Down the Security Rabbithole Podcast (DtSR) – Details, episodes & analysis

TL;DR: Patching. Your least favorite thing. Well, it turns out that most of the work we have been doing in the last 20+ years has been for nothing. Robert "RSnake" Hansen's theory, backed by a lot of data, seems to point to a much bigger problem in cyber, and it's time we talk about it.

Rob's Closing Keynote that started this conversation: https://youtu.be/80ZtAsuC4v4?si=-liUcLX4adz092yP

YouTube Video: https://youtube.com/live/k4kvKWZVh78

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's pod features your favorite hosts reflecting on how security has lost its way. When everything is a catastrophe, nothing is. When every breach is world-ending, none of them matter. Have we completely lost the plot? Prepare to have a good think.

YouTube Video: <coming soon>

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's pod features our favorite former analyst Anton Chuvakin, and an AppSec OG Jeff Williams as we tackle the subject of AppSec's favorite new acronym - ADR. What is it? Why is it? Should it be? We answer all these questions and more, and laugh along the way a bit too.

YouTube Video: https://youtube.com/live/69xeGDoDYbU

Links

• Contrast's latest threat report (referenced in the show)
• An in-depth ADR Explainer (helpful!)
• Run-Time Security Explained (for those wanting to learn more)

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:
Your favorite podcast is back, after a short break, and bringing you another packed episode with Brandon Dunlap & Jim "All Tiller, no filler" Tiller where we discuss Kelly Shortridge's column "Security Isn't Special".
Some things we agree with, some things we don't, but we talk through it thoroughly. That's part of the fun! Join the pod, and see what we're talking about.

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:
This week I'm joined by Mike Towers - a gentleman who has "digital trust" literally in his job title. This is an episode where we attempt to start the conversation of trust in an age of digital everything. Of course, the backdrop for today's discussion is the mayhem over at OpenAI - and if that's not a great place to start, I don't know what is.

Is anyone else having a difficult time accepting that this podcast is now in it's 14th season?!

YouTube Video: https://youtube.com/live/WReKnt81BZc

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: I finally decided that Erik Bloch's LinkedIn posts have provoked a certain interest in a conversation about what a "modern-day" SOC should look and behave like. I then invited Jim Tiller and Anton Chuvakin (because they have some opinions), on the show to join James and me to discuss this.
It didn't quite go to plan.

YouTube Video: https://youtube.com/live/cgKpTTmCUrs

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:
On this episode of the pod, Jim Tiller and I talk through the hot takes published about the SEC vs SolarWinds and Brown, and why so many people are getting it all wrong. I highly encourage you to go read the actual indictment before giving your opinion. 

• Link to the SEC page: https://www.sec.gov/news/press-release/2023-227
• YouTube video: https://youtube.com/live/9z4g9p3BW-Y
• My YouTube "short" on this subject: https://youtube.com/shorts/o1Qsdy5xU-o

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:
Executive Conference organizers - this episode is for YOU.

On today's episode of the podcast, it's just James and I on the microphone discussing all of these executive security events you may be getting invited to. They're just generally bad - people with big titles rattling off corporate marketing speak, with low attendance and low value. Or ...is there a better way? We discuss, and offer some suggestions to conference organizers to make these events fun and worthwhile again.

Link to the "CyberSecurity Collaboration Forum" I reference: https://www.linkedin.com/company/cybersecurity-collaboration-forums/

YouTube Video: https://youtube.com/live/5vErHLi9c5Y

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:
This week on the pod, Andrew Morris & Tom Venables from Turnkey Consulting join me for a semi-regular check-in from the consultancy world as we discuss the overwhelming problem with technology. Specifically, we talk about tools strategies for budget squeezes, filling niche use cases, and how to rationalize what you've got if you want more.
Come check out the video - Tom's background is totally worth it.

YouTube video: https://youtube.com/live/Dmss-pGAsyE

Guests

• Tom Venables
  • LinkedIn: https://www.linkedin.com/in/tom-venables-1346592/
• Andrew Morris
  • LinkedIn: https://www.linkedin.com/in/andrewtmorris/

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

TL;DR:
This week on an interesting show that dives into the world of healthcare cybersecurity, Dan Dodson joins James and I to discuss the state of things, the reason for some of the chaos, and what the future outlook could be. The challenges are many, the outlook can be bleak, and while we have challenges both in business and technology (a la technical debt) - there is hope for a bright, secure, future.
Give this episode a listen.

Youtube Video: https://youtube.com/live/OTf07uaHvT0

Guest:

• Dan Dodson
  • LinkedIn: https://www.linkedin.com/in/dan-l-dodson-3a0b418/

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast