring together 3 of the industry's best to talk about the year that was, the things that made were on your mind, and maybe give us a hint at what is …

DtR Episode 70 - Embedded Systems Shenanigans

December 9th, 2013


Folks, if you work with, design, or implement embedded systems this is one episode you don't want to miss. Fair warning, it's a little bit long at …

DtR Episode 69 - NewsCast for December 2nd, 2013

December 2nd, 2013


Special thanks to Steve Ragan ( @SteveD3 ) for sitting in this morning and providing his perspective as a journalist.

Topics Covered

  • "Leaked" FBI …

DtR Episode 68 - Buffer's Big Hack

November 25th, 2013


I want to thank Carolyn Kopprasch and the @BufferApp team for getting back to me, and agreeing to not only join the podcast, but also field questions …

DtR Episode 67 - NewsCast for November 18th, 2013

November 18th, 2013


I'm back! Maybe a little sleep-deprived and a tad grumpier than usual, but back to talk news!

Topics Covered

  • Microsoft unveils the new Digital …

DtR Episode 66 - ISSA International 2013 - Cowperthwaite Weighs In

November 11th, 2013


In this episode...

  • We revisit some of the topics Eric & I talked about nearly 2 years ago at ISSA International, Baltimore.
  • Eric discusses the

DtR Episode 65 - NewsCast for November 4th, 2013

November 6th, 2013


Hey all - Raf here and I wanted to thank James for flying solo as my wife and I celebrate the brith of Niccolai and Isabella our new twins! I'll be …

DtR FeatureCast - Rt Hon Baroness Neville-Jones on CyberSecurity

October 26th, 2013


In this episode

  • We get a peek into the first member of English Royalty that we've ever had on the podcast
  • Baroness Neville-Jones discusses the …

DtR Episode 63 - NewsCast for October 21st, 2013

October 21st, 2013


Thanks to Josh Corman for joining us this morning ... always nice to have Josh's experience and brain power on the show.

Topics Covered

  • Gargantuan …

DtR Episode 62 - A Peek Behind the Blue Curtain

October 14th, 2013


In this episode...

  • James and I host legitimate Polynesian royalty (a princess....) really!
  • Katie gives us the skinny on Microsoft's 10 year …

DtR Episode 61 - NewsCast for October 7th, 2013

October 7th, 2013


Big thanks to the soon-to-be-regular peanut gallery ... @JoeKnape and @BeauWoods for jumping in this morning and breaking it down with James and I.

DtR Episode 60 - Conversations from DerbyCon 3

September 30th, 2013


In this episode...

  • Dave Kennedy wraps up DerbyCon 2013, and gives us the statistic you don't want to tell your management
  • Dave announces the top …

DtR Episode 58 - NewsCast for September 23rd, 2013

September 23rd, 2013


I want to thank Mr. Josh Corman ( @JoshCorman ) for guest-commentating today's episode, and lending his expertise and industry leadership point of …

DtR FeatureCast - HP Protect 2013 - Episode 3

September 18th, 2013


For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

DtR FeatureCast - HP Protect 2013 - Episode 2

September 18th, 2013


For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

DtR FeatureCast - HP Protect 2013 - Episode 1

September 18th, 2013


For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

DtR Episode 58 - Of BSides and Bettering Infosec

September 16th, 2013


In this episode...

  • Mike explains once and for all how the BSides namesake came to be
  • We talk about how the industry has evolved over the last 10+ …

DtR FeatureCast - HTCIA International 2013

September 13th, 2013


Today I had the pleasure of sitting down with one old friend, and one new. As a speaker at the HTCIA International conference, and the CISO Summit - …

DtR Episode 57 - NewsCast for September 9th, 2013

September 9th, 2013


I want to thank our guests - Beau Woods and Joe Knape for joining us this morning. It was great to have these two well-versed commentators on the …

DtR Episode 56 - Understanding the [InfoSec] Elephant

September 4th, 2013


Every once in a while this podcast has a guest who makes us truly feel blessed to be doing this - Rob Dubois is one of those people. If you don't …

DtR Episode 55 - NewsCast for August 26th, 2013

August 26th, 2013


Since James is out this week with something called "work", I've pulled in two friends (affectionately known as "The Joshes") Josh Marpet and Josh C. …

DtR Episode 54 - Evolution of InfoSec with The Godfather of IPS

August 19th, 2013


In this episode...

  • Rob gives us a little history lesson
  • Rob keeps going on the history lesson, IDS, open vs. closed circuits
  • We discuss "defense in …

DtR Episode 53 - NewsCast for August 12, 2013

August 12th, 2013


Topics Covered

  • The trash bin that stalked me (seriously, only in London) - 

DtR Episode 52 - Advanced threats, remedial defenses, broken record

August 5th, 2013


In this episode...

  • Dave reminisces a bit...
  • Dave discusses 'digitall signed malware' and that it means
  • We discuss whether it's true that 'all …

DtR Episode 51 - NewsCast for July 29th, 2013

July 29th, 2013


Ladies and gentlemen, we are over the 50 episodes mark!  If you've enjoyed the podcast, please go rate us in the iTunes store, or leave us a note here. Have you checked out past episodes?! There are some gems in there, …

* DtR Episode 50 - The Emergence of Geopolitics in InfoSec

July 22nd, 2013


Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into …

DtR Episode 49 - NewsCast for July 15th, 2013

July 15th, 2013


Topics Covered

  • 9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrook

DtR Episode 48 - Securing HP Software

July 8th, 2013


In this episode...

  • We get a little insight into the mind of Tomer, and how he thinks about security
  • We get an insight into what HP Software IT …

DtR Episode 47 - NewsCast for July 1st, 2013

July 2nd, 2013


*Apologies for this very important episode getting out a bit late ladies and gents, experienced a loss in the family so things were a little slow to …

DtR Episode 46 - Serious Problems with Industrial Control System

June 24th, 2013


In this episode...

  • The gang discusses the issues with the rapid escalation of connectivity in modern-day industrial control systems
  • What specialized …

DtR Episode 45 - NewsCast for June 17th, 2013

June 17th, 2013


This week, James is flying solo on the microphone catching you up on all the latest news and BIG stories since I'm at HP Discover, Las Vegas and …

DtR Epsiode 44 - Unmasking Security Products

June 10th, 2013


In this episode...

  • We discuss the true nature of many of the security products decisions CISOs have to make every day
  • Frank and Raf make very poorly …

DtR Episode 43 - NewsCast for June 3rd, 2013

June 3rd, 2013


It's June already?! Where has the first half of 2013 gone? James and I break down the last 2 weeks of interesting InfoSec news in a short "Monday …

DtR Episode 42 - Threat Modeling

May 28th, 2013


In this episode...

  • John discusses some of the foundational principles of Threat Modeling
  • We talk about why threat modeling is like your time in high …

DtR Episode 41 - NewsCast for May 20th, 2013

May 20th, 2013


Welcome to Monday, May 20th 2013 as James and I discuss the last 2 weeks' worth of Information Security news and relate it (attemptively) to your enterprise day-job. This week was a bit on the lighter side, with the …

DtR Episode 40 - Breakers, Builders, and the Enterprise

May 13th, 2013


In this episode...

  • Kevin, James and I discuss why penetration testing reports are often so worthless
  • Kevin and I disagree. Then we agree, sort of.

DtR Episode 39 - NewsCast for May 6th, 2013

May 6th, 2013


It's another beautiful Monday (somewhere) and we've got the news of the last 2 weeks covered, and we're breaking it down for you. The news this week …

DtR Episode 38 - Enterprise Security in the Real World

April 29th, 2013


In this episode...

Live (live-to-tape) from 44Con, London, England.

It's amazing, listening to this episode recorded at 44Con last fall, how little the landscape of enterprise security has changed. I took some time …

DtR Episode 37 - NewsCast for April 22nd 2013

April 22nd, 2013


It's Monday April 22nd, 2013, and here are the topics from the last 2 weeks James ( @jardinesoftware ) and I ( @Wh1t3Rabbit ) will be talking about as we Monday-morning-quarterback the last 2 weeks in Information …

DtR Episode 36 - Unmasking Cyber Intelligence with Jeffrey Carr

April 15th, 2013


In this episode...

  • A critical discussion on the available 'cyber intelligence' reports from various vendors
  • How hard is attribution in cyber space, …

DtR Epsiode 35 - NewsCast April 8th, 2013

April 8th, 2013


In this second episode of our Monday morning InfoSec quarterbacking, James and I actually got through the news items we had lined up in just about 20 …

DtR Episode 34 - The Inside Scoop on Cyber Liability Insurance

April 1st, 2013

First ...a milestone.

I want to take this time to formally welcome Mr. James Jardine, of SecureIdeas, as my permanent co-host to the podcast. James has experience podcasting as he already co-pilots the Professionally …

DtR Episode 33 - NewsCast March 25th, 2013

March 25th, 2013

Welcome to the Down the Rabbithole NewsCast!

Join me in welcoming James Jardine ( @JardineSoftware) of Secure Ideas to the show as a permanent …

DtR Episode 32 - Big Data in Little InfoSec

March 18th, 2013

In this episode...

  • We discuss "big data", what the heck it really is, and whether it's something new, something old, or something marketing made up

DtR Episode 31 - Analyzing US vs. Cotterman (Cyber Law)

March 11th, 2013


This timely podcast is right on the heels of the US vs. Cotterman decision from the 9th Circuit Court of Appeals. One of the watershed decisions on privacy and digital law, this is an extremely important case …

DtR Episode 30 - It's Always a Business Decision [MISEC edition]

March 8th, 2013


Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of …

DtR Episode 29 - Shawn Tuma - The Law and the Hacker

February 5th, 2013


Shawn and I have been trying to get together to record an episode for what seems like forever. We first started talking about the CFAA …

DtR Episode 28 - Bill Burns - InfoSec in a Cloud of Constant Flux

January 29th, 2013


I sat down with Bill at ISSA International in Anaheim, CA in the fall of 2012 to discuss what it's like, and what types of challenges he faces in the fast-paced, hybrid world of security at Netflix. We talked …

DtR Episode 27 - Guest: Mikko Hypponen - Way beyond viruses

January 7th, 2013


To kick off January on the Down the Rabbithole podcast I have Mikko Hypponen, the "malware adventurer" and Chief Resarch Officer from …

DtR MicroCast 06 - Guests: Steven & Martin - Hacking in Quebec (

December 21st, 2012


This microcast episode was recorded live from 2012, on location in Quebec. The conference is a phenomenal success for the challenges they face (primarily non-English speaking region, small market, …

DtR Episode 26 - Guest: Brad Arkin of Adobe - Software Security Under Pressure

December 18th, 2012



This episode is special because it's been a long-time-in-the-making interview with Brad Arkin of Adobe. This is the organization that many of the hacker community like to hate, and pick on - without realizing …

DtR MicroCast 05 - Guest: Eric Cowperthwaite - The Rise and Fall of Enterprise IT

October 26th, 2012


LIVE from day 2 of the ISSA International conference 2012, in Anaheim, California I cornered Eric Cowperthwaite after a much-anticipated year-long wait... and we talked about his prediction that in the next 2 …

DtR Episode 25 - Guests: Jim Manico, David Litchfield - From Black Hat 2012 with SQLi

October 22nd, 2012


When I caught up with these two gentlemen in Amsterdam over the week of Black Hat 2012, I knew we wouldn't run out of things to talk about! …

DtR Episode 24 - Guests: DarthNull & InfoJanitor - All the Things InfoSec

October 4th, 2012


This week we went free-form with two of my favorite InfoSec insiders ...people you probably follow on Twitter but can't quite place.  Here …

DtR Episode 23 - Guest: Patrick C. Miller - Energy Sector, SmartGrid and Resiliency

September 24th, 2012



Today's podcast discussion is with someone who has one of the toughest jobs in the security world... Patrick helps organizations that generate and deliver the power that runs our gadgets and critical systems …

DtR Episode 22 - Guests: Marc Blackmer, Matt Morgan - Security + App Lifecycle viewpoints

September 20th, 2012


This episode is a mini-episode recorded live from the social media lounge at HP Discover Las Vegas 2012.  It was an incredible show, where I caught up with Marc and Matt - two guys who are really from opposite …

DtR Episode 21 - Guests: Wickett, Galbreath, Saudan - "Deploy faster, safer"

August 29th, 2012



In this episode we ask the big question of "Can security be a part of the 'build/deploy faster!' culture?"  We discuss the need to separate …

DtR Episode 20 - Guest: Gene Kim - DevOps live from HP Discover Las Vegas

August 6th, 2012


This episode was recorded in June '12, live from the show floor at HP Discover Las Vegas, 2012 and the talk of the town was once again DevOps.  Gene and I have had 2 prior conversations on the topic, but we're …

DtR - Episode 19 - Bob Arno: The world's foremost legal pickpocket

July 10th, 2012



This episode is special, not because it's more Info Security stuff, but because we take a far departure from the world of bits and bugs to the world of the pick-pocket and thief.  Sitting down with Bob Arno is …

Down the Rabbithole - Episode 18 - Kellman Meghu: Chaos, Resiliency, and more

July 2nd, 2012


I caught up with my friend Kellman Meghu at BSides Detroit as the conference was coming to a close and we finally got to sit down and have a fun conversation about chaos, and what sorts of things enterprises …

Down the Rabbithole - Episode 17 - Adam Shostack on New School Security

June 18th, 2012



Greetings fans, this episode promises to be a great one with the likes of Adam Shostack starting off talking about what the whole concept of …

MicroCast 04 - Kevin Riggins & Kenneth Johnson - QA + Security Software Testing

June 14th, 2012


Last winter, on a frigid afternoon I got a chance to sit down with 2 of my favorite Iowa locals, Kevin and Kenneth to talk about the tenuous relationship between QA and Information Security.  Earlier in the day …

Feature - Welcome to HP Discover Las Vegas 2012

June 4th, 2012

Greetings friends!  I am taking some time to do something a little out of the ordinary right now... I'm coming to you from beautiful Las Vegas, …

Down the Rabbithole - MicroCast 3 - Paul Elwell + Albert School - Measuring Security

May 29th, 2012


This episode of Down the Rabbithole microcast (~15 minutes length) was recorded live at the Ohio Information Security Summit.

Albert and …

Down the Rabbithole - Episode 16 - Spacerog and Shpantzer talk CyberPocalypse

May 25th, 2012


In this episode, streamed live and recorded for your listening pleasure, I'm joined by @SpaceRog and @Shpantzer from Security BSides Delaware.  What started out as an off-the-cuff discussion on the 'Cyber …

Down the Rabbithole - Episode 15 - Backstage at THOTCON 0x3

May 8th, 2012


It's rare that I get to be a spectator at a podcast, but in this case I was listening to some of the conversations and talks being given at …

Down the Rabbithole - Microcast - THOTCON 0x3_1

April 27th, 2012



In this short microcast we rap about the THOTCON 0x3 experience, why we think the Chicago community has taken off so much, and what sorts of interesting things make THOTCON, and the local hacker con here in …

Down the Rabbithole - Episode 14 - Dave Frederickson on Cloud Reality

April 24th, 2012



This episode I sit down with Dave Frederickon who has a unique viewpoint on cloud computing from a Canadian point of view, as well as a VP of the HP Canada business.  I pose some tough questions to Dave …

Down the Rabbithole - Episode 13 - Mark Radcliffe - The Ts and Cs of Cloud Computing

April 2nd, 2012



On this episode of Down the Rabbithole I get the distinct pleasure of sitting down with one of Silicon Valley's top attorneys to talk Cloud …

Special - Cloud Legal Panel - Chicago Cloud Security Alliance Chapter Meeting March 7th, 2012

March 21st, 2012



This 1 hour podcast was recorded live at the March 7th, Chicago Cloud Security Alliance chapter meeting, where we were fortunate enough to have a panel of attorneys discuss the issues with cloud security from a …

Down the Rabbithole - Episode 12 - Chris Hadnagy - Hacking the Human (mind)

March 5th, 2012



The guest on this podcast will blow your mind ... literally.  He is none other than the "human hacker" himself, Christopher Hadnagy, who has written a book and now runs  Chris is a …

Down the Rabbithole - Episode 11 - Nathaniel Dean discusses software security red teams

March 1st, 2012



I had the pleasure of sitting down with Nathaniel Dean, someone I had met through a mutual colleague's introduction, and hear about a neat …

Down the Rabbithole - Special - "Master the Cloud" Calgary (w/celebrity guest Adam Growe)

February 11th, 2012



  We were "live to tape" (as Adam says) from HP's Master the Cloud event in Calgary.  As we wrap up the road tour in the frozen city of Calgary I had the pleasure of sitting down with a comedian and celebrity, …

Down the Rabbithole - Episode 10 - "The real Gene Kim" on DevOps, KPIs & high performance IT

February 6th, 2012



World-renowned author, researcher, speaker and founder of legendary TripWire joins me semi-live from LASCON in Austin, Texas to talk about his current project(s) [The DevOps Cookbook, and When IT Fails: A …

Down the Rabbithole - Special - "Master the Cloud" Toronto

January 31st, 2012



I sat down at the HP Master the Cloud ( event in Toronto, Canada to answer some Twitter-based questions, talk about the trade show, and listen to some of the fantastic things Victor and his team …

Down the Rabbithole - Special - "Master the Cloud" Montréal

January 26th, 2012



  This special episode of Down the Rabbithole is sponsored exclusively by HP Canada, and I wanted to thank them for hosting this fantastic …

SecBiz Monthly Call - January - "Eating our own dogfood"

January 26th, 2012



  This month's cal lkicks off 2012 with a big question - "Do security professionals follow their own policies?" ... and as we talk through …

Down the Rabbithole - Episode 09 - Jeff Reich Explains "Table Stakes" and Other InfoSec Genius

January 16th, 2012



This episode with Jeff was awesome, recorded at the OWASP LASCON security conference, I got a chance to sit down with Jeff in person and talk shop.  I always learn something, but in this podcast Jeff dispensed …

Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 3)

January 9th, 2012



  This is the third and final part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk …

Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 2)

December 28th, 2011



  This is the second part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what …

Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 1)

December 26th, 2011



  This is the first part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what …

Down the Rabbithole - Episode 08 - Kris Herrin: Surviving and Thriving with Data Breaches

December 20th, 2011



  On this edition of the podcast, Kris Herrin joins me from the ISSA International Conference to talk about his unenviable role as Chief …

Down the Rabbithole - Episode 07 - David Elfering's "As the Security Lightbulb Turns"

December 6th, 2011



  My guest David Elfering (@icxc on Twitter) and I go all over the map covering various SecBiz related topic, and come up with a fantastic …

Down the Rabbithole - Episode 06 - Jeff Moss Talks Internet Evolution

November 21st, 2011



  In this edition of the podcast, I sit down with Jeff Moss (@TheDarkTangent) to talk about all of the interesting evolutions currently …

Down the Rabbithole - Feature MicroCast 02 - "The Erosion of Privacy"

November 14th, 2011



  This is perhaps the most important podcast I've recorded to date, and probably will record for some time.  The guests on my show in this episodes are not only privacy experts, but people who deal with digital …

Down the Rabbithole - Episode 05 - Bryan Stiekes Says InfoSecurity is Fundamentally Broken

November 7th, 2011



  This week I host Bryan Stiekes, a distinguished technologist with HP ...and not a security guy by trade.  Bryan has been a part of IT for …

Down the Rabbithole - MicroCast 01 - Security is Just Good IT

October 31st, 2011



  This is the first MicroCast, a new 15-minute format jammed packed with a series of great topics.  This time around, Jack Nichelson joins me and tells us how Bruce Lee feels about IT Security (this is a great …

Down the Rabbithole - Episode 4 - Effective Small Business Security

October 24th, 2011



  This is a special episode for anyone who's feeling like "Information Security" in their small business is impossible.  My guests and I talk through how to make information security a proper entity that can …

Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"

October 10th, 2011



  Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. …

Down the Rabbithole - Episode 2 - "Can You Be Hacked Out of Business?"

September 29th, 2011



This edition of the podcast doesn't hold back.  We ask "Can someone be hacked out of business?" and as usual we don't really like the …

Down the Rabbithole - Episode 1 - "Everyone's getting hacked, is it time to panic?"

September 16th, 2011


This is the inaugural podcast episode of Down the Rabbithole.

Our podcast focuses on security, but from a business perspective and shines a light on …

The #SecBiz Podcast - Talking "Cloud Security" with Phil Cox

September 13th, 2011


Phil Cox joins Rafal (aka Wh1t3 Rabbit) and Martin McKeay and a gallery of others dicussing the issues with the very nebulous term "Cloud Security", …

Loading ...

Download the RadioPublic app for
 FREE and never miss an episode.

Get it on Google PlayDownload on the App Store