Down the Security Rabbithole

Down the Security Rabbithole
By Rafal Los (Wh1t3Rabbit)
About this podcast
Follow the Wh1t3 Rabbit
... attention technology and business leaders!

The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.
In this podcast

Security Rabbithole

These were generated by algorithms, which may be wrong. Report errors to us.
Latest episodes
Feb. 13, 2018
This week an old friend, Vinnie Liu of Bishop Fox, joins Raf and James to talk about the history of App Sec. We started trying to test ourselves secure, and we continue to come back to it - so this episode is a walk down memory lane and a glimpse into the future of application security. Don't forget to like us on iTunes and share with your colleagues!   Guest Vinnie Liu ( @VinnieLiu ) - Vincent Liu (CISSP) is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. With nearly two decades of experience, Vincent is an expert in security strategy, red teaming, and product security; and at Bishop Fox, he oversees firm strategy and client relationships. 
Feb. 6, 2018
Join us this week on Down the Security Rabbithole as Barrett Lyon (who knows a thing or two about DDoS) is our guest to talk about the evolution of the art and science of kicking people off of a network. Barrett is the authority on DDoS, with over 20 years in the field, going back to when angry teenagers flooded each other off of IRC servers. This is a fun episode that walks through DDoS - where it came from, how it evolved, and what we can expect in the future. TLDR; yes ...your fridge may one day DDoS your toaster.   Guest Barrett Lyon ( @BarrettLyon ) - Barrett Lyon is the Vice President of Research and Development for the Neustar Security Solutions’ portfolio. He spearheads the development of innovative new products and solutions for the company’s industry-leading DDoS, DNS and cybersecurity solutions. Mr. Lyon is a serial entrepreneur and a well-respected cybersecurity thought leader with experience building leading edge network services and infrastructure. Prior to Neustar, Mr. Lyon founded Defense.net and served as its Chief Technology Officer. In 2009, he co-founded XDN, Inc. and served as its CEO. As Chief Technology Officer, he led the strategy and technical operations at BitGravity, a company he co-founded. Previously, Mr. Lyon founded Prolexic Technologies and served as its Chief Technology Officer, where he created the first successfully managed service to defend enterprises from Distributed Denial of Service (DDoS) attacks. His authority and over 20 years of experience in the network security space has led to numerous collaborations with a majority of the tier-one and tier-two carriers in North America and Europe, and at National Security Agencies in Europe and the U.S. Outside of the security field, he has been active proponent in the advancement of the Internet. Mr. Lyon was responsible for the Opte Project, often referred to as the Internet Mapping Project and he formed AlphaLinux.org. He has been published in several security and non-security related books. Links https://www.home.neustar/about-us/leadership/innovators/ https://en.wikipedia.org/wiki/Barrett_Lyon/ https://www.linkedin.com/in/blyon/
Jan. 30, 2018
This week, go Down the Security Rabbithole with James and Raf as they host Robert Sell. Robert took 3rd place at the Defcon SECTF (Social Engineering Capture-the-Flag) in 2017 and he has some lessons to you in the enterprise. "Social Engineering" (while a ridiculous and non-descriptive term) is a real attack vector. How are you defending your enterprise? Listen in. Then talk back on Twitter at #DtSR or LinkedIn!   Guest: Robert Sell ( @RobertESell & https://www.linkedin.com/in/robertsell/ )
Jan. 22, 2018
This week, Chris Rosen from IBM joins us to talk about cloud containers - and the security (or lack thereof) of them. There is a paradigm change coming which significantly impacts security - if we're ready for it. Chris talks us through the dramatic changes (or maybe not) of doing cloud security with containers and the impact to the shared responsibility model. Join us, and let us know what you think by leaving us a comment, either here or on iTunes.   Guest Chris Rosen - https://www.linkedin.com/in/chris-rosen-71790513/
Jan. 16, 2018
This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and related infrastructure.   Related DtSR listening: Zero Trust Model w/ John Kindervag: http://podcast.wh1t3rabbit.net/dtsr-episode-222-zero-trust-security-model Software Ate the Perimeter w/Jason Garbis: http://podcast.wh1t3rabbit.net/dtsr-episode-257-software-ate-the-perimeter  
Jan. 9, 2018
Welcome Down the Security Rabbithole. This week we bring Jeff Schilling from Armor to talk about Spectre and Meltdown - the two hottest topics of the security right now and for the foreseeable future.   While you listen to us talk, check out these links: http://uproxx.com/technology/what-are-meltdown-spectre-computer-bugs-explained/ http://bgr.com/2018/01/04/intel-chip-security-flaw-how-slow-mac-pc/ https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) And the obligatory "I patched and things got worse" post: https://twitter.com/timgostony/status/948682862844248065  
Jan. 2, 2018
Happy New Year, 2018. Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that was office-friendly, informative, and focused on advancing our trade. Over the years I've gotten some encouraging comments from people ranging from those trying to get into our industry, to those who are leading large organizations' security practices. I'm encouraged by you all, and thank you for supporting us. Now, let's get on with 2018. On this first episode of 2018, James and I welcome Ben Kepes who is a long-time friend of mine and and industry analyst. Ben isn't your typical analyst though, because he has a healthy dose of skepticism, an eye for bullsh**, and he's trusted by vendor and buyer alike. Oh, also, he's a Kiwi so he's got that going for him too. Sit back, enjoy, and leave us a comment if you are so moved.
Dec. 26, 2017
What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety systems in industrial controls (ICS). Why: You've probably read about it, and depending on what you read you may only have the hype or half the story. Who: As always, Sergio Caltagirone from Dragos is the master at telling a great story, from just the facts. He's part of the team that did the analysis, wrote the narrative, and then ended up on countless phone calls explaining it to executives and national security types. He knows his craft. Links: Dragos blog about the topic: https://dragos.com/blog/trisis/ Fireeye's version: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html We invited him on this special episode to give you the inside story, to separate some of the hyperbole from reality - so listen up.  
Dec. 19, 2017
For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "What will get us there". If you've not had a chance to listen to that show, you absolutely should do that first. Haroon shares his perspective including... "The cloud has won" Fundamentals are still hard, we're still largely failing at them Hackers make the best engineers when you give them a problem to solve Where do we go from here, into 2018, is there hope?
Dec. 13, 2017
This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed. Patrick and I discuss resiliency (over actual security) in the grid, and focus on transmission, generation, and "getting it all working again" from a life safety perspective. It's a fascinating discussion, don't miss it!   ** Apologies for some of the audio quality, we had "choppy" issues on Skype and I edited the best I could.