Down The Security Rabbithole
- Autor: Vários
- Narrador: Vários
- Editora: Podcast
- Duração: 398:36:06
- Mais informações
Informações:
Sinopse
Security. Some assembly required.Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.Read the blog > http://hp.com/go/white-rabbitFollow along on Twitter > http://twitter.com/wh1t3rabbit
Episódios
-
DtSR Episode 323 - Security of a Global Enterprise
20/11/2018 Duração: 01h45sOn episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national enterprise. Highlights from this week's show include... Richard talks to us about his background We discuss the unique challenges of a multinational enterprise Richard gives us some wisdom on how to approach "the business" Richard provides some advice for keeping prioritization and sanity
-
DtSR Episode 322 - The Ethics of Cyber Security Panel
15/11/2018 Duração: 50minThis week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly. Highlights from this week's show include... A base platform for the discussion on ethics Moral relativism, applied to cyber Law vs ethics Cultural ethics and relativism "Hacking back" - yes we went there
-
DtSR Episode 321 - Putting Threats In Perspective
06/11/2018 Duração: 48min** Go Vote ** Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky. This week, Rob Graham joins Rafal and James (who's back!) to talk about various topics related to threats. We start with the hacking voting machines, and it go from there. Highlights from this week's show include... We ask Rob to tell us what he knows about the Georgia 'hacking the election' case going on right now We discuss what the real threat to our elections is We ask Rob to tell us what he thinks the biggest threats are, and how we should approach them
-
DtSR Episode 320 - Specializing in Forensics
02/11/2018 Duração: 40minThis week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics. Highlights from this week's show include... James gives us some background on how he got where he is We talk through some nostalgia James answers the "Is APT trying to get me" question, sort of We talk about things companies should be doing to prepare...
-
DtSR Episode 319 - Striking Out On Your Own
23/10/2018 Duração: 47minThis week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, but very few do it. So hear an episode from someone who did... Highlights of this week's show include... What motivates and drives someone to jump the safety net of corporate life and go off on their own? Rock gives us the secret to "How you know it's time" We discuss how you can avoid the failings of the typical "consultant" We talk through some very interesting strategy and advisory questions... (lots of gems in here!) Rock drops his list of things to think about/remember We discuss how to make security more than just a cost center Links: Rock's new company - Rock Cyber "Navigating Security in a Brave New World" (www.rockcyber.com)
-
DtSR Episode 318 - War, Cyber and Policy
18/10/2018 Duração: 38minThis week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, international leaders are speaking out and making bold statements that impact policy on a global level. This topic needed to be addressed with some folks who have actual expertise in the matter - and with the understanding that what we have here are opinions and interpretations. Highlights from this week's show include: A lively discussion on the implications of the term "cyber war" Jon and Dennis discuss the tone, and context of the article in question: https://nltimes.nl/2018/10/15/netherlands-cyber-war-russia-defense-minister-says Rafal, Patrick, and Jon go a few rounds on other cyber matters as it pertains to the term "war" and its implications If you listen to this episode and have a strong opinion - get on Twitter and use the hashtag #DtSR and let's discuss it! There is already a lively discussion started here: https://twitter.com/Wh1t3Rabbit/status/105192
-
DtSR Episode 317 - Protecting Higher Education
09/10/2018 Duração: 39minWhile James is away, Raf will podcast all day ...or something like that. Highlights from this week's show include: Bill talks about what it's like to jump into a higher education system and try and play defense We discuss the role of governance, centralized policy, and management in higher education environments Bill discusses his view on the appropriate places to work in security, in a college/higher education environment We compare and contrast the experience of security in higher education against very large enterprise (the comparison may shock you) Guest William Reyor - ( @WilliamReyor ) - William is Fairfield University’s first CISO, is a former penetration tester, and has more than a decade of security and network engineering experience. He is also the Security BSides Connecticut co-founder. You can find Bill on LinkedIn here: https://www.linkedin.com/in/wreyor/
-
DtSR Episode 316 - NCSAM 2018
03/10/2018 Duração: 39minSo, it's October 2018, and it's National Cyber Security Awareness Month. Again. James and I have a bit of an issue with this, as you'd guess. Why are we still talking about awareness when we need action? Are there really people out there that are saying "If only I was aware that there are bad people trying to do bad things, I'd had done it differently"? Highlights from this week's show include... We riff on the thing we talk about once a year (and not anymore) James takes a shot at passwords... fish, meet the barrel Raf gets a little upset that we're talking about awareness, since 2004 and nothing really changes Raf & James ask you to take action this year and tell us about it! Hashtag it #DtSR and tell us what you're doing for NCSAM 2018 that's going to make an actual difference
-
DtSR Episode 315 - Women in Cybersecurity-Mary Cheney
25/09/2018 Duração: 51minOn this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. She has such a colorful background and such great stories to tell - we just had to have her on the show. Highlights from this week's show include... A walk-through of Mary's colorful and extremely diverse background Mary talks about burnout as we pick up the topic from our conversation with Ann Johnson's episode Mary talks about corporate "tools efficacy" and security's cry for wolves ...so much more!
-
DtSR Episode 314 - None of This Crap is Secure
18/09/2018 Duração: 54minThis week, on DtSR Episode 314, the infamous (that's more than famous) John Strand joins us. No, not the male model ...the guy who's been an InfoSec legend since before you could walk. Highlights from this week's show include... We take a stroll down memory lane We discuss the challenges with more complexity in development John takes us through what he thinks some of the faults are
-
DtSR Episode 313 - Cyber Law Update Sept 2018
11/09/2018 Duração: 43minFriends welcome to yet another edition of the Down the Security Rabbithole Podcast - as we invite perennial favorite, Shawn Tuma onto the show! Shawn has a new office, a new law firm, and is giving us his take on what's new in the world of cyber and law. Listen in! Highlights from this week's episode include... Shawn brings up "The GDPR" and the self-imposed disaster that it has become We dive into the problem with "all the data" Shawn explains the idea of "necessary and proper" and case-law for data breaches Shawn tells us about cyber insurance and the scariest word in the vernacular ... "negligence"
-
DtSR Episode 312 - Ann Johnson on Mental Health
05/09/2018 Duração: 41minThis week Down the Security Rabbithole Podcast welcomes two very cool ladies from the InfoSec realm. First Ann Johnson of Microsoft (if you don't know Ann, you're living under a rock, honestly) is here to discuss a tweet she put out a while ago ( https://twitter.com/ajohnsocyber/status/1033934334720278528 ) on mental health in high-pressure jobs in InfoSec. If that wasn't enough, Jennifer Duman from Armor joins us as a guest-host to provide her experienced perspective as a road warrior. Highlights from this week's episode include... Ann discusses the big deal with working from the road, in a high-pressure InfoSec job We discuss the impact of being a road warrior has on mental health, families, and career Ann gives us some insight from the teams and companies she's worked with Ann gives us some thoughts on how to mitigate mental health impact for InfoSec professionals Guest Ann Johnson - Corporate VP, Cybersecurity Solutions @ Microsoft Twitter: @ajohnsocyber LinkedIn: https://www.linkedin.com/in/ann-joh
-
DtSR Episode 311 - Further the Browser
29/08/2018 Duração: 39minThis week we dive into the world of the web browser. A brief history, some discussion about what's wrong and how it's broken - and a few suggestions for what to do next. This is a complicated discussion - so you can bet we'll come back to it with your feedback! Highlights from this week's show include... A brief walk-through of the history of browsing Solutions that tried, but ultimately failed, to solve the challenges An approach we've seen before - the "remote browser" Discussion on challenges and opportunities of the remote browser concept Discussion on Authentic8's approach and innovations
-
DtSR Episode 310 - RFP POC OMG
23/08/2018 Duração: 33minThis week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security tools and services. Listen close if you're on the enterprise side, and listen closer if you're selling to them. Highlights from this week's show include... We address the difficulties of evaluating or replacing technologies or services Rafal takes you into the "better" trap, and how you can avoid it We discuss defining concrete problem statements James & Rafal talk through the challenges of defining good requirements and evaluating We address how to pick a winner - or not
-
DtSR Episode 309 - Digital Transformation, Take 2
14/08/2018 Duração: 38minThis week Nate Smolenski - Director, Cloud Architecture Services - joins us for an insightful discussion on the concept of digital transformation for the enterprise. Many companies are undergoing a digital transformation, or have done so already, and it's up to security to once again, catch up. Nate brings a truckload of experience and evidence into the conversation and as a security professional and practitioner - you should absolutely listen to this episode. Twice. Highlights from this week's show include... Answering: What in the world is "digital transformation"? Discussion around the seemingly "take 2" we're embarking on, as security professionals Enterprise security's role, or not, in digital transformation
-
DtSR Episode 308 - Theoretical and Applied Futurism
08/08/2018 Duração: 45minFriends, this week's episode is truly unique. We talk to a gentleman whose job it is to think big, and into the future in a big way. Jeremy Nulik is the "Evangelist Prime" at Big Wide Sky - an organization that looks to think big, and solve big problems, in big ways. This is an incredible journey into problem-solving on a grand scale. Highlights from this week's show include... An overview of futurism, as an abstract tool for problem-solving A discussion on the roots of futurism Overview of how futurism is applied today The four key approaches in applied futurism Applying futurism to problem-solving in information security Links you need to check out: https://medium.com/@bigwidesky/create-a-culture-that-embraces-vision-8557ad03d55 https://www.linkedin.com/in/jeremynulik/ https://bigwidesky.com/#Jeremy-Nulik
-
DtSR Episode 307 - Building and Teaching in Chicago
01/08/2018 Duração: 33minOn this episode of the Down the Security Rabbithole Podcast, Rafal is in Chicago for a few days and visiting with a long-time friend and colleague, Don Donzal. Don has some great history in the Chicago hacking and security professional scene, so we take a stroll down memory lane, talk about what he's doing now, and take a long look ahead. Join us! Highlights from this week's show include... Don gives us a little insight into where Ethical Hacker Network got started A history of Chicago Con - anyone been? Life, family, career - and how balancing all of that and still doing what you love is important A look into the future of the new venture! Catch the Ethical Hacker Network online at https://ethicalhacker.net, and on Twitter at @EthicalHacker.
-
DtSR Episode 306 - Balancing Family and Career
25/07/2018 Duração: 46minThis week, we tackle a topic that should not have taken 306 episodes to get to - balancing family and work while growing a career in Information Security. Britney hits the high points with us, and takes us down the road of what it's like being a mother and security leader - as we explore the topic for everyone who is in our field. Highlights from this week's show include: Who does this apply to? Are you being asked to choose? Becoming adaptive When you should bend and when you should concede Creating your own space Confidence Benefits of Blending
-
DtSR Episode 305 - Security for the Mid-market
17/07/2018 Duração: 42minDo you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you, and yet you still have all of the same problems big companies do - just without all the budget. What do you do? Listen to this episode of DtSR and find out what we think. Highlights from this week's show include... Addressing the "tool" or "staff" conundrum Who's manning all those dashboards? Staff to dashboard ratio How do you prioritize, when you can't multi-thread? Giving up isn't an option, so what do you do?
-
DtSR Episode 304 - Transforming Security
11/07/2018 Duração: 41minThis week, James and I interview a former Optiv colleague and advisor to many Fortune 250 CISOs in his long career, our friend Ron Kurisczak. Ron's long and successful career has included time spent truly transforming the way security functions, and how it's seen in the boardroom. Spend 35 minutes and hear his take on where we've been, and why right now is so crucial to our future. Highlights from this week's show include... Why are we transforming security? Data classification, operation policies Tracking key performance indicators (KPIs) to the new rules of security Who's getting through, how long did they have, what did you do to eradicate? What are we measuring - how do we define "maturity" in security programs Understanding how we understand and measure long-term losses from security failures Moving into a truly risk-based security program, and away from "how much are my peers spending?"