Synopsis
Security. Some assembly required.Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.Read the blog > http://hp.com/go/white-rabbitFollow along on Twitter > http://twitter.com/wh1t3rabbit
Episodes
-
DtSR Episode 401 - Vyrus Lessons in Red to Blue
30/06/2020 Duration: 49minEpisode 401 Epilogue: This week, I got to sit down virtually with a long-time friend, and one of the most intelligent and quiet people you'll ever meet in InfoSec. My pal Carl Vincent (some of you may know him by other names) and I chat the transition from Red Team to Blue Team, tools, the state of the industry over the last few years, and just general conversation. The world around us has changed, and it's important to have real conversations with people who shaped the industry in ways you probably didn't know or realize. Guest: Carl Vincent LinkedIn: https://www.linkedin.com/in/mcarlvincent/ Twitter: https://twitter.com/vyrus001
-
DtSR Episode 400 - Tom Nichols on Expertise
24/06/2020 Duration: 43minFriends and Colleagues! We've made it. Milestone episode 400 of the podcast is here. And for the 400th episode I have none other than Mr. Tom Nichols. He's truly a qualified expert on a topic that needs some serious attention in today's world - expertise. In fact, he's written a book about it. Please enjoy this episode, share it, and I want to thank Tom for taking the time out of his crazy schedule to laugh, educate, and drop a little bit of snark into our day. Guest: Tom Nichols LinkedIn: https://www.linkedin.com/in/tom-nichols-94a7a23/ Twitter: @RadioFreeTom Go get and read his book: https://smile.amazon.com/Death-Expertise-Campaign-Established-Knowledge/dp/0190865970/
-
DtSR Episode 399 - Post-Pandemic Issues
16/06/2020 Duration: 40minEpisode 399 ... what a crazy ride it's been. This week we have Brian Chidester - you may recall we had a chat with him on episode 379 which was recorded live at EnFuse Conference 2019 - back to talk about some of the things he's been hearing state and local security leadership talk about. Great conversation, lots of topics covered... you'll enjoy it. Also, next up - EPISODE 400! Guest Brian Chidester LinkedIn: https://www.linkedin.com/in/abchidester/
-
DtSR Episode 398 - Leadership Series: Allan Alford
10/06/2020 Duration: 41minThis week, episode 398 features our Leadership Series and the one and only Allan Alford. Allan has spent a long career building various security practices, advising boards, and generally doing great things. While we're at it, you should go check out and sign up for the RSS feed of "Defense In Depth" podcast that Allan is a co-host on. They have a great tagline: "Couples therapy for security vendors and practitioners". Check them out here: https://www.linkedin.com/company/ciso-security-vendor-relationship-series/ Guest: Allan Alford LinkedIn: https://www.linkedin.com/in/allanalford/ Defense In Depth Podcast: https://cisoseries.com/category/defense-in-depth
-
DtSR Episode 397 - Modern-ish Vulnerability Management
02/06/2020 Duration: 42minWelcome Down the Security Rabbithole to yet another edition of the DtSR Podcast. We we roll on towards milestone episode 400 James and Rafal discuss a topic that doesn't get nearly enough airplay - vulnerability management. This isn't just your dad's vulnerability scanning though, or is it? Have we done anything exciting in this space in the last 15 years? Maybe... kind of...but the problem is much harder. Guest Ed Bellis Twitter: @ebellis LinkedIn: https://www.linkedin.com/in/bellis/
-
DtSR Episode 396 - Verizon DBIR 2020 Analysis
27/05/2020 Duration: 51minIt's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we need to learn. Link to the report: https://enterprise.verizon.com/resources/reports/dbir/ Guest: Gabriel Bassett LinkedIn: https://www.linkedin.com/in/gabriel-bassett/ Twitter: https://twitter.com/gdbassett/
-
DtSR Episode 395 - Can We Fix the MSSP
19/05/2020 Duration: 47minSpecial thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode! This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask: "Hey John, how's the hair?" It's great to be able to spend time with old friends and just talk about solving some long-standing problems our industry faces. One of the perennial favorites is why MSSPs are all terrible. Well - we have some ideas! Listen in if you've ever been frustrated with your MSSP... and are maybe interested in how the industry can collectively do better. Guest John Pirc LinkedIn: https://www.linkedin.com/in/johnpirc/ Rafal's personal note: John's a badass who has more experience in solving broad-scale problems and helping customers and companies through some difficult challenges. His advice is sage... you should probably listen in
-
DtSR Episode 394 - High Profile Healthcare Security Leadership
12/05/2020 Duration: 37minEpisode 394 Rafal & James host Keith Duemling from the Cleveland Clinic (talk about high-profile jobs!) to talk about security in the healthcare space, challenges, the future, and other random topics. Keith has spent a large part of his career leading healthcare organizations, so he has a lot to share. Listen in! Guest Keith Duemling - Director of Cybersecurity Technology Protection at the Cleveland Clinic LinkedIn: https://www.linkedin.com/in/keithduemling/ Twitter: @KeithDuemling
-
DtSR Episode 393 - Smartish Cities
05/05/2020 Duration: 42minGuess who's back, back again ... James is back, so listen in! So James is officially back after a bit of a hiatus from the podcast, and on this episode him and Rafal sit down over a fun interview with Matt Lewis Research Director for the UK with NCC Group. Matt is the primary author on a report on "Smart Cities", and it's definitely something you should read. We talk about the report, discuss the true nature of a smart city and what it means to live in one. Pay particular attention to how difficult it was not to jump right into Die Hard 4 references... although we eventually broke down and did it anyway. Links Check out the NCC Group report on smart cities, right here: http://www.mynewsdesk.com/nccgroup/documents/ncc-group-a-blueprint-for-secure-smart-cities-whitepaper-95577 Guest Bio Matt Lewis is Research Director for the UK with NCC Group (https://www.nccgroup.trust/us/) – a security consultancy that has over 35 global offices, 2,000 employees and 15,000 clients. He’s worked in Cyber Security for over
-
DtSR Episode 392 - Chris Nickerson is an Original
28/04/2020 Duration: 48minLadies and Gentlemen, friends, countrymen, lend me your ears! This episode of DtSR features one of my favorite guests and one of the better storytelling from the "old days" opportunities I can recall. It also, not accidentally, features one of my favorite totally genuine people from our industry - Chris Nickerson. I think the best way to describe Chris is like a charismatic honey badger. And if you haven't had the pleasure, you can listen to this episode and get just a small taste of what he's been up to the last few years. Buckle in, it's story time. Guest Chris Nickerson ( @Indi303 ) - https://www.linkedin.com/in/nickersonlares/
-
DtSR Episode 391 - Unprecedented Cyber Badness
21/04/2020 Duration: 48minThis week, I'd like to thank JD Work for taking the time to be on the show and sharing his professional experience and expertise with us. The space of cyber policy, at the national and international level, is growing by leaps and bounds; and difficult decisions are often debated even as rapid reactions have to be made. These are difficult times for policymakers in the theater of cybersecurity. JD is an expert in this space and provides some real inside into what's going on, what our policymakers are thinking. Guest JD Work LinkedIn: https://www.linkedin.com/in/jd-work-22096010/ Bio: JD Work serves as the Bren Chair for Cyber Conflict and Security at Marine Corps University. He holds additional affiliations with the School of International and Public Affairs at Columbia University, the Elliot School of International Affairs at George Washington University, and as a senior advisor to the Cyberspace Solarium Commission. He can be found on Twitter @HostileSpectrum. The views and opinions expressed here are th
-
DtSR Episode 390 - DFIR 20-20
14/04/2020 Duration: 36minThis week, Brian Carrier joins DtSR to talk about digital forensics and incident response in 20/20. Forensics and incident response has had to evolve and change as devices become more mobile, smaller, and purpose-built. Brian talks through what this change has meant, and how tools and techniques have had to evolve to deal not only with the explosion of device types, but also sizes and various log capabilities (or none at all). Guest Brian Carrier Twitter: @Carrier4n6 LinkedIn: https://www.linkedin.com/in/carrier4n6/ Related episodes: DtSR Episode 365 - "Mountains of Data" DtSR Episode 320 - "Specializing in Forensics" DtSR Episode 264 - "Windows Forensics Then and Now" DtSR Episode 252 - "DFIR with Lesley Carhart" DtSR Episode 247 - "Internet of Things Forensics" DtSR Episode 146 - "State of Enterprise Incident Response"
-
DtSR Episode 389 - Leading Cyber Security in Academia
07/04/2020 Duration: 37minThis week, DtSR dives into security leadership with an academic twist. We have the pleasure of hosting Robert Turner, the CISO of the University of Wisconsin, Madison. This episode was recorded March 13th, 2020 right as the University and other institutions across the country and the world started their efforts to social distance and work from home due to the Corona Virus (Covid-19) pandemic. Special thanks to Bob for taking the time out of his busy day, and crazy schedule given the times, to give us insights on his strategy, challenges, and successes! Guest Robert Turner - https://www.linkedin.com/in/bob-turner-9936993/
-
DtSR Episode 388 - The SIEM is Dead Long May It Live
31/03/2020 Duration: 50minWelcome to episode 388, an episode at least 5 years in the making...mainly because it's taken this long to figure out a good way to get Anton on the podcast! Now that he's not an analyst anymore, I snagged him for an honest and open conversation about the one topic he has more expertise in than most anyone I know - the SIEM. We wax philosophically, I manage to show my ignorance of the state of the art and history of SIEM, and we talk about where SIEM is going. Join us on a great conversation I am thrilled to have been a part of. Guest Anton Chuvakin - Let's face it, it's really "The" Anton Chuvakin, right? Linkedin: https://www.linkedin.com/in/chuvakin/ Twitter: @anton_chuvakin Blog: https://medium.com/anton-on-security
-
DtSR Episode 387 - Remote Workforce Leadership
24/03/2020 Duration: 38minThis week, as we all continue quarantines and work-from-home DtSR hosts Valentina Thörner, who is an expert on remote workforce leadership. Valentina literally wrote the book (From a Distance) and now she's on the show discussing how to be a leader when your workforce is remote. Additional Links and Resources 1:1s https://remote.co/creative-ways-get-to-know-your-team-when-work-from-home/ https://knowyourteam.com/blog/2020/02/19/how-to-coach-employees-ask-these-1-on-1-meeting-questions/ https://getlighthouse.com/blog/one-on-one-meeting-questions-great-managers-ask/ https://getlighthouse.com/blog/transition-to-remote-work-help-your-team/ - the blog has amazing resources apart from this article A great article on how to scale remote work: https://beau.blog/2020/03/remote-work-at-scale/ Recommended webinar: https://wordpress.com/blog/2020/03/06/a-crash-course-in-remote-management/ Quick guide on how to set up your remote working strategy: https://intenseminimalism.com/2020/quick-work-remote/ Guest 4
-
DtSR Episode 386 - Securing a Suddenly Remote Workforce
17/03/2020 Duration: 37minCovid-19 ... that's the headlines. Everywhere. The suddenly remote workforce is a problem for many enterprises, and as workers are forced to work from home - security is a problem. To that end, I snagged Brian Foster who has a long and storied history in our industry, to talk about what he thinks we should be thinking about. Listen in, share, and let's hear what you think folks! Stay safe and well and most of all do not panic. Guest Brian Foster - https://www.linkedin.com/in/brianfoster1/
-
DtSR Episode 385 - Malware on the Lifeline
10/03/2020 Duration: 40minGreetings! On this episode of the podcast we present to you an episode we recorded back in January (but then due to a storage error we lost temporarily) with Nathan Collier from Malwarebytes. Nathan reported some findings from his research that basically there was some pre-installed malware running around, impossible to uninstall, on low-cost mobile phones. That kind of villainy is unforgivable (praying on the weak!) so we wanted to hear the whole story...and then some. Here's one link to the full story, in case you're interested in reading it on your own... https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/ Guest: Nathan Collier - Malwarebytes
-
DtSR Episode 384 - Zero Trust Redux 2020
03/03/2020 Duration: 38minThis week Rafal hosts Dr. Chase Cunningham, Forrester analyst and all-around security badass to redux Zero Trust. The last time we tackled the topic was Episode 222 with John Kindervag back in 2016 - so it's time to see what's new. Zero trust is more than just firewall rules, and it encompasses a lot of security technologies we don't even think about - so this update is a great primer for 2020. Guest: Dr. Chase Cunningham - https://www.linkedin.com/in/dr-chase-cunningham-54b26243/
-
DtSR Episode 383 - The Jennifer Ayers Interview
27/02/2020 Duration: 47minJoin Rafal & James this week, as they welcome Jennifer Ayers. Jennifer is the Vice President of Overwatch and Security Response at Crowdstrike. Rafal and Jennifer worked together "back in the day" so the conversation starts with a little storytelling from the old days, and then works its way into Jennifer's fantastic career and lessons learned over the years in her various leadership positions. Guest Jennifer Ayers - https://www.linkedin.com/in/jnayers/
-
DtSR Episode 382 - Jeremiah Grossman Doing the Basics
11/02/2020 Duration: 42minThis week on DtSR Podcast, a long-awaited guest joins us. That's right, the one and only Jeremiah Grossman joins us live from a tropical paradise, and you need to hear his message. On this show we cover history, "the basics", and the necessity to know what your security attack surface looks like. It's perhaps one of the least sexy topics ever - but if you ignore it, you're pretty much screwed. Guest: Jeremiah Grossman - @Jeremiahg - https://www.linkedin.com/in/grossmanjeremiah/