Down The Security Rabbithole
- Autor: Vários
- Narrador: Vários
- Editora: Podcast
- Duração: 398:36:06
- Mais informações
Informações:
Sinopse
Security. Some assembly required.Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.Read the blog > http://hp.com/go/white-rabbitFollow along on Twitter > http://twitter.com/wh1t3rabbit
Episódios
-
DtSR Episode 303 - Advising Security Leadership
03/07/2018 Duração: 38minThanks to my friend Brian Wrozek for joining us this week on Down the Security Rabbithole Podcast. Brian's long career as a CISO has broken several 'typical' molds... so he's a fantastic person to join us to talk about the things CISOs should be thinking about. Highlights from this week's show include... Prioritizing projects as the CISO Getting support from the outside because "we hired you to know this" Refreshing and revisiting completed projects/tools to optimize and see a value Security is additive, we never really take anything away - is this a problem? Red team, blue team, purple team ... what happened to penetration testing? Automation, orchestration, automated response to bad Risk management, and "back to the basics" is still broken Breach after breach after breach - and nothing's changing
-
DtSR Episode 302 - InfoSec Superhero Syndrome
26/06/2018 Duração: 38minThis week, as DtSR rolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad Security Podcast in his spare time. His perspective on the idea of an "infosec army of one" is one that many of us share, and it needs to be solved. Highlights from this week's show include... Trying to solve everything, on our own... burn out or flame on Working as a lone wolf can be detrimental to your career, and sanity Working as an individual within an enterprise team Perspective for the business requires others Case in point - Application security jobs Purple teams - the ultimate collaboration, not me vs you
-
DtSR Episode 301 - Julie Conroy on eFraud and Identity
19/06/2018 Duração: 41minThis week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a fascinating conversation that winds through the fringes and often unexplored corners of enterprise security. Check it out, and special thanks to Julie for taking the time out of her busy schedule. Highlights from this week's show include... A brief glimpse into the impact of enterprise security on global fraud Julie talks through identity, and how enterprise security can positively impact fraud Account takeovers - the thing we all fear but struggle to solve Balancing security and usability, convenience Guest Julie Conroy - ( https://www.linkedin.com/in/julie-conroy-6997/ ): Julie is an experienced product management executive with a proven track record of revenue growth and innovation.
-
DtSR Episode 300 - Reminiscing
14/06/2018 Duração: 54minThank you, listeners! Down the Security Rabbithole has reached milestone episode #300. In this episode, James and Rafal sit down with the nothing more than an open mic and talk through topics the podcast has previously covered, and others we still have yet to cover. Join us. And a personal thank you to all of our guests over the past 300+ episodes... we are looking forward to much more great content to come!
-
DtSR Episode 299 - Leadership Lessons w Chris Abramson
05/06/2018 Duração: 41minSpecial thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure! Highlights from this week's show include... Chris and I talk about measuring 'risk' We discuss 'brittle systems' which apparently are still alive and kicking Risk analysis, cloud computing, and your business Guest Chris Abramson ( @cabramson50 ) - Director, Information Security Delivery & Engineering; Team oriented Enterprise Information Security Management professional seeking to improve the security of organizations through education and practice. Qualifications include a bachelors degree in computer science; CISM, CISA, CEH and ECSA certification. Understanding of Industry, State and Federal regulatory standards. Ten years of experience in the creation and deployment of Information Security solutions for protecting the networks, systems and data assets of a fortune 50 company.
-
DtSR Episode 298 - Overcoming the Language Barrier
29/05/2018 Duração: 50minTwo more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe). Highlights from this week's show include... Applications of DoD security in a non-DoD world The meaning and elements of the risk equation Understanding (making sense of) the risk equation Swimming in the swamp of marketing literature AppSec as an area of expertise (again, and again, and again) Go see Jeff at Circle City Con if you're attending. He's giving a talk ( https://circlecitycon.com/talks/rethinking_cyber_security_given_the_spectre_of_a_meltdown_someone_hold_my_beer/ ) titled "(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)"
-
DtSR Episode 297 - A Model for Prioritizing Patching Efforts
22/05/2018 Duração: 48minBefore you listen to this podcast ... go grab this report: https://www.kennasecurity.com/prioritization-to-prediction-report/ from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this show. Highlights from this week's show include... A high-level walkthrough of the model that authors developed, and the many interesting insights Why what you're doing now is probably as good as random chance A deeper discussion on cause and effect of patches, and trying to do everything So much more! While you're listening to the show, hit us up on Twitter using the hashtag #DtSR or tweet to @DtSR_Podcast! Guests Jay Jacobs ( @JayJacobs ) Wade Baker ( @WadeBaker ) Michael Roytman ( @MRoytman )
-
DtSR Episode 296 - Hype Machine Off the Rails
15/05/2018 Duração: 52minThis week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in bullsh*t we convince ourselves of - this podcast is a riveting (although slightly longer) episode of free-flowing discussion. Highlights from this week's show include... We discuss #eFail - and the circus maximus of ridiculousness that it currently is Adrian gives us some views on believing our own nonsense We attempt to discuss how we got to this point Much more!
-
DtSR Episode 295 - DevSecOps is Not a Thing
09/05/2018 Duração: 47minThis week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud computing, DevOps, and some silly things security folks are doing to undermine themselves in the brave new world. Highlights from this week's show include... A brief discussion on moose and Canada Why none of us believe "DevSecOps" is a thing Deploying security into modern code development practices Much, much, much more Guest Mark Nunnikhoven ( @MarkNCA ) - Vice President, Cloud Research at Trend Micro. Mark has way too many credentials and accolades to list here, go read his LinkedIn page, or check out "Mornings with Mark" on his Twitter feed daily. [Mark on LinkedIn]
-
DtSR Episode 294 - Securing Azure
02/05/2018 Duração: 40min* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at https://microsoft.com/rsa and if you really want to check out something amazing where IoT and cloud collide, check out https://microsoft.com/azure-sphere. On this second special episode of the podcast live from RSA 2018, Raf sits down at RSA Conference 2018 with a gentleman you may not know but you should, Avi Ben-Menahem. We discuss what it's like in terms of effort, scope, and sheer talent, to take on the monumental task of securing the Azure public cloud platform. Avi shares his insights, and drops us some interesting tidbits on the day in the life of someone working at truly hyper scale. Again, special thanks to Jessica and the Microsoft team for some truly unprecedented access.
-
DtSR Episode 293 - Diana Kelley from RSA 2018
24/04/2018 Duração: 39min* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at https://microsoft.com/rsa and if you really want to check out something amazing where IoT and cloud collide, check out https://microsoft.com/azure-sphere. On this very special episode of the podcast, Raf sits down at RSA Conference 2018 with the one and only Diana Kelley to talk data integrity, crisis communication, and fear-based selling in security. Again, special thanks to Jessica and the Microsoft. Guest Diana Kelley ( @DianaKelley14 ) - Diana is the Cybersecurity Field CTO for Microsoft, a cybersecurity thought leader, practitioner, executive advisor, architect, speaker, author and co-founder of SecurityCurve. More here: https://www.linkedin.com/in/dianakelleysecuritycurve/
-
DtSR Episode 292 - Navigating Industry Conferences (RSA)
17/04/2018 Duração: 42minThis week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide some much-needed commentary on the industry, conferences, and survival. Highlights from this week's show include... A quick overview of RSA Conference Getting value, learning something, or whatever else Buzzwords, and navigating marketing speak Attendee personas: buyer, attendee, vendor - there is a huge difference in how you experience a conference from these angles Feature, product, or startup (sometimes they're the same thing!) Tips, tricks and ideas for having a successful experience
-
DtSR Episode 291 - A New Perspective On Endpoint (Nyotron)
10/04/2018 Duração: 39min[This week's episode and fantastic discussion on endpoint security is sponsored by Nyotron]. DtSR listeners already know we don't do advertisements or traditional sponsorship - so when we bring in a sponsored guest it's because we believe the topic is interesting and the guests have a genuinely interesting point of view. On that note... The topic this week is the endpoint. Yes, the endpoint - the place where security started, and was subsequently abandoned, and reborn. Whether you're talking about virtual cloud workloads, laptops or other types of endpoints - we can all agree on the fact that there are too many buzz words, too many tools, and too many 'solutions' to the various ailments of the endpoint. This week we dive down the rabbit hole with Rene and Nir, from Nyotron, to hear their unique perspective and get an understanding on why they think their approach to this very difficult problem is worthy of your time. I invite you to give this episode a listen, as it's a bit of a pilot for us. If you all enjoy
-
DtSR Episode 290 - What Ails the CMS
03/04/2018 Duração: 42minThis week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in InfoSec love to hate on. We talk about Drupal, Wordpress and all the other CMSes out there that have similar issues. Highlights from this week's show include... Why start a company that does CMS security (they're hopeless anyway right?) How many of the most popular CMSes are actually not as bad as you may think, security wise The core, the plug-in infrastructure, and plug-ins Finding, responding to, and fixing bugs in the modern software world Guest Tony Perez ( @Perezbox ) - [Tony has perhaps one of the coolest LinkedIn write-ups, so I'm pasting it here.] Tony is a proven business leader and operator. He is a former US Marine (2000 - 2005), and former CEO of Sucuri (2011 - 2017), a website security platform that was acquired by GoDaddy in April 2017. He has proven experience taking a security product from startup to a global, multi-national, organization. His
-
DtSR Episode 289 - Neither Security Nor Privacy
27/03/2018 Duração: 49minThis week, join DtSR as Rafal sits down across the virtual table with the one and only Robert Hansen. Rob (aka @Rsnake ) discusses his roots of being an almost-bad-guy, to the security of browsers, and privacy. Plus we get to reveal something pretty awesome... Highlights from this week's show include... Rob's fascination with alien conspiracy theories A back history of browsers you've never heard of, that you benefit from today Google... Security vs. Privacy - why you don't actually get either A secret reveal from Rob about his exciting new venture
-
DtSR Episode 288 - Experienced Opinions
20/03/2018 Duração: 50minThis week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an industry old-timer (sorry buddy, we're old) and has some seriously valid opinions on many things. We discuss some interesting topics, and apologize for nothing. Highlights from this week's show include... It's conference season again... and time for more buzzword bingo Marketing people are the worst...except we're all complicit Threat Intelligence. Again. Still. Yep. Let's go hunting for threats - who should have a threat hunt team, and why Mergers, acquisitions, and the future of our industry Guest Will Gragido ( @WGragido ) - Will Gragido is a seasoned security professional with over 20 years’ experience in networking and information security. Will’s extensive background is the result of his service as a United States Marine, a consultant with the world renowned International Network Services, Internet Security Systems (now IBM ISS), McAfee, Damballa, Cassandra
-
DtSR Episode 287 - Armored and Battle Tested
13/03/2018 Duração: 46minIn case y'all don't read LinkedIn or Twitter - Rafal recently joined Armor (Armor.com), so what better time to interview the CEO Chris Drake than right now. So this week, Chris Drake joins us in the studio to talk about his background (which is quite interesting, by the way) and how he got to start a fast-paced cloud security-as-a-service company. Highlights from this week's show include... The road starts with jumping out of airplanes The Butterball story More discussion on challenges with existing security models Security-as-a-Service vs. Managed Security (MSS) - differences and big differences Guest: Chris Drake, Founder and CEO of Armor ( @ChrisDrake ) - Chris is currently the founder and CEO of Armor, a fast-paced cloud Security-as-a-Service provider. If you want more on Chris, you'll have to listen to the podcast.
-
DtSR Episode 286 - Breach vs Incident vs Lawyers
06/03/2018 Duração: 44minThis week's DtSR Podcast sits down in the offices of Shawn Tuma to discuss an update on the law with regards to data breaches, or incidents - and what the differences between. We talk through current events, past history and look into the future a bit. Highlights from this week's show include... the legal differences in the words we use (breach vs. incident) notification and disclosure in a global economy planning, preparation, and the big day costs - specifically around insurance - when things go badly right to sue for current, and future, damages (did they really happen?) overview of GDPR, and the cornucopia of other local, regional, national, and international laws as they are evolving Guest Shawn Tuma ( @ShawnETuma )
-
DtSR Episode 285 - Alt-Tab Alt-Tab Swivel-Chair
27/02/2018 Duração: 48minWe have a treat for you folks this week! On episode 285 of the podcast I'm joined by three well repected, forward thinking, and entrepreneurial-minded security executives to talk about about some of the challenges they see in the industry and what they're doing to solve them. From cloud, to threat intelligence, staffing, and other scaling issues - we address the issues head-on, and provide some insight into what these three are thinking going forward. *The audio quality isn't the usual high-quality I expect to publish, so my apologies for that in advance. Somewhere the recording tool I use had an issue, but I did my best to make sure you could hear the speakers clearly. Apologies for the background noise on this recording. Guests: Susan Magee Dustin Wilcox Jason Clark If you've noticed the new logo, it's courtesy of a phenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: http://fb.com/CzaplarskiArt. Peter is also the artist be
-
DtSR Episode 284 - MSS SOS
20/02/2018 Duração: 50minThis week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen). This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little. A lot. Join us! And spread the word! Guest: Scott Stanton ( @Scott_Stanton ) - Information Security leader with experience in the High Tech, Manufacturing, Engineering, Services, and Energy industries. My technical depth includes application development, IP networking, operating systems, virtualization, and storage systems. Scott is currently the Senior Manager of Infrastructure Security at a medical technology company. If