Wed, 15 February 2017
This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating discussion, we discuss many of the topics security executives and leaders are talking about right now - but as you have come to expect this is less about 'security' and more about protecting what matters.
We want to thank Neira for taking the time out of her busy schedule to join us on the show, and encourage discussion on the topics we covered - if you listen, and you have an opinion (I know you do) then let's discuss using the hashtag #DtSR on twitter.
Direct download: DtSR_Episode_232_-_Security_Fraud_Digital_Payments.mp3
Category:Enterprise Security -- posted at: 11:29am CST
Wed, 8 February 2017
It is that time of year of W-2 Scams
Cops use pacemaker data to charge homeowner with arson, insurance fraud
Facebook rolls out 2FA Hardware
5 Cybersecurity Tools Your Company Should Have
Appeals Court Blocks Target Data Breach Settlement
Direct download: DtSR_Episode_231_-_NewsCast_for_February_7th_2017.mp3
Category:NewsCast -- posted at: 3:00am CST
Tue, 31 January 2017
On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the finer points of Internet of Things (IoT) security ... or complete lack thereof.
If you own gadgets that are 'connected' or you are ever around them (hint: you're surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017.
Direct download: DtSR_Episode_230_-_The_IoT_You_Got_for_Christmas.mp3
Category:Enterprise Security -- posted at: 1:56am CST
Wed, 25 January 2017
Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled)
Digital transformation forces businesses to rethink cybersecurity
Mobile is still the safest place for your data
The WhatsApp Backdoor That Isn’t
Organizational complexity is the greatest threat to cybersecurity
Direct download: DtSR_Episode_229_-_NewsCast_for_January_24th_2017.mp3
Category:NewsCast -- posted at: 8:33am CST
Tue, 17 January 2017
This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing risk/usability and how some of the things you've heard about endpoint may simply be ... wrong.
Join James and I as we let Paul endow us with his wisdom and experience... take some notes, this one's going to be good.
Direct download: DtSR_Episode_228_-_Another_Look_at_Endpoint_Security.mp3
Category:general -- posted at: 6:27pm CST
Thu, 12 January 2017
St. Jude, MedSec and the FDA
New York financial regulator to delay cyber security rules
Massachusetts makes data breach reports available online
California passes law making ransomware illegal
Online databases dropping like flies, with >10K falling to ransomware groups
TV anchor says live on-air ‘Alexa, order me a dollhouse’ - guess what happens next
Direct download: DtSR_Episode_227_-_NewsCast_for_January_10th_2017.mp3
Category:NewsCast -- posted at: 12:38pm CST
Tue, 3 January 2017
Welcome to the first Down the Security Rabbithole Podcast episode of 2017!
We would like to kick off this year, and the run to episode 250 with an episode that dissects the facts from the fiction on the topic of "Advanced Threats". With all the talk in the news about the Russians "hacking the US election" (yes, that's absolutely silly to call it that) and talk of retaliation, it's important to have a frank discussion on the merits of the concept of advanced threats.
Sit back, grab a coffee and listen. I know you'll want to listen to this one more than once!
If you have a moment, and you actually read the show notes, we would love it if you could give us a rating on iTunes or actually leave a comment on the podcast page. Get engaged on Twitter, using the hashtag #DtSR!
Sergio Caltagirone hunts evil. He spends his days hunting hackers and his evenings hunting human traffickers. After 9 years with the US Government, over 3 years at Microsoft and now at Dragos, Sergio not only hunted the most sophisticated targeted hackers in the world but also applied that intelligence to protect billions of users worldwide and safeguarding civilization through the protection of critical infrastructure and industrial control systems. He co-created the Diamond Model of Intrusion Analysis proudly helping thousands of others bring more pain to adversaries by strengthening hunters and intelligence analysts. He also proudly serves as the Technical Director of the Global Emancipation Network, a Non-Governmental Organization, leading a world-class all-volunteer team hunting human traffickers and finding their victims through data science and analytics working towards saving tens of millions of lives.
You can find Sergio on Twitter at @cnoanalysis
Direct download: DtSR_Episode_226_-_Target_Threats_Facts_From_Fiction.mp3
Category:general -- posted at: 9:27am CST
Tue, 20 December 2016
Merry Christmas, Happy New Year everyone!
May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the very best and a healthy, prosperous and fulfilling 2017.
We will be back in 2017 with another great DtSR Episode... but before we go - here's one last NewsCast for 2016.
Yahoo - setting records again - biggest hack ever
Netgear Routers - Simple fix, Difficult fix
Microsoft Patches dangerous backdoor in skype for Mac OSX
Flash being relegated by MS’s Edge browser… is it time?
Direct download: DtSR_Episode_225_-_NewsCast_for_December_20th_2016.mp3
Category:NewsCast -- posted at: 11:50am CST
Tue, 13 December 2016
On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be responsible for patching the devices they own? Is it the vendor who sells the wares? Is it the manufacturer who sells things with security issues?
What if it was everyone's problem? How do we police, legislate and ultimately assign blame? Should we be assigning blame, and more importantly what gives with this fascination for blaming the victim?
Lots of questions are asked and we start to tackle some of the answers...maybe.
Direct download: DtSR_Episode_224_-_Pointing_the_Finger_of_Responsibility.mp3
Category:Enterprise Security -- posted at: 10:55am CST
Tue, 6 December 2016
Federal Government Disproves the Myth of Cyber Talent Shortage
5 Mistakes to Avoid to Hire Qualified Application Security Talent
Obama Cyber Security Commission to [Finally] Present Its Report
The First Question Security Leaders Need to Ask Before the Breach Happens
Amazon Unveils Anti-DDoS Service for Customers
Direct download: DtSR_Episode_223_-_NewsCast_for_December_6th_2016.mp3
Category:general -- posted at: 8:46am CST
Tue, 29 November 2016
This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's implemented. It's a concept everyone should be familiar with by now - but I bet you aren't!
Join us, and as always provide feedback to the team using the hashtag #DtSR on Twitter, and you can always ping John directly at @Kindervag as well.
Tue, 22 November 2016
DHS Releases Strategic Principles for Securing the Internet of Things
What about the “need” for IoT legislation?
Facebook buys black market passwords to keep your accounts safe
Michael just got back from Boston, hosting a CISO Leadership Conferences. We discuss the trends that came up…
→ just the trends…
Tue, 15 November 2016
This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off the hamster wheel.
As always, #DtSR on Twitter to join in our conversation.
Tue, 8 November 2016
It is election day.. Have you voted?
Beware, IPhone Users: Fake retail apps are surging before the holidays
Moving Beyond EMET
Tesco Bank blames ‘systematic sophisticated attack’ for account losses
Google Discloses “Critical Flaw” in Microsoft OS 10 Days After Notifying
Tue, 1 November 2016
This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are running their criminal enterprise, security teams have struggled to be business-relevant. This discussion starts to dive into how to align security and business goals, answering the "how much is enough?" question and so much more.