Podcast
Down the Security Rabbithole Podcast
Hosted by Rafal Los (Wh1t3Rabbit) · EN
Follow the Wh1t3 Rabbit
... attention technology and business leaders!
The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.
10episodes
Episodes
Newest firstAll episodes
DtSR Episode 537 - Sergio Talks Threat Intelligence
Feb 7, 202300:51:14Tap to summarizeTL;DR: I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today. Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio. Video Link (unedited, and hilarious): https://youtube.com/live/SuH4uxBiX3E Guest Sergio Caltagirone LinkedIn: https://www.linkedin.com/in/sergiocaltagirone/
Transcribe →DtSR Episode 536 - Incident Response Automation Dreaming
Jan 31, 202300:53:20Tap to summarizeTl;DR: Automation. It's a precarious thing in cyber security. Whether you're thinking about SOAR, or incident investigation, or maybe SIEM (I'm sorry) - this conversation will be worth your time. Anton and Jonathan join us to talk about how "automation" has evolved over the last decade or so, and where it's largely failed. We also start to explore the future and requirements for how things can collectively improve. We think you'll enjoy the podcast... share it and we'd love to hear from you. Guests Anton Goncharov LinkedIn: https://www.linkedin.com/in/cybernode/ Jonathan Cran LinkedIn: https://www.linkedin.com/in/jcran/
Transcribe →DtSR Episode 535 - Let's Ask AI Security Questions
Jan 24, 202301:02:13Tap to summarizeTL;DR A few days ago, my pal Kevin asked me if I had seen the LinkedIn post by Helen Patton that asked an interesting question of the podcast space... Her post made me think - why the heck not? So, I did. Thanks to Helen, whose idea this was - I hope you get a chance to watch and enjoy the outcome of your request ... we had far too much fun recording it. Here on this episode - which I promise you is 100x better on video, we have Anton Chuvakin, Kevin Thompson, and Jeff Collins joining Rafal & James on the podcast to have a little fun and ask "ChatGPT" some questions. Anton drove the screen share, and we had a lot of fun. I have to wonder - how did some of those answers (you'll know when you see/hear them) make it on there. Holy cow... wow. LinkedIn video replay - https://www.linkedin.com/video/event/urn:li:ugcPost:7021885147977314304/ Guests Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/ Jeff Collins LinkedIn: https://www.linkedin.com/in/jmcollins/ Kevin Thompson LinkedIn: https://www.linkedin.com/in/blackfist/
Transcribe →DtSR Episode 534 - The AppSec is Still a Mess
Jan 17, 202300:42:38Tap to summarizeTL;DR On this episode, we welcome Josh Grossman - who has a pretty interesting perspective on AppSec, or Software Security, or (cringe) "DevSecOps". Josh has a bit of an edge on the subject, so he fits in with myself & James perfectly. We talk about where things stand from the vendor perspective, building programs, and why it takes to make a real impact, versus continuing to push a very large boulder up a very steep hill. Oh, hey, want to be on the show? Let us know a topic and your background and let's talk. Guest Josh Grossman LinkedIn: https://www.linkedin.com/in/joshcgrossman/ Twitter: https://twitter.com/JoshCGrossman
Transcribe →DtSR Episode 533 - Maybe 2023 Won't Suck
Jan 10, 202300:48:04Tap to summarizeTL;DR This week on 2023's first live-streamed episode (technical our first recorded in '23) our friend Larry Whiteside, Jr. joins us to talk about the prospects for 2023 and beyond. We discuss trends, make some rather sad predictions, and attempt to be hopeful about what the new year could bring us - if we don't find a way to walk ourselves off a cliff, first. It's a light discussion, that dives into some deep topics, and ultimately ends with some hope... 'ish. Join us! Oh, hey, since some of you are looking for a new opportunity in the new year, Larry's hiring (check out his LinkedIn page). Guest Larry Whiteside, Jr. LinkedIn: https://www.linkedin.com/in/larrywhitesidejr/
Transcribe →DtSR Episode 532 - Its the End of 2022 As We Know It
Jan 4, 202300:49:28Tap to summarizeTL;DR Shawn Tuma, our favorite cyber legal eagle, joins Rafal & James to talk about the sorts of things we learned about 2022, in what could be confused for a year-in-review episode. We saw ransomware, big incidents, but overall ... things weren't the worst out there. If you missed our live-stream on LInkedIn (link below) you can replay that any time, or listen to this episode as a podcast. For 2023, I'm going to be tweaking some things to get us talking, sharing, and hopefully an even better experience of the podcast you already love. LinkedIn Live-stream re-play: https://www.linkedin.com/video/event/urn:li:ugcPost:7013670254237163520/ Guest Shawn Tuma LinkedIn: https://www.linkedin.com/in/shawnetuma/ Twitter: https://twitter.com/shawnetuma/
Transcribe →DtSR Episode 531 - Security Guarantees, Warranties, and Insurance
Dec 20, 202200:52:22Tap to summarizePrologue This week James and I are joined by my good friend and many-timer on the podcast Brandon Dunlap, and our mad genius and serial entrepreneur pal Paul Calatayud to talk about all of these guarantees, warranties, and insurance. It's a strange discussion but quite necessary as the industry is littered with some of these offerings by providers and various software (security) vendors. These guarantees and warranties are made to make you feel better, but rest assured lawyers wrote these and there's always a catch. The insurance conversation, that's a little different (way different) and Paul's got some interesting things to say here. Don't miss a great episode! Guests Paul Calatayud LinkedIn: https://www.linkedin.com/in/whitehat/ Brandon Dunlap LinkedIn: https://www.linkedin.com/in/bsdunlap/
Transcribe →DtSR Episode 530 - The Bold and the Invasive
Dec 13, 202200:47:29Tap to summarizePrologue Karim Hijazi joins Rafal & James this week on the podcast to talk about some interesting trends and developments in the world of bad actors. It's an interesting update including some things I wasn't expecting to hear about how threat actors "hit back at" incident responders and threat hunters. This is a good conversation about the current threat landscape with an eye on the Russian hackers out there, and pretty good listening for anyone who wants an added dose of situational awareness. Links: Sneaky Hackers Reverse Defense Mitigations When Detected - https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/ https://cybernews.com/editorial/russian-hacktivist-real-dangers/ Guest Karim Hijazi LinkedIn: https://www.linkedin.com/in/karimhijazi/
Transcribe →DtSR Episode 529 - The CISOs Guide to Liability
Dec 6, 202200:40:24Tap to summarizePrologue This is a very interesting episode... Gadi Evron joins James and me on this slightly technically difficult (the IPoCP - IP over Carrier Pigeon - was awful at times) episode to talk about the CISO role and the potential liabilities that lie within. Whether we're talking about the Joe Sullivan case (and we're not, or we try not to), or we're generalizing about employment and legal culpability - this show traverses a lot of land and it's all worth your time. Hopefully if I did an OK job, you won't notice all the edits :) Pre-reading Blog post from Gadi & Team 8: https://team8.vc/rethink/cyber/cisos-guide-to-legal-risks-and-liabilities/ The CISO guide: https://lp.team8.vc/cisosguide Guest Gadi Evron LinkedIn: https://www.linkedin.com/in/gadievron/
Transcribe →DtSR Episode 528 - So Many Vendors, So Few Solutions
Nov 29, 202200:58:09Tap to summarizePrologue It's always a pleasure when I can get some friends together and banter on about a topic we all find interesting. This week's topic was supposed to be released a bit later, but it couldn't wait. We had so much fun that I thought it needed publication right now. The premise is simple - have you looked around at how many security vendors there are and just asked yourself ... "Are we solving anything, or just adding to the mess?" That's what we did on this podcast. And yeah, we'd know because we have some life experience in this industry. Required Reading: https://www.linkedin.com/pulse/security-tools-crash-coming-mark-curphey/ Guests Mark Curphey LinkedIn: https://www.linkedin.com/in/curphey/ Jim Tiller LinkedIn: https://www.linkedin.com/in/jitiller/ Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/ Vikas Bhatia LinkedIn: https://www.linkedin.com/in/vikasbhatiauk/
Transcribe →