Down The Security Rabbithole
- Autor: Vários
- Narrador: Vários
- Editora: Podcast
- Duração: 398:36:06
- Mais informações
Informações:
Sinopse
Security. Some assembly required.Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.Read the blog > http://hp.com/go/white-rabbitFollow along on Twitter > http://twitter.com/wh1t3rabbit
Episódios
-
DtSR Episode 342 - Michael Coates Has Things to Say
16/04/2019 Duração: 36minThis week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much. We highly recommend you check out episode 134 first, then listen to this one. Trust us, you want the context. Highlights from this week's show include... Michael gives us an opinion on "what's changed" in the last decade or so Michael discusses "risk", "technical risk", and the Enigo Montoya problem in security Michael gives an overview of what he thinks the profile of the CISO should be Michael gives his take on why he thinks low false-positive rates are important and automation is the future Guest Michael Coates: ( @_mwc ) All you need to know is here, on his LinkedIn page: https://www.linkedin.com/in/mcoates/
-
DtSR Episode 341 - Discussing Security Reference Architecture
09/04/2019 Duração: 32minThis week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise Security Group and he's doing some amazing things for the community with regards to the Azure cloud and other Microsoft-related security things. Give this episode a listen and share it ...maybe listen again and take good notes! Highlights from this week's show include... Mark discusses security reference architectures (in general) Mark and Raf rap on the shared responsibility model for the cloud...again Mark answers "What's different about security in the cloud?" Mark raises the concept of "raising the cost to the adversary" for defenders... Guest Mark Simos - ( @MarkSimos ) - Mark is Lead Architect in Microsoft’s Enterprise Cybersecurity Group where he is part of a group of cybersecurity experts who create and deliver unique cybersecurity services and solutions to Microsoft’s customers. Mark has
-
DtSR Episode 340 - Diana Kelley from RSA 2019
02/04/2019 Duração: 38minThis week, Down the Security Rabbithole Podcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features Diana Kelley, of Microsoft, talking about the latest security report and other goodies. Highlights from this week's show include... Diana discusses the highlights from the latest Microsoft Security Intelligence Report Raf provides an opinion on how Microsoft could totally own the endpoint space Rafal & Diana dive back into passwords...apparently, we just can't get away from them Diana tells a really interesting story about Microsoft Windows Hello and twins Guest Diana Kelley - @DianaKelley14 - Microsoft Enterprise Cybersecurity Group Leadership team member. Represent Microsoft at global security conferences, author-industry analysis, white papers, and blogs on Microsoft security strategy and response to cyber threats. Contribute to the all up security messaging and provide insight into the strategic vision and direction for the company in close partnership
-
DtSR Episode 339 - Insuring Against Acts of Cyber War
28/03/2019 Duração: 47minThis week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show. Highlights from this week's show include... This news story - https://www.infosecurity-magazine.com/news/zurich-refuses-to-pay-out-for/ George & Shawn discuss the language of cyber policies We discuss language, inclusions, exclusions, and such George brings up Information vs Cyber, security Other links related to this podcast: https://www.hstoday.us/subject-matter-areas/cybersecurity/perspective-economic-strength-and-cybersecurity-interplay-in-u-s-china-trade-policy/ https://www.hstoday.us/subject-matter-areas/cybersecurity/perspective-5g-and-the-scrutiny-of-huawei-could-herald-cybersecurity-shift/ https://www.bizcatalyst360.com/tearing-us-apart-at-ludicrous-speed/ https://www.bizcatalyst360.com/economic-leverage-a-smarter-user-two-things-to-improve-cybersecurity/ https://www.itspmagazine.com/from-the-newsroom/command-of-the-cyber-sea
-
DtSR Episode 338 - Failure of Risk Management
19/03/2019 Duração: 35minThis week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone... Highlights from this week's show include... Phil talks up "The failure of risk management" We discuss the realities of risk management Raf asks "How do we make more informed risk decisions?" Raf and Phil talk through thread models and why they're relevant ...and so much more Guest Phil Beyer - https://www.linkedin.com/in/pjbeyer/
-
DtSR Episode 337 - Insights on Cyber Talent
12/03/2019 Duração: 40minThis week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her professional career. We discuss all kinds of interesting and relevant topics... Highlights from this week's show include... Deidre presents her new "human model" for hiring, staffing, and retaining excellent talent We discuss the difference between a good leader, and just a good manager and why those aren't the same We discuss the pay gap, why it's still a thing, and what's to be done about it Deidre discusses the challenges women face in cybersecurity, and what's changing Guest: Deidre Diamond: (@DeidreDiamond) - https://www.linkedin.com/in/deidrediamond/ in her own words: Combining my 21 years of experience working in technology and staffing, my love for the cybersecurity community, and a genuine enthusiasm for people; I created Cyber Security Network (http://www.cybersn.com), a company transf
-
DtSR Episode 336 - Energy Sector Security Update Q1-2019
26/02/2019 Duração: 40minThis week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big picture" security issues. Highlights from this week's show include... Patrick gives us a "state of the union" update on what's going on in the power industry with security Raf asks "are we getting better... or worse?" Patrick discusses IoT, IIoT, and "everything has an IP address" Patrick tells a story about his recent encounter with a 386 & DOS 2.2 (if you know what this is, you're old)
-
DtSR Episode 335 - Ranking the Adversaries
19/02/2019 Duração: 31minThis week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report that Crowdstrike is releasing. The Crowdstrike 2019 Global Threat Report is a must-read with some very interesting topics covered. Dmitri joins Rafal to talk specifically about the ranking of threat actors, and what it means to you. Highlights from this week's show include... Dmitri explains "breakout time" and why it's important Dmitri gives a walk-through of the methodology used to rank your global adversaries Dmitri & Rafal talk through who's on first, and what's up with China Rafal & Dmitri talk about what this report means to you sitting at your desk playing defender
-
DtSR Episode 334 - Compliance and Operational Process
12/02/2019 Duração: 38minThis week, on the DtSR Podcast, Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty interesting story - you should listen. Highlights from this week's show include... Matt talks us through how he got into being an auditor Matt and Raf compare and contrast compliance and security (yes, really) An uncomfortable discussion on market consolidation ensues Matt gets put on the spot for leading and trailing indicators, provides some insights Guest: Matthew Herring - @MatthewDHerring - Found on LinkedIn here: https://www.linkedin.com/in/matthew-herring-cissp-63277038/
-
DtSR Episode 333 - Security Evolution and Trends
05/02/2019 Duração: 48minThis week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and trends...and he spends some time discussing that with us. Highlights from this week's show include... We collectively quickly make fun of the SIEM (yesterday, today, and next decade) Sean talks through the "feature companies" that are hitting the market in a recent couple of years Raf brings up the idea that we really don't understand the impact of the technology we create for 10+ years - what does that mean for security?
-
DtSR Episode 332 - Security in Transformation
30/01/2019 Duração: 40minThis week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues. Highlights from this week's show include... Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business' We make light of the fact that it's a million degrees below zero up north Guest Jenn R. Black ( @JennRBlack ) - With over 18 years of experience within IT and cybersecurity managed services, Jenn helps companies manage their cybersecurity threats, vulnerabilities, and risks to meet regulatory and business needs, while driving process efficiency. As a consultant in a cybersecurity practice, she works closely with clients to define their cyber strategy, create roadmaps and solutions to meet the company’s security
-
DtSR Episode 331 - Incident Response and Counterfactuals
23/01/2019 Duração: 41minThis week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp on real-world risk discussions, Jon and Raf have a pretty enlightening chat you will benefit from. Highlights from this week's show include... Jon discusses the concept of a "counterfactual" Jon discusses feedback loops in how incidents are handled Jon and Raf talk through how security professionals discuss 'risk' and what we can do to better the conversation Guest: Jon Hawes - https://www.linkedin.com/in/jonhawes/
-
DtSR Episode 330 - Biometrics for Authentication
15/01/2019 Duração: 36minThis week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way you think it does. Highlights from this week's show include... James & Raf talk about how hackers used a "wax hand" to fool a vein auth system Link: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug Fingerprint authentication to start your car?! We take this discussion to task Link: https://www.forbes.com/sites/jeanbaptiste/2018/12/27/hyundai-motor-lets-drivers-use-fingerprints-to-unlock-and-start-new-car/ James & Raf deconstruct the argument for and against biometric security We ask "Does it matter that biometric auth is hackable?"
-
DtSR Episode 329 - Volunteering Your Career
09/01/2019 Duração: 40minThis week, on the DtSR Podcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO of ClearedJobs.net and CyberJobs.com - and she recently ran a volunteerism survey (link: https://cybersecjobs.com/cyber-security-community-volunteering-report) you should probably check out too. Highlights of this week's show include... Kathleen discusses some of the highlights of the survey We discuss some of the things volunteers learn, and why this is critical to our community Several jokes are made We discuss the value of volunteering and its impact on your career and much, much more Guest Kathleen Smith - @YesItsKathleen - CMO, ClearedJobs.Net/CyberSecJobs.Com, both veteran-owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates, and military personnel. Kathleen has presented at several security confe
-
DtSR Episode 328 - Who Who Who Are You
02/01/2019 Duração: 52minThis week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we do about it? Highlights from this week's show include... Richard addresses the question of whether we've addressed a fundamentally fatalistic attitude towards security The guys discuss whether the real perimeter, as we go into 2019 Richard schools the guys on identity - and what it's not the perimeter, but something else Guest Richard Bird - Chief Customer Information Officer at Ping Identity - Link: https://www.linkedin.com/in/rbird/ (Yes, Richard is the guy with the smashingly handsome bowties!)
-
DtSR Episode 327 - Experienced Security Leadership
19/12/2018 Duração: 45minThis week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a sense of what their thoughts are on where good security leaders come from, and the hallmarks of that experience. Highlights from this week's show include... the curious case of the cyber head who doesn't computer Yaron and Setu give us their thoughts on developing security leaders Yaron shares some of his experience building a security program, across industries Yaron and Setu give us a few pieces of insight for current and future security leaders
-
DtSR Episode 326 - MidMarket Security
11/12/2018 Duração: 40minThis week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and is willing to share. Listen in Highlights from this week's show include... Bob gives a quick history of how he "hacked into hacking" A discussion of breaking into security Bob & Raf discuss security in the mid-market, and how it's fundamentally different than other market segments Bob discusses hiring, talent acquisition and "working from home" in today's job market
-
DtSR Episode 325 - A CISO at AWS reInvent 2018
05/12/2018 Duração: 16minIn another episode LIVE'ish from AWS re:Invent 2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show floor. Highlights from this week's show include... Raf asks Dustin the obvious question - what's a CISO doing at a cloud expo? Dustin discusses some of the cloud transformation challenges for security teams Dustin unveils the three things he is currently concerned most about for security, in the cloud Dustin imparts a final piece of wisdom you won't want to miss... Rafal's Guest: Dustin Wilcox - Vice President and Chief Information Security Officer at Anthem, Inc. - https://www.linkedin.com/in/dustin-wilcox-4896614/
-
DtSR Episode 324-1 - AWS reInvent 2018 Delivering Security
28/11/2018 Duração: 10minAt day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short conversation is quite interesting...
-
DtSR Episode 324 - AWS reInvent 2018 Preamble
27/11/2018 Duração: 24minThis episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at www.armor.com! This week's show is a multi-part release from AWS re:Invent 2018. We sit down with two of Armor's solutions consultants to discuss trends, insights from day 0, and discuss anticipated moves and market shifts. Expect this to be an insightful episode where we dive into cloud security from a development and security perspective.