Down the Security Rabbithole Podcast (DtSR)

TL;DR: This week's guest is Alex Hutton - who has been leading security teams in high-stakes organizations for years and is bringing his experience to you. We discuss leadership, risk, and several leadership topics you'll want to take notes on. YouTube video: https://youtube.com/live/FRBbnWVyO_Q Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this episode of the pod, G. Mark Hardy joins Jim, James, and Rafal to talk about the precarious evolution of the role of the CISO. We even delve into the definition and purpose of risk, and find some there, there. YouTube video: https://youtube.com/live/_gpV4XilToc Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's podcast is live'ish from Zero Trust World 2026, put on by ThreatLocker. It's a lively conversation with their CPO Rob Allen who can't help himself but mess with my recording equipment. Shenanigans ensue. You'll love it. YouTube video: https://youtu.be/aOP6IT8OiDI Have something to say? Let's hear it. Show Sponsor: ThreatLocker Allow what you need, block everything else... Including ransomware. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Is cybersecurity headed for a market meltdown? Are we watching the bubble pop? Patrick Dennis joins Rafal to give some observations, analyze and provide guidance on what's happening, and what's to come. Buckle that chin strap, it's going to get crazy. YouTube video: https://youtube.com/live/bhtvOSv48Jc Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: We've all experienced it - either you're the one, or you know someone, who works themselves to death. Whether it's "part of the job" or part of the job - it always leads to the same end. Rebekah Wilke and Ryan Halstead join James and I to talk through a very timely and critically important topic from a leadership perspective. Big thanks to my guy Josh Jones for the excellent connection. YouTube Video: https://youtube.com/live/Adpyja9KIkU Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This is one of the most relevant AI conversations, in the moment. Gadi Evron joins me to talk about how AI is not just changing everything, but how it's actually going to impact what you're doing - from security to everything else. Tune in, this is a critical conversation. YouTube: https://youtube.com/live/t48sX54QCwI Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: What's it like to be an entrepreneur your entire career? Always trying something new, always doing something different? Ask Ran Nahmias, someone who's been around long enough to have done it all, and he's not done yet. YouTube Video: https://youtube.com/live/qngve0dmd7M Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Today, Julian Brownlow Davies rejoins the pod (Ep 688) to continue the conversation about 3rd party external security testing. It's strong opinions and tales of woe all around. Episode 688: https://dtsr.buzzsprout.com/2153215/episodes/18498795-dtsr-episode-688-looking-for-meaning-in-the-signal YouTube video: https://youtube.com/live/6ZCPNXR_5u0 Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's guest is Matt Carothers who works at a major Internet provider. We talk about defending, strategy, and some of the interesting topics that come with the job. If you have Internet at home, or at the office, or on the go - this episode is for you. There will probably be a part 2. YouTube: https://youtube.com/live/tJcjtgn759g Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Social media is corrupting our kids, radicalizing your neighbors, and being basically evil with no checks. This episode is an "off the rails" discussion on a not-so-clearly Cyber Security topic, with us diving deep and getting a little angry. Thanks to Kevin Thompson for joining us and sharing his qualified opinion as a dad and experienced Scout Master. YouTube: https://youtube.com/live/RXzAVG98T6s Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Grab your favorite note-taking thing, this week's pod features Julian Brownlow Davies of BugCrowd and it's chock full of things you'll want to look up. We tackle how red teaming and external 3rd party testing fits into a current security strategy, and how finding signal in the noise is just the beginning. YouTube video: https://youtube.com/live/aNz-qPmWf7g1 Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's episode is a special one. I (Rafal) revisit episode 100 with the one and only Dan Geer. Some shows are "in the moment", some are timeless. This show is timeless. Dan's wisdom and insights are as applicable today as they were 12 years ago. Crazy, right? Fun story - I ran into Dan at Black Hat conference a few years ago and asked him what he would say is 'different' since we recorded that episode... his response? "My beard is longer". Solid GOLD. Listen in. Take notes. Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: On today's pod, Rob Allen of ThreatLocker makes his triumphant return to derail us straight into a conversation about legacy systems and why he's still supporting WindowsXP. Right, you read that right. A great conversation ensued, and I'm glad we were able to record this one. Enjoy. From us to you, thank you for following along this year, and we wish you a happy new year, and all the best in 2026! YouTube video: https://youtube.com/live/dFO1NTo1MGc Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: In part 1 of 2, Gadi Evron joins the show and chats with Jim and Rafal on the topic of the "AI Cataclysm". What does that even mean? Listen in - but it's part to do with how AI is changing the attacker model (level of effort, expertise required, timeline) and what defenders should start to think about. Part 2 is coming soon, standby. YouTube Video: https://youtube.com/live/izX0jOUpKJM Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's show features Aaron Costello, and is all about an analog from real-world attacks on humans, applied to AI "agents". I know what you're thinking - computers are supposed to be more difficult to trick, right? Right... no. Attacks such as this where computers try to be "helpful" (just like humans) are probably more common than we'd like to think. Give this a listen, it's a hoot. YouTube video: https://youtube.com/live/fM88jSkamDQ Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: On this episode, it's just Jim and Rafal talking about how sometimes you just need to take a big step back from your day job and touch some grass. Our chosen profession is, demanding, to say the least. So let's take a minute to acknowledge what we're really thinking. Unfiltered, raw, and straight from our heads to your ears, enjoy. YouTube video: https://youtube.com/live/ULTq1pzckFg Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's pod features a conversation with the Jay Jacobs, whom had previously been on the show talking about this very topic (vulnerability ranking/scoring) many, many years ago. If you missed Episode 297 check it out, it's crazy how far (or not) we've come since that conversation. YouTube Video: https://youtube.com/live/cpL9ZYbwkes Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: John Rafal & Jim as we welcome Dustin Lehr to talk about the state of AppSec and how we got here. We discuss vulnerabilities, accountability, culture, and a host of other things. It's a caffein-fueled episode, so buckle in! Youtube video: https://youtube.com/live/yoBIQ_sIawI Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: We heard RSnake's take on CVSS and CVEs and such, now let's hear Brian "Jericho" Martin's take. The gloves are off, and the opinions go native when we take this episode live. Brian doesn't pull any punches, and apparently I'm the only one without a pocket full of $2 bills? Sorry for the explicit rating, that's Brian's fault. YouTube Video: https://youtube.com/live/2-3Jzks5myc?feature=share Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Patching. Your least favorite thing. Well, it turns out that most of the work we have been doing in the last 20+ years has been for nothing. Robert "RSnake" Hansen's theory, backed by a lot of data, seems to point to a much bigger problem in cyber, and it's time we talk about it. Rob's Closing Keynote that started this conversation: https://youtu.be/80ZtAsuC4v4?si=-liUcLX4adz092yP YouTube Video: https://youtube.com/live/k4kvKWZVh78 Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/ X/Twitter: https://twitter.com/dtsr_podcast