Down the Security Rabbithole Podcas‪t‬ Rafal Los (Wh1t3Rabbit)

Prologue
** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth, our diplomats are likely a target 24x7x365. **
This week, Lonnie Price joins me and James on the show for an intriguing talking through some very, very cool stuff. Now, this episode is special. Of course, every episode is special but some are more special than others. In this edition of the show we're talking to someone who keeps state secrets, well ... secret, as America's diplomats travel internally and abroad.
I can safely say I had no idea how much there was to concern yourself with beyond just encryption.
Guest
Lonnie Price LinkedIn: https://www.linkedin.com/in/lonniejprice/

Prologue
Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale?
Rafal's guest, Ari Jacoby of Deduce has some ideas. 
Ari talks about the broader ATO problem, and suggests some of the reasons it's gotten this bad (...how bad is it?...) and what companies that are not in the Fortune 250 can do to protect themselves - and you.
Guest
Ari Jacoby Deduce: https://www.deduce.com/  LinkedIn: https://www.linkedin.com/in/arijacoby/  Twitter: https://twitter.com/arijacoby 

Prologue
OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotely worked together.
OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actually intelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically.
 
Guest
Zach Wasserman LinkedIn: https://www.linkedin.com/in/zacharywasserman/ Twitter: https://twitter.com/thezachw  Fleet Open Source Device Management: https://fleetdm.com/ 

Prologue
This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why.
 
Guest
Yuri Bobbert LinkedIn: https://www.linkedin.com/in/yuribobbert/ His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f/?trackingId=%2Fwm4S897TnSMTgkDszCDJQ%3D%3D 

Prologue
This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right?
This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing.
 
Guest
DJ McArthur LinkedIn: https://www.linkedin.com/in/dj-mcarthur-74364b24/ Twitter: https://twitter.com/djmca5280

Prologue
Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey joins us to talk about AppSec from his perspective - that of a life-long developer that's moved into software security. It's been an interesting journey, and while some of the things we discuss aren't necessarily revelations - listen for the subtle clues about what software security teams are doing wrong in the corporate enterprise... you'll hear it.
Guest
Rey Bango LinkedIn: https://www.linkedin.com/in/reybango/ Twitter: @ReyBango