Down the Security Rabbithole Podcast-logo

Down the Security Rabbithole Podcast

Technology Podcasts

Follow the Wh1t3 Rabbit ... attention technology and business leaders! The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

Follow the Wh1t3 Rabbit ... attention technology and business leaders! The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

Location:

United States

Description:

Follow the Wh1t3 Rabbit ... attention technology and business leaders! The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

Language:

English


Episodes

DtSR Episode 485 - YGHT Beating Ransomware at Its Game

1/25/2022
Prologue Back in episode 469 ( https://ftwr.libsyn.com/dtsr-episode-469-yght-they-hacked-ransomware ) we brought Steve Perkins of Nubeva ("Cloud Go" in Portuguese) to talk about a very interesting "accidental" development. They'd figured out a way to steal encryption keys from ransomware, thus rendering it potentially toothless. Well, now Steve's back with a product, and a way to reverse ransomware's encryption with minimal friction and without paying the ransom. So ... yeah. Listen in.

Duration:00:39:11

DtSR Episode 484 - Defrauding Mobile Payments

1/18/2022
Prologue Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise known as "features", in the various platforms? On this show, we're interested in learning more about Timur's research and what he's uncovered. You'll want to do what I did, check your phone's NFC payments settings, once this show is over.

Duration:00:37:30

DtSR Episode 483 - How Not to Screw Up Your Cloud

1/11/2022
Prologue We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds. Building resilient and secure clouds isn't just about security, it's about design and architecture that adheres to good practices. Microsoft's CAF is fantastic place to start - listen here to learn more. Guest Mark Simoshttps://www.linkedin.com/in/marksimos/@marksimos

Duration:00:46:07

DtSR Episode 482 - Tales of Wireless Hacking

1/4/2022
Prologue This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. Taking us back to early wireless hacking where you had to have the right wireless PCMCIA card and drivers, to today where things are a little more complicated but oddly not too much has changed. Guest Eric Escobarhttps://www.linkedin.com/in/eric-escobar/

Duration:00:41:26

DtSR Episode 481 - Spies In Your Tech

12/28/2021
Prologue Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he tells us stories and anecdotes on things he's seen and the threats gadgets face. It's a very interesting discussion, and might just make you a little more paranoid before it's over. Guest Bentsi ben-Atarhttps://www.linkedin.com/in/bentsi-ben-atar-6b0128/https://sepio.systems/

Duration:00:37:25

DtSR Episode 480 - Juice Jacking

12/21/2021
Prologue Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn't yours? I'm guessing you've answered yes - and if so, you need to listen to this episode. As we travel and move around with our smart devices, we don't always have our charging cables & blocks with us, and that can lead to disaster. Hear more from Robert Rowley on how "juice jacking" can cause security problems we aren't even aware of. Guest Robert...

Duration:00:40:19

DtSR Episode 479 - Productivity of Jump Boxes and Bastion Hosts

12/14/2021
Prologue In a technically deeper episode, Ev joins Rafal to discuss how security has made productivity challenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev asks us to image an entirely new paradigm of productive access to necessary resources - so listen in and dream big with us. Guest: Ev Kontsevoyhttps://www.linkedin.com/in/kontsevoy/https://www.linkedin.com/company/go-teleport/

Duration:00:44:22

DtSR Episode 478 - Beyond Buzzwords: XDR

12/7/2021
Prologue This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we really need more buzzwords? Mark Alba from Anomali joins me this week to discuss this, and I think it'll help sort things out for you, it sure did for me. I'm still not a big fan of new buzzwords, but at least I get it now. Guest Mark Albahttps://www.linkedin.com/in/markalba/...

Duration:00:37:34

DtSR Episode 477 - Passwords are Dead and Other Fables

12/2/2021
Prologue Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great guest and Mike Kiser has some interesting opinions he's definitely not holding back on. Thanks for listening - we hope you enjoy this episode. And special thanks to SailPoint for bringing Mike to the mic. Guest https://www.linkedin.com/in/mike-kiser/

Duration:00:41:49

DtSR Episode 476 - Securing Public Cloud with Azure ASB v3

11/30/2021
Prologue Folks, the video of this episode which was live-streamed to our YouTube channel is here: https://youtu.be/IYVB_LNhURQ - and if you can, watch it. Huge mega-thanks to Microsoft and Lightstream for bringing together Jeff and Mark on this one to deliver some truly phenomenal content. This week is Azure Security Benchmark (not baseline, oops) version 3.0 hot off the presses. We talk about what it is, how to apply it, and where and why it's so useful for keeping not just your Azure...

Duration:00:44:40

DtSR Episode 475 - Community Sourced Threat Instructions

11/23/2021
Prologue Fair warning y'all, this episode may have been just slightly more fun than the Surgeon General allows. That said, on this one we not only made up some new terms ("Threat Instructions", Anton) but also had some fun describing what a well-functioning system of highly automate-able threat data would look like. And as it turns out, it's CrowdSec's "Fire" data set. Fascinating conversation, and most fascinating of all is that as Philippe described how it functions, Anton could find...

Duration:00:45:22

DtSR Episode 474 - Unraveling Mountains of Evidence

11/18/2021
Prologue Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual! Straight from Enfuse Chuck Dodson joins Rafal & James to talk about digital evidence collection, management, and processing in the realm of law enforcement. A fascinating look at the law enforcement side of things, and a topic perspective most of us never have occasion to think about, unless you're in the fight. Guest Chuck Dodsonhttps://www.linkedin.com/in/chuckdodson/OpenText...

Duration:00:40:47

DtSR Episode 473 - Cyber Security by Executive Order

11/15/2021
Prologue In this episode, we host a lady who only needs one name, like a movie or rock star. But "Jax" deals with topics we normal people don't have the stomach for, like CMMC and government security. In this episode, she joins us to talk about the current Executive Order on Cybersecurity ( Executive Order 14028, May 12, 2021 - https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity ) and the implications and impact it will, might, and could...

Duration:00:42:51

DtSR Episode 472 - Rick Howard on Trust and Tech

11/9/2021
Prologue Let me start by saying how much I enjoy chatting with Rick Howard, today's podcast guest. Rick's been on before, and we always go long (especially on this one, sorry not sorry), but the content is well worth your time. On today's episode, we chat about "Zero Trust" and where technology meets concept, what's missing, and what's next. If you think you know all these is to know about Zero Trust, I promise you, you'll learn something new. Guest Rick...

Duration:00:46:57

DtSR Episode 471 - TPA Threat Modeling the Software

11/2/2021
Prologue On Episode 471, as we rapidly hurl towards our 500th episode, we bring back Chris Romeo to talk about threat modeling. Specifically, we discuss threat modeling of software - with developers, methodologies, silos, incentives, and outcomes all in play for discussion. Chris has been doing this a while, and has some deep insights into what it takes to make things work - and he we welcome your feedback on how you do it. Guest Chris Romeo...

Duration:00:39:27

DtSR Episode 470 - Security Leadership Insights from Ann

10/26/2021
Prologue On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to talk about leadership, and sports apparently. Thanks to the NJ Chapter of ISC2 ( https://www.linkedin.com/groups/4425593/ )for submitting questions and Ken for joining us to guest-host. On this episodes, we ask Ann to talk to us about leadership challenges, and what's in store for the future. Also, we briefly talk sports teams and discover Ann is...

Duration:00:45:50

DtSR Episode 469 - YGHT They Hacked Ransomware

10/19/2021
Prologue This week on a ridiculously awesome episode of the DtSR Podcast the one and only Mr. Steve Perkins of Nubeva joins Rafal & James to talk about something worth shouting about. They've figured out how to beat ransomware... yes, there are a few 'catch' things, but the tech seems solid and the possibilities endless. Give this episode a listen, then scroll below to click the links, and give this a look for yourself! Guest Steve...

Duration:00:46:09

DtSR Episode 468 - TPA Another Journey Into Security

10/12/2021
Prologue This week, we get to meet Sean Jackson. You may not know Sean, but his journey may feel familiar. He got here much like many of you, and his story of discovery and understanding of his role in the business as "the security guy" is something you should probably know. There are many paths into our profession, and there are many different ways to view what we do - Sean's is compelling as it is timeless. Give it a listen, and join me on his journey. Guest Sean...

Duration:00:40:51

DtSR Episode 467 - TPA Chips and SLSA

10/4/2021
Prologue This week, Kim Lewandowski joins Rafal & James to talk about Google's latest contribution to the Open Source software movement - Supply-chain Levels for Software Artifacts (SLSA). We have a great conversation, and I hope you guys go watch the video (when it comes out) and check out the axe in the background. I never did find the interesting logo Kim talks about- maybe one of you will find it and post it to #DtSR on Twitter! Guest Kim...

Duration:00:37:25

DtSR Episode 466 - TPA Vulnerability Management Goat Rodeo

9/28/2021
Prologue This week, fresh off his Twitter rant, Travis McPeak joins Rafal to talk about the goat rodeo that vulnerability management in the enterprise. Travis talks about the multitude of reasons vulnerability management is so difficult, and what we can be done about the whole mess. Great episode, lots of great discussion and big thanks to Travis for the contribution to the topic. This needs more discussion, folks! Guest Travis McPeakLinkedIn:...

Duration:00:39:35