Follow the Wh1t3 Rabbit
... attention technology and business leaders!
The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.
DtSR Episode 506 - What the Heck is ASPM
As some of you know, I've been either in the AppSec space, or adjacent, since the fairly early days. I built a program at GE a million years ago, and worked selling dynamic web app testing software for many years. If you've been in the space, you can feel a little bit hopeless with all the different options, tools, and advice only to look at the stale OWASP Top 10 and wonder ...why aren't things improving? Matt Rose joins me in a post-RSA conversation about ASPM (Application Security Posture Management), and before you dismiss it as another analyst buzzword, let's talk about why this may actually (and finally) start to solve some of the complex issues around developing, releasing, and maintaining reasonably secure software.
This is a space I've been passionate about for a long time, and I feel like everyone should listen to this.
Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/
DtSR Episode 505 - Reflections on RSA Conference 2022
RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard.
Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry.
Tyler Moffitt LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/ Rock Lambros LinkedIn: https://www.linkedin.com/in/rocklambros/ Matt Rose LinkedIn: https://www.linkedin.com/in/mattarose/ Dr. Khawaja Saeed LinkedIn: https://www.linkedin.com/in/khawaja-asjad-saeed-29b2a6a/ Ray Canzanese LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/ Deidre Diamond LinkedIn: https://www.linkedin.com/in/deidrediamond/
DtSR Episode 504 - DNS Turns 40
In this RSA conference-themed episode, I bring on Jonathan Barnett from OpenText Security Solutions to discuss DNS turning 40 years old. Yeah, it was originally invented in 1983 y'all. As DNS turns 40, some of the lingering problems are getting worse, some of the new solutions open up other problems, and we're all about solutions here so we tackle some of the things Jonathan is doing to address the issues.
Interesting episode to ponder, and reflect on, as DNS turns 40 years old next year and we try and figure out "now what?"
Jonathan Barnett LinkedIn: https://www.linkedin.com/in/jonathan-barnett-61417313/ OpenText Security Solutions: https://security.opentext.com/?_ga=2.120496974.732014807.1654199211-1391672637.1654199211
DtSR Episode 500 - Looking Back to Look Forward in Tech - Part 3
This is a bonus episode for the Episode 500 live-stream we did. I brought together Crowdstrike, OpenText, and Netskope technologists to talk about the technology they've worked with over the last 10 years, where it stands today, and what the future outlook looks like.
It's a fascinating conversation from some of the most common vendors out there in security - and you're probably using or relying on their platforms -- so it makes sense to get their take on the past, present, and future of technology in our industry.
Special thanks to Adam, Grayson, and Mark for taking the time out and sharing their expertise!
Adam Meyers (Crowdstrike) - https://www.linkedin.com/in/adam-meyers-7a58481/ Grayson Milbourne (OpenText) - https://www.linkedin.com/in/themilbourne/ Mark Day (Netskope) - https://www.linkedin.com/in/markstuartday/
DtSR Episode 503 - Blowing Up Your Cloud (Permissions Structure)
This week, we talk about the cloud in a different way than we have previously. We discuss "blast radius" with regard to vast numbers of roles and permissions inside of a public cloud infrastructure. The numbers are staggering and you'll likely find yourself asking the obvious question -- "How does anyone manage all of this, with any hope of getting it right?" The beginnings of that answer lie in this show.
Arick Goomanovsky LinkedIn: https://www.linkedin.com/in/arick-goomanovsky/ Twitter: https://twitter.com/g00manoid/ Ermetic: https://ermetic.com/
DtSR Episode 502 - Why Can't Gov Figure Out Supplier Security
CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're probaby alll too familiar.
For some, it's hell. For the rest, it's mostly insane. Jacob joins Rafal & James to educate us, and give us the reality of this set of standards.
Jacob Horne LinkedIn: https://www.linkedin.com/in/jacob-horne-cissp/
Entertaining, insightful and actionable! 👏👏👏
Whether you’re well established as someone who can translate creative energy into the impact you want to have on the data security world, or just getting started as a catalyst for change - this is a must-listen podcast for you! Rafal does an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing cyber security landscape - with leaders who’ve actually walked the path. Highly recommend listening and subscribing!
The Go-to sec podcast
DtSR is a go-to resource for the latest in the security world. Top-notch guests providing true insight into our industry. A wide variety of topic which cover trends, tools, trapdoors, and something else that starts with the letter ’t’. You’ll think of something. Jump down the hole and see the light!
It’s all about that intro
This is by far my fav cyber podcast. Thank you James and Ralf.