Down the Security Rabbithole Podcast (DtSR)

TL;DR: In case you missed the epic LinkedIn Live livestream, here's the podcast version of the conversation with Chris Scanlan (President and Chief Commercial Officer at ExtraHop). James and I talk to Chris about his career, how he picks his next job, his team, and his thoughts on high-performance organizations. Sales is a topic many of our competitive podcasts in this space don't cover much - but I think it's worth the conversation to understand the seller-buyer relationship better because it's SO necessary to your work lives. Besides, Chris is a fantastic interview... enjoy it! LinkedIn Live replay: https://www.linkedin.com/events/dtsrepisode553-sellingcybersecu7062465900553146368/about/ Guest: https://www.linkedin.com/in/cscanlan/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this week's episode of Down the Security Rabbithole Podcast - Steve Riley visits to talk tall tales of VPN and other connectivity of yore, what it's evolving to, and why it's a generational leap. The conversation with Steve is always a good one, and catch Steve here before you catch him on the Cloud Security Podcast (beat you to it guys!) Guest https://www.linkedin.com/in/steverileysea/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this week's show, Grant joins us to discuss an episode that draws inspiration from a LinkedIn discussion with Patrick Garrity [original post] (whom could not make our recording, sorry Patrick). The gist of it is this - patching is hard, there are now 925 KEVs (known exploited vulnerabilities) on CISAs list, and that's a truck-ton. The discussion threads the needle between whether prioritization matters at that scale, alternatives, and some reasons to give up hope altogether. Buckle up, this one's a rough one to be a passenger on. Join (or start?) the discussion on the podcast's LinkedIn Page, here. Video stream replay here: https://youtube.com/live/0L2aKUqjmQE Guest https://www.linkedin.com/in/grantsewell/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this week's episode, the one and only Jeff Collins joins Rafal & James to talk about the shift to the cloud and what's gone wrong in the years since the collective "we" announced that the cloud was the answer. Feels like a decade has passed, and I think it has, since the start and we're observing increased complexity and varying degrees of security increase/decrease. What's next? Where are we right now? And what does it mean for security? Tune in, find out. YouTube video stream: https://youtube.com/live/Vdx73wpKzGA Guest: https://www.linkedin.com/in/jmcollins/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: This episode is a bit of a rant, a bit of an analysis, and an interview with returning podcast guest Ray Canzanese, Jr. from RSA Conference 2023. Yep, I went so you didn't have to... so in this show you'll get a few impressions, and maybe you'll agree or disagree on the themes and things we're seeing. Maybe you'll even be compelled to write something up or leave a comment back? Guest Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: Cyber Security seems to always be a technical topic. This week, we're taking it down a different lane as we discuss HR (right, Human Resources, remember those folks?) with Tom Venables. Tom's got seat time in the space, consulting with HR partners for various clients so he knows a thing or two about the processes and where they break down. Listen in, and then go take a look at your own processes. Maybe you've learned something? Guest Tom Venableshttps://www.linkedin.com/in/tom-venables-1346592/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week on the podcast we have Nathan Hamiel, Senior Director of Research at Kudelski Security on the podcast to talk about HYPE. It's a conversation rooted in skepticism, but also optimism in a strange mix that only Nathan can bring from his extensive experience and well-thought-out talking points. YouTube Recorded LiveStream: https://youtube.com/live/ayPrWr-VWv0 Guest https://www.linkedin.com/in/nathanhamiel/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: Mark Simos of Microsoft joins Rafal & James this week to talk about why the 'tools-centric' security operations (SecOps) approach is failing us, and what an 'outcome centric' approach means and more importantly, how we get there. We discuss "vision versus execution", the history of "how we got here" and answer some questions we didn't know we had in the process. Mark's a wealth-spring of information on the topic, and his experience and time with the Open Group is huge for the work he's doing now to make tomorrow better for you all. Check out the podcast, and let us know what you think! Article Link (the one we discuss) https://www.linkedin.com/pulse/secops-tools-strategy-2023-part-1-mark-simos/Guest https://www.linkedin.com/in/marksimos/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's guest is Will Gragido, who has some significant experience developing security products. Will and I (Rafal) have a sit-down for a conversation about security products, their complexity then, now, and in the future. Point solutions, platforms, and portfolios - we discuss all the options you're faced with as a buyer - and attempt to suggest some solutions to the madness. Guest https://www.linkedin.com/in/gragido/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week on the podcast, my buddy Adam Meyers graciously joins the show from his "undisclosed location" deep under the Meyers compound to break apart the latest threat report. I'm sure you've read it, but if you haven't you can get it at the link below. On this show, Adam and Rafal talk about what's in the report, what's not in the report, and the delta which brings up some interesting things in the evolution of threat actors and "bad guys". It's a podcast you don't want to miss because it feels like it's both a bellwether of what you'll be experiencing in your environments shortly, if you aren't already. Check out the show on our new podcast distribution site (BuzzSprout) and update your RSS feeds if you haven't already. Go check out the video (link below), and don't forget to catch it on LinkedIn, and Twitter! CrowdStrike Report: https://www.crowdstrike.com/global-threat-report/ YouTube Video Replay: https://youtube.com/live/HN9Qg42HCks?feature=share Guest https://www.linkedin.com/in/adam-meyers-7a58481/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR This week, on the podcast, Rafal and James host Brian Chidester and Jordan Burris to talk about the latest National Cyber Security Strategy from the Biden White House. It's an interesting piece of national policy that outlines our cyber security priorities as a nation - and you'll have to forgive me for calling it "aspirational". The four of us discuss the likelyhood of this strategy ever being fully implemented, which pieces are most likely to work and which ones will struggle, and ultimately what will be the result here. This is an important document - and if you're a defender or serious about cyber security at a national level - you should listen in. YouTube video replay: https://youtube.com/live/O8lePu4ings?feature=share Links: https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/Guests: https://www.linkedin.com/in/abchidester/https://www.linkedin.com/in/jordan-burris-60588a70/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this week's episode of the podcast, James joins me to co-host a great episode with an old friend - Ray Emerly. Ray is a long-time veteran of the CISO chair, and no stranger to working at all aspects of the security leadership role. We talk through a number of important topics, ask him what's changed (and what hasn't) and of course we have a stumper at the end. Listen to the end, or you'll miss a golden nugget. Guest Raymond Umerlyhttps://www.linkedin.com/in/rumerley/ Watch the Video on our YouTube channel https://youtube.com/live/x1trGIgZSF0Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

** This episode is being re-published due to an issue with the RSS feed/provider ** TL;DR: We've talked about cyber insurance a lot here on this podcast, and this episode is yet another angle on the topic. Nate Smolenski joins us to discuss his view, from the perspective of a CISO. This is a great conversation for those who are still investigating Cyber Insurance, or realizing that their policies are astronomical, or trying to right-size their security program along with insurance. Video link: https://youtube.com/live/O0gpapA_r08?feature=share Guest: https://www.linkedin.com/in/nathansmolenski/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

** This episode is being re-published due to an issue with the RSS feed/provider ** TL;DR: This week I brought on David Barton the CTO of HighWire Networks - who knows a few things about a few things. We discuss the complex nature of our business, where things get weird, and how we can work to make them better. We talk about complexity, specifically, and what makes this such a difficult thing for our industry where simple is the arch-enemy of secure. Join us, and catch the video on the YouTube page (smash that subscribe button), or on LinkedIn. Video Stream (replay): https://youtube.com/live/_rykxVh_VBw?feature=share Guest: David Bartonhttps://www.linkedin.com/in/davidbarton1/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR It's been said that the road to hell is paved with good intentions. I feel like this applies to SBOM so much it's scary. All the good intentions in the world seemed to have led us to a place where we have tools that produce inconsistent results, tool sets that aren't necessarily integrated or mission-focused to deliver results, and a lot of confusion. Varun joins us with a boatload of entrepreneurial expertise and an eye for problem-solving so it's an interesting conversation. Join Rafal & James in a conversation that you'll want to listen to a few times, and take notes. Link to YouTube video https://youtube.com/live/pZgiiRQeou0?feature=share Guest Varun Badhwarhttps://www.linkedin.com/in/vbadhwar/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: This DtSR podcast brings back a good friend of the show, and one of the most experienced leaders I know - Mr. Jim Tiller. We talk about an interesting topic - the "virtual CISO". vCISO is interesting because as markets tighten, and it becomes more difficult to find and afford good CISOs and security leaders in this market. So how can a company best utilize this part-time resource? We discuss... YouTube video https://youtube.com/live/OaYS0yEajQw?feature=share Guest Jim Tillerhttps://www.linkedin.com/in/jimtillersecurity/ https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR: I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today. Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio. Video Link (unedited, and hilarious): https://youtube.com/live/SuH4uxBiX3E Guest Sergio Caltagironehttps://www.linkedin.com/in/sergiocaltagirone/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

Tl;DR: Automation. It's a precarious thing in cyber security. Whether you're thinking about SOAR, or incident investigation, or maybe SIEM (I'm sorry) - this conversation will be worth your time. Anton and Jonathan join us to talk about how "automation" has evolved over the last decade or so, and where it's largely failed. We also start to explore the future and requirements for how things can collectively improve. We think you'll enjoy the podcast... share it and we'd love to hear from you. Guests Anton Goncharovhttps://www.linkedin.com/in/cybernode/Jonathan Cranhttps://www.linkedin.com/in/jcran/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR A few days ago, my pal Kevin asked me if I had seen the LinkedIn post by Helen Patton that asked an interesting question of the podcast space... Her post made me think - why the heck not? So, I did. Thanks to Helen, whose idea this was - I hope you get a chance to watch and enjoy the outcome of your request ... we had far too much fun recording it. Here on this episode - which I promise you is 100x better on video, we have Anton Chuvakin, Kevin Thompson, and Jeff Collins joining Rafal & James on the podcast to have a little fun and ask "ChatGPT" some questions. Anton drove the screen share, and we had a lot of fun. I have to wonder - how did some of those answers (you'll know when you see/hear them) make it on there. Holy cow... wow. LinkedIn video replay - https://www.linkedin.com/video/event/urn:li:ugcPost:7021885147977314304/ Guests Anton Chuvakinhttps://www.linkedin.com/in/chuvakin/Jeff Collinshttps://www.linkedin.com/in/jmcollins/Kevin Thompsonhttps://www.linkedin.com/in/blackfist/Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast

TL;DR On this episode, we welcome Josh Grossman - who has a pretty interesting perspective on AppSec, or Software Security, or (cringe) "DevSecOps". Josh has a bit of an edge on the subject, so he fits in with myself & James perfectly. We talk about where things stand from the vendor perspective, building programs, and why it takes to make a real impact, versus continuing to push a very large boulder up a very steep hill. Oh, hey, want to be on the show? Let us know a topic and your background and let's talk. Guest Josh Grossmanhttps://www.linkedin.com/in/joshcgrossman/https://twitter.com/JoshCGrossmanConnect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ Follow along on Twitter: https://twitter.com/dtsr_podcast