Wed, 15 February 2017
This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating discussion, we discuss many of the topics security executives and leaders are talking about right now - but as you have come to expect this is less about 'security' and more about protecting what matters.
We want to thank Neira for taking the time out of her busy schedule to join us on the show, and encourage discussion on the topics we covered - if you listen, and you have an opinion (I know you do) then let's discuss using the hashtag #DtSR on twitter.
Direct download: DtSR_Episode_232_-_Security_Fraud_Digital_Payments.mp3
Category:Enterprise Security -- posted at: 11:29am CST
Tue, 31 January 2017
On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the finer points of Internet of Things (IoT) security ... or complete lack thereof.
If you own gadgets that are 'connected' or you are ever around them (hint: you're surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017.
Direct download: DtSR_Episode_230_-_The_IoT_You_Got_for_Christmas.mp3
Category:Enterprise Security -- posted at: 1:56am CST
Tue, 13 December 2016
On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be responsible for patching the devices they own? Is it the vendor who sells the wares? Is it the manufacturer who sells things with security issues?
What if it was everyone's problem? How do we police, legislate and ultimately assign blame? Should we be assigning blame, and more importantly what gives with this fascination for blaming the victim?
Lots of questions are asked and we start to tackle some of the answers...maybe.
Direct download: DtSR_Episode_224_-_Pointing_the_Finger_of_Responsibility.mp3
Category:Enterprise Security -- posted at: 10:55am CST
Tue, 29 November 2016
This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's implemented. It's a concept everyone should be familiar with by now - but I bet you aren't!
Join us, and as always provide feedback to the team using the hashtag #DtSR on Twitter, and you can always ping John directly at @Kindervag as well.
Tue, 15 November 2016
This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off the hamster wheel.
As always, #DtSR on Twitter to join in our conversation.
Tue, 1 November 2016
This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are running their criminal enterprise, security teams have struggled to be business-relevant. This discussion starts to dive into how to align security and business goals, answering the "how much is enough?" question and so much more.
Wed, 19 October 2016
This week, #DtSR takes a trip down Software Security lane or as some call it "How are we still writing code with bugs that we found relatively concrete fixes for in the late 90's?" (I may have been watching too many John Oliver episodes...)
Jeff Williams ( @Planetlevel ) and Tyler Shields ( @txs ) join me to talk this topic over from where we've been, to what we're doing now, to what the solution to this mess will be one day in the future. It's an interesting conversation that should stir up some emotion if you've been in AppSec or software security as there really are no docile opinions on this topic (or many others in security, unfortunately).
Plug in, listen and enjoy.
Direct download: DtSR_Episode_216_-_Why_Software_Insecurity_is_Still_a_Thing.mp3
Category:Enterprise Security -- posted at: 11:20am CST
Tue, 4 October 2016
Grab a cup of coffee, jack in your earphones and listen up.
DtSR Episode 214 is addressing the issue of breaches, and their material financial impact to an organization.
The premise is simple - when you have a breach, are you going to see massive stock price drop, client exodus and so on? We sit down with legal expert and DtSR regular Shawn Tuma and researcher Jon Nichols to talk this through with James, Michael and yours truly.
Check this episode out. It may sting a bit, but once you come to grips with its reality - the world looks a little different.
Direct download: DtSR_Episode_214_-_Financial_Impact_of_Breaches.mp3
Category:Enterprise Security -- posted at: 12:00am CST
Tue, 20 September 2016
In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.
Mike has loads of nuggets of wisdom from his experience and we're certain that if you're a seasoned insider threat professional, or just thinking about the topic and wondering if you can do anything to protect your company - this show will be a good primer for furthering your discussion and learning.
Listen in, comment and share with your colleagues! Our show is always safe for the office and educational.
Talk back! Use our Twitter hashtag #DtSR to discuss this episode, ask questions, or suggest other topics or guests for the future!
Tue, 23 August 2016
This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk through the sudden popularity of the attack vector, the way the underground "criminal enterprise" has scaled and grown and the future of being a bad guy.
If you have occasion to talk to your organization's leadership on the ransomware epidemic, you need to listen to this podcast first.
Direct download: DtSR_Episode_208_-_Beyond_the_Ransomware_Economy.mp3
Category:Enterprise Security -- posted at: 12:58am CST
Tue, 9 August 2016
In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk through our industry's obsession with vulnerabilities, dive headlong into the thorny issue of security research, talk through the various issues with disclosure and even delve into some ethics issues.
This episode is content-packed with some content that you will likely want to talk to us about. So here's how to find us:
Steve on Twitter: @SushiDude
Hashtag for the show: #DtSR
Steve's Bio (from LinkedIn - https://www.linkedin.com/in/steve-christey-coley-66aa1826):
Editor / Technical Lead for the Common Vulnerabilities and Exposures (CVE) project; Technical Lead for the Common Weakness Enumeration (CWE); co-author of the "Responsible Vulnerability Disclosure Process" IETF draft with Chris Wysopal in 2002; participant in Common Vulnerability Scoring System (CVSS) and NIST's Static Analysis Tool Exposition (SATE). My primary interests include secure software development and testing, understanding the strengths and limitations of automated code analysis tools, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research.
Direct download: DtSR_Episode_206_-_Vulnerabilities_Disclosure_Ethics_Research_and_Security.mp3
Category:Enterprise Security -- posted at: 10:41pm CST
Tue, 26 July 2016
This week, Chris Romeo joins Michael, James and I to talk about changing the security posture of an organization by changing culture. This episode talks through tough issues like incentives, measurements and success factors. This episode with Chris is of particular interest for leaders and those who are working hard to change companies at their core, for the long term.
Chris Romeo's bio:
Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring application security awareness to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Secure Development Life Cycle program, empowering engineers to "build security in" to all products at Cisco. He led the creation of Cisco’s internal, end-to-end application security awareness program launched in 2012. Chris has twenty years of experience in security, holding positions in application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP certifications, and is a frequent conference speaker at RSA and AppSec.
Tue, 12 July 2016
This week on the Down the Security Rabbithole podcast, Brandon Dunlap is back for his second show. Following up on Episode 158 where we discussed outsourced security, this time around we talk through the next iteration of what "Managed Security" and outsourcing means to security.
You're not going to want to miss this episode!
As always, hit up our hashtag on Twitter at #DtSR and you can find Brandon on Twitter as well at @bsdunlap if you want to talk to him directly.
Tue, 28 June 2016
** Our 200th numbered episode! **
A note from Raf:
Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our podcast. We are absolutely floored with the support and listenership we've received. The average show now gets just under 2,500 downloads when released in the first week, and that number goes up every week. So from the bottom of my heart, I humbly thank you and hope you'll continue to listen, share, and comment.
This week's episode is titled "Privacy, Security, Risk and Law Collide" as we host Dr. Chris Pierson and our recurring legal eagle from the great state of Texas, Shawn Tuma. If you don't have Shawn added on Twitter, you should go follow him right now.
In this week's episode we discuss the increasingly overlapping world of what was once "IT security" which has now started coming together with privacy, risk and law. Chris is uniquely poised to talk on the subject, as you will hear his credentials speak for themselves. You'll want to get comfortable, pay attention, and give this episode a careful listen as we take you down the security rabbithole for the 200th time.
Direct download: DtSR_Episode_200_-_Privacy_Security_Risk_and_Law_Collide.mp3
Category:Enterprise Security -- posted at: 12:00am CST
Tue, 14 June 2016
On this episode of the Down the Security Rabbithole podcast, Dawn-Marie Hutchinson, currently an Executive Director within the Optiv Office of the CISO joins us and we talk about the things that she's learned over her career working with legal counsel, CISOs and solving problems. A fantastic episode with lessons learned, and executive leadership crammed into less than an hour. Give it a listen!
Find Rie on Twitter at @CISO_Advantage
UPDATE: Thanks to Sean Jackson (@74rku5) who has hand-transcribed the show. I haven't read this, personally, so if there if he slipped any humor I can't be held accountable!
Direct download: DtSR_Episode_198_-_What_Legal_Counsel_Wishes_CISOs_Knew.mp3
Category:Enterprise Security -- posted at: 3:53pm CST