Down The Security Rabbithole

Prologue ** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth, our diplomats are likely a target 24x7x365. ** This week, Lonnie Price joins me and James on the show for an intriguing talking through some very, very cool stuff. Now, this episode is special. Of course, every episode is special but some are more special than others. In this edition of the show we're talking to someone who keeps state secrets, well ... secret, as America's diplomats travel internally and abroad. I can safely say I had no idea how much there was to concern yourself with beyond just encryption. Guest Lonnie Price LinkedIn: https://www.linkedin.com/in/lonniejprice/

Prologue Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale? Rafal's guest, Ari Jacoby of Deduce has some ideas.  Ari talks about the broader ATO problem, and suggests some of the reasons it's gotten this bad (...how bad is it?...) and what companies that are not in the Fortune 250 can do to protect themselves - and you. Guest Ari Jacoby Deduce: https://www.deduce.com/  LinkedIn: https://www.linkedin.com/in/arijacoby/  Twitter: https://twitter.com/arijacoby 

Prologue OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotely worked together. OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actually intelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically.   Guest Zach Wasserman LinkedIn: https://www.linkedin.com/in/zacharywasserman/ Twitter: https://twitter.com/thezachw  Fleet Open Source Device Management: https://fleetdm.com/ 

Prologue This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why.   Guest Yuri Bobbert LinkedIn: https://www.linkedin.com/in/yuribobbert/ His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f/?trackingId=%2Fwm4S897TnSMTgkDszCDJQ%3D%3D 

Prologue This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right? This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing.   Guest DJ McArthur LinkedIn: https://www.linkedin.com/in/dj-mcarthur-74364b24/ Twitter: https://twitter.com/djmca5280

Prologue Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey joins us to talk about AppSec from his perspective - that of a life-long developer that's moved into software security. It's been an interesting journey, and while some of the things we discuss aren't necessarily revelations - listen for the subtle clues about what software security teams are doing wrong in the corporate enterprise... you'll hear it. Guest Rey Bango LinkedIn: https://www.linkedin.com/in/reybango/ Twitter: @ReyBango

Prologue Episode 435 is packed with OpenSource goodness, talking about WordPress and WPScan with Ryan Dewhurst. Ryan started WPScan (a tool you probably use as a security practitioner) and has now made a business out of it. He spends a half-hour discussing the product, his road, and Wordpress/security in general and includes some plans for the future. Guest Ryan Dewhurst LinkedIn: https://www.linkedin.com/in/ryandewhurst/ Twitter: https://twitter.com/ethicalhack3r Website: https://wpvulndb.com/

Prologue This week, Jennifer Fernick of NCC Group joins me to talk about her work with open source software and security. With a storied career, Jennifer is well-qualified to talk about some really interesting topics, but finding bugs in open source software, at the scale we need it to be done, is a monumental task.  If you're a developer and keen on innovation and open-source, and know security or are interested in learning more - I encourage you to go check out the Open Source Security Foundation here: https://openssf.org/  Guest Jennifer Fernick LinkedIn: https://www.linkedin.com/in/jenniferfernick/

Prologue: This week, Gary Latham joins the podcast to talk about taking the reigns of the Security Advisor Alliance, at a pivotal time for the organization. If you don't know about the SAA, I highly encourage you to check it out here: https://www.securityadvisoralliance.org/    Guest Gary Latham LinkedIn: https://www.linkedin.com/in/gary-latham-8bb62925/ 

Prologue On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last time Robb was on the show (which was in 2016!). Of course they talk about the "big hack", and retreat into identity, Zero Trust, and the challenges of mid-market companies trying to do their own security. The lesson here? "The more we learn, the more we recognize we know very little." Guest Robb Reck LinkedIn: https://www.linkedin.com/in/robbreck/ Twitter: @RobbReck

Prologue This week on DtSR, an old friend Jamison Utter joins Rafal to talk about medical IoT devices, and what makes them different -- and of course, how we can better protect them. Jamison's company, Medigate, is a healthcare security and medical analytics company - and it's an interesting discussion on how this type of IoT differs from others with security implications. You'll want to listen in, since the "Internet of Things" discussion is getting very varied, and you need to keep up. Guest Jamison Utter LinkedIn: https://www.linkedin.com/in/jamisonutter/ Twitter: https://twitter.com/jamison_utter Company website: https://medigate.io  

Prologue David was a guest on the podcast many years ago, back in episode 7. We had a great conversation and it's interesting to see how so many of the topics have evolved in the last nearly a decade. Or not. Guest David Elfering LinkedIn: https://www.linkedin.com/in/aroundomaha/ Twitter: https://twitter.com/icxc 

You Gotta Hear This! [YGHT] This special edition of the Down the Security Rabbithole Podcast is the first of it's kind. For 2021 I've decided to throw in a bonus episode here and there that doesn't necessarily fit the typical format when I find something interesting, or a topic or person worth your time. Right now, with CrowdSec is that time. Philippe Humeau is a wealth of information and the CEO of CrowdSec - a company that's picking up where someone else left off and making crowd-sourced security intelligence, free if you're a contributor to the system. Brilliant stuff... jump in and listen. Guest Philippe Humeau LinkedIn: https://www.linkedin.com/in/philippehumeau/  Twitter: https://twitter.com/philippe_humeau  Check out CrowdSec LinkedIn: https://www.linkedin.com/company/crowdsec/ Hub: https://hub.crowdsec.net/?_ga=2.115542209.614917574.1610075573-377858623.1610075573 Twitter: https://twitter.com/Crowd_Security 

Prologue Let's start 2021 off right with a returning guest whose name you will want to remember. Joep (pronounced like "soup" but with a "you") Gommers the founder and CEO of EclecticIQ joins Rafal to talk about threat intelligence - from platforms to TIPs, use-cases, implementations, limitations, and the move to TIM. It's a fun conversation that looks at where "threat intelligence" started, and where it's gone over the last 5 years or so. If you're a threat intel analyst, another consumer, or even a vendor, you'll want to listen up carefully and maybe take notes. By the way we need a "TIM-enabled NextGen SOC Platform" sticker to be made up, with "Tim the Enchanter" as the key figure ... this should happen. Someone has to have the talent! Guest Joep Gommers LinkedIn: https://www.linkedin.com/in/joepgommers/ Twitter: https://twitter.com/joepgommers 

Prologue This week, on the last episode of 2020, Michael Coates joins Rafal to talk about wire-speed-data-protection. Sort of like CASB but more universal. Interestingly, Rafal and Michael talk through how DLP has evolved and into what, and some interesting developments along the way - then the promise of something better. Guest Michael Coates LinkedIn: https://www.linkedin.com/in/mcoates/ Twitter: https://twitter.com/_mwc

Prologue First and foremost, thank you to Prevailion for giving us some of Karim's time, and content for this episode. Adversary intelligence is critical to protection and defense, so the methods and means in which it's gathered, refined, and provided back into the industry is always a great topic of discussion. I can't stress enough how much I recommend going and doing this - https://www.prevailion.com/claim-your-apex-platform-account/ which is free and can give you an idea of whether you have some of those pesky "bad actors" running around your infrastructure stealing your critical assets. Guest Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/ Is YOUR org compromised?: https://www.prevailion.com/claim-your-apex-platform-account/

Prologue This week, one of my old allies in the advocacy for sane media appearance joins James and me on the podcast. We talk about being a media liaison, managing speakers and security types with lots to say and few f***s to give for the media. It's an interesting conversation if you want to hear about what your media and PR person has to go through. Guest Diana Wong LinkedIn: https://www.linkedin.com/in/dianawong1/

Prologue Fill up your coffee cup, find a comfortable seat, and get ready to dive into this show! Richard & Anton join James and Rafal to discuss the SOC and it's evolution (or not) in today's enterprise. What are the major issues with SOCs today? What will the SOC of tomorrow be like? Does anyone know why Anton's hair is so nutty? These and other questions will be answered, maybe, on this show... so listen in and please give us some love on the socials. Guests Richard Steinnon LinkedIn: https://www.linkedin.com/in/stiennon/  Twitter: https://twitter.com/stiennon  Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/  Twitter: https://twitter.com/anton_chuvakin 

Prologue This week, virtually live from Enfuse 2020 we've invited Grayson Milbourne, who is the Director of Security Intelligence at OpenText (formerly Carbonite/Webroot), to the show to talk about his work, malware, and the ever-evolving battle between good and evil'ish. This is a unique look at the intelligence, research, and innovation that goes into anti-malware tools and the arms race between attacker and defender in the real world. Guest Grayson Milbourne LinkedIn: https://www.linkedin.com/in/themilbourne/ Twitter: https://twitter.com/gmilbourne 

Prologue: This week is a TREAT for you Down the Security Rabbithole Podcast listeners. Before she does her keynote on the topic, you'll get to hear Tarah Wheeler's take on the graying lines of privacy, security, and ethics. Just because we can ... does that mean we should? Lots of interesting discussions, and some totally nerdy and pedantic references you'll want to listen to a few times. Week 3 of OpenText's Enfuse Conference 2020 is kicking off with Tarah's keynote, and if you haven't checked in, or signed on, maybe this will convince you! Give her keynote a listen... Guest Tarah Wheeler LinkedIn: https://www.linkedin.com/in/tarah/ Twitter: https://twitter.com/tarah