Down The Security Rabbithole

Prologue This week, Rafal takes the show on the road (literally) to Las Vegas for Fal.Con '22 -- this is CrowdStrike's premier global get-together of customers, partners, and industry experts to showcase some innovation and share ideas and insights. I wanted to say a big thank you to CrowdStrike -- all the folks who helped make this happen and continue to support this podcast and provide access to these fantastic guests. Thank you to Nick Lowe, Geeta Schmidt, Kapil Raina, and Bryan Lee for taking the time to share their unique insights. Guests Nick Lowe LinkedIn: https://www.linkedin.com/in/nick-lowe-cissp-7751a05b/  Geeta Schmidt LinkedIn: https://www.linkedin.com/in/geetaschmidt/  Kapil Raina LinkedIn: https://www.linkedin.com/in/kapilraina/  Bryan Lee LinkedIn: https://www.linkedin.com/in/obiwanblee/ 

Prologue Solving problems is a challenge not everyone is up for. The industry is littered with people and companies that bring small-time solutions to an industry begging and pleading for actual solutions. Jason Clark of Netskope, and long-time friend, joins James and Rafal to talk about the mindset and approach needed to solve BIG problems that change the game, change the landscape, and change our lives. Guest Jason Clark LinkedIn: https://www.linkedin.com/in/jasonclarkfl/   

For those of you paying attention - DtSR is officially 11 years old. This episode is the first episode of year (season) 12. WOW. Thank you for listening, sharing, commenting, and watching us live! Prologue We work in a weird industry where marketing has to make ever-more outrageous claims that product and service teams then have to attempt to live up to, but it's a way of life. Now, I'm not strictly speaking blaming product marketing people, but they do have some blame in this insane climate we find ourselves in. On this episode, two good friends - and professional snark'ists - join James and I to talk about where our industry has over-marketed, over-hyped, and simply failed to deliver ...and where it may actually be meeting expectations. It's a fun conversation, and I bet you won't see the ending coming. Guests Jeff Collins LinkedIn: https://www.linkedin.com/in/jmcollins/  Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/  Twitter: https://twitter.com/anton_chuvakin

Prologue Fresh off his presentation at Defcon 2022, Ken Pyle joins Rafal to talk about the Emergency Alert System (EAS) he's been hacking since 2019 and discusses findings, challenges, and the work left to do. It's a fascinating conversation that will leave you wondering - how do we fix this clear and present problem, and more importantly...where else should we be looking? Guest Ken Pyle LinkedIn: https://www.linkedin.com/in/ken-pyle/ LinkedIn Stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6971199601311694848/ 

Prologue This week's guest is always a great interview. Gadi Evron has been around the industry longer than it's been an officially named discipline. In this episode, he talks about post-breach standards and the apparent but not previously discussed need. He also breaks your brain with disinformation, which we only lightly touch on before realizing we need at least one more podcast to go deeper into the topic. Join us, and share this one, it's awesome.   Guest Gadi Evron LinkedIn: https://www.linkedin.com/in/gadievron/ 

Prologue We've covered "threat intelligence" on the show a few times now, but the evolving nature of what threat data is, how it's useful, and how it enables defenders of a specific type identify malicious activity keep it interesting. This time around Adam Meyers of CrowdStrike joins Rafal to discuss threat intelligence, threat hunting, and clarifies some of the mis-conceptions and utilities around the topic. A good conversation for those defending their infrastructure and useful data points from someone who is a recognized expert. Adam joins us from his bunker, with all the elements you'd expect from Adam, so it's definitely worth your time to listen closely. Check out Fal.Con, where you can catch the cutting-edge on CrowdStrike kit, industry knowledge, and hear some great industry speakers. Rafal will be there speaking on the topic of operationalizing and making the SOC more effective and efficient at small scale, check it out (link below). Guest Adam Meyers LinkedIn: https://www.linkedin.com/in/adam-mey

Prologue "Just do the basics!" "Remember the security fundamentals." ...sick of hearing those catch phrases without anything to actually get it DONE? Yeah, us too. This week we're joined by John Scimone of Dell Technologies to talk about his take on fundamentals both security and IT. His approach is not unique, per se, but it's one that works and it's repeatable. More importantly, he's willing to share his expertise and what he's done to be successful in raising the bar to his level of "good enough" -- so unless you've gotten where YOU want to be in those security fundamentals, it's time to listen to John's podcast and take notes. Take lots of notes. By the way, if you want the video on LinkedIn Live where you can post questions too, click here: https://www.linkedin.com/video/event/urn:li:ugcPost:6953043382164209664/ Guest John Scimone - President, Chief Security Officer at Dell Technologies LinkedIn: https://www.linkedin.com/in/john-scimone-0b2041a1/

Prologue This week, long-time friend and well-known industry personality, Jessica Hebenstreit joins Rafal to talk about her journey in consulting to very large security programs and why maturity is elusive in many of those programs. As it turns out, maturity is influenced by many factors but highly dependent on actually solving problems and being able to show progress. This is an interesting conversation for anyone who wants to understand what's inside the head of a former practitioner who has ventured into the field to help others solve large-scale, complex, problems. Guest Jessica Hebenstreit LinkedIn: https://www.linkedin.com/in/jessicahebenstreit/  LinkedIn Live stream: (video!) https://www.linkedin.com/video/event/urn:li:ugcPost:6960010458405756928/ 

Prologue This week on the podcast, the one and only Tom Eston joins Rafal & James to talk about managing teams. Tom is a well-known personality who runs the "Shared Security Show" podcast -- which has been running even longer than we have, give them a listen if you don't already. Tom talks about the difficulties of managing, coping with various types of personalities, and helping employees thrive while finding the right balance between in-office and remote. Great show if you're in a leadership position, or hoping to be, managing technical teams. Guest Tom Eston https://www.linkedin.com/in/tomeston/ The Shared Security Show https://sharedsecurity.net/ 

Prologue It's always a pleasure to have someone on the show who is an expert in their trade, someone who has experience, expertise, and depth of understanding like few others. In this case, James and I host Jim tiller - one of the people I consider a mentor and long-time friend, who is all of those things and more. Jim is a quintessential expert on cybersecurity services - and in this discussion we push some of the buttons that really get him talking, passionate, and dispensing wisdom. I hope you brought a notepad, because you'll want to be taking notes. This episode is for those out there who work in, or manage, services organizations. Truckloads of information here... Guest Jim Tiller https://www.linkedin.com/in/jitiller/  Subscribe to Security Bytes: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/ 

Prologue James has been talking about "shift left" for a while so when Jeff Williams posted interesting research on LinkedIn - we jumped on an opportunity to have him on the show to talk about the subject. Let's face it, everyone is shifting left, and most of this is just marketing nonsense, but some of it is actually an attempt to push security "earlier" into the cycles - but is that good? Does it even make sense? Jeff kills one of my favorite, go-to, security myths about software security...and a fun discussion ensues. Join us, and maybe add to the conversation! Guest Jeff Williams LinkedIn: https://www.linkedin.com/in/planetlevel/ The post that started the discussion: https://www.linkedin.com/feed/update/urn:li:activity:6948662117398962177?updateEntityUrn=urn%3Ali%3Afs_feedUpdate%3A%28V2%2Curn%3Ali%3Aactivity%3A6948662117398962177%29 

Prologue DNS is a big topic, and you may be asking yourself why. Well, as we noted in a recent show ( https://ftwr.libsyn.com/dtsr-episode-504-dns-turns-40 ) DNS is officially middle-aged. And with that middle-age comes some more problems. These issues have caused a situation where it's increasingly evident that DNS needs to evolve, mature, or simply revise (2.0?) itself ... but into what? And why? Listen to Ken Carnesi from DNSFilter who joins James & Rafal to talk about the challenges and the future, and why it's still such a sh*tshow today. Guest Ken Carnesi LinkedIn: https://www.linkedin.com/in/kencarnesi/

Prologue Let's start with NDR - Network Detection and Response - because it's not new, but the discussions lately have been very interesting. Is it still relevant? Does it have a place in today's hybrid and cloud world? Well, in this conversation with Raja Mukerji, co-founder of ExtraHop, Rafal tackles these questions and gets some interesting answers. For those of you who have followed for a while - I have a surprise reveal for you at the end.

Prologue As some of you know, I've been either in the AppSec space, or adjacent, since the fairly early days. I built a program at GE a million years ago, and worked selling dynamic web app testing software for many years. If you've been in the space, you can feel a little bit hopeless with all the different options, tools, and advice only to look at the stale OWASP Top 10 and wonder ...why aren't things improving? Matt Rose joins me in a post-RSA conversation about ASPM (Application Security Posture Management), and before you dismiss it as another analyst buzzword, let's talk about why this may actually (and finally) start to solve some of the complex issues around developing, releasing, and maintaining reasonably secure software. This is a space I've been passionate about for a long time, and I feel like everyone should listen to this. Guest Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/ 

Prologue RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard. Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry. Guests Tyler Moffitt LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/  Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/  Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/  Dr. Khawaja Saeed LinkedIn: https://www.linkedin.com/in/khawaja-asjad-saeed-29b2a6a/  Ray Canzanese LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/  Deidre Diamond LinkedIn: https://www.linkedin.com/in/deidrediamond/ 

Prologue In this RSA conference-themed episode, I bring on Jonathan Barnett from OpenText Security Solutions to discuss DNS turning 40 years old. Yeah, it was originally invented in 1983 y'all. As DNS turns 40, some of the lingering problems are getting worse, some of the new solutions open up other problems, and we're all about solutions here so we tackle some of the things Jonathan is doing to address the issues. Interesting episode to ponder, and reflect on, as DNS turns 40 years old next year and we try and figure out "now what?" Guest Jonathan Barnett LinkedIn: https://www.linkedin.com/in/jonathan-barnett-61417313/ OpenText Security Solutions: https://security.opentext.com/?_ga=2.120496974.732014807.1654199211-1391672637.1654199211 

Prologue This is a bonus episode for the Episode 500 live-stream we did. I brought together Crowdstrike, OpenText, and Netskope technologists to talk about the technology they've worked with over the last 10 years, where it stands today, and what the future outlook looks like. It's a fascinating conversation from some of the most common vendors out there in security - and you're probably using or relying on their platforms -- so it makes sense to get their take on the past, present, and future of technology in our industry. Special thanks to Adam, Grayson, and Mark for taking the time out and sharing their expertise! Guests Adam Meyers (Crowdstrike) - https://www.linkedin.com/in/adam-meyers-7a58481/ Grayson Milbourne (OpenText) - https://www.linkedin.com/in/themilbourne/ Mark Day (Netskope) - https://www.linkedin.com/in/markstuartday/  

Prologue This week, we talk about the cloud in a different way than we have previously. We discuss "blast radius" with regard to vast numbers of roles and permissions inside of a public cloud infrastructure. The numbers are staggering and you'll likely find yourself asking the obvious question -- "How does anyone manage all of this, with any hope of getting it right?" The beginnings of that answer lie in this show.   Guest: Arick Goomanovsky LinkedIn: https://www.linkedin.com/in/arick-goomanovsky/ Twitter: https://twitter.com/g00manoid/ Ermetic: https://ermetic.com/ 

Prologue CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're probaby alll too familiar. For some, it's hell. For the rest, it's mostly insane. Jacob joins Rafal & James to educate us, and give us the reality of this set of standards. Guest Jacob Horne LinkedIn: https://www.linkedin.com/in/jacob-horne-cissp/ 

Prologue This week, on the first post-500 episode, we welcome Netskope's Ray Canzanese to talk about the Cloud & Threat Report they just published ( https://www.netskope.com/netskope-threat-labs/cloud-threat-report ) which has some interesting bits in it. Ray discusses the details and some of the things that you won't find in the text of the report. Good conversation as Rafal & James break down the headlines.