Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now! TL;DR: This week is a special show - where Raja Mukerji (Co-Founder, Chief Scientists at ExtraHop), Paul Farley (Field CTO, TrustedSec), and Anton Chuvakin (Security Advisor at Office of the CISO, Google Cloud) join Rafal, James, and Jim to talk about the honest politics of "the operations part of security". Whether you call it SOC, Security Operations, Cyber Defense Center, or whatever - what it does, how it functions, and how it's measured matter. We discuss and debate. YouTube Video: https://youtube.com/live/nEAxixee0LU Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: If you've ever wondered what kind of skill, scale, and engineering goes into building carrier-grade (and bigger) infrastructure this episode is for you. Joe DePalo (Executive Vice President & Chief Platform Officer at Netskope) joins Jim & Rafal to talk about his time building some networks that just blow our minds. You'll enjoy this episode if you're into networking. YouTube Video: https://youtube.com/live/U2UwSYdX1UM?feature=share Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: Our guest this week is Marcus Carey, who wrote a piece (with one heck of a clickbait title, as he admitted) that calls out the biases we see in algorithmic (or "AI") processes. The panel including Rock Lambros and Jeff Collins discusses where the trouble lies, how it manifests, what can be done about it, and what's next. YouTube Video: https://youtube.com/live/dopwV5Z2VdM?feature=share Marcus's original post: https://www.linkedin.com/posts/marcuscarey_artificial-intelligence-ai-has-a-history-activity-7264716831435759616-rTsU Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: New intro alert! On this episode, we welcome Hed Kovetz from SILVERFORT - a company in the "identity security" space. If you're scratching your head and asking "what the hell is identity security?" - this episode is for you. We asked the same question, and Hed walked us through it. A wonderful primer on Identity Security for security professionals. YouTube Video: https://youtube.com/live/6r0fCs_me9I Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: Join us on an adventurous conversation in the wild and wacky world of endpoint security. At a time where evolution seems to have come to a standstill, there are things going on you may not be aware of. Endpoint security doesn't have to suck - this conversation with Rob Allen (Chief Product Officer at ThreatLocker) may give you some new hope, or at least make you chuckle at Rob's "emotional support microphone". YouTube video: https://youtube.com/live/yXAbCM_YgU4 Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: On this spicy episode where returning guest Erik Bloch joins us, we host Lee Kushner to talk about the talent gap. Is there a talent gap? Who's to blame for the mess we're in right now? And of course, what to do next? For anyone who's job hunting, trying to understand the cyber job market, or trying to hire... this episode and conversation is for you. Sorry about the intermittent audio issue, I think it was a weird echo I couldn't quite pin down. YouTube Video: https://youtube.com/live/8SuMVL7QBJQ Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: Today, the podcast takes a meeting in the finance department with Patrick Dennis - current CEO of Avaya and friend of the podcast. Patrick has extensive experience in investments in both tech and beyond, and he's here to dispense some wisdom, caution, and insights. --> This podcast is packed with information that you can't afford to miss. YouTube Video: https://youtube.com/live/J3FQrTuY7KU?feature=share Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: On this week's episode, Jim, James, and I sit down to a Halloween "scary story" episode. You know the feeling... that sinking feeling of dread when you can't quite put your finger on what's wrong but something is definitely wrong. Something scary, and nefarious is happening... and usually it's coming from inside the house! YouTube Video: https://youtube.com/live/BHRX0hi5CHQ?feature=share Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This week on the pod, Kevin Clark joins James and I to talk about his career, how his walked his journey to a successful security leader (spoiler alert, it's another roundabout path), and what we generally think of "security awareness month". Great conversation and I think you'll agree, we need Kevin back again soon. YouTube Video: https://youtube.com/live/0KiUwC0RzRQ Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: Erik Bloch and Anton Chuvakin join James, Jim, and myself to talk about why security metrics in the SOC ....suck. It's an interesting predicament, and one I'm sure Anton has been ranting about since he first got his 486/DX2 66. Or maybe not. It's an interesting topic because if we're measuring crap, that means something. Or does it even matter? Link to Erik's epic post: https://www.linkedin.com/posts/erikbloch_tinkertribe-secops-soc-activity-7245132473355919360-5v_B?lipi=urn%3Ali%3Apage%3Aorganization_admin_admin_page_posts_published%3B8719005b-91f9-4fdd-9cbc-4c75b2b70b00 Does anyone read these show notes? Should I bother still writing them up? YouTube Video: https://youtube.com/live/0O6XzDqbGUI Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This week's episode is a special one. I've been a fan of Security Onion for a long, long time and this week Jim Tiller and I welcome Doug Burks its creator to the show. Doug gives us his story of how he started the iconic security platform and where it's going next. Don't miss this sit-down that's been far overdue. Congrats to Doug and his team on the longevity and continuing to push the envelope. YouTube video: https://youtube.com/live/25ahe0k58N4 Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This is part 2 of the two-part episode with Jason Clark and Nathan Smolenski on data protection. In this episode we tackle the options and solutions to the problem we face - and why (just this one time) AI may be the only way forward. Interesting possibilities, and some real solutions. Don't miss our thee for episode 2 - "Hawaiian shirt day", on the video stream. Jim Tiller and I host this one, we hope you enjoy it. YouTube Video: https://youtube.com/live/SA53S0OpnZ4 Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This week Jason Clark and Nathan Smolenski join Jim Tiller and I on part 1 of a 2-part series on data security. It's a topic whose time has come, and we're going to start in part 1 with fully analyzing the problem, how we got here, and just how ugly the beast is. YouTube vide: https://youtube.com/live/Qps-4NSEI-4 Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This week's episode features Aaron Bray, CEO of Phylum. We use this episode as a complete primer on SBOM (Software Bill of Materials). We cover the typical "lot of ground" but try to answer the question of what SBOMs are, how they're useful, and what you as practitioners can do now that you have them. YouTube video: https://youtube.com/live/KHiDJt8SnZ0 Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This week's episode sees the return of Mr Jeff Collins (of WanAware fame) as we talk over the long-prophesied death of vulnerability scanning. Maybe. What does the cloud have to do with the demise of vulnerability scanning? Listen and find out... I think you may find this relevant. This time, YouTube Video, is required viewing...trust me on this. YouTube Video: https://youtube.com/live/U3BsGXRV0L4 Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This week, part 2 of the SAP ("Critical Enterprise Apps") discussion where Tom Venables & Jay Thoden van Velzen get a little more in-depth on what it takes to secure SAP and ensure that there's more than just a firewall between imminent disaster and your business. Jim TIller guest-hosts this in-depth episode, and we invite you to grab a notepad, and take some notes! Part 1 is here, listen to it first. YouTube Video: https://youtube.com/live/iH_mg4Hu0tc Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This episode is a "walk-around" episode, where I walked around Black Hat 2024 and ran into some friends to talk about what we're seeing, anything that caught their attention, and some other interesting insights in short-form recordings. I hope you enjoy listening to Lamont Orange, Aaron Bray, Alex Humphrey, and Rick Holland as much as I enjoyed the conversations. No video for this episode. Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: Have you ever wondered what it would be like to be responsible for security for an entire county? That job encompasses a massive amount of responsibility - but I'll let Doug Cavit, the CISO of Snohomish County, Washington tell us about it. What a resume, and what an incredible job Doug has. YouTube Video: https://youtube.com/live/selNfh5gQAU Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: This episode was one of our awesome LinkedIn Live episodes - if you missed it, join us on LinkedIn and never miss another! On this one, James Robinson (CISO at Netskope) talks with Rafal and James with guest-host Jim TIller about the possibilities we have with SaaS, data protection, and the whole mess we've made over the last 20+ years of "data everywhere". Big thanks to Netskope for providing the excellent James Robinson onto the show! YouTube Video (if you prefer YouTube): https://youtube.com/live/8MnpK0H9az0 Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now! TL;DR: Today's episode is all about how we can build better software and systems - from a supply chain perspective. Tim Miller joins us, and it starts as a general conversation but we quickly dive into the world of software development. There's a lot to talk about here, starting with this XKCD that explains it perfectly: https://xkcd.com/2347/ YouTube video: https://youtube.com/live/XOMl_Hp8q_Q Support the show >>> If you're reading this, consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast