Cover art for podcast Down the Security Rabbithole Podcast

Down the Security Rabbithole Podcast

539 EpisodesProduced by Rafal Los (Wh1t3Rabbit)Website

Follow the Wh1t3 Rabbit ... attention technology and business leaders!The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on releva… read more

539 Episodes | 2011 - 2022

DtSR Episode 502 - Why Can't Gov Figure Out Supplier Security

May 24th, 2022



CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're …

DtSR Episode 501 - Netskope's Bad SaaS Report

May 17th, 2022



This week, on the first post-500 episode, we welcome Netskope's Ray Canzanese to talk about the Cloud & Threat Report they just …

DtSR Episode 500 - Looking Back to Look Forward - Part 2

May 12th, 2022

Prologue - Part 2 of 2

First - thank you to everyone who listens to this show, shares it, and has left us a review. You all are the reason these past …

DtSR Episode 500 - Looking Back to Look Forward - Part 1

May 10th, 2022


Prologue - Part 1 of 2

First - thank you to everyone who listens to this show, shares it, and has left us a review. You all are the reason these past …

DtSR Episode 499 - Four Hundred Ninety Nine and Counting

May 3rd, 2022



Friends and colleagues - I want to thank you from the bottom of my heart. It almost brings me to tears that over the last 11 years you've …

DtSR Episode 498 - Living in the Tornado

April 26th, 2022



Super pumped this week to have James Azar on the show. James hosts a collection of podcasts including one I try to catch as often as …

DtSR Episode 497 - Security Buzzword Bingo

April 19th, 2022



This week, as we approach episode 500 and the extravaganza that it will be, James and I welcome my personal friend and all-around wonderful …

DtSR Episode 496 - How to Win Friends and Influence CISOs

April 12th, 2022


Have you noticed that the relationship between buyer and seller, or more precisely, between CISO and seller is... eh ... tenuous lately? OK, …

DtSR Episode 495 - Analyzing Russia's Offensive Cyber Ops

April 4th, 2022



This week, as Vladimir Putin's Russia continues to commit war crimes and genocide against the people of Ukraine, DtSR gathered a panel of …

DtSR Episode 494 - Forensics The Art of the Science Plus a Cat

March 29th, 2022


Special thanks on this episode to OpenText for bringing Mike to us on this show. What a fantastic conversation about the state of forensics …

DtSR Episode 493 - Breaches: Is Anyone Learning Anything

March 22nd, 2022

Prologue A big Texas welcome back to the podcast to our friend Shawn Tuma, our legal-eagle in residence. This week Shawn talks to us about the cases …

DtSR Episode 492 - Operationally Useful Blocklists

March 16th, 2022


This week, the guy with the best vendor hoodies ever is back! Philippe Humeau of Crowdsec joins us again to talk about some of the data his …

DtSR Episode 491 - SOAR is Boring

March 8th, 2022



I read an article the other day that got me thinking, and inspired me to get Wesley onto the podcast to talk about SOAR. Yes, SOAR is …

DtSR Episode 490 - CISO Ascending Beyond Enterprise Security

March 1st, 2022



We open this episode with an acknowledgement of the crisis in Ukraine, as Putin's madness is unleashed. We stand with the brave people of …

DtSR Episode 488 - Essential CISO Business Skills

February 15th, 2022



This week I'm so thankful that James and I have the opportunity to talk to the authors of "The CISO Evolution" -- a fantastic book for …

DtSR Episode 487 - Software Supply Chain is a BFD

February 8th, 2022


Continuing our thread on the software supply chain and SBoM (Software Bill of Materials) we bring in Ed Moyle who is writing a series on the …

DtSR Episode 486 - SBOM in the Real World

February 2nd, 2022



SBoM ("Software Bill of Materials") is the new rage. Everyone's talking about it. What it means is you're expecting a list of software …

DtSR Episode 484 - Defrauding Mobile Payments

January 18th, 2022



Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there …

DtSR Episode 483 - How Not to Screw Up Your Cloud

January 11th, 2022



We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's …

DtSR Episode 482 - Tales of Wireless Hacking

January 4th, 2022



This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. …

DtSR Episode 481 - Spies In Your Tech

December 28th, 2021



Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he …

DtSR Episode 480 - Juice Jacking

December 21st, 2021



Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn't yours? I'm guessing you've answered yes …

DtSR Episode 479 - Productivity of Jump Boxes and Bastion Hosts

December 14th, 2021



In a technically deeper episode, Ev joins Rafal to discuss how security has made productivity challenging at times, in terms of having to …

DtSR Episode 478 - Beyond Buzzwords: XDR

December 7th, 2021



This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what …

DtSR Episode 477 - Passwords are Dead and Other Fables

December 2nd, 2021



Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great …

DtSR Episode 476 - Securing Public Cloud with Azure ASB v3

November 30th, 2021



Folks, the video of this episode which was live-streamed to our YouTube channel is here: - and if you can, …

DtSR Episode 475 - Community Sourced Threat Instructions

November 23rd, 2021



Fair warning y'all, this episode may have been just slightly more fun than the Surgeon General allows. That said, on this one we not only …

DtSR Episode 474 - Unraveling Mountains of Evidence

November 18th, 2021



Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual!

Straight from Enfuse Chuck Dodson joins …

DtSR Episode 473 - Cyber Security by Executive Order

November 15th, 2021



In this episode, we host a lady who only needs one name, like a movie or rock star. But "Jax" deals with topics we normal people don't have …

DtSR Episode 472 - Rick Howard on Trust and Tech

November 9th, 2021



Let me start by saying how much I enjoy chatting with Rick Howard, today's podcast guest. Rick's been on before, and we always go long …

DtSR Episode 471 - TPA Threat Modeling the Software

November 2nd, 2021



On Episode 471, as we rapidly hurl towards our 500th episode, we bring back Chris Romeo to talk about threat modeling. Specifically, we …

DtSR Episode 470 - Security Leadership Insights from Ann

October 26th, 2021



On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to …

DtSR Episode 469 - YGHT They Hacked Ransomware

October 19th, 2021



This week on a ridiculously awesome episode of the DtSR Podcast the one and only Mr. Steve Perkins of Nubeva joins Rafal & James to talk …

DtSR Episode 468 - TPA Another Journey Into Security

October 12th, 2021



This week, we get to meet Sean Jackson. You may not know Sean, but his journey may feel familiar. He got here much like many of you, and his …

DtSR Episode 467 - TPA Chips and SLSA

October 5th, 2021



This week, Kim Lewandowski joins Rafal & James to talk about Google's latest contribution to the Open Source software movement - …

DtSR Episode 466 - TPA Vulnerability Management Goat Rodeo

September 28th, 2021



This week, fresh off his Twitter rant, Travis McPeak joins Rafal to talk about the goat rodeo that vulnerability management in the …

DtSR Episode 465 - TPA Nic-NAC-Security-is-Whack

September 21st, 2021



I have no excuses, and no ideas, how this show has made it so far without having the one and only JJ as a guest. She's been doing network …

DtSR Episode 464 - TPA An Empowering Discussion on the Grid

September 14th, 2021



This week our pal and previous guest Patrick Miller joins us to talk about the power grid, current state of the thing, and what he's working …

DtSR Episode 463 - TPA Human Security Engineering

September 7th, 2021



This week our friend Ira Winkler joins Rafal & James to talk about the human element in cyber security. Ira, like us, absolutely loathes …

DtSR Episode 462 - TPA Aki Peritz on Open Source Intel

August 31st, 2021



With all the craziness going on in the world, from terrorism, to catastrophically botched withdraws from a 20 year war, to the incredible …

DtSR Episode 461 - TPA Peacocking Without PCAPS

August 26th, 2021



Let me start off by saying that this episode isn't about politics. It's about facts, claims made, and election security facts and myths.

I …

DtSR Episode 460 - TPA About CIAM and Other Auth

August 23rd, 2021



Thanks to Okta, for providing what is surely an entertaining (at least to record) and informative episode with some really cool guests. …

DtSR Episode 459 - TPA A Defenders Endpoint Perspective

August 17th, 2021



Big thanks this week to OpenText for providing access to Fabian Franco (go check out his bio below). He joins James & Rafal to talk …

DtSR Episode 458 - TPA Staffing Disasters We Created

August 10th, 2021



This week we have the pleasure of having Kevin Pope, one of Raf's close and long-time friends, and someone who's had one heck of a journey …

DtSR Episode 457 - TPA Foreign Adversaries Killing People

August 3rd, 2021



Huge thanks to Prevailion's Karim Hijazi for taking the time with us to dissect this Gartner headline and article on "adversaries killing …

DtSR Episode 456 - TPA The Pandemic Meat Grinder

July 27th, 2021



Frankly, we have no idea how we got through 450 episodes without interviewing Rich. No clue. Rich is a man of many talents including a …

DtSR Episode 455 - TPA All The Reminiscing

July 22nd, 2021



It's been a long time, maybe forever, since James and I sat down and just chatted on the podcast. With all these amazing guests we have on …

DtSR Episode 454 - TPA Cyber Insurance Fact vs Fiction

July 13th, 2021



Sean Scranton joins Shawn Tuma and myself to talk about cyber insurance, specifically, as it is a massive topic of discussion lately. …

DtSR Episode 453 - TPA On Prioritizing Enterprise Vulnerabilities

July 6th, 2021



Vulnerability Management has been a bit of a soapbox for me lately, and this episode brings in two experts on the topic directly from the …

DtSR Episode 452 - TPA Burning It At Both Ends

June 29th, 2021



On this episode of the podcast I have the pleasure of hosting one of my long-time friends and industry titan - Dawn-Marie "Rie" Hutchinson. …

DtSR Episode 451 - TPA Rockin It

June 14th, 2021



My pal Rock has ventured off on his own, so I wanted to catch up with him and get a quick update on the state of business, but also get a …

DtSR Episode 450 - TPA 3rd Party Risk Shitshow

June 7th, 2021



Ladies and Gentlemen - we've hit ** 450 ** episodes.

Let me just take a moment and reflect on the number of awesome guests, long hours …

DtSR Episode 449 - TPA Tuma on A Watershed Moment for US Cyber

June 3rd, 2021



In this episode, our legal eagle Shawn Tuma is back to discuss the Colonial Pipeline incident and whether it could be a watershed moment for …

DtSR Episode 448 - YGHT Knock Knock Who's There

May 25th, 2021



You've GOT to hear this!

This week on the podcast, I invited Martin Zizi of Aerendir, to talk about how we can use technology to not only …

DtSR Episode 447 - TPA Software Security Liability and Insurance

May 18th, 2021



I don't know about you, but I have Jeremiah in a list on Twitter that allows me to read/think about some of the things he posts without the …

DtSR Episode 446 - TPA AppSec Philosophy

May 11th, 2021



When in Austin, TX ... meet up with some friends right? This week I have the pleasure of sitting down in-person with Joel whom has been …

DtSR Episode 445 - TPA Non-Random Cyber Thoughts with Dave Marcus

May 4th, 2021



I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus …

DtSR Episode 444 - TPA Gary is Awful at Retirement

April 27th, 2021



I'm honored to have Gary McGraw on with James and myself on this episode. I hadn't realized, but Gary retired from (what was formerly) …

DtSR Episode 443 - TPA Addressing AppSec Tech Debt

April 20th, 2021



Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, …

DtSR Episode 442 - S11E15 - TPA Fighting the Good Fight

April 13th, 2021



This week, the show is back after a brief spring break, and we have with us Dmitri Alperovitch - who has taken on a new venture in his …

DtSR Episode 441 - TPA State Secrets and Diplomatic Protection

March 29th, 2021



** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an …

DtSR Episode 440 - TPA Fighting Back Against ATO

March 23rd, 2021



Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone …

DtSR Episode 439 - TPA Open Source Endpoint Defense

March 16th, 2021



OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that …

DtSR Episode 438 - TPA Implementing Zero Trust Principles

March 9th, 2021



This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one …

DtSR Episode 437 - TPA Healthcare IT Under Siege

March 2nd, 2021



This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that …

DtSR Episode 436 - TPA A Dev Perspective on AppSec

February 23rd, 2021



Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey …

DtSR Episode 435 - TPA WPScan and Wordpress

February 16th, 2021



Episode 435 is packed with OpenSource goodness, talking about WordPress and WPScan with Ryan Dewhurst. Ryan started WPScan (a tool you …

DtSR Episode 434 - TPA Open Source Software Security

February 9th, 2021



This week, Jennifer Fernick of NCC Group joins me to talk about her work with open source software and security. With a storied career, …

DtSR Episode 433 - TPA Leading the Alliance

February 2nd, 2021



This week, Gary Latham joins the podcast to talk about taking the reigns of the Security Advisor Alliance, at a pivotal time for the …

DtSR Episode 432 - TPA Identity and Trust

January 26th, 2021



On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last …

DtSR Episode 431 - TPA Medical IOT

January 19th, 2021



This week on DtSR, an old friend Jamison Utter joins Rafal to talk about medical IoT devices, and what makes them different -- and of …

DtSR Episode 430 - TPA What We Learned in 9 Years

January 12th, 2021



David was a guest on the podcast many years ago, back in episode 7. We had a great conversation and it's interesting to see how so many of …

DtSR Episode 429 - YGHT Crowdsourcing Security Intel

January 8th, 2021


You Gotta Hear This! [YGHT]

This special edition of the Down the Security Rabbithole Podcast is the first of it's kind. For 2021 I've decided to …

DtSR Episode 428 - TPA TIM-enabled NextGen SOC Platforms

January 5th, 2021



Let's start 2021 off right with a returning guest whose name you will want to remember. Joep (pronounced like "soup" but with a "you") …

DtSR Episode 427 - TPA Security Beyond the RegExp

December 29th, 2020



This week, on the last episode of 2020, Michael Coates joins Rafal to talk about wire-speed-data-protection. Sort of like CASB but more …

DtSR Episode 426 - TPA Winning Intelligence Collecting Zombies

December 22nd, 2020



First and foremost, thank you to Prevailion for giving us some of Karim's time, and content for this episode. Adversary intelligence is …

DtSR Episode 425 - TPA Being Media Trained

December 15th, 2020



This week, one of my old allies in the advocacy for sane media appearance joins James and me on the podcast. We talk about being a media …

DtSR Episode 424 - SOC Fight 2020

December 8th, 2020



Fill up your coffee cup, find a comfortable seat, and get ready to dive into this show! Richard & Anton join James and Rafal to discuss …

DtSR Episode 423 - TPA Malware and Other Bad Things

November 30th, 2020



This week, virtually live from Enfuse 2020 we've invited Grayson Milbourne, who is the Director of Security Intelligence at OpenText …

DtSR Episode 422 - TPA Blurry Ethical Lines

November 23rd, 2020



This week is a TREAT for you Down the Security Rabbithole Podcast listeners. Before she does her keynote on the topic, you'll get to hear …

DtSR Episode 421 - TPA Holding the Public Ransom

November 16th, 2020



Welcome to week 2 of our coverage of the OpenText Enfuse conference! This week I'm super excited about two very cool guests - Brian …

DtSR Episode 420 - TPA Virtually Live from Enfuse 20 Overview

November 9th, 2020



This week on DtSR Anthony Di Bello from OpenText drops by the show to talk about Enfuse, and the future of forensics, eDiscovery, and cyber …

DtSR Episode 419 - TPA CISOs in Covid Times

November 3rd, 2020



This week James and Rafal have the pleasure of being joined by Allan Alford, from his work-cave somewhere near Dallas, TX to talk about what …

DtSR Episode 418 - TPA Another Security Inflection Point

October 27th, 2020



This week on DtSR, John Steven joins Rafal & James to talk about an inflection point in security that's happening right now. As you may …

DtSR Episode 417 - TPA Budgets and Breaches

October 20th, 2020



This week on DtSR my long-time friend and pragmatic alter-ego, Chris Abramson, joins me to give a sneak peek at what you can expect on …

DtSR Episode 415 - TPA Man Algorithm Machine

October 6th, 2020



As I was scrolling through LinkedIn looking for interesting things to read, who should scroll by but one Sven Krasser, whom you may …

DtSR Episode 414 - TPA Rick Howard's Almost Retirement

September 29th, 2020



This week on episode 414 of the podcast, I'm joined by Rick Howard who just retired ... no, wait ... scratch that, almost retired from Palo …

DtSR Episode 413 - TPA SOCs and Stuff

September 23rd, 2020



This week we welcome Greg Foss to the show - Greg has some experience in security operations and managing SOCs and such. He dishes, we …

DtSR Episode 412 - TPA Consolidation Integration and Good Enough

September 15th, 2020



This week David Soto joins Rafal and James to talk about how throughout his career the cybersecurity landscape has evolved and the tools …

DtSR Episode 411 - TPA RSnake at Large

September 9th, 2020



This week, the one and only @RSnake joins us to just ... talk. We notice he has a few cameras too many, or maybe he's just being monitored? …

DtSR Episode 410 - TPA CISO Accountability Problems

September 1st, 2020



Because we can't get enough of Brandon Dunlap and Shawn Tuma over here on the podcast, here we go again. Last episode Brandon talked about …

DtSR Episode 409 - Dunlap Time 2020 Edition

August 26th, 2020



Hey friends, it's Tuesday so time for another dazzling edition of the podcast. This week we welcome Brandon Dunlap - hair model, …

DtSR Episode 408 - Shawn Tuma Cyber Superhero

August 18th, 2020



This week, on episode 408 Shawn Tuma joins us again to talk about the legal side of cyber security. Shawn's one of the premier legal forces …

DtSR Episode 407 - Marcs Wild InfoSec World

August 12th, 2020



This week, a legend of the InfoSec (or Cyber Security, for some of you) space joins me on the show. Marc Rogers has been the guy heading up …

DtSR Episode 406 - Cybersecurity and the SMB

August 5th, 2020


Prologue Cybersecurity is one of those industries where the one of the market segments that is the most desperate for support is also one of the …

DtSR Episode 405 - Hallmarks of Good Leaders

July 28th, 2020



This week, Rafal welcomes Wayne Reynolds, a veteran of not only our industry, but of the US Marine Corps - where he's been a leader in …

DtSR Episode 404 - The Wacky Wild World of OT

July 21st, 2020



This week, on the "Episode Not Found", Rafal and James host Robert Lee from Dragos. It's a conversation about Operational Technologies that …

DtSR Episode 403 - ReInventing the MSSP

July 15th, 2020



This week on the podcast, episode 403 features two good friends of mine Joey Peloquin and John "JP" Pirc. John and I talked about the awful …

DtSR Episode 402 - Life Security Adulthood

July 7th, 2020



First, I need to apologize for the quality of my (Rafal) audio. For a reason I don't understand, the Skype central record feature …

DtSR Episode 401 - Vyrus Lessons in Red to Blue

June 30th, 2020


Episode 401

Epilogue: This week, I got to sit down virtually with a long-time friend, and one of the most intelligent and quiet people you'll ever meet in InfoSec. My pal Carl Vincent (some of you may know him by other …

DtSR Episode 400 - Tom Nichols on Expertise

June 24th, 2020


Friends and Colleagues!

We've made it. Milestone episode 400 of the podcast is here. And for the 400th episode I have none other than Mr. Tom …

DtSR Episode 399 - Post-Pandemic Issues

June 16th, 2020


Episode 399 ... what a crazy ride it's been.

This week we have Brian Chidester - you may recall we had a chat with him on episode 379 which was recorded live at EnFuse Conference 2019 - back to talk about some of the …

DtSR Episode 398 - Leadership Series: Allan Alford

June 10th, 2020


This week, episode 398 features our Leadership Series and the one and only Allan Alford. Allan has spent a long career building various security practices, advising boards, and generally doing great things.

While we're …

DtSR Episode 397 - Modern-ish Vulnerability Management

June 2nd, 2020


Welcome Down the Security Rabbithole to yet another edition of the DtSR Podcast. We we roll on towards milestone episode 400 James and Rafal discuss …

DtSR Episode 396 - Verizon DBIR 2020 Analysis

May 27th, 2020


It's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we …

DtSR Episode 395 - Can We Fix the MSSP

May 19th, 2020


Special thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode!

This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask:

DtSR Episode 394 - High Profile Healthcare Security Leadership

May 12th, 2020


Episode 394

Rafal & James host Keith Duemling from the Cleveland Clinic (talk about high-profile jobs!) to talk about security in the healthcare space, challenges, the future, and other random topics. Keith has …

DtSR Episode 393 - Smartish Cities

May 5th, 2020


Guess who's back, back again ... James is back, so listen in!

So James is officially back after a bit of a hiatus from the podcast, and on this episode him and Rafal sit down over a fun interview with Matt Lewis …

DtSR Episode 392 - Chris Nickerson is an Original

April 28th, 2020


Ladies and Gentlemen, friends, countrymen, lend me your ears!

This episode of DtSR features one of my favorite guests and one of the better …

DtSR Episode 391 - Unprecedented Cyber Badness

April 21st, 2020


This week, I'd like to thank JD Work for taking the time to be on the show and sharing his professional experience and expertise with us. The space …

DtSR Episode 390 - DFIR 20-20

April 14th, 2020


This week, Brian Carrier joins DtSR to talk about digital forensics and incident response in 20/20. Forensics and incident response has had to evolve …

DtSR Episode 389 - Leading Cyber Security in Academia

April 7th, 2020


This week, DtSR dives into security leadership with an academic twist. We have the pleasure of hosting Robert Turner, the CISO of the University of Wisconsin, Madison.

This episode was recorded March 13th, 2020 right as …

DtSR Episode 388 - The SIEM is Dead Long May It Live

March 31st, 2020


Welcome to episode 388, an episode at least 5 years in the making...mainly because it's taken this long to figure out a good way to get Anton on the podcast! Now that he's not an analyst anymore, I snagged him for an …

DtSR Episode 387 - Remote Workforce Leadership

March 24th, 2020


This week, as we all continue quarantines and work-from-home DtSR hosts Valentina Thörner, who is an expert on remote workforce leadership. Valentina literally wrote the book (From a Distance) and now she's on the show …

DtSR Episode 386 - Securing a Suddenly Remote Workforce

March 17th, 2020


Covid-19 ... that's the headlines. Everywhere.

The suddenly remote workforce is a problem for many enterprises, and as workers are forced to work from home - security is a problem.

To that end, I snagged Brian Foster …

DtSR Episode 385 - Malware on the Lifeline

March 10th, 2020


Greetings! On this episode of the podcast we present to you an episode we recorded back in January (but then due to a storage error we lost …

DtSR Episode 384 - Zero Trust Redux 2020

March 3rd, 2020


This week Rafal hosts Dr. Chase Cunningham, Forrester analyst and all-around security badass to redux Zero Trust. The last time we tackled the topic was Episode 222 with John Kindervag back in 2016 - so it's time to see …

DtSR Episode 383 - The Jennifer Ayers Interview

February 27th, 2020


Join Rafal & James this week, as they welcome Jennifer Ayers. Jennifer is the Vice President of Overwatch and Security Response at Crowdstrike.

Rafal and Jennifer worked together "back in the day" so the …

DtSR Episode 382 - Jeremiah Grossman Doing the Basics

February 11th, 2020


This week on DtSR Podcast, a long-awaited guest joins us. That's right, the one and only Jeremiah Grossman joins us live from a tropical paradise, and you need to hear his message.

On this show we cover history, "the …

DtSR Episode 381 - 5G Security Implications

February 4th, 2020


Welcome friends and fans!

This week we go down the rabbithole with Russell Mohr of MobileIron as we talk about the security implications for 5G. The …

DtSR Episode 380 - Gadi Tells It Like It Is

January 28th, 2020


Welcome to episode 380 of the DtSR Podcast.

We have a special treat for you this episode, with long-time friend Gadi Evron, and he holds nothing back …

DtSR Episode 379 - IoT Transforming LE

January 21st, 2020


This week, in our final (for real this time) episode recorded LIVE from Enfuse Conference 2019, courtesy of OpenText, we chat with Brian Chidester. It's a fascinating conversation about what the IoT world can (and is) …

DtSR Episode 378 - Trending on CISOs

January 14th, 2020


In our final "Live from Enfuse 2019" episode, I had the pleasure of sitting down with Paul Shomo to talk about some of the things he's talked to …

DtSR Episode 377 - The Global War for Soft Power

January 7th, 2020


Welcome to 2020, as Down the Security Rabbithole rolls on!

This week we're back with a timely episode on the global war for soft power, with Andrea …

DtSR Episode 376 - Protecting Our Kids Online

December 24th, 2019


Merry Christmas, and a Happy New Year listeners of the Down the Security Rabbithole Podcast!

This week the show focuses on one of the most important …

DtSR Episode 375 - Malcolm in the Middle (of a Career)

December 18th, 2019


This week, DtSR is joined by Malcolm Harkins - former CISO of Intel and industry insider extraordinaire. Malcolm shares insights from his long and …

DtSR Episode 374 - Mike Daugherty Looks In the Rearview Mirror

December 11th, 2019


This week, on a very special show recorded from his home studio in Atlanta, Rafal welcomes Mike Daugherty back onto the show to tell the story of his crazy journey and battle with the FTC.

Highlights from this week's …

DtSR Episode 373 - Internet of Increasingly Smart Things

December 3rd, 2019


Welcome back for another great episode. This week we have a boomerang guest, Amber Schroader, recorded live in Las Vegas at Enfuse 2019.

Highlights …

DtSR Episode 372 - Not the Rise of the Machines

November 26th, 2019


This week on #DtSR (live from Las Vegas, Enfuse 2019 Conference) Rafal chats with Nick Patience of 451 Group. Nick has some expertise in ML and provides context and content that is badly needed to dispel the crazy …

DtSR Episode 371 - Advancing SOC-as-a-Service

November 19th, 2019


First, and foremost, thank you to OpenText for having the #DtSR Podcast live and in-person in Las Vegas. Enfuse is a fantastic conference bringing together security operations professionals (forensics, threat hunters, …

DtSR - This Just In - OpenText and Reveille Announcement Nov 2019

November 13th, 2019


Dropping in for a quick announcement - you heard it here first!

This week a few different announcements went out from OpenText, but this one caught …

DtSR Episode 370 - Gamifying InfoSec

November 12th, 2019


Down the Security Rabbithole is back for Episode 370, and this week's podcast focuses on gamification, and it's applications to InfoSec. Big thanks …

DtSR Episode 369 - Ransomware's End

November 5th, 2019


Welcome to episode 369!

This week Rafal talks ransomware and welcomes Oussama El-Hilali, Chief Technology Officer at Arcserve, and Chester …

DtSR Episode 368 - Contain(er) Your Security

October 30th, 2019


Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the (still) UK, and James is back too! What a treat... join us and read the show notes!

Highlights from this week's episode …

DtSR Episode 367 - Cloud Babies

October 22nd, 2019


This week, #DtSR Podcast is recorded live from Dallas at the Armor SecureCon inaugural user conference. Rafal had the occasion (and good fortune) to …

DtSR Episode 366 - D I Why and How

October 15th, 2019


Welcome Down the Security Rabbithole, to the DtSR Podcast.

This week, Zac Rosenbauer joins us to talk about what it's like to be "the IT guy" who …

DtSR Episode 365 - Mountains of Data

October 8th, 2019


Welcome back to another episode ... this one sets up DtSRs appearance at the Enfuse Conference 2019 in Las Vegas in November. Give this topic a listen, as it doesn't matter whether you're in legal, compliance, or …

DtSR Episode 364 - Interviewing Jerry Archer

October 1st, 2019



This episode of Down the Security Rabbithole Podcast was recorded live from Dallas, TX where the Security Advisor Alliance Summit 2019 was …

DtSR Episode 363 - That Oh Shit Moment

September 25th, 2019


This episode was recorded live from the Security Advisor Alliance Summit, 2019 in blistering hot Dallas, TX. If you don't know what the Alliance is, …

DtSR Episode 362 - Real Security is Hard

September 17th, 2019


Friends & Colleagues, this week I have the pleasure of being joined by one of my good friends and industry veteran - the one and only Jim Tiller. …

DtSR Episode 361 - Your Adversary Problem in 2019

September 11th, 2019


This week Adam Meyers joins James & Rafal to talk about the Crowdstrike Mobile Threat Landscape Report 2019 - and the learnings and lessons …

DtSR Episode 360 - Thwarting Bots and Frauds

August 27th, 2019


This week, Rafal sits down in person with Sam Bouso of Precognitive, in Chicago headquarters to talk about some very cool tech that's probably only …

DtSR Episode 359 - Mind the Diversity Gap

August 20th, 2019


This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time.

Highlights from this week's show …

DtSR Episode 358 - No More Crappy Job Hunts

August 15th, 2019


This week on another jammed-packed episode, Rafal takes to Black Hat 2019 to interview some interesting guests that have something unique to tell you. We start with Deidre Diamond, the lady behind CyberSN - and why …

DtSR Episode 357 - Hacker Summer Camp 2019

August 5th, 2019


This week, James and I sit down to think (and talk) through Black Hat (and Defcon) 2019. "Hacker Summer Camp" as it's affectionately known in the industry, is a rite of every summer...but is it delivering value to …

DtSR Episode 356 - Its Been a While Andy

July 30th, 2019


Welcome down the security rabbithole friends! This week, Andy Kalat takes a few minutes off from recovering to chat and comment on the state of …

DtSR Episode 355 - Threat Modeling Rides Again

July 23rd, 2019


My dear listeners - we have John Steven back on this episode! If you don't remember his first appearance, it's OK, it was a little while ago back on episode 42 ... 

DtSR Episode 354 - Pragmatic Azure Security

July 18th, 2019


Fans & Listeners!

This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter.

Highlights from this …

DtSR Episode 353 - Ira Winkler on Point

July 9th, 2019


Yes, DtSR took a week off ... we were due.

This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our …

DtSR Episode 352 - AWS REInforce Warm Up Episode

June 24th, 2019


This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud …

DtSR Episode 351 - Deeper Into the Microsoft Security Ecosystem

June 19th, 2019


Thank you to Microsoft for sponsoring this show, and our podcast over the years...


Highlights from this week's show include...

  • Rob discusses what …

DtSR Episode 350 - Deep Learning on Deep Packets

June 11th, 2019


Show Note: As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra …

DtSR Episode 349 - Verizon 2019 DBIR Double-Live Part 2

June 4th, 2019


Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the …

DtSR Episode 348 - Verizon 2019 DBIR Double-Live Part 1

May 29th, 2019


Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

DtSR Episode 347 - Inside the RH-ISAC

May 21st, 2019


This week, Tommy McDowell who is the Vice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafal in person, in …

DtSR Episode 346 - Green Waxes Mostly Academically

May 14th, 2019


This week, Rafal gets the rare occasion of sitting down face-to-face with someone and do an interview in person. Andy Green is a great if not sharky fellow, who helped me get over my PG rating for this podcast. So ... …

DtSR Episode 345 - RaffCon the Podcast

May 7th, 2019


This week on the podcast, Rafal gets some one on one time with Raffael Marty ... and it's #RaffCon.


Highlights from this week's show include...

DtSR Episode 344 - You've Probably Been Pwned

May 1st, 2019


This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation …

DtSR Episode 343 - The 31st Human Right

April 23rd, 2019


This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO …

DtSR Episode 342 - Michael Coates Has Things to Say

April 16th, 2019


This week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much.

DtSR Episode 341 - Discussing Security Reference Architecture

April 9th, 2019


This week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise …

DtSR Episode 340 - Diana Kelley from RSA 2019

April 2nd, 2019


This week, Down the Security Rabbithole Podcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features …

DtSR Episode 339 - Insuring Against Acts of Cyber War

March 28th, 2019


This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show.


DtSR Episode 338 - Failure of Risk Management

March 19th, 2019


This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone... 

DtSR Episode 337 - Insights on Cyber Talent

March 12th, 2019


This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her …

DtSR Episode 336 - Energy Sector Security Update Q1-2019

February 26th, 2019


This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big …

DtSR Episode 335 - Ranking the Adversaries

February 19th, 2019


This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report that Crowdstrike is releasing. The Crowdstrike 2019 Global Threat Report is a must-read with some very …

DtSR Episode 334 - Compliance and Operational Process

February 12th, 2019


This week, on the DtSR Podcast, Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty …

DtSR Episode 333 - Security Evolution and Trends

February 5th, 2019


This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and …

DtSR Episode 332 - Security in Transformation

January 30th, 2019


This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of …

DtSR Episode 331 - Incident Response and Counterfactuals

January 23rd, 2019


This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp …

DtSR Episode 330 - Biometrics for Authentication

January 15th, 2019


This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way …

DtSR Episode 329 - Volunteering Your Career

January 9th, 2019


This week, on the DtSR Podcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO …

DtSR Episode 328 - Who Who Who Are You

January 2nd, 2019


This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we …

DtSR Episode 327 - Experienced Security Leadership

December 19th, 2018


This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, …

DtSR Episode 326 - MidMarket Security

December 11th, 2018


This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, …

DtSR Episode 325 - A CISO at AWS reInvent 2018

December 5th, 2018


In another episode LIVE'ish from AWS re:Invent 2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show …

DtSR Episode 324-1 - AWS reInvent 2018 Delivering Security

November 28th, 2018


At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short …

DtSR Episode 324 - AWS reInvent 2018 Preamble

November 27th, 2018


This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at!


This …

DtSR Episode 323 - Security of a Global Enterprise

November 20th, 2018


On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national …

DtSR Episode 322 - The Ethics of Cyber Security Panel

November 15th, 2018


This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly.

Highlights from this …

DtSR Episode 321 - Putting Threats In Perspective

November 6th, 2018


** Go Vote **

Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky.

This week, Rob Graham joins Rafal and James (who's back!) to talk about …

DtSR Episode 320 - Specializing in Forensics

November 2nd, 2018


This week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics.


Highlights from …

DtSR Episode 319 - Striking Out On Your Own

October 23rd, 2018


This week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, …

DtSR Episode 318 - War, Cyber and Policy

October 18th, 2018


This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, …

DtSR Episode 317 - Protecting Higher Education

October 9th, 2018


While James is away, Raf will podcast all day ...or something like that.


Highlights from this week's show include:

  • Bill talks about what it's like …

DtSR Episode 316 - NCSAM 2018

October 3rd, 2018


So, it's October 2018, and it's National Cyber Security Awareness Month. Again.

James and I have a bit of an issue with this, as you'd guess. Why are we still talking about awareness when we need action? Are there …

DtSR Episode 315 - Women in Cybersecurity-Mary Cheney

September 25th, 2018


On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. …

DtSR Episode 314 - None of This Crap is Secure

September 18th, 2018


This week, on DtSR Episode 314, the infamous (that's more than famous) John Strand joins us. No, not the male model ...the guy who's been an InfoSec …

DtSR Episode 313 - Cyber Law Update Sept 2018

September 11th, 2018


Friends welcome to yet another edition of the Down the Security Rabbithole Podcast - as we invite perennial favorite, Shawn Tuma onto the show! Shawn …

DtSR Episode 312 - Ann Johnson on Mental Health

September 5th, 2018


This week Down the Security Rabbithole Podcast welcomes two very cool ladies from the InfoSec realm. First Ann Johnson of Microsoft (if you don't …

DtSR Episode 311 - Further the Browser

August 29th, 2018


This week we dive into the world of the web browser. A brief history, some discussion about what's wrong and how it's broken - and a few suggestions for what to do next. This is a complicated discussion - so you can bet …

DtSR Episode 310 - RFP POC OMG

August 23rd, 2018


This week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security …

DtSR Episode 309 - Digital Transformation, Take 2

August 14th, 2018


This week Nate Smolenski - Director, Cloud Architecture Services - joins us for an insightful discussion on the concept of digital transformation for …

DtSR Episode 308 - Theoretical and Applied Futurism

August 8th, 2018


Friends, this week's episode is truly unique. We talk to a gentleman whose job it is to think big, and into the future in a big way.

Jeremy Nulik is …

DtSR Episode 307 - Building and Teaching in Chicago

August 1st, 2018


On this episode of the Down the Security Rabbithole Podcast, Rafal is in Chicago for a few days and visiting with a long-time friend and colleague, …

DtSR Episode 306 - Balancing Family and Career

July 25th, 2018


This week, we tackle a topic that should not have taken 306 episodes to get to - balancing family and work while growing a career in Information …

DtSR Episode 305 - Security for the Mid-market

July 17th, 2018


Do you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you, and …

DtSR Episode 304 - Transforming Security

July 11th, 2018


This week, James and I interview a former Optiv colleague and advisor to many Fortune 250 CISOs in his long career, our friend Ron Kurisczak. Ron's …

DtSR Episode 303 - Advising Security Leadership

July 3rd, 2018


Thanks to my friend Brian Wrozek for joining us this week on Down the Security Rabbithole Podcast. Brian's long career as a CISO has broken several …

DtSR Episode 302 - InfoSec Superhero Syndrome

June 26th, 2018


This week, as DtSR rolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad …

DtSR Episode 301 - Julie Conroy on eFraud and Identity

June 19th, 2018


This week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a …

DtSR Episode 300 - Reminiscing

June 14th, 2018


Thank you, listeners!

Down the Security Rabbithole has reached milestone episode #300.

In this episode, James and Rafal sit down with the nothing …

DtSR Episode 299 - Leadership Lessons w Chris Abramson

June 5th, 2018


Special thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure!


Highlights from this week's show include...

DtSR Episode 298 - Overcoming the Language Barrier

May 29th, 2018


Two more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe).


Highlights from this week's show …

DtSR Episode 297 - A Model for Prioritizing Patching Efforts

May 22nd, 2018


Before you listen to this podcast ... go grab this report: from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this …

DtSR Episode 296 - Hype Machine Off the Rails

May 15th, 2018


This week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in …

DtSR Episode 295 - DevSecOps is Not a Thing

May 9th, 2018


This week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud …

DtSR Episode 294 - Securing Azure

May 2nd, 2018


* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at 

DtSR Episode 293 - Diana Kelley from RSA 2018

April 24th, 2018


* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at

DtSR Episode 292 - Navigating Industry Conferences (RSA)

April 17th, 2018


This week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide …

DtSR Episode 291 - A New Perspective On Endpoint (Nyotron)

April 10th, 2018


[This week's episode and fantastic discussion on endpoint security is sponsored by Nyotron]. DtSR listeners already know we don't do advertisements or traditional sponsorship - so when we bring in a sponsored guest it's …

DtSR Episode 290 - What Ails the CMS

April 3rd, 2018


This week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in …

DtSR Episode 289 - Neither Security Nor Privacy

March 27th, 2018


This week, join DtSR as Rafal sits down across the virtual table with the one and only Robert Hansen. Rob (aka @Rsnake ) discusses his roots of being an almost-bad-guy, to the security of browsers, and privacy. Plus we …

DtSR Episode 288 - Experienced Opinions

March 20th, 2018


This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an …

DtSR Episode 287 - Armored and Battle Tested

March 13th, 2018


In case y'all don't read LinkedIn or Twitter - Rafal recently joined Armor (, so what better time to interview the CEO Chris Drake than right now.

So this week, Chris Drake joins us in the studio to talk about …

DtSR Episode 286 - Breach vs Incident vs Lawyers

March 6th, 2018


This week's DtSR Podcast sits down in the offices of Shawn Tuma to discuss an update on the law with regards to data breaches, or incidents - and what the differences between. We talk through current events, past …

DtSR Episode 285 - Alt-Tab Alt-Tab Swivel-Chair

February 27th, 2018


We have a treat for you folks this week!

On episode 285 of the podcast I'm joined by three well repected, forward thinking, and …

DtSR Episode 284 - MSS SOS

February 20th, 2018


This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's …

DtSR Episode 283 - Testing Security Into Applications

February 13th, 2018


This week an old friend, Vinnie Liu of Bishop Fox, joins Raf and James to talk about the history of App Sec. We started trying to test ourselves …

DtSR Episode 282 - DDoS - Past, Present, and Future

February 6th, 2018


Join us this week on Down the Security Rabbithole as Barrett Lyon (who knows a thing or two about DDoS) is our guest to talk about the evolution of …

DtSR Episode 281 - Exploiting and Defending Human Behavior

January 30th, 2018


This week, go Down the Security Rabbithole with James and Raf as they host Robert Sell. Robert took 3rd place at the Defcon SECTF (Social Engineering …

DtSR Episode 280 - A Cloud Container Security Primer

January 22nd, 2018


This week, Chris Rosen from IBM joins us to talk about cloud containers - and the security (or lack thereof) of them. There is a paradigm change coming which significantly impacts security - if we're ready for it. Chris …

DtSR Episode 279 - Deeper Down the SDP Rabbithole

January 16th, 2018


This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and …

DtSR Episode 278 - The Meltdown Over Spectre

January 9th, 2018


Welcome Down the Security Rabbithole. This week we bring Jeff Schilling from Armor to talk about Spectre and Meltdown - the two hottest topics of the …

DtSR Episode 277 - An Outside In Look at Security and Innovation

January 2nd, 2018


Happy New Year, 2018.

Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that …

DtSR Episode 276 - Game Changer in ICS (no FUD edition)

December 26th, 2017


What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety …

DtSR Episode 275 - Beyond 2017 A New Hope

December 19th, 2017


For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "

DtSR Episode 274 - Let's Talk Power Grid

December 13th, 2017


This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed.

Patrick and …

DtSR Episode 273 - Automate or Die (w/Demisto)

December 5th, 2017


Join James and Rafal, one last time, live from Enfuse Conference (Las Vegas, NV) this past summer.

In this episode, we track down a personal friend of Raf's - Bob Kruse, Demisto, VP Sales & Alliances, and talk about …

DtSR Episode 272 - Innovation, Startups, and the Security Bubble

November 28th, 2017


This week, Grant and Mark join me live and in person in Las Vegas at the Amazon AWS re:Invent conference to talk about the security marketplace, innovation, "the bubble" and more.

Here's the announcement we talked about …

DtSR Episode 271 - The Secrets of Influence Through Communication

November 21st, 2017


This week James and I are fortunate enough to have one of the best keynote speakers I've ever seen on the show. He's an amazing speaker, a brilliant magician and a sharp dresser - this guy is the real deal.

Straight off …

DtSR Episode 270 - Secrets of InfoSec at Scale

November 15th, 2017


Ladies and gentlemen - we have our first 3-time guest! Brandon Dunlap, my good friend and industry titan, joins the podcast for his third trip down …

DtSR Episode 269 - Industrial Internet of Things (IIOT)

November 7th, 2017


This week, we have a repeat guess with Robert M. Lee joining our show to talk about the Industrial Internet of Things. Rob's just finished a conference his company, Dragos, Inc, just started to educate and help increase …

DtSR Episode 268 - CISOs Survival Guide

October 31st, 2017


Welcome down the Security Rabbithole, friends and colleagues!

This week, my guest is Larry Whiteside, Jr. (we know him as the best dressed man in …

DtSR Episode 267 - Cyber Security Awareness Month Wrap

October 24th, 2017


This week, James and Raf cover the tail-end of Cyber Security Awareness Month. It's been an interesting week of news and of course let's talk about awareness.

Have you completed your mandatory training?

-- This weeks' …

DtSR Episode 266 - Leadership Perspective with Michael

October 17th, 2017


This week we're getting the band back together!

Michael Santarcangelo joins us for a segment we'll be featuring regularly (look for is every 6 weeks …

DtSR Episode 265 - Privacy and Paranoia

October 10th, 2017


This week's Down the Security Rabbithole Podcast asks - "Are you paranoid enough about your privacy? or do you simply not have any?" with a couple of …

DtSR Episode 264 - Windows Forensics Then and Now

October 3rd, 2017


This week, Harlan Carvey joins James and I to talk about the evolution of Windows forensics over the last decade and half or so. Harlan has more …

DtSR Episode 263 - Legal Update Q3 2017

September 26th, 2017


On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our …

DtSR Episode 262 - Deeper Down the Cyber Liability Insurance Rabbithole

September 20th, 2017


This episode, in conjunction with the Security Advisor Alliance ( ) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the …

DtSR Episode 261 - Deeper Down the ML Rabbit Hole

September 13th, 2017


Welcome to another Down the Security Rabbithole episode folks!

This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and …

DtSR Episode 260 - The Immense Challenge of Protecting Office 365

September 5th, 2017


This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On …

DtSR Episode 259 - Risk Communication Primer

August 31st, 2017


As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". …

DtSR Episode 258 - Big Scary Numbers

August 22nd, 2017


This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we …

DtSR Episode 257 - Software Ate the Perimeter

August 16th, 2017


This episode of Down the Security Rabbithole Podcast was recorded live and in person in Las Vegas at the Black Hat Conference 2017. Raf had a chance …

DtSR Episode 256 - Rick Howard on the Record

August 9th, 2017


This week - Rick Howard joins us and goes on the record to talk about the Security Canon and a few other interesting things you're just going to have …

DtSR Episode 255 - Security and Human Nature

August 1st, 2017


This week on the Down the Security Rabbithole Podcast, John Nye ( @EndIsNye_Com ) to talk about the human aspect of the cyber security equation. …

DtSR Episode 254 - Lowdown and Dirty ICS

July 25th, 2017


This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. …

DtSR Episode 253 - Defending the Small-to-Medium Enterprise

July 18th, 2017


On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.


  • Blue Cross Blue Shield of …

DtSR Episode 252 - DFIR with Lesley Carhart

July 11th, 2017


In this smasher of an episode James and I are joined by Lesley Carhart live from Enfuse Conference in Las Vegas to talk about the DFIR (Digital Forensics and Incident Response) as a broad field. There is SO much to talk …

DtSR Episode 251 - General Data Protection Regulation (GDPR)

June 27th, 2017


This week on Down the Security Rabbithole Episode 251 (wow, can you believe we've published 251 full episodes?!) James and I host a roundtable of …

DtSR Episode 250 - Deconstructing the Internet of Things

June 20th, 2017


Fresh off of his closing keynote at Enfuse Conference 2017 in Las Vegas, Dr. Timothy Chou joins us to talk about the difference between the Internet of People and the Internet of Things.

Even though many people talk …

DtSR Episode 249 - Finding a Way

June 13th, 2017


This week, James and i try out a new format for the show. We hope you enjoy the blend of news commentary and an interview. 



  • More car …

DtSR Episode 248 - Nick Hyatt On Ransomware

June 6th, 2017


This podcast episode was recorded live to tape from Enfuse Conference 2017 from Las Vegas. If you didn't get a chance go get out this year to one of the premier DFIR (Digital Forensics and Incident Response) conferences …

DtSR Episode 247 - Internet of Things Forensics

May 30th, 2017


Live once again from Enfuse Conference 2017 in Las Vegas, James and I interview Amber Schroader, the President and CEO of Paraben. This interview happened because you all voted and asked for it..ok and because she's a …

DtSR FeatureCast - Enfuse Conf 2017 - Theresa Payton

May 26th, 2017


As James and I continue to publish our Enfuse Conference 2017 series of episodes we are this week joined by Theresa Payton. Theresa is the former CIO of the George W. Bush White House Administration, and now on the …

DtSR FeatureCast - Enfuse Conf 2017 - DFIR Students

May 24th, 2017


Continuing our series recorded live at Enfuse Conference 2017 in Law Vegas, this episode features two USC students who are part of a large contingent here to learn and make connections.

Tatiana and Ayman join us to talk …

DtSR FeatureCast - Enfuse Conf 2017 - Keynote Patrick Dennis

May 24th, 2017


Today, CEO Patrick Dennis joins the Down the Security Rabbithole Podcast right after his keynote to talk about the conference, what's going on at …

DtSR FeatureCast - Enfuse Conf 2017 - Preamble

May 23rd, 2017


We kick off a week of on-the-scene podcasts live'ish from Enfuse Conference 2017, hosted by Guidance Software in Las Vegas, Nevada with Lori Chavez VP of Corporate Marketing. She is the brains responsible for the …

DtSR Episode 246 - Finding and Responding to Badness

May 23rd, 2017


This week we are live from Enfuse Conference 2017 in Las Vegas, Nevada.

Special thanks to Guidance Software for having us out and getting us access …

DtSR Episode 245 - NewsCast for March 16th 2017

May 16th, 2017

Microsoft warns ransomware cyber-attack is a wakeup call
  • As of recording, it is reported that 200,000 computers were infected.
  • Patch for flaw was …

DtSR Episode 244 - A Government CISOs Perspective

May 10th, 2017


This week - live and in person from Denver, Colorado and the RMISC Conference I interview Stephen E. Coury the CISO of the County and City of Denver. …

DtSR Episode 243 - NewsCast for May 2nd 2017

May 2nd, 2017

Chrome to mark more HTTP pages ‘Not Secure’
  • In October, 2017, all HTTP sites will be marked ‘Not Secure’ while in incognito mode.
    • Incognito mode …

DtSR Episode 242 - Management and Leadership

April 26th, 2017


This week the team gets together to talk Management and Leadership in the security industry and in general. Our very own Michael Santarcangelo joins us as our featured guest to dispense knowledge on leadership by the …

DtSR Episode 241 - NewsCast for April 18th 2017

April 18th, 2017

NewsCast for Tuesday April 18th, 2017


Dallas Tornado Sirens Hijacked
  • Tornado sirens in Dallas all simultaneously went off
  • Suspected hijacking of …

DtSR Episode 240 - The Truth About Machine Learning

April 11th, 2017


This week the Down the Security Rabbithole podcast hosts Sven Krasser of CrowdStrike. Sven is an actual machine learning data science expert (as …

DtSR Episode 239 - NewsCast for April 4th 2017

April 6th, 2017

Pew Center Survey Finds Americans Lack Understanding of Cybersecurity Measures
  • Most ‘typical’ users simply don’t understand security because it’s …

DtSR Episode 238 - March 2017 Update with Shawn Tuma

March 28th, 2017


This week, on the Down the Security Rabbithole Podcast, Michael and I are back with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from …

DtSR Episode 237 - NewsCast for March 21st 2017

March 21st, 2017

The Cost of Cybercrime - Let’s Take a Different Perspective
  • Cybercrime is reported as a $450B drag on the economy; the absolute number sounds big

DtSR Episode 236 - Enterprise Architecture 2017

March 14th, 2017


Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 ( 

DtSR Episode 235 - NewsCast for March 7th 2017

March 8th, 2017


A Note on the Passing of a Legend

  • Howard Schmidt passed away this week
  • Long, distinguished career as one of the CISOs who “got it”
  • He will be missed …

DtSR Episode 234 - Straight Talk on National Security

March 1st, 2017


This week, the interview is extra special because we have a guest I've personally been following for a long while, and I finally got a chance to …

DtSR Episode 233 - Reflecting on RSA Conference 2017

February 21st, 2017


This week, fresh on the close of RSA Conference 2017 James, Michael and I discuss the happenings of the conference, lessons, and features along with some inside anecdotes you won't get from anywhere else. Of course, we …

DtSR Episode 232 - Security, Fraud, Digital Payments

February 15th, 2017


This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating …

DtSR Episode 231 - NewsCast for February 7th 2017

February 8th, 2017


It is that time of year of W-2 Scams

  • There have been multiple reports of companies releasing W-2s through email scams.
  • Link:

DtSR Episode 230 - The IoT You Got for Christmas

January 31st, 2017


On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the …

DtSR Episode 229 - NewsCast for January 24th 2017

January 25th, 2017


Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled)


DtSR Episode 228 - Another Look at Endpoint Security

January 18th, 2017


This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing …

DtSR Episode 227 - NewsCast for January 10th 2017

January 12th, 2017


St. Jude, MedSec and the FDA

  • FDA, St. Jude go through disclosure/fix cycle
  • No mention of MedSec - interesting for discussion; did they have an …

DtSR Episode 226 - Targeted Threats Facts From Fiction

January 3rd, 2017


Welcome to the first Down the Security Rabbithole Podcast episode of 2017!

We would like to kick off this year, and the run to episode 250 with an …

DtSR Episode 225 - NewsCast for December 20th 2016

December 20th, 2016


Merry Christmas, Happy New Year everyone!


May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the …

DtSR Episode 224 - Pointing the Finger of Responsibility

December 13th, 2016


On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be …

DtSR Episode 223 - NewsCast for December 6th 2016

December 6th, 2016


Federal Government Disproves the Myth of Cyber Talent Shortage

  • If the government can find and hire them - they exist
  • What does that mean for the …

DtSR Episode 222 - Zero Trust Security Model

November 30th, 2016


This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's …

DtSR Episode 221 - NewsCast for Nov 22 2016

November 22nd, 2016


DHS Releases Strategic Principles for Securing the Internet of Things

DtSR Episode 220 - Blaming the Breach Victim

November 15th, 2016


This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off …

DtSR Episode 219 - NewsCast for Nov 8th 2016

November 8th, 2016


It is election day.. Have you voted?


Beware, IPhone Users: Fake retail apps are surging before the holidays

  • The issue of brand protection and …

DtSR Episode 218 - The Business of Security

November 1st, 2016


This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are …

DtSR Episode 217 - NewsCast for October 25th 2016

October 25th, 2016


The Massive DDoS That Hit Dyn.Org

  • Massive DDoS disrupts a ton of popular websites (Netflix, Twitter, etc)
  • IoT used to amplify attack
  • What does this …

DtSR Episode 216 - Why Software Insecurity is Still a Thing

October 19th, 2016


This week, #DtSR takes a trip down Software Security lane or as some call it "How are we still writing code with bugs that we found relatively concrete fixes for in the late 90's?" (I may have been watching too many …

DtSR Episode 215 - NewsCast for October 11th 2016

October 11th, 2016

‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests

DtSR Episode 214 - Financial Impact of Breaches

October 4th, 2016


Grab a cup of coffee, jack in your earphones and listen up.

DtSR Episode 214 is addressing the issue of breaches, and their material financial impact to an organization.

The premise is simple - when you have a breach, …

DtSR Episode 213 - NewsCast for September 27th 2016

September 27th, 2016


Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If you’re up to discuss …

DtSR Episode 212 - Insider Threat Primer

September 20th, 2016


In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.

Mike has loads of …

DtSR Episode 210 - Data Protection Primer

September 7th, 2016


In this episode James and I invite Vlad Klasnja from Optiv's Office of the CISO, and Hudson Harris, Chief Privacy Officer at HarrisLOGIC, to talk about data protection. From defining the concept to providing some …

DtSR Episode 209 - NewsCast for August 29th 2016

August 30th, 2016


NewsCast for Tuesday August 30th, 2016


Clinic Won’t pay breach protection for victims

DtSR Episode 208 - Beyond the Ransomware Economy

August 23rd, 2016


This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk …

DtSR Episode 207 - NewsCast for August 16th 2016

August 18th, 2016


Quick note from Michael about the Straight Talk Framework & Program -- >

  • Get your free copy at

DtSR Episode 206 - Vulnerabilities, Disclosure, Ethics, Research and Security

August 10th, 2016


In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk …

DtSR Episode 205 - NewsCast for August 2nd 2016

August 6th, 2016


Quick note from Michael about the Straight Talk Framework -- >

  • I’ve separated the framework from the programs; the framework is free and …

DtSR Episode 204 - On Changing Culture

July 26th, 2016


This week, Chris Romeo joins Michael, James and I to talk about changing the security posture of an organization by changing culture. This episode …

DtSR Episode 203 - NewsCast for July 19th 2016

July 19th, 2016


Ransomware that's 100% pure JavaScript? Sort of...

  • Slightly misleading article
  • Generally a Windows-based attack (go where the users are)

DtSR Episode 202 - Outsourced but Better

July 12th, 2016


This week on the Down the Security Rabbithole podcast, Brandon Dunlap is back for his second show. Following up on Episode 158 where we discussed …

DtSR Episode 200 - Privacy, Security, Risk and Law Collide

June 28th, 2016


** Our 200th numbered episode! **


A note from Raf:

 Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our …

DtSR Episode 199 - NewsCast for June 21st 2016

June 21st, 2016


In this episode..


The "Nuclear Bomb" analogy isn't working, stop using it"

DtSR Episode 198 - What Legal Counsel Wishes CISOs Knew

June 14th, 2016


On this episode of the Down the Security Rabbithole podcast, Dawn-Marie Hutchinson, currently an Executive Director within the Optiv Office of the …

DtSR Episode 197 - NewsCast for June 7th 2016

June 7th, 2016


In this episode...



Are people "going offline" as a result of increasing dangers of the Internet?

  • This article makes the case for yes: 

DtSR Episode 196 - Jason Witty

May 31st, 2016


On this episode of the Down the Security Rabbithole podcast, I get the pleasure of sitting down with one of my all-time favorite Chief Security …

DtSR Episode 195 - NewsCast for May 24th 2016

May 24th, 2016


This week the gang's all here to talk about some news happenings. Michael, James and I talk through some of the stories we've been tracking.

Have something you've been reading and want to talk about? Hit us on Twitter …

DtSR Episode 194 - Update on Cyberlaw w Shawn Tuma

May 17th, 2016


In this episode...


Michael and I welcome back Shawn Tuma, our resident Cyber Law Expert from the great state of Texas. We discuss some of the recent cases (unlocking an iPhone!) and some of the tough issues facing the …

DtSR Episode 193 - NewsCast for May 10th, 2016

May 10th, 2016


In this episode..


ImageTragick - major flaw in open source image processing toolkit

  • ImageTragick is CVE-2016-3714
  • Logo & Website:

DtSR Episode 192 - Healthcare and Critical Infrastructure Security

May 4th, 2016


In this episode...

Join our guest Larry Whiteside, Michael and I as we record live from InfoSec World 2016 in sunny Orlando, Florida! We talk through the life of a CISO, and the challenges of being in the Healthcare and …

DtSR Episode 191 - NewsCast for April 26th 2016

April 26th, 2016


In this episode...

Only about a third of companies know how many vendors access their systems

  • nearly every company is at risk for a third party …

DtSR Episode 190 - Interview with Lance James

April 20th, 2016


In this episode, James, Michael and I are live from InfoSec World 2016 and we get the pleasure of interviewing Lance James fresh off the keynote …

DtSR Episode 189 - NewsCast for April 12th 2016

April 12th, 2016


In this episode...


Pros examine mossack-fonseca breach: Wordpress plugin, Drupal likely suspects

  • Plug-ins seem to be a universal weakness
  • Many …

DtSR Episode 188 - Security Talent Truths

April 5th, 2016


Intro song: "Josh Gabriel - Deep Down"; Intro/Outro v/o courtesy of @ToddHaverkos

DtSR Episode 187 - NewsCast for March 29th, 2016

March 29th, 2016


In this episode...

  • BadLock bug (which now has a website, a graphic, and more hype than Bieber) is out there
    • Is the bug really worth all this hype?

DtSR Episode 186 - Becoming a CISO

March 22nd, 2016


In this episode


I posed some questions to Joey, an InfoSec professional who had recently moved into a CISO role in a midwest retail company:

  • Let's …

DtSR Episode 185 - NewsCast for March 15th 2016

March 21st, 2016


In this episode...


The FTC is getting into providing guidance on password changes

  • Well OK, this isn't really guidance, it's just a blog
  • But - does …

DtSR Episode 184 - A CISO Post-RSA WrapUp

March 16th, 2016


In this episode, we wind down from RSA Conference 2016 and talk with Jonathan and Michael, both security executives and leaders at their respective companies whom were both out at RSA Conf and share with us some of …

DtSR Episode 183 - NewsCast for March 1st 2016

March 1st, 2016


This is RSA Conference week, so while Rafal is out in San Francisco trying to make it through another one, James and Michael break down the news events that you may have missed.


300,000 Homes affected by security …

DtSR Episode 182 - Apple Versus the FBI

February 23rd, 2016


In this episode...

  • Michael and I moderate what turns out to be an expert-filled panel discussion on the real issues of the Apple vs FBI debate
  • Shawn …

DtSR Episode 181 - NewsCast for Feb 16 2016

February 16th, 2016


In this episode


Class action lawsuit against SuperValu dismissed

  • No damage (use of stolen information) so there's no case?
  • As time passes, risk of …

DtSR Episode 180 - From the CISO Perspective

February 9th, 2016


In this episode...

  • Andrew discusses a few of the key challenges making it difficult for the healthcare sector right now
  • Robb, Andrew and Raf discuss …

DtSR Episode 179 - NewsCast for Feb 2nd 2016

February 2nd, 2016


In this episode


Employees may face penalties if they misinterpret security policies?

  • Human behavior still seen as the biggest weakness
  • Employers …

DtSR Episode 178 - What Will Get Us There

January 26th, 2016


In this episode

  • What goes us here - so where are we?
  • Where do we go, and how? (addressing stunt hacking)
  • We discuss how we can influence outcomes, …

DtSR Episode 177 - NewsCast for January 19th, 2016

January 19th, 2016


In this episode

FTC imposes a $250,000 fine for "false advertising" of encryption

  • Interesting case, where there really was 'false advertising'
  • Would …

DtSR Episode 176 - 2015 InfoSec Legal Review

January 13th, 2016


We open up our 2016 year interviewing Shawn Tuma on the show. Shawn is our legal eagle, and a regular contributor to the podcast. This episode ran a …

DtSR Episode 175 - NewsCast for January 5th 2016

January 5th, 2016


In this episode...


Juniper has a backdoor problem

  • 2 separate issues, auth bypass & VPN weakness
  • backdoor discovered in Juniper devices
  • lots of …

DtSR Episode 174 - Health Check on Healthcare InfoSec

December 28th, 2015


In this episode...

  • We discuss what in the world is going on in the healthcare space, and why they’re such a target for attackers
  • Dustin discusses …

DtSR Episode 173 - NewsCast for December 14th 2015

December 14th, 2015


In this episode...

  1. Vizio is getting sued, over data their TVs collect?
    • James provided security tips on the local news station and one of those tips …

DtSR Episode 172 - The Truth on Cyber Insurance

December 7th, 2015


Thanks for joining us! This is a very important episode with true experts on the topic of cyber insurance. I was lucky enough to get an attorney and a VP of an insurance firm who specialize in the topic and their depth …

DtSR Episode 171 - When the FTC Attacks

November 30th, 2015


In this episode

I interview Mike Daugherty - author of The Devil Inside the Beltway [ link] live from the Security Advisor Alliance first-ever Summit in Dallas, TX. Mike was kind enough to sit down with me …

DtSR Episode 170 - Minneapolis CISO Summit Roundtable 1

November 23rd, 2015


In this episode

  • We start a constructive discussion addressing the problem of the ‘talent shortage’
  • The panel discusses the general lack of …

DtSR Episode 169 - NewsCast for November 16th 2015

November 16th, 2015


In this episode...

  • Is this seriously the FBI suggestion to companies hit with ransomware?

DtSR Episode 168 - Practical Enterprise Threat Intelligence

November 9th, 2015


In this episode

  • Rob & Liam discuss the practical applications of threat intelligence for today's enterprise
  • We discuss what enterprise threat …

DtSR Episode 167 - NewsCast for Nov 2nd 2015

November 2nd, 2015


In this episode...

  • Turn any old car into a "smart car" for $200 with this new miracle device

DtSR Episode 166 - Cyber Security From Board Room to White House

October 26th, 2015


In this episode...

  • Raf sits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.

DtSR Episode 165 - NewsCast for October 19th, 2015

October 19th, 2015


In this episode...

  • Standard & Poor's Adding Cybersecurity to Ratings
    • The headline
      • In a report issued this week, the rating agency says it …

DtSR Episode 164 - 3rd Party and Supply Chain Risks

October 12th, 2015


In this episode...

  • Raf asks why we talking about global supply chain, 3rd party risk again
  • Josh discusses what little things we are not thinking …

DtSR Episode 163 - NewsCast for October 5th, 2015

October 5th, 2015


In this episode...

  • Patreon got hacked, but it's OK
    • This is a lesson in how to do security in a reasonable manner
    • Great response, good security

DtSR Episode 162 - OSINT and Privacy in a Digital World

September 28th, 2015


In this episode...

  • Kirby tells us what OSINT is
  • We discuss how much we are giving away on digital channels?
  • We discuss if there is such a thing as …

DtSR Episode 161 - NewsCast for Sept 21st, 2015

September 21st, 2015


On this episode of the NewsCast

  • Intel forms new Automotive Security Research Board (ASRB) to focus on security of their automotive platform

DtSR Episode 160 - Leadership from a Navy SEAL

September 14th, 2015


In this episode...

  • Brandon, Michael and I discuss the challenges of leadership and how leadership is more than just telling people what to do. …

DtSR Episode 159 - NewsCast for Sept 7th 2015

September 7th, 2015


In this episode

  • Court strikes down Wyndham's challenge to FTC power
    • We have covered this before
    • Wyndham argued due proces and lack of case law - …

DtSR MicroCast 08 - Conference Engagement

September 1st, 2015


In this MicroCast, live from HTCIA Conference 2015 in Orlando, FL, Michael and I quickly set the stage for a conversation on conference speaker/attendee engagement. 

[Raf] One of my biggest pet peeves as a speaker is …

DtSR Episode 158 - Managing Security with Outsourced IT

August 31st, 2015


In this episode...

  • We discuss what life is like as the CISO when you have all the responsibility for, but no administrative access (or hands on …

DtSR Episode 157 - NewsCast for Aug 24th, 2015

August 24th, 2015


In this episode...

  • Just when you thought America's neutered "chip & sign" was a safe

DtSR Episode 156 - Leadership Defined Measured and Discussed

August 17th, 2015


In this episode...

  • We discuss the ever-growing need for strong leadership in security
  • I ask whether experience and longevity in a position naturally …

DtSR Episode 155 - NewsCast for Aug 10th, 2015

August 10th, 2015


In this episode...

  • The Belgian government's internal phishing test has "gone off the rails" a bit
    • Used a legitimate entity to test against
    • Panic …

DtSR Episode 154 - Enterprise Software Security Reloaded

August 3rd, 2015


In this episode

  • Raf asks - Why haven’t we solved the same old software security bugs?
  • James asks how a security team gets out of the way and still …

DtSR Episode 153 - NewsCast for July 27th, 2015

July 27th, 2015


In this episode...

  • "Hackers remotely kill a Jeep!"
    • Lots to talk about
    • Basics of segmentation weren't followed, aren't followed
    • Discussion on …

DtSR Episode 152 - The Great InfoSec Talent Shortage

July 20th, 2015


In this episode

  • Talent shortage - is it real, and how bad is it?
  • We discuss: what does negative unemployment actually mean?
  • Michael asks- ecurity is …

DtSR FeatureCast - HTCIA International Conference 2015 Preview

July 15th, 2015


In this episode...


  • Peter Morin joins us to talk through the upcoming HTCIA International 2015 Conference in sunny Orlando, Florida.
  • We talk …

DtSR Episode 151 - NewsCast for July 13th, 2015

July 13th, 2015


In this episode...

  • Appears as though Windows 10 WiFi Sense could have some issues with WiFi -- more on this as it develops
    • Why is the default …

DtSR Episode 150 - A CEOs Perspective

July 6th, 2015


In this episode

  • We take a little peek inside the mind of a CEO, from the security perspective
  • We discuss the state of information security in the …

DtSR Episode 149 - NewsCast for June 29th 2015

June 29th, 2015


In this episode

With me gone, James and Michael run feral!

  • It's June, so here are the top 3 security priorities for CISOs for 2015 (yes in June)

DtSR Episode 148 - Focus on the CISO

June 22nd, 2015


In this episode...

  • What is the Security Advisor Alliance?
  • We discuss some of the issues facing CISOs today
  • Clayton gives us his perspective on how …

DtSR Episode 147 - NewsCast for June 15th, 2015

June 15th, 2015


In this episode...

  • Facebook has released PGP-encryption-enabled email communications
    • The anti-privacy platform will now encrypt emails to you if …

DtSR Episode 146 - State of Enterprise Incident Response

June 8th, 2015


In this episode...

  • Defenders are set up to fail? how and why
  • How do we fill forensics and IR positions?What skills and qualifications do …

DtSR Episode 145 - NewsCast for June 1st, 2015

June 1st, 2015


Apologies to anyone who is having issues downloading this episode!

In this episode...

  • The ACLU encourages the government to get into bug bounties

DtSR Episode 144 - Insights from the ISC2 2015 Survey

May 25th, 2015


In this episode...

DtSR Episode 143 - NewsCast for May 18th, 2015

May 18th, 2015


In this episode...

  • Netflix launched FIDO (not that one, or that one, no the other one)
    • Focused on automating incident response practices
    • FIDO is an …

DtSR Episode 142 - Basics and Fundamentals, That Win

May 11th, 2015


In this episode...

  • A quick walk-through of Rob’s talk (“Hacker ghost stories”), and why it’s completely relevant today
  • Simple things that work

DtSR Episode 141 - NewsCast for May 4th, 2015

May 4th, 2015


In this episode...

  • A join Ponemon Institute & IBM Security study shows that, surprise surprise, developers are "neglecting security"
    • The study …

DtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015

April 27th, 2015


In this episode...

  • What about public safety, where do we draw the line on open research?
  • Self-regulation? Disclosure? What are our options…

DtSR Episode 139 - NewsCast for April 20th, 2015

April 20th, 2015


In this episode...

  • Friend and security researcher Chris Roberts steps into it... 
    • A poorly-conceived tweet, followed by mass hysteria
    • Most everyone …

DtSR Episode 138 - Useful Knowledge on Intelligence

April 13th, 2015


In this episode...

  • Where do you even start with “threat intelligence”?
  • Ryan talks about context, and why it’s *the* most important thing when it …

DtSR Episode 137 - NewsCast for April 6th, 2015

April 6th, 2015


In this episode...

  • TrueCrypt security audit results are good news, right? 
    • Why are some of the most depended-upon 

DtSR Episode 136 - Crypto and Privacy with Jon Callas

March 30th, 2015


In this episode...

  • Jon Callas gives a little of his background and his current role
  • We talk through why cryptography is so hard, and so broken today

DtSR Episode 135 - NewsCast for March 23rd, 2015

March 23rd, 2015


Remember folks, as you listen reach out to us on Twitter and hit the hashtag #DtSR to continue the conversation, and speak your mind! Let's hear what …

DtSR Episode 134 - Fundamental Security

March 16th, 2015


In this episode...

  • Michael C and the team talk bout "going back to basics" and the need for security fundamentals
  • Michael C talks a little about why …

DtSR Episode 133 - NewsCast for March 9th, 2015

March 9th, 2015


In this episode--

  • Law firm hit and crippled by ransomware, decides it's not paying the ransom.
    • They aren't quite sure what got encrypted
    • But they …

DtSR Episode 132 - Good Guys, Bad Guys, and Reality

March 2nd, 2015


In this episode...

  • We learn the origins of "RSnake" as told by Rob himself
  • Rob gives us a peek into the dark side, from his contacts and experiences

DtSR Episode 131 - NewsCast for February 23rd, 2015

February 23rd, 2015


In this episode--

  • Would you be OK with your credit card company tracking you, to decrease fraud rates? Visa wants to track your smartphone.

DtSR Episode 130 - Where Law and Cyber Collide

February 16th, 2015


In this episode

  • Traveler's Insurance files suit against a web developmeent company for failing to provide adequate security, resulting in a breach …

DtSR Episode 129 - NewsCast for February 9th, 2015

February 9th, 2015


Topics covered

  • Massive breach at American Health Insurer Anthem - from the "haven't we done this once before?" department as Queen - Another One …

DtSR MicroCast 07 - Taking Security Seriously

February 8th, 2015


This is the 7th installment (call it a rebirth) of the MicroCast. Short and to the point, Michael and James talk about the phrase breached companies use - "We take your security seriously..."

 .. join the conversation …

DtSR Episode 128 - When Breach, Buy the Dip

February 2nd, 2015


Fans - If you haven't booked your ticket for InfoSec World 2015 in sunny Orlando, FL check this out. Register using our code CLD15/RABBIT for 15% off.

If you want a chance to go for FREE, listen to Episode 127 for your …

DtSR Episode 127 - NewsCast for January 26th, 2015

January 26th, 2015


** There is a special gift for our listeners in this episode, from our friends at InfoSec World 2015! Listen to find out how you can go for free.

 We …

DtSR Episode 126 - The Defense Always Loses

January 19th, 2015


In this episode...

  • The blog post that started it all - 

DtSR Episode 125 - NewsCast for January 12th, 2015

January 13th, 2015


Welcome to a new year of the Down the Security Rabbithole Podcast! We are kicking off this year with a guest on this morning's program, Phil Beyer

DtSR Episode 124 - PCI DSS and Security (Yes, Really)

January 5th, 2015


Hi everyone! Welcome to the very first episode of the Down the Security Rabbithole Podcast for 2015! On this opening episode, Jeff Man joins us to …

DtSR FeatureCast - 2014 Year in Review

December 29th, 2014


Hey everyone! We're almost done with 2014 and another new year is right around the corner. We thought this was the perfect time to sit back, relax a little and reflect on the year that was...and boy was it ever!

Jack …

DtSR FeatureCast - US vs. Salinas ft. Shawn Tuma

December 22nd, 2014


In this episode

Attorney and CFAA expert Shawn Tuma joins us to talk about the US vs. Salinas case where Mr. Salinas was threatened with 440 years in jail, and now plead down to a misdemeanor. Prosecutorial discretion, …

DtSR Episode 122 - Enterprise Architecture's Role in Security

December 8th, 2014


In this episode

  • Michelle explains to us what Enterprise Architecture is, and what it isn't
  • Michelle gives her take on how both security and …

DtSR Episode 121 - NewsCast for December 1st, 2014

December 1st, 2014


Topics covered

  • Sony Pictures is having a very, very bad couple of days - and it could keep getting worse.

DtSR Episode 120 - Hacking the Human (again)

November 24th, 2014


In this episode

  • We revisit the 'human' side of hacking
  • Chris tells us all about the Defcon CTF his team has hosted
  • We discuss the role human nature …

DtR Episode 119 - NewsCast for November 17th, 2014

November 17th, 2014


Note: The hashtag for the show on Twitter has changed, please connect with us using #DtSR going forward. Thanks!


Topics covered

  • Update: Home Depot …

DtR Episode 118 - Demystifying Threat Intelligence

November 10th, 2014


In this episode

  • Adam and Dmitri discuss what is (and what isn't) threat intelligence
  • We discuss strategic, tactical and operational security …

DtR FeatureCast - Norse Corp DDoS - Nov 7 2014

November 7th, 2014


In this episode

  • Jeff explains a little bit about who Norse is, and why they were potentially targeted with a DDoS
  • We discuss what a DDoS is, how it …

DtR Episode 117 - NewsCast for November 3, 2014

November 3rd, 2014


Topics covered

  • Banks urging shoppers not to avoid breached retailers - Companies that get breached impact card holders minimally, at least as far as …

DtR Episode 116 - Lines in the Sand on Security Research

October 27th, 2014


In this episode

  • Chris attempts to explain the consternation with 'security research' right now
  • Kevin gives his perspective and why he doesn't quite …

DtR Episode 115 - NewsCast for October 20th, 2014

October 20th, 2014


Topics covered

  • The FBI paid a visit to the "researcher" who revealed (and tinkered with) the hacked Yahoo! servers - we discuss the various aspects …

DtR Episode 114 - Threat and Vulnerability Management

October 13th, 2014


In this episode

  • Ron gives us a brief history of Tenable and TVM for the enterprise
  • Ron answers "How do you make network security obtainable and …

DtR Episode 113 - NewsCast for October 6th, 2014

October 6th, 2014


Topics covered

  • The petition on titled "Unlock public access to research on software safety through DMCA and CFAA reform" and ...well …

DtR FeatureCast - CFAA, Shellshock and Security Research - October 2nd 2014

October 2nd, 2014


Thank you to Shawn Tuma - an attorney specializing in CFAA and a good friend of our show - for stopping by and lending his expertise on this episode. …

DtR Episode 112 - DREAMR Framework

September 29th, 2014


In this episode

  • DREAMR: What is it, and why is it so important to Enterprise Security today?
  • Examples of aligning business and security requirements …

DtR Episode 110 - Red Dragon Rising

September 15th, 2014


In this episode

  • Separating the hype from reality of the Chinese hacking threat
  • The escalation of economic tensions between US & China, over …

DtR Episode 109 - NewsCast for September 8th, 2014

September 8th, 2014


Topics covered

  • Apple has been making news, issuing guidance, and refuting a hack - all around iCloud

DtR Episode 108 - Security in State Government

September 1st, 2014


In this episode

  • We discuss the largest challenges in the state government sector
  • Brian discusses balancing the need for openness versus …

DtR Episode 107 - NewsCast for August 25, 2014

August 25th, 2014


Topics covered

  • Community health systems and UPS Stores breached - an analysis and contrast of the two breaches, the data, and the common message

DtR Episode 106 - My Compliance is Better Than Your Security

August 18th, 2014


In this episode

  • Jason tells us why he isn't hating on compliance
  • Jason talks about how security people are often the source of the issues
  • Jason …

DtR Episode 105 - NewsCast for August 11, 2014

August 11th, 2014


Topics covered

  • Survey shows CISOs still struggle for respect (from business peers)

DtR Episode 104 - JW Goerlich - Security Leaders Series

August 4th, 2014


In this episode

  • Who is J.W. Goerlich (redux from episode - 
  • How did he get to where he is now?
  • How does the security executive deal with the "moving …

DtR Episode 103 - NewsCast for July 28th, 2014

July 28th, 2014


Topics covered

  • Certificate pinning back in the spotlight with the GMail iOS app having some difficulties, but there is a bigger issue here. We …

DtR Episode 102 - Security Leaders Series - Jim Tiller

July 21st, 2014


In this episode

  • Jim Tiller - a few things you probably didn't know?
  • In the last 15 years, what has changed, and what hasn't?
  • Why isn't security …

DtR Episode 101 - NewsCast for July 14th, 2014

July 14th, 2014


Topics covered

  • Florida Information Protection Acf of 2014 is in the books, and it brings "sweeping changes" to the data breach disclosure process in …

DtR Episode 100 - Security Wisdom from Dan Geer

July 7th, 2014


In this episode

  • Who is Dan Geer (just in case you live in a cave and don't know)
  • Dan's definition of security - "The absence of unmitigatable …

DtR Episode 99 - NewsCast for June 30th, 2014

June 30th, 2014


Topics covered

  • Your server may have a hardware flaw that exposes your baseband management interface to the world - 

DtR Episode 98 - Grr (Grr Rapid Response)

June 23rd, 2014


In this episode

  • What exactly is "GRR"?

  • What sorts of things can GRR do?

  • What is a hunt, and how does it scale across tens of thousands of machines?

  • How …

DtR Episode 97 - NewsCast for June 16th, 2014

June 16th, 2014


Note: I want to thank Will Gragido for stopping by this morning to talk over the news with us. Always great to have someone with a fresh perspective, …

DtR Episode 96 - A CIO Talks About CISOs

June 9th, 2014


My apologies for some of the skips in this episode - we had some difficulty with the recording and ultimately I hope it doesn't take away from Joe's …

DtR Episode 95 - NewsCast for June 2nd, 2014

June 2nd, 2014


Note: Today, Kim Halavakoski joined us on the show to provide perspective all the way from Finland! We appreciate his international addition to the show, and hope the listeners enjoy the added brainpower.


Topics …

DtR Episode 94 - ICANN, Tor, and Internet Freedom

May 26th, 2014


In this episode

  • Jeff explains the background of the relationship between the US government, ICANN and IANA
  • What is the ITU and why is this $0 …

DtR Episode 93 - NewsCast for May 19th, 2014

May 19th, 2014



  • I want to thank Circle City Con as a sponsor for the show! I have one more ticket to give away ... so watch the #DtR hashtag on …

DtR Episode 92 - Rapid Incident Response [Guests: Robin Jackson, Dan Moore]

May 12th, 2014


In this episode

  • Dan gives us the reality of living in what is commonly termed "the post-breach" world
  • Dan and Robin talk through the explosion in …

DtR Episode 91 - NewsCast for May 5th, 2014

May 5th, 2014


Topics dicussed

  • Microsoft has issued a patch for the massive MS IE flaw - for WindowsXP! - 

DtR Episode 90 - Things Your Auto Insurance Knows [Anonymous guest]

April 28th, 2014


In this episode

  • We discuss some of the new techniques auto insurance companies are using to custom-tailor rates to drivers
  • Our guest discusses some …

DtR Episode 88 - Advanced Threat Actors [Panel Discussion]

April 14th, 2014


In this episode

  • Advanced Threat Actors - more or less a threat right now than before? (how much is hype?)
  • Advanced Persistent Threat - is it really …

DtR Episode 87 - NewsCast for April 7th, 2014

April 8th, 2014


Topics covered

DtR Episode 86 - From DDoS to Quantum Computing [Guest: Prof Alan Woodward]

March 31st, 2014


In this episode

  • Rise of DDoS
    • Where did it come from
    • What's next
    • Why does it work
    • Spoofer project
    • 3-DOS attacks
  • Quantum computing
    • What is it
    • How …

DtR Episode 85 - NewsCast for March 24th, 2014

March 24th, 2014


Topics covered

  • The FTC jumps into the breech (pun intended) and may try and levy fines against Target, and future breach victims -

DtR Episode 84 - Rise of the Security Machines [Guest: Alex Pinto]

March 17th, 2014


In this episode

  • what is the promise of automation, and where did we go wrong (or right?)
  • the problems with 'volume' (of logging) and the loss of …

DtR Episode 83 - NewsCast for March 10th, 2014

March 10th, 2014


Topics covered

  • Target CIO resigns, new central CISO and CCO roles created; but what's really going on here? - 

DtR Episode 82 - Likely Threats [Guests: Lisa Leet, Russell Thomas, Bob Blakley]

March 3rd, 2014


In this episode

  • Does is make sense, in a mathematical and practical senes, to look for 'probability of exploit'?
  • How does 'game theory' apply here?

DtR Episode 81 - NewsCast for February 24th, 2014

February 24th, 2014


Topics covered

  • Apple had a "Goto Fail" failure - yes people at Apple Computer still use Goto statements in 2014 - 

DtR Episode 80 - Lies, Damned Lies, and #InfoSec Statistics [Guests: Jay Jacobs, Bob Rudis]

February 17th, 2014


In this episode

  • Jay and Bob talk about their new book
  • A discussion on using data as 'supporting evidence' rather than gut feelings
  • Do we have …

DtR Episode 79 - NewsCast for February 10th, 2014

February 10th, 2014


Topics covered

  • In the wake of the Target & Nieman Marcus breaches - is chip+pin really a priority right now, and does it solve the real problem? …

DtR Episode 78 - Legal Professional Privilege [Guest: David Prince]

February 3rd, 2014


In this episode

  • David discusses what it's like working for a law firm (in the UK)
  • A quick wade through the UK Data Protection Act (mostly Principle …

DtR Episode 77 - NewsCast for January 27th, 2014

January 27th, 2014


Special thanks to Michael Santarcangelo ( @catalyst ) for stopping by the show and guest-hosting with James and I! We had fun, and I think you'll all …

DtR Episode 76 - Payment Industry Turmoil [Guests: Laura Claytor & Alfred Portengen]

January 20th, 2014


In this episode

  • Did the Target/Neiman/? breach finally create a catalyst for change?
  • The card system, payment processing infrastructure clearly …

DtR Episode 75 - NewsCast for January 13th, 2014

January 13th, 2014


I can't believe it's 2014 already, and we're rolling through our 3rd calendar year! As we grow and you "regulars" mount, James and I want to thank …

DtR Episode 74 - Supply Chain [In]Security

January 6th, 2014


In this episode

  • Chris Wysopal - who is that masked man?
  • Putting some reality to the state-sponsored backdoors (Huawei) and supply-chain compromise

DtR Episode 72 - Applied Threat Research and Defense

December 23rd, 2013


In this episode

  • Will gives us a lay of the land on the state of "state sponsored" and advanced threats
  • We discuss collective advances in malware
  • We …

DtR Episode 71 - The 2013 Year in Review

December 16th, 2013


Hello! This is a special episode in that it's our year-end wrap-up. We bring together 3 of the industry's best to talk about the year that was, the things that made were on your mind, and maybe give us a hint at what is …

DtR Episode 70 - Embedded Systems Shenanigans

December 9th, 2013


Folks, if you work with, design, or implement embedded systems this is one episode you don't want to miss. Fair warning, it's a little bit long at …

DtR Episode 69 - NewsCast for December 2nd, 2013

December 2nd, 2013


Special thanks to Steve Ragan ( @SteveD3 ) for sitting in this morning and providing his perspective as a journalist.

Topics Covered

  • "Leaked" FBI …

DtR Episode 68 - Buffer's Big Hack

November 25th, 2013


I want to thank Carolyn Kopprasch and the @BufferApp team for getting back to me, and agreeing to not only join the podcast, but also field questions …

DtR Episode 67 - NewsCast for November 18th, 2013

November 18th, 2013


I'm back! Maybe a little sleep-deprived and a tad grumpier than usual, but back to talk news!

Topics Covered

  • Microsoft unveils the new Digital …

DtR Episode 66 - ISSA International 2013 - Cowperthwaite Weighs In

November 11th, 2013


In this episode...

  • We revisit some of the topics Eric & I talked about nearly 2 years ago at ISSA International, Baltimore.
  • Eric discusses the

DtR Episode 65 - NewsCast for November 4th, 2013

November 6th, 2013


Hey all - Raf here and I wanted to thank James for flying solo as my wife and I celebrate the brith of Niccolai and Isabella our new twins! I'll be …

DtR FeatureCast - Rt Hon Baroness Neville-Jones on CyberSecurity

October 26th, 2013


In this episode

  • We get a peek into the first member of English Royalty that we've ever had on the podcast
  • Baroness Neville-Jones discusses the …

DtR Episode 63 - NewsCast for October 21st, 2013

October 21st, 2013


Thanks to Josh Corman for joining us this morning ... always nice to have Josh's experience and brain power on the show.

Topics Covered

  • Gargantuan …

DtR Episode 62 - A Peek Behind the Blue Curtain

October 14th, 2013


In this episode...

  • James and I host legitimate Polynesian royalty (a princess....) really!
  • Katie gives us the skinny on Microsoft's 10 year …

DtR Episode 61 - NewsCast for October 7th, 2013

October 7th, 2013


Big thanks to the soon-to-be-regular peanut gallery ... @JoeKnape and @BeauWoods for jumping in this morning and breaking it down with James and I.

DtR Episode 60 - Conversations from DerbyCon 3

September 30th, 2013


In this episode...

  • Dave Kennedy wraps up DerbyCon 2013, and gives us the statistic you don't want to tell your management
  • Dave announces the top …

DtR Episode 58 - NewsCast for September 23rd, 2013

September 23rd, 2013


I want to thank Mr. Josh Corman ( @JoshCorman ) for guest-commentating today's episode, and lending his expertise and industry leadership point of …

DtR FeatureCast - HP Protect 2013 - Episode 3

September 18th, 2013


For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

DtR FeatureCast - HP Protect 2013 - Episode 2

September 18th, 2013


For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

DtR FeatureCast - HP Protect 2013 - Episode 1

September 18th, 2013


For those of you unfamiliar with the event, HP Protect is the premier event of the year for the HP Enterprise Security products and services organization, held to bring customer practitioners, industry experts, …

DtR Episode 58 - Of BSides and Bettering Infosec

September 16th, 2013


In this episode...

  • Mike explains once and for all how the BSides namesake came to be
  • We talk about how the industry has evolved over the last 10+ …

DtR FeatureCast - HTCIA International 2013

September 13th, 2013


Today I had the pleasure of sitting down with one old friend, and one new. As a speaker at the HTCIA International conference, and the CISO Summit - …

DtR Episode 57 - NewsCast for September 9th, 2013

September 9th, 2013


I want to thank our guests - Beau Woods and Joe Knape for joining us this morning. It was great to have these two well-versed commentators on the …

DtR Episode 56 - Understanding the [InfoSec] Elephant

September 4th, 2013


Every once in a while this podcast has a guest who makes us truly feel blessed to be doing this - Rob Dubois is one of those people. If you don't …

DtR Episode 55 - NewsCast for August 26th, 2013

August 26th, 2013


Since James is out this week with something called "work", I've pulled in two friends (affectionately known as "The Joshes") Josh Marpet and Josh C. …

DtR Episode 54 - Evolution of InfoSec with The Godfather of IPS

August 19th, 2013


In this episode...

  • Rob gives us a little history lesson
  • Rob keeps going on the history lesson, IDS, open vs. closed circuits
  • We discuss "defense in …

DtR Episode 53 - NewsCast for August 12, 2013

August 12th, 2013


Topics Covered

  • The trash bin that stalked me (seriously, only in London) - 

DtR Episode 52 - Advanced threats, remedial defenses, broken record

August 5th, 2013


In this episode...

  • Dave reminisces a bit...
  • Dave discusses 'digitall signed malware' and that it means
  • We discuss whether it's true that 'all …

DtR Episode 51 - NewsCast for July 29th, 2013

July 29th, 2013


Ladies and gentlemen, we are over the 50 episodes mark!  If you've enjoyed the podcast, please go rate us in the iTunes store, or leave us a note here. Have you checked out past episodes?! There are some gems in there, …

* DtR Episode 50 - The Emergence of Geopolitics in InfoSec

July 22nd, 2013


Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into …

DtR Episode 49 - NewsCast for July 15th, 2013

July 15th, 2013


Topics Covered

  • 9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrook

DtR Episode 48 - Securing HP Software

July 8th, 2013


In this episode...

  • We get a little insight into the mind of Tomer, and how he thinks about security
  • We get an insight into what HP Software IT …

DtR Episode 47 - NewsCast for July 1st, 2013

July 2nd, 2013


*Apologies for this very important episode getting out a bit late ladies and gents, experienced a loss in the family so things were a little slow to …

DtR Episode 46 - Serious Problems with Industrial Control System

June 24th, 2013


In this episode...

  • The gang discusses the issues with the rapid escalation of connectivity in modern-day industrial control systems
  • What specialized …

DtR Episode 45 - NewsCast for June 17th, 2013

June 17th, 2013


This week, James is flying solo on the microphone catching you up on all the latest news and BIG stories since I'm at HP Discover, Las Vegas and …

DtR Epsiode 44 - Unmasking Security Products

June 10th, 2013


In this episode...

  • We discuss the true nature of many of the security products decisions CISOs have to make every day
  • Frank and Raf make very poorly …

DtR Episode 43 - NewsCast for June 3rd, 2013

June 3rd, 2013


It's June already?! Where has the first half of 2013 gone? James and I break down the last 2 weeks of interesting InfoSec news in a short "Monday …

DtR Episode 42 - Threat Modeling

May 28th, 2013


In this episode...

  • John discusses some of the foundational principles of Threat Modeling
  • We talk about why threat modeling is like your time in high …

DtR Episode 41 - NewsCast for May 20th, 2013

May 20th, 2013


Welcome to Monday, May 20th 2013 as James and I discuss the last 2 weeks' worth of Information Security news and relate it (attemptively) to your enterprise day-job. This week was a bit on the lighter side, with the …

DtR Episode 40 - Breakers, Builders, and the Enterprise

May 13th, 2013


In this episode...

  • Kevin, James and I discuss why penetration testing reports are often so worthless
  • Kevin and I disagree. Then we agree, sort of.

DtR Episode 39 - NewsCast for May 6th, 2013

May 6th, 2013


It's another beautiful Monday (somewhere) and we've got the news of the last 2 weeks covered, and we're breaking it down for you. The news this week …

DtR Episode 38 - Enterprise Security in the Real World

April 29th, 2013


In this episode...

Live (live-to-tape) from 44Con, London, England.

It's amazing, listening to this episode recorded at 44Con last fall, how little the landscape of enterprise security has changed. I took some time …

DtR Episode 37 - NewsCast for April 22nd 2013

April 22nd, 2013


It's Monday April 22nd, 2013, and here are the topics from the last 2 weeks James ( @jardinesoftware ) and I ( @Wh1t3Rabbit ) will be talking about as we Monday-morning-quarterback the last 2 weeks in Information …

DtR Episode 36 - Unmasking Cyber Intelligence with Jeffrey Carr

April 15th, 2013


In this episode...

  • A critical discussion on the available 'cyber intelligence' reports from various vendors
  • How hard is attribution in cyber space, …

DtR Epsiode 35 - NewsCast April 8th, 2013

April 8th, 2013


In this second episode of our Monday morning InfoSec quarterbacking, James and I actually got through the news items we had lined up in just about 20 …

DtR Episode 34 - The Inside Scoop on Cyber Liability Insurance

April 1st, 2013

First ...a milestone.

I want to take this time to formally welcome Mr. James Jardine, of SecureIdeas, as my permanent co-host to the podcast. James has experience podcasting as he already co-pilots the Professionally …

DtR Episode 33 - NewsCast March 25th, 2013

March 25th, 2013

Welcome to the Down the Rabbithole NewsCast!

Join me in welcoming James Jardine ( @JardineSoftware) of Secure Ideas to the show as a permanent …

DtR Episode 32 - Big Data in Little InfoSec

March 18th, 2013

In this episode...

  • We discuss "big data", what the heck it really is, and whether it's something new, something old, or something marketing made up

DtR Episode 31 - Analyzing US vs. Cotterman (Cyber Law)

March 11th, 2013


This timely podcast is right on the heels of the US vs. Cotterman decision from the 9th Circuit Court of Appeals. One of the watershed decisions on privacy and digital law, this is an extremely important case …

DtR Episode 30 - It's Always a Business Decision [MISEC edition]

March 8th, 2013


Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of …

DtR Episode 29 - Shawn Tuma - The Law and the Hacker

February 5th, 2013


Shawn and I have been trying to get together to record an episode for what seems like forever. We first started talking about the CFAA …

DtR Episode 28 - Bill Burns - InfoSec in a Cloud of Constant Flux

January 29th, 2013


I sat down with Bill at ISSA International in Anaheim, CA in the fall of 2012 to discuss what it's like, and what types of challenges he faces in the fast-paced, hybrid world of security at Netflix. We talked …

DtR Episode 27 - Guest: Mikko Hypponen - Way beyond viruses

January 7th, 2013


To kick off January on the Down the Rabbithole podcast I have Mikko Hypponen, the "malware adventurer" and Chief Resarch Officer from …

DtR MicroCast 06 - Guests: Steven & Martin - Hacking in Quebec (

December 21st, 2012


This microcast episode was recorded live from 2012, on location in Quebec. The conference is a phenomenal success for the challenges they face (primarily non-English speaking region, small market, …

DtR Episode 26 - Guest: Brad Arkin of Adobe - Software Security Under Pressure

December 18th, 2012



This episode is special because it's been a long-time-in-the-making interview with Brad Arkin of Adobe. This is the organization that many of the hacker community like to hate, and pick on - without realizing …

DtR MicroCast 05 - Guest: Eric Cowperthwaite - The Rise and Fall of Enterprise IT

October 26th, 2012


LIVE from day 2 of the ISSA International conference 2012, in Anaheim, California I cornered Eric Cowperthwaite after a much-anticipated year-long wait... and we talked about his prediction that in the next 2 …

DtR Episode 25 - Guests: Jim Manico, David Litchfield - From Black Hat 2012 with SQLi

October 22nd, 2012


When I caught up with these two gentlemen in Amsterdam over the week of Black Hat 2012, I knew we wouldn't run out of things to talk about! …

DtR Episode 24 - Guests: DarthNull & InfoJanitor - All the Things InfoSec

October 4th, 2012


This week we went free-form with two of my favorite InfoSec insiders ...people you probably follow on Twitter but can't quite place.  Here …

DtR Episode 23 - Guest: Patrick C. Miller - Energy Sector, SmartGrid and Resiliency

September 24th, 2012



Today's podcast discussion is with someone who has one of the toughest jobs in the security world... Patrick helps organizations that generate and deliver the power that runs our gadgets and critical systems …

DtR Episode 22 - Guests: Marc Blackmer, Matt Morgan - Security + App Lifecycle viewpoints

September 20th, 2012


This episode is a mini-episode recorded live from the social media lounge at HP Discover Las Vegas 2012.  It was an incredible show, where I caught up with Marc and Matt - two guys who are really from opposite …

DtR Episode 21 - Guests: Wickett, Galbreath, Saudan - "Deploy faster, safer"

August 29th, 2012



In this episode we ask the big question of "Can security be a part of the 'build/deploy faster!' culture?"  We discuss the need to separate …

DtR Episode 20 - Guest: Gene Kim - DevOps live from HP Discover Las Vegas

August 6th, 2012


This episode was recorded in June '12, live from the show floor at HP Discover Las Vegas, 2012 and the talk of the town was once again DevOps.  Gene and I have had 2 prior conversations on the topic, but we're …

DtR - Episode 19 - Bob Arno: The world's foremost legal pickpocket

July 10th, 2012



This episode is special, not because it's more Info Security stuff, but because we take a far departure from the world of bits and bugs to the world of the pick-pocket and thief.  Sitting down with Bob Arno is …

Down the Rabbithole - Episode 18 - Kellman Meghu: Chaos, Resiliency, and more

July 2nd, 2012


I caught up with my friend Kellman Meghu at BSides Detroit as the conference was coming to a close and we finally got to sit down and have a fun conversation about chaos, and what sorts of things enterprises …

Down the Rabbithole - Episode 17 - Adam Shostack on New School Security

June 18th, 2012



Greetings fans, this episode promises to be a great one with the likes of Adam Shostack starting off talking about what the whole concept of …

MicroCast 04 - Kevin Riggins & Kenneth Johnson - QA + Security Software Testing

June 14th, 2012


Last winter, on a frigid afternoon I got a chance to sit down with 2 of my favorite Iowa locals, Kevin and Kenneth to talk about the tenuous relationship between QA and Information Security.  Earlier in the day …

Feature - Welcome to HP Discover Las Vegas 2012

June 4th, 2012

Greetings friends!  I am taking some time to do something a little out of the ordinary right now... I'm coming to you from beautiful Las Vegas, …

Down the Rabbithole - MicroCast 3 - Paul Elwell + Albert School - Measuring Security

May 29th, 2012


This episode of Down the Rabbithole microcast (~15 minutes length) was recorded live at the Ohio Information Security Summit.

Albert and …

Down the Rabbithole - Episode 16 - Spacerog and Shpantzer talk CyberPocalypse

May 25th, 2012


In this episode, streamed live and recorded for your listening pleasure, I'm joined by @SpaceRog and @Shpantzer from Security BSides Delaware.  What started out as an off-the-cuff discussion on the 'Cyber …

Down the Rabbithole - Episode 15 - Backstage at THOTCON 0x3

May 8th, 2012


It's rare that I get to be a spectator at a podcast, but in this case I was listening to some of the conversations and talks being given at …

Down the Rabbithole - Microcast - THOTCON 0x3_1

April 27th, 2012



In this short microcast we rap about the THOTCON 0x3 experience, why we think the Chicago community has taken off so much, and what sorts of interesting things make THOTCON, and the local hacker con here in …

Down the Rabbithole - Episode 14 - Dave Frederickson on Cloud Reality

April 24th, 2012



This episode I sit down with Dave Frederickon who has a unique viewpoint on cloud computing from a Canadian point of view, as well as a VP of the HP Canada business.  I pose some tough questions to Dave …

Down the Rabbithole - Episode 13 - Mark Radcliffe - The Ts and Cs of Cloud Computing

April 2nd, 2012



On this episode of Down the Rabbithole I get the distinct pleasure of sitting down with one of Silicon Valley's top attorneys to talk Cloud …

Special - Cloud Legal Panel - Chicago Cloud Security Alliance Chapter Meeting March 7th, 2012

March 21st, 2012



This 1 hour podcast was recorded live at the March 7th, Chicago Cloud Security Alliance chapter meeting, where we were fortunate enough to have a panel of attorneys discuss the issues with cloud security from a …

Down the Rabbithole - Episode 12 - Chris Hadnagy - Hacking the Human (mind)

March 5th, 2012



The guest on this podcast will blow your mind ... literally.  He is none other than the "human hacker" himself, Christopher Hadnagy, who has written a book and now runs  Chris is a …

Down the Rabbithole - Episode 11 - Nathaniel Dean discusses software security red teams

March 1st, 2012



I had the pleasure of sitting down with Nathaniel Dean, someone I had met through a mutual colleague's introduction, and hear about a neat …

Down the Rabbithole - Special - "Master the Cloud" Calgary (w/celebrity guest Adam Growe)

February 11th, 2012



  We were "live to tape" (as Adam says) from HP's Master the Cloud event in Calgary.  As we wrap up the road tour in the frozen city of Calgary I had the pleasure of sitting down with a comedian and celebrity, …

Down the Rabbithole - Episode 10 - "The real Gene Kim" on DevOps, KPIs & high performance IT

February 6th, 2012



World-renowned author, researcher, speaker and founder of legendary TripWire joins me semi-live from LASCON in Austin, Texas to talk about his current project(s) [The DevOps Cookbook, and When IT Fails: A …

Down the Rabbithole - Special - "Master the Cloud" Toronto

January 31st, 2012



I sat down at the HP Master the Cloud ( event in Toronto, Canada to answer some Twitter-based questions, talk about the trade show, and listen to some of the fantastic things Victor and his team …

Down the Rabbithole - Special - "Master the Cloud" Montréal

January 26th, 2012



  This special episode of Down the Rabbithole is sponsored exclusively by HP Canada, and I wanted to thank them for hosting this fantastic …

SecBiz Monthly Call - January - "Eating our own dogfood"

January 26th, 2012



  This month's cal lkicks off 2012 with a big question - "Do security professionals follow their own policies?" ... and as we talk through …

Down the Rabbithole - Episode 09 - Jeff Reich Explains "Table Stakes" and Other InfoSec Genius

January 16th, 2012



This episode with Jeff was awesome, recorded at the OWASP LASCON security conference, I got a chance to sit down with Jeff in person and talk shop.  I always learn something, but in this podcast Jeff dispensed …

Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 3)

January 9th, 2012



  This is the third and final part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk …

Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 2)

December 28th, 2011



  This is the second part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what …

Down the Rabbithole - Holiday 2011 Year End Wrap-Up Episode (Part 1)

December 26th, 2011



  This is the first part of a 3-part (3 x 30 minute segments) holiday episode that was aired LIVE, where Will, Scott and I talk about what …

Down the Rabbithole - Episode 08 - Kris Herrin: Surviving and Thriving with Data Breaches

December 20th, 2011



  On this edition of the podcast, Kris Herrin joins me from the ISSA International Conference to talk about his unenviable role as Chief …

Down the Rabbithole - Episode 07 - David Elfering's "As the Security Lightbulb Turns"

December 6th, 2011



  My guest David Elfering (@icxc on Twitter) and I go all over the map covering various SecBiz related topic, and come up with a fantastic …

Down the Rabbithole - Episode 06 - Jeff Moss Talks Internet Evolution

November 21st, 2011



  In this edition of the podcast, I sit down with Jeff Moss (@TheDarkTangent) to talk about all of the interesting evolutions currently …

Down the Rabbithole - Feature MicroCast 02 - "The Erosion of Privacy"

November 14th, 2011



  This is perhaps the most important podcast I've recorded to date, and probably will record for some time.  The guests on my show in this episodes are not only privacy experts, but people who deal with digital …

Down the Rabbithole - Episode 05 - Bryan Stiekes Says InfoSecurity is Fundamentally Broken

November 7th, 2011



  This week I host Bryan Stiekes, a distinguished technologist with HP ...and not a security guy by trade.  Bryan has been a part of IT for …

Down the Rabbithole - MicroCast 01 - Security is Just Good IT

October 31st, 2011



  This is the first MicroCast, a new 15-minute format jammed packed with a series of great topics.  This time around, Jack Nichelson joins me and tells us how Bruce Lee feels about IT Security (this is a great …

Down the Rabbithole - Episode 4 - Effective Small Business Security

October 24th, 2011



  This is a special episode for anyone who's feeling like "Information Security" in their small business is impossible.  My guests and I talk through how to make information security a proper entity that can …

Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"

October 10th, 2011



  Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. …

Down the Rabbithole - Episode 2 - "Can You Be Hacked Out of Business?"

September 29th, 2011



This edition of the podcast doesn't hold back.  We ask "Can someone be hacked out of business?" and as usual we don't really like the …

Down the Rabbithole - Episode 1 - "Everyone's getting hacked, is it time to panic?"

September 16th, 2011


This is the inaugural podcast episode of Down the Rabbithole.

Our podcast focuses on security, but from a business perspective and shines a light on …

The #SecBiz Podcast - Talking "Cloud Security" with Phil Cox

September 13th, 2011


Phil Cox joins Rafal (aka Wh1t3 Rabbit) and Martin McKeay and a gallery of others dicussing the issues with the very nebulous term "Cloud Security", …

Loading ...

Are you the creator of this podcast?

Verify your account

and pick the featured episodes for your show.

Listen to Down the Security Rabbithole Podcast


A free podcast app for iPhone and Android

  • User-created playlists and collections
  • Download episodes while on WiFi to listen without using mobile data
  • Stream podcast episodes without waiting for a download
  • Queue episodes to create a personal continuous playlist
RadioPublic on iOS and Android
Or by RSS
RSS feed

Connect with listeners

Podcasters use the RadioPublic listener relationship platform to build lasting connections with fans

Yes, let's begin connecting
Browser window

Find new listeners

  • A dedicated website for your podcast
  • Web embed players designed to convert visitors to listeners in the RadioPublic apps for iPhone and Android
Clicking mouse cursor

Understand your audience

  • Capture listener activity with affinity scores
  • Measure your promotional campaigns and integrate with Google and Facebook analytics
Graph of increasing value

Engage your fanbase

  • Deliver timely Calls To Action, including email acquistion for your mailing list
  • Share exactly the right moment in an episode via text, email, and social media
Icon of cellphone with money

Make money

  • Tip and transfer funds directly to podcastsers
  • Earn money for qualified plays in the RadioPublic apps with Paid Listens