541 episodes

Follow the Wh1t3 Rabbit
... attention technology and business leaders!

The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

Down the Security Rabbithole Podcast Rafal Los (Wh1t3Rabbit)

    • News
    • 4.3 • 87 Ratings

Follow the Wh1t3 Rabbit
... attention technology and business leaders!

The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

    DtSR Episode 506 - What the Heck is ASPM

    DtSR Episode 506 - What the Heck is ASPM

    Prologue
    As some of you know, I've been either in the AppSec space, or adjacent, since the fairly early days. I built a program at GE a million years ago, and worked selling dynamic web app testing software for many years. If you've been in the space, you can feel a little bit hopeless with all the different options, tools, and advice only to look at the stale OWASP Top 10 and wonder ...why aren't things improving? Matt Rose joins me in a post-RSA conversation about ASPM (Application Security Posture Management), and before you dismiss it as another analyst buzzword, let's talk about why this may actually (and finally) start to solve some of the complex issues around developing, releasing, and maintaining reasonably secure software.
    This is a space I've been passionate about for a long time, and I feel like everyone should listen to this.
    Guest
    Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/ 

    • 41 min
    DtSR Episode 505 - Reflections on RSA Conference 2022

    DtSR Episode 505 - Reflections on RSA Conference 2022

    Prologue
    RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard.
    Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry.
    Guests
    Tyler Moffitt LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/  Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/  Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/  Dr. Khawaja Saeed LinkedIn: https://www.linkedin.com/in/khawaja-asjad-saeed-29b2a6a/  Ray Canzanese LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/  Deidre Diamond LinkedIn: https://www.linkedin.com/in/deidrediamond/ 

    • 1 hr 1 min
    DtSR Episode 504 - DNS Turns 40

    DtSR Episode 504 - DNS Turns 40

    Prologue
    In this RSA conference-themed episode, I bring on Jonathan Barnett from OpenText Security Solutions to discuss DNS turning 40 years old. Yeah, it was originally invented in 1983 y'all. As DNS turns 40, some of the lingering problems are getting worse, some of the new solutions open up other problems, and we're all about solutions here so we tackle some of the things Jonathan is doing to address the issues.
    Interesting episode to ponder, and reflect on, as DNS turns 40 years old next year and we try and figure out "now what?"
    Guest
    Jonathan Barnett LinkedIn: https://www.linkedin.com/in/jonathan-barnett-61417313/ OpenText Security Solutions: https://security.opentext.com/?_ga=2.120496974.732014807.1654199211-1391672637.1654199211 

    • 36 min
    DtSR Episode 500 - Looking Back to Look Forward in Tech - Part 3

    DtSR Episode 500 - Looking Back to Look Forward in Tech - Part 3

    Prologue
    This is a bonus episode for the Episode 500 live-stream we did. I brought together Crowdstrike, OpenText, and Netskope technologists to talk about the technology they've worked with over the last 10 years, where it stands today, and what the future outlook looks like.
    It's a fascinating conversation from some of the most common vendors out there in security - and you're probably using or relying on their platforms -- so it makes sense to get their take on the past, present, and future of technology in our industry.
    Special thanks to Adam, Grayson, and Mark for taking the time out and sharing their expertise!
    Guests
    Adam Meyers (Crowdstrike) - https://www.linkedin.com/in/adam-meyers-7a58481/ Grayson Milbourne (OpenText) - https://www.linkedin.com/in/themilbourne/ Mark Day (Netskope) - https://www.linkedin.com/in/markstuartday/  

    • 1 hr 5 min
    DtSR Episode 503 - Blowing Up Your Cloud (Permissions Structure)

    DtSR Episode 503 - Blowing Up Your Cloud (Permissions Structure)

    Prologue
    This week, we talk about the cloud in a different way than we have previously. We discuss "blast radius" with regard to vast numbers of roles and permissions inside of a public cloud infrastructure. The numbers are staggering and you'll likely find yourself asking the obvious question -- "How does anyone manage all of this, with any hope of getting it right?" The beginnings of that answer lie in this show.
     
    Guest:
    Arick Goomanovsky LinkedIn: https://www.linkedin.com/in/arick-goomanovsky/ Twitter: https://twitter.com/g00manoid/ Ermetic: https://ermetic.com/ 

    • 39 min
    DtSR Episode 502 - Why Can't Gov Figure Out Supplier Security

    DtSR Episode 502 - Why Can't Gov Figure Out Supplier Security

    Prologue
    CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're probaby alll too familiar.
    For some, it's hell. For the rest, it's mostly insane. Jacob joins Rafal & James to educate us, and give us the reality of this set of standards.
    Guest
    Jacob Horne LinkedIn: https://www.linkedin.com/in/jacob-horne-cissp/ 

    • 53 min

Customer Reviews

4.3 out of 5
87 Ratings

87 Ratings

JoshCrist ,

Entertaining, insightful and actionable! 👏👏👏

Whether you’re well established as someone who can translate creative energy into the impact you want to have on the data security world, or just getting started as a catalyst for change - this is a must-listen podcast for you! Rafal does an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing cyber security landscape - with leaders who’ve actually walked the path. Highly recommend listening and subscribing!

futurethnkr ,

The Go-to sec podcast

DtSR is a go-to resource for the latest in the security world. Top-notch guests providing true insight into our industry. A wide variety of topic which cover trends, tools, trapdoors, and something else that starts with the letter ’t’. You’ll think of something. Jump down the hole and see the light!

Phantom Physics ,

It’s all about that intro

This is by far my fav cyber podcast. Thank you James and Ralf.

Top Podcasts In News

The New York Times
NPR
The Daily Wire
Serial Productions
The Daily Wire
Crooked Media

You Might Also Like

Johannes B. Ullrich
CyberWire, Inc.
Cybereason
Graham Cluley, Carole Theriault
CyberWire Inc.
The Record by Recorded Future