Down the Security Rabbithole Podcast

By Rafal Los (Wh1t3Rabbit)

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 215
Reviews: 1

 Jul 23, 2019


Follow the Wh1t3 Rabbit ... attention technology and business leaders! The "Down the Security Rabbithole" podcast is not your ordinary security podcast, primarily because we take a business perspective on the colorful and fast-paced world of information security. Bringing useful commentary on relevant events in the information security community, filtered through a no-nonsense business first approach, this is a podcast that helps you get the sane perspective on hacks, risks, threats and technology that you need to help make decisions in your daily life and in your organization.

Episode Date
DtSR Episode 359 - Mind the Diversity Gap

This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time.

Highlights from this week's show include...

  • Rafal and Alyssa discuss the very real problems the lack of diversity in technology creates
  • A jab is taken at the TSA ...because it's just too easy
  •  Alyssa revisits the 'castle analogy' for InfoSec and why it's so tough to get right
  • Much more fun... you'll have to listen in!


Aug 20, 2019
DtSR Episode 358 - No More Crappy Job Hunts

This week on another jammed-packed episode, Rafal takes to Black Hat 2019 to interview some interesting guests that have something unique to tell you. We start with Deidre Diamond, the lady behind CyberSN - and why she's reinventing the way you get your next InfoSec job.


Highlights from this week's show include...

  • Deidre tells us a little bit about what's new at CyberSN
  • Rafal & Deidre discuss the insane InfoSec job market
  • Deidre explains why how she's planning on eliminating hiring bias in the InfoSec workforce
  • The last time Deidre joined us was episode 337 - 
  • For more, go to and click the "Know More" icon in the top-right corner and get started!



  • Deidre Diamond ( @Cyber_SN ) - With over 20 years spent leading technology and cybersecurity organizations, Deidre Diamond offers a great perspective on the issues that matter most in our industry. Her vision, “to transform employment searching” has remained constant since she founded CyberSN in 2014. Find her on LinkedIn: 
Aug 15, 2019
DtSR Episode 357 - Hacker Summer Camp 2019

This week, James and I sit down to think (and talk) through Black Hat (and Defcon) 2019. "Hacker Summer Camp" as it's affectionately known in the industry, is a rite of every summer...but is it delivering value to attendees, do we have the right audience, and is the content worthwhile? This and more...


Highlights from this week's show include...

  • Raf and James reminisce about summer camp days gone by
  • Rafal addresses Dino's excellent-sounding keynote (abstract)
  • Raf & James discuss the hype (or more precisely, the lack thereof) of this year's conference and why it's nice for a change
  • All this and tune in!
Aug 05, 2019
DtSR Episode 356 - Its Been a While Andy

Welcome down the security rabbithole friends! This week, Andy Kalat takes a few minutes off from recovering to chat and comment on the state of security, and what's different since we first met back in... 2003? Fun episode... It's been a while, Andy!

Highlights from this week's show include...

  • Andy and Rafal try and figure out when they first real life
  • Andy points out the problem vendors suffer from "problem-scope-limiting" (this is an interesting one...)
  • Are things getting better? The guys discuss...snark ensues
  • Rafal asks Andy to predict what will change in the next ~5yrs



  • Andrew Kalat ( @LERG ) - Andy is an IT Security Executive, Co-Host of the Defensive Security Podcast, Speaker, Writer...according to his LinkedIn profile, here.
Jul 30, 2019
DtSR Episode 355 - Threat Modeling Rides Again

My dear listeners - we have John Steven back on this episode! If you don't remember his first appearance, it's OK, it was a little while ago back on episode 42 ... so it's been a while!

Highlights from this week's show include...

  • John gives us a run-down on the new things since the last episode
  • James & John talk OWASP Top 10
  • The guys try to understand what happened to Threat Modeling, and security overall, over the last decade
  • So much more, you'll have to listen
Jul 23, 2019
DtSR Episode 354 - Pragmatic Azure Security

Fans & Listeners!

This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter.

Highlights from this week's show include...

  • What is Microsoft releasing to help guide secure Azure deployment?
  • Mark and Jeff debate "What exactly is the value of "best practices"?"
  • So much more packed into this extended episode!

Links to things you need:



  • Mark Simos ( @MarkSimos ) - Lead Architect, Cybersecurity Solutions Group, Microsoft
  • Jeff Collins - Chief Strategy Officer, Lightstream
Jul 18, 2019
DtSR Episode 353 - Ira Winkler on Point

Yes, DtSR took a week off ... we were due.

This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our profession, and other important stuff. Sit back, take notes, and enjoy.

Highlights from this week's show include...

  • Ira gives a run-through on his career and what's gotten him "here"
  • Ira and Rafal discuss "breaking into security" and how it's being sold now, versus what reality should be
  • Ira gives us his take on training, certifications, career paths and the like
  • Yeah, so much more...


Jul 09, 2019
DtSR Episode 352 - AWS REInforce Warm Up Episode

This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud providers, and a little insight into the evolution of the industry ... or not...

Highlights from this week's show include...

  • What are we expecting from AWS RE:INFORCE this inaugural year?
  • Mark gives us his take on the security in the three major public cloud providers
  • Rafal and Mark reminisce about how things were...and where they are in terms of cloud, and security
  • Mark and Rafal laugh about the opportunity security teams have right now...or may be missing


Jun 24, 2019
DtSR Episode 351 - Deeper Into the Microsoft Security Ecosystem

Thank you to Microsoft for sponsoring this show, and our podcast over the years...


Highlights from this week's show include...

  • Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today
  • Rob gives us some context to "trillions of signals" - what does that mean?
  • Rob provides perspective on the pillars of operational excellence required to make Microsoft's vision a reality in damn-near-real-time
  • Rafal and Rob discuss what the ecosystem looks like, and how it's being released into production
    Rob answers whether Microsoft consumes its own tools… the answer may surprise you


  • Rob Lefferts - @rob_lefferts -

    Microsoft Responsibilities/Contributions – As corporate vice president for M365 Security within Experiences and Devices, Rob Lefferts is responsible for ensuring that Microsoft 365 provides a comprehensive and cohesive security experience for our all of our customers. Prior to this role, he led the Windows Enterprise & Security team, where he was responsible for hardening the Windows platform, building intelligent security agents, and driving commercial adoption of Windows 10. Since joining Microsoft in 1997, Lefferts has been instrumental in shaping key products and technologies, from helping develop the original SharePoint Portal Server to leading extensibility efforts for the Office platform to championing the vision for Microsoft 365. 

    Pre-Microsoft Work Experience – Rob began his career at Claritech, a startup that was born from a Carnegie Mellon research project. He then consulted with the Government of Namibia, Africa.

    Education – He earned a bachelor’s degree in logic and computation, as well as a master’s degree in computation linguistics, from Carnegie Mellon University.

    Family/Other Interests – Rob and his wife have two children and live in the Seattle area.

Jun 19, 2019
DtSR Episode 350 - Deep Learning on Deep Packets

Show Note: As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra marketing dollars to give, to sponsor an episode while still going through the same vetting process as everyone else. This is one of those shows.

This week James and Rafal are joined by Saumitra Das, the Chief Technology Officer for an interesting little start-up called Blue Hexagon. If you find yourself nodding along and interested in hearing more, we encourage you to go check out their website and let them know you hear of them on this show.

Highlights from this week's show include...

  • Saumitra shares his insights on AI, machine learning, and the limitations and mis-uses of them
  • We discuss the challenges of finding 'malice' at extremely high volumes, at extremely high rates of speed, and in extremely diverse environments
  • Saumitra previews the methods Blue Hexagon use to approach this problem and potentially start to draw a viable approach


Jun 11, 2019
DtSR Episode 349 - Verizon 2019 DBIR Double-Live Part 2

Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

Highlights from this week's show include...

  • We all talk patching... why it's hard, what we can do about it, and realities of patching
  • Gabe does more live data analysis
  • We get an insight into how long and how hard this report is to produce


Jun 04, 2019
DtSR Episode 348 - Verizon 2019 DBIR Double-Live Part 1

Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

Highlights from this week's show include...

  • Gabe distinguishes between an incident and a breach - for those of you who need the refresher
  • Gabe dives into the stats to talk about small businesses, and the impact of breaches on them
  • Gabs does some live data science for us, pulling in stats on-the-fly
  • We avoid the 'patching' discussion (that's for the 2nd half)


May 29, 2019
DtSR Episode 347 - Inside the RH-ISAC

This week, Tommy McDowell who is the Vice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafal in person, in Dallas.

Highlights from this week's show include...

  • Tommy gives us a background on himself, and the RH-ISAC (and it's mission statement, and such)
  • Tommy & Rafal discuss the difficulty in setting up an information sharing center
  • Tommy gives us insights into why retail and hospitality need their own unique threat sharing network



May 21, 2019
DtSR Episode 346 - Green Waxes Mostly Academically

This week, Rafal gets the rare occasion of sitting down face-to-face with someone and do an interview in person. Andy Green is a great if not sharky fellow, who helped me get over my PG rating for this podcast. So ... it's probably PG-13.


Highlights from this week's show include...

  • Andy talks about BSides Atlanta and the labor of love that is getting a conference stood up
  • We talk about conference drama - because we all need more of that in our lives
  • Andy discusses academic programs, shaping young minds, and being a universally beloved professor (not)


  • Mr. Andy Green ( @SecProfGreen ) - Andy is a lecturer of Information Security at Georgia's Kennesaw State University. When he's not running Atlanta's BSides ATL he teaches classes in the Information Security and Assurance degree program, in the Information Systems department of the Michael J. Coles College of Business at Kennesaw State University.
May 14, 2019
DtSR Episode 345 - RaffCon the Podcast

This week on the podcast, Rafal gets some one on one time with Raffael Marty ... and it's #RaffCon.


Highlights from this week's show include...

  • Raf & Raffy discuss the origins of #RaffCon
  • Raffy talks through Artificial security
  • Raf and Raffy dive into "risk management"



  • Raffael Marty - ( @raffaelmarty ) - Data analytics and visualization enthusiast. Interested in large-scale big data and cloud infrastructures to support cyber security use-cases. "How can we assist users to gain deep insight into large amounts of data?" I have spent a lot of time building and defining the security visualization space through open. I oversee Forcepoint's X-Labs, a specialized department within Forcepoint that is responsible for behavior-based security research and the development of predictive intelligence. In addition to traditional threat and security intelligence, we are the home of data science, machine learning, and artificial intelligence within Forcepoint.
May 07, 2019
DtSR Episode 344 - You've Probably Been Pwned

This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation later (joking, Troy!).


Highlights from this week's show include...

  • Troy gives a run-down on HaveIBeenPwned
  • We talk through some of the interesting use-cases for HaveIBeenPwned data
  • Troy gives perspective on usernames, passwords, and other important things technology/security related


  • Troy Hunt ( @TroyHunt ) - Troy is a Microsoft Regional Director and Most Valuable Professionalawardee for Developer Security, blogger at, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.

    I created HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.

    Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today's modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!

May 01, 2019
DtSR Episode 343 - The 31st Human Right

This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO of

What's a human data ethicist, you ask? Listen to the podcast, and find out.

Highlights from this week's show include...

  • Richie walks us through data ownership as a fundamental human right, including why now is the right time in history
  • Raf and Richie discuss the principles of data ownership and how they're different from privacy or security
  • Richie discusses data ownership as a great leveling factor for society
  • SO much more...


  • Richie Etwaru - Richie Etwaru is a human data ethicist and the Founder & CEO at where he is responsible for vision, strategy and execution focus for the company. He is driven to reshape the world by creating a new data economy, where inherent human data is legally human property.

    He has held c-level roles at Fortune 500 companies for two decades, and serves as advisor to venture capitalists, startups, governments, academia, and large organizations on transitioning to Trust Companies.

    Richie’s book Blockchain Trust Companies, Every Company is at Risk of Being Disrupted by a Trusted Version of Itself (2017) is used by universities, consulting organizations, and governments, and his TEDx talk Blockchain Massively Simplified has been viewed almost 1 million times.
Apr 23, 2019
DtSR Episode 342 - Michael Coates Has Things to Say

This week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much.

We highly recommend you check out episode 134 first, then listen to this one. Trust us, you want the context.


Highlights from this week's show include...

  • Michael gives us an opinion on "what's changed" in the last decade or so
  • Michael discusses "risk", "technical risk", and the Enigo Montoya problem in security
  • Michael gives an overview of what he thinks the profile of the CISO should be
  • Michael gives his take on why he thinks low false-positive rates are important and automation is the future


Apr 16, 2019
DtSR Episode 341 - Discussing Security Reference Architecture

This week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise Security Group and he's doing some amazing things for the community with regards to the Azure cloud and other Microsoft-related security things. Give this episode a listen and share it ...maybe listen again and take good notes!

Highlights from this week's show include...

  • Mark discusses security reference architectures (in general)
  • Mark and Raf rap on the shared responsibility model for the cloud...again
  • Mark answers "What's different about security in the cloud?"
  • Mark raises the concept of "raising the cost to the adversary" for defenders...


  • Mark Simos - ( @MarkSimos ) - Mark is Lead Architect in Microsoft’s Enterprise Cybersecurity Group where he is part of a group of cybersecurity experts who create and deliver unique cybersecurity services and solutions to Microsoft’s customers.

    Mark has contributed to a significant amount of Microsoft cybersecurity guidance - most of which can be found on Mark's List (

    Mark focuses on cybersecurity guidance to help customers manage cybersecurity threats with Microsoft technology and our partner solutions. Mark's current focus is on security assessments and roadmaps that span the spectrum of security topics including privileged access, high value asset protection, security strategies and operations, datacenter security, and information worker protection.
Apr 09, 2019
DtSR Episode 340 - Diana Kelley from RSA 2019

This week, Down the Security Rabbithole Podcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features Diana Kelley, of Microsoft, talking about the latest security report and other goodies.

Highlights from this week's show include...

  • Diana discusses the highlights from the latest Microsoft Security Intelligence Report
  • Raf provides an opinion on how Microsoft could totally own the endpoint space
  • Rafal & Diana dive back into passwords...apparently, we just can't get away from them
  • Diana tells a really interesting story about Microsoft Windows Hello and twins


  • Diana Kelley - @DianaKelley14Microsoft Enterprise Cybersecurity Group Leadership team member. Represent Microsoft at global security conferences, author-industry analysis, white papers, and blogs on Microsoft security strategy and response to cyber threats. Contribute to the all up security messaging and provide insight into the strategic vision and direction for the company in close partnership with marketing, business groups, and engineering, as well as working closing with the security PR and AR teams.
Apr 02, 2019
DtSR Episode 339 - Insuring Against Acts of Cyber War

This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show.


Highlights from this week's show include...

Other links related to this podcast:

Mar 28, 2019
DtSR Episode 338 - Failure of Risk Management

This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone... 

Highlights from this week's show include...

  • Phil talks up "The failure of risk management"
  • We discuss the realities of risk management
  • Raf asks "How do we make more informed risk decisions?"
  • Raf and Phil talk through thread models and why they're relevant
  • ...and so much more



Mar 19, 2019
DtSR Episode 337 - Insights on Cyber Talent

This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her professional career. We discuss all kinds of interesting and relevant topics...

Highlights from this week's show include...

  • Deidre presents her new "human model" for hiring, staffing, and retaining excellent talent
  • We discuss the difference between a good leader, and just a good manager and why those aren't the same
  • We discuss the pay gap, why it's still a thing, and what's to be done about it
  • Deidre discusses the challenges women face in cybersecurity, and what's changing



  • Deidre Diamond: (@DeidreDiamond) -  in her own words:
    • Combining my 21 years of experience working in technology and staffing, my love for the cybersecurity community, and a genuine enthusiasm for people; I created Cyber Security Network (, a company transforming the way Cyber Security Professionals approach job searches. will remove the frustration from job-hunting, and aid in interpersonal connections and education.

      Throughout my career, I have built large-scale sales and operations teams that achieved high performances. Creating cultures based on an anything is possible attitude allows people to achieve above and beyond the usual. By establishing an open communication framework throughout an organization; I have created cultures of positive energy, career advancement, and kindness, that enables teams to reach beyond peak performance and have fun at work.

Mar 12, 2019
DtSR Episode 336 - Energy Sector Security Update Q1-2019

This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big picture" security issues.


Highlights from this week's show include...

  • Patrick gives us a "state of the union" update on what's going on in the power industry with security
  • Raf asks "are we getting better... or worse?"
  • Patrick discusses IoT, IIoT, and "everything has an IP address"
  • Patrick tells a story about his recent encounter with a 386 & DOS 2.2 (if you know what this is, you're old)
Feb 26, 2019
DtSR Episode 335 - Ranking the Adversaries

This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report that Crowdstrike is releasing. The Crowdstrike 2019 Global Threat Report is a must-read with some very interesting topics covered. Dmitri joins Rafal to talk specifically about the ranking of threat actors, and what it means to you.


Highlights from this week's show include...

  • Dmitri explains "breakout time" and why it's important
  • Dmitri gives a walk-through of the methodology used to rank your global adversaries
  • Dmitri & Rafal talk through who's on first, and what's up with China
  • Rafal & Dmitri talk about what this report means to you sitting at your desk playing defender
Feb 19, 2019
DtSR Episode 334 - Compliance and Operational Process

This week, on the DtSR Podcast, Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty interesting story - you should listen.


Highlights from this week's show include...

  • Matt talks us through how he got into being an auditor
  • Matt and Raf compare and contrast compliance and security (yes, really)
  • An uncomfortable discussion on market consolidation ensues
  • Matt gets put on the spot for leading and trailing indicators, provides some insights



Feb 12, 2019
DtSR Episode 333 - Security Evolution and Trends

This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and trends...and he spends some time discussing that with us.


Highlights from this week's show include...

  • We collectively quickly make fun of the SIEM (yesterday, today, and next decade)
  • Sean talks through the "feature companies" that are hitting the market in a recent couple of years
  • Raf brings up the idea that we really don't understand the impact of the technology we create for 10+ years - what does that mean for security?
Feb 05, 2019
DtSR Episode 332 - Security in Transformation

This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues.

Highlights from this week's show include...

  • Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation
  • Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business'
  • We make light of the fact that it's a million degrees below zero up north


  • Jenn R. Black ( @JennRBlack ) - With over 18 years of experience within IT and cybersecurity managed services, Jenn helps companies manage their cybersecurity threats, vulnerabilities, and risks to meet regulatory and business needs, while driving process efficiency. As a consultant in a cybersecurity practice, she works closely with clients to define their cyber strategy, create roadmaps and solutions to meet the company’s security objectives. 
Jan 30, 2019
DtSR Episode 331 - Incident Response and Counterfactuals

This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp on real-world risk discussions, Jon and Raf have a pretty enlightening chat you will benefit from.

Highlights from this week's show include...

  • Jon discusses the concept of a "counterfactual"
  • Jon discusses feedback loops in how incidents are handled
  • Jon and Raf talk through how security professionals discuss 'risk' and what we can do to better the conversation



Jan 23, 2019
DtSR Episode 330 - Biometrics for Authentication

This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way you think it does.


Highlights from this week's show include...

Jan 15, 2019
DtSR Episode 329 - Volunteering Your Career

This week, on the DtSR Podcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO of and - and she recently ran a volunteerism survey (link: you should probably check out too.

Highlights of this week's show include...

  • Kathleen discusses some of the highlights of the survey
  • We discuss some of the things volunteers learn, and why this is critical to our community
  • Several jokes are made
  • We discuss the value of volunteering and its impact on your career
  • and much, much more



  • Kathleen Smith - @YesItsKathleen - CMO, ClearedJobs.Net/CyberSecJobs.Com, both veteran-owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations’ many audiences including security cleared job seekers, cybersecurity candidates, and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cybersecurity world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLV’s 2-day career track. Kathleen is well respected within the recruiting community, is the co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area
Jan 09, 2019
DtSR Episode 328 - Who Who Who Are You

This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we do about it?

Highlights from this week's show include...

  • Richard addresses the question of whether we've addressed a fundamentally fatalistic attitude towards security
  • The guys discuss whether the real perimeter, as we go into 2019
  • Richard schools the guys on identity - and what it's not the perimeter, but something else


  • Richard Bird - Chief Customer Information Officer at Ping Identity - Link:
    (Yes, Richard is the guy with the smashingly handsome bowties!)
Jan 02, 2019
DtSR Episode 327 - Experienced Security Leadership

This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a sense of what their thoughts are on where good security leaders come from, and the hallmarks of that experience.

Highlights from this week's show include...

  • the curious case of the cyber head who doesn't computer
  • Yaron and Setu give us their thoughts on developing security leaders
  • Yaron shares some of his experience building a security program, across industries
  • Yaron and Setu give us a few pieces of insight for current and future security leaders
Dec 19, 2018
DtSR Episode 326 - MidMarket Security

This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and is willing to share. Listen in

Highlights from this week's show include...

  • Bob gives a quick history of how he "hacked into hacking"
  • A discussion of breaking into security
  • Bob & Raf discuss security in the mid-market, and how it's fundamentally different than other market segments
  • Bob discusses hiring, talent acquisition and "working from home" in today's job market
Dec 11, 2018
DtSR Episode 325 - A CISO at AWS reInvent 2018

In another episode LIVE'ish from AWS re:Invent 2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show floor.

Highlights from this week's show include...

  • Raf asks Dustin the obvious question - what's a CISO doing at a cloud expo?
  • Dustin discusses some of the cloud transformation challenges for security teams
  • Dustin unveils the three things he is currently concerned most about for security, in the cloud
  • Dustin imparts a final piece of wisdom you won't want to miss...


Rafal's Guest:

Dec 05, 2018
DtSR Episode 324-1 - AWS reInvent 2018 Delivering Security

At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short conversation is quite interesting...

Nov 28, 2018
DtSR Episode 324 - AWS reInvent 2018 Preamble

This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at!


This week's show is a multi-part release from AWS re:Invent 2018. We sit down with two of Armor's solutions consultants to discuss trends, insights from day 0, and discuss anticipated moves and market shifts.

Expect this to be an insightful episode where we dive into cloud security from a development and security perspective.


Nov 27, 2018
DtSR Episode 323 - Security of a Global Enterprise

On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national enterprise.


Highlights from this week's show include...

  • Richard talks to us about his background
  • We discuss the unique challenges of a multinational enterprise
  • Richard gives us some wisdom on how to approach "the business"
  • Richard provides some advice for keeping prioritization and sanity
Nov 20, 2018
DtSR Episode 322 - The Ethics of Cyber Security Panel

This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly.

Highlights from this week's show include...

  • A base platform for the discussion on ethics
  • Moral relativism, applied to cyber
  • Law vs ethics
  • Cultural ethics and relativism
  • "Hacking back" - yes we went there
Nov 15, 2018
DtSR Episode 321 - Putting Threats In Perspective

** Go Vote **

Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky.

This week, Rob Graham joins Rafal and James (who's back!) to talk about various topics related to threats. We start with the hacking voting machines, and it go from there.

Highlights from this week's show include...

  • We ask Rob to tell us what he knows about the Georgia 'hacking the election' case going on right now
  • We discuss what the real threat to our elections is
  • We ask Rob to tell us what he thinks the biggest threats are, and how we should approach them
Nov 06, 2018
DtSR Episode 320 - Specializing in Forensics

This week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics.


Highlights from this week's show include...

  • James gives us some background on how he got where he is
  • We talk through some nostalgia
  • James answers the "Is APT trying to get me" question, sort of
  • We talk about things companies should be doing to prepare...
Nov 02, 2018
DtSR Episode 319 - Striking Out On Your Own

This week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, but very few do it. So hear an episode from someone who did...

Highlights of this week's show include...

  • What motivates and drives someone to jump the safety net of corporate life and go off on their own?
  • Rock gives us the secret to "How you know it's time"
  • We discuss how you can avoid the failings of the typical "consultant"
  • We talk through some very interesting strategy and advisory questions... (lots of gems in here!)
  • Rock drops his list of things to think about/remember
  • We discuss how to make security more than just a cost center


  • Rock's new company - Rock Cyber "Navigating Security in a Brave New World" (
Oct 23, 2018
DtSR Episode 318 - War, Cyber and Policy

This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, international leaders are speaking out and making bold statements that impact policy on a global level.

This topic needed to be addressed with some folks who have actual expertise in the matter - and with the understanding that what we have here are opinions and interpretations.


Highlights from this week's show include:

If you listen to this episode and have a strong opinion - get on Twitter and use the hashtag #DtSR and let's discuss it! There is already a lively discussion started here:


Oct 18, 2018
DtSR Episode 317 - Protecting Higher Education

While James is away, Raf will podcast all day ...or something like that.


Highlights from this week's show include:

  • Bill talks about what it's like to jump into a higher education system and try and play defense
  • We discuss the role of governance, centralized policy, and management in higher education environments
  • Bill discusses his view on the appropriate places to work in security, in a college/higher education environment
  • We compare and contrast the experience of security in higher education against very large enterprise (the comparison may shock you)


  • William Reyor - ( @WilliamReyor ) - William is Fairfield University’s first CISO, is a former penetration tester, and has more than a decade of security and network engineering experience. He is also the Security BSides Connecticut co-founder. You can find Bill on LinkedIn here: 
Oct 09, 2018
DtSR Episode 316 - NCSAM 2018

So, it's October 2018, and it's National Cyber Security Awareness Month. Again.

James and I have a bit of an issue with this, as you'd guess. Why are we still talking about awareness when we need action? Are there really people out there that are saying "If only I was aware that there are bad people trying to do bad things, I'd had done it differently"?


Highlights from this week's show include...

  • We riff on the thing we talk about once a year (and not anymore)
  • James takes a shot at passwords... fish, meet the barrel
  • Raf gets a little upset that we're talking about awareness, since 2004 and nothing really changes
  • Raf & James ask you to take action this year and tell us about it! Hashtag it #DtSR and tell us what you're doing for NCSAM 2018 that's going to make an actual difference
Oct 03, 2018
DtSR Episode 315 - Women in Cybersecurity-Mary Cheney

On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. She has such a colorful background and such great stories to tell - we just had to have her on the show.


Highlights from this week's show include...

  • A walk-through of Mary's colorful and extremely diverse background
  • Mary talks about burnout as we pick up the topic from our conversation with Ann Johnson's episode
  • Mary talks about corporate "tools efficacy" and security's cry for wolves
  • much more!
Sep 25, 2018
DtSR Episode 314 - None of This Crap is Secure

This week, on DtSR Episode 314, the infamous (that's more than famous) John Strand joins us. No, not the male model ...the guy who's been an InfoSec legend since before you could walk.


Highlights from this week's show include...

  • We take a stroll down memory lane
  • We discuss the challenges with more complexity in development
  • John takes us through what he thinks some of the faults are



Sep 18, 2018
DtSR Episode 313 - Cyber Law Update Sept 2018

Friends welcome to yet another edition of the Down the Security Rabbithole Podcast - as we invite perennial favorite, Shawn Tuma onto the show! Shawn has a new office, a new law firm, and is giving us his take on what's new in the world of cyber and law. Listen in!


Highlights from this week's episode include...

  • Shawn brings up "The GDPR" and the self-imposed disaster that it has become
  • We dive into the problem with "all the data"
  • Shawn explains the idea of "necessary and proper" and case-law for data breaches
  • Shawn tells us about cyber insurance and the scariest word in the vernacular ... "negligence"
Sep 11, 2018
DtSR Episode 312 - Ann Johnson on Mental Health

This week Down the Security Rabbithole Podcast welcomes two very cool ladies from the InfoSec realm. First Ann Johnson of Microsoft (if you don't know Ann, you're living under a rock, honestly) is here to discuss a tweet she put out a while ago ( ) on mental health in high-pressure jobs in InfoSec. If that wasn't enough, Jennifer Duman from Armor joins us as a guest-host to provide her experienced perspective as a road warrior.


Highlights from this week's episode include...

  • Ann discusses the big deal with working from the road, in a high-pressure InfoSec job
  • We discuss the impact of being a road warrior has on mental health, families, and career
  • Ann gives us some insight from the teams and companies she's worked with
  • Ann gives us some thoughts on how to mitigate mental health impact for InfoSec professionals


Guest Host

Sep 05, 2018
DtSR Episode 311 - Further the Browser

This week we dive into the world of the web browser. A brief history, some discussion about what's wrong and how it's broken - and a few suggestions for what to do next. This is a complicated discussion - so you can bet we'll come back to it with your feedback!


Highlights from this week's show include...

  • A brief walk-through of the history of browsing
  • Solutions that tried, but ultimately failed, to solve the challenges
  • An approach we've seen before - the "remote browser"
  • Discussion on challenges and opportunities of the remote browser concept
  • Discussion on Authentic8's approach and innovations
Aug 29, 2018
DtSR Episode 310 - RFP POC OMG

This week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security tools and services. Listen close if you're on the enterprise side, and listen closer if you're selling to them.


Highlights from this week's show include...

  • We address the difficulties of evaluating or replacing technologies or services
  • Rafal takes you into the "better" trap, and how you can avoid it
  • We discuss defining concrete problem statements
  • James & Rafal talk through the challenges of defining good requirements and evaluating
  • We address how to pick a winner - or not
Aug 23, 2018
DtSR Episode 309 - Digital Transformation, Take 2

This week Nate Smolenski - Director, Cloud Architecture Services - joins us for an insightful discussion on the concept of digital transformation for the enterprise. Many companies are undergoing a digital transformation, or have done so already, and it's up to security to once again, catch up.

Nate brings a truckload of experience and evidence into the conversation and as a security professional and practitioner - you should absolutely listen to this episode. Twice.


Highlights from this week's show include...

  • Answering: What in the world is "digital transformation"?
  • Discussion around the seemingly "take 2" we're embarking on, as security professionals
  • Enterprise security's role, or not, in digital transformation
Aug 14, 2018
DtSR Episode 308 - Theoretical and Applied Futurism

Friends, this week's episode is truly unique. We talk to a gentleman whose job it is to think big, and into the future in a big way.

Jeremy Nulik is the "Evangelist Prime" at Big Wide Sky - an organization that looks to think big, and solve big problems, in big ways. This is an incredible journey into problem-solving on a grand scale.


Highlights from this week's show include...

  • An overview of futurism, as an abstract tool for problem-solving
  • A discussion on the roots of futurism
  • Overview of how futurism is applied today
  • The four key approaches in applied futurism
  • Applying futurism to problem-solving in information security


Links you need to check out:


Aug 08, 2018
DtSR Episode 307 - Building and Teaching in Chicago

On this episode of the Down the Security Rabbithole Podcast, Rafal is in Chicago for a few days and visiting with a long-time friend and colleague, Don Donzal. Don has some great history in the Chicago hacking and security professional scene, so we take a stroll down memory lane, talk about what he's doing now, and take a long look ahead. Join us!


Highlights from this week's show include...

  • Don gives us a little insight into where Ethical Hacker Network got started
  • A history of Chicago Con - anyone been?
  • Life, family, career - and how balancing all of that and still doing what you love is important
  • A look into the future of the new venture!


Catch the Ethical Hacker Network online at, and on Twitter at @EthicalHacker.

Aug 01, 2018
DtSR Episode 306 - Balancing Family and Career

This week, we tackle a topic that should not have taken 306 episodes to get to - balancing family and work while growing a career in Information Security. Britney hits the high points with us, and takes us down the road of what it's like being a mother and security leader - as we explore the topic for everyone who is in our field.

Highlights from this week's show include:

  • Who does this apply to?
  • Are you being asked to choose?
  • Becoming adaptive
  • When you should bend and when you should concede
  • Creating your own space
  • Confidence
  • Benefits of Blending
Jul 25, 2018
DtSR Episode 305 - Security for the Mid-market

Do you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you, and yet you still have all of the same problems big companies do - just without all the budget. What do you do? Listen to this episode of DtSR and find out what we think.


Highlights from this week's show include...

  1. Addressing the "tool" or "staff" conundrum
  2. Who's manning all those dashboards? Staff to dashboard ratio
  3. How do you prioritize, when you can't multi-thread?
  4. Giving up isn't an option, so what do you do?
Jul 17, 2018
DtSR Episode 304 - Transforming Security

This week, James and I interview a former Optiv colleague and advisor to many Fortune 250 CISOs in his long career, our friend Ron Kurisczak. Ron's long and successful career has included time spent truly transforming the way security functions, and how it's seen in the boardroom. Spend 35 minutes and hear his take on where we've been, and why right now is so crucial to our future.

Highlights from this week's show include...

  • Why are we transforming security?
    • Data classification, operation policies
  • Tracking key performance indicators (KPIs)  to the new rules of security
    • Who's getting through, how long did they have, what did you do to eradicate?
  • What are we measuring - how do we define "maturity" in security programs
  • Understanding how we understand and measure long-term losses from security failures
  • Moving into a truly risk-based security program, and away from "how much are my peers spending?"
Jul 11, 2018
DtSR Episode 303 - Advising Security Leadership

Thanks to my friend Brian Wrozek for joining us this week on Down the Security Rabbithole Podcast. Brian's long career as a CISO has broken several 'typical' molds... so he's a fantastic person to join us to talk about the things CISOs should be thinking about.

Highlights from this week's show include...

  1. Prioritizing projects as the CISO
  2. Getting support from the outside because "we hired you to know this"
  3. Refreshing and revisiting completed projects/tools to optimize and see a value
  4. Security is additive, we never really take anything away - is this a problem?
  5. Red team, blue team, purple team ... what happened to penetration testing?
  6. Automation, orchestration, automated response to bad
  7. Risk management, and "back to the basics" is still broken
  8. Breach after breach after breach - and nothing's changing
Jul 03, 2018
DtSR Episode 302 - InfoSec Superhero Syndrome

This week, as DtSR rolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad Security Podcast in his spare time. His perspective on the idea of an "infosec army of one" is one that many of us share, and it needs to be solved.

Highlights from this week's show include...

  • Trying to solve everything, on our own... burn out or flame on
  • Working as a lone wolf can be detrimental to your career, and sanity
  • Working as an individual within an enterprise team
  • Perspective for the business requires others
  • Case in point - Application security jobs
  • Purple teams - the ultimate collaboration, not me vs you
Jun 26, 2018
DtSR Episode 301 - Julie Conroy on eFraud and Identity

This week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a fascinating conversation that winds through the fringes and often unexplored corners of enterprise security. Check it out, and special thanks to Julie for taking the time out of her busy schedule.


Highlights from this week's show include...

  • A brief glimpse into the impact of enterprise security on global fraud
  • Julie talks through identity, and how enterprise security can positively impact fraud
  • Account takeovers - the thing we all fear but struggle to solve
  • Balancing security and usability, convenience


Jun 19, 2018
DtSR Episode 300 - Reminiscing

Thank you, listeners!

Down the Security Rabbithole has reached milestone episode #300.

In this episode, James and Rafal sit down with the nothing more than an open mic and talk through topics the podcast has previously covered, and others we still have yet to cover.


Join us. And a personal thank you to all of our guests over the past 300+ episodes... we are looking forward to much more great content to come!

Jun 14, 2018
DtSR Episode 299 - Leadership Lessons w Chris Abramson

Special thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure!


Highlights from this week's show include...

  • Chris and I talk about measuring 'risk'
  • We discuss 'brittle systems' which apparently are still alive and kicking
  • Risk analysis, cloud computing, and your business



  • Chris Abramson ( @cabramson50 ) - Director, Information Security Delivery & Engineering; Team oriented Enterprise Information Security Management professional seeking to improve the security of organizations through education and practice. Qualifications include a bachelors degree in computer science; CISM, CISA, CEH and ECSA certification. Understanding of Industry, State and Federal regulatory standards. Ten years of experience in the creation and deployment of Information Security solutions for protecting the networks, systems and data assets of a fortune 50 company.
Jun 05, 2018
DtSR Episode 298 - Overcoming the Language Barrier

Two more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe).


Highlights from this week's show include...

  • Applications of DoD security in a non-DoD world
  • The meaning and elements of the risk equation
  • Understanding (making sense of) the risk equation
  • Swimming in the swamp of marketing literature
  • AppSec as an area of expertise (again, and again, and again)


Go see Jeff at Circle City Con if you're attending. He's giving a talk ( ) titled "(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)"

May 29, 2018
DtSR Episode 297 - A Model for Prioritizing Patching Efforts

Before you listen to this podcast ... go grab this report: from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this show.


Highlights from this week's show include...

  • A high-level walkthrough of the model that authors developed, and the many interesting insights
  • Why what you're doing now is probably as good as random chance
  • A deeper discussion on cause and effect of patches, and trying to do everything

So much more! While you're listening to the show, hit us up on Twitter using the hashtag #DtSR or tweet to @DtSR_Podcast!



May 22, 2018
DtSR Episode 296 - Hype Machine Off the Rails

This week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in bullsh*t we convince ourselves of - this podcast is a riveting (although slightly longer) episode of free-flowing discussion.


Highlights from this week's show include...

  • We discuss #eFail - and the circus maximus of ridiculousness that it currently is
  • Adrian gives us some views on believing our own nonsense
  • We attempt to discuss how we got to this point
  • Much more!
May 15, 2018
DtSR Episode 295 - DevSecOps is Not a Thing

This week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud computing, DevOps, and some silly things security folks are doing to undermine themselves in the brave new world.

Highlights from this week's show include...

  • A brief discussion on moose and Canada
  • Why none of us believe "DevSecOps" is a thing
  • Deploying security into modern code development practices
  • Much, much, much more



  • Mark Nunnikhoven ( @MarkNCA ) - Vice President, Cloud Research at Trend Micro. Mark has way too many credentials and accolades to list here, go read his LinkedIn page, or check out "Mornings with Mark" on his Twitter feed daily. [Mark on LinkedIn]
May 09, 2018
DtSR Episode 294 - Securing Azure

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at and if you really want to check out something amazing where IoT and cloud collide, check out

On this second special episode of the podcast live from RSA 2018, Raf sits down at RSA Conference 2018 with a gentleman you may not know but you should, Avi Ben-Menahem. We discuss what it's like in terms of effort, scope, and sheer talent, to take on the monumental task of securing the Azure public cloud platform. Avi shares his insights, and drops us some interesting tidbits on the day in the life of someone working at truly hyper scale.

Again, special thanks to Jessica and the Microsoft team for some truly unprecedented access.

May 02, 2018
DtSR Episode 293 - Diana Kelley from RSA 2018

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at and if you really want to check out something amazing where IoT and cloud collide, check out

On this very special episode of the podcast, Raf sits down at RSA Conference 2018 with the one and only Diana Kelley to talk data integrity, crisis communication, and fear-based selling in security.

Again, special thanks to Jessica and the Microsoft.



  • Diana Kelley ( @DianaKelley14 ) - Diana is the Cybersecurity Field CTO for Microsoft, a cybersecurity thought leader, practitioner, executive advisor, architect, speaker, author and co-founder of SecurityCurve. More here: 
Apr 24, 2018
DtSR Episode 292 - Navigating Industry Conferences (RSA)

This week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide some much-needed commentary on the industry, conferences, and survival.

Highlights from this week's show include...

  • A quick overview of RSA Conference
  • Getting value, learning something, or whatever else
  • Buzzwords, and navigating marketing speak
  • Attendee personas: buyer, attendee, vendor - there is a huge difference in how you experience a conference from these angles
  • Feature, product, or startup (sometimes they're the same thing!)
  • Tips, tricks and ideas for having a successful experience
Apr 17, 2018
DtSR Episode 291 - A New Perspective On Endpoint (Nyotron)

[This week's episode and fantastic discussion on endpoint security is sponsored by Nyotron]. DtSR listeners already know we don't do advertisements or traditional sponsorship - so when we bring in a sponsored guest it's because we believe the topic is interesting and the guests have a genuinely interesting point of view.

On that note...

The topic this week is the endpoint. Yes, the endpoint - the place where security started, and was subsequently abandoned, and reborn. Whether you're talking about virtual cloud workloads, laptops or other types of endpoints - we can all agree on the fact that there are too many buzz words, too many tools, and too many 'solutions' to the various ailments of the endpoint. This week we dive down the rabbit hole with Rene and Nir, from Nyotron, to hear their unique perspective and get an understanding on why they think their approach to this very difficult problem is worthy of your time.

I invite you to give this episode a listen, as it's a bit of a pilot for us. If you all enjoy it, we will do 1-2 of these per quarter ... if the audience votes that these add no value, we will give it more thought.

If you're coming out to RSA 2018, come see demos of live attacks (including Rubber Ducky) and learn more about Nyotron's technology at the RSA Conference - South Hall, booth #1639.

More information on Nyotron which we invite you to check out are here: 

Don't forget the hashtag #DtSR on Twitter and you can find us on LinkedIn as well!

Thanks for Rene and Nir of Nyotron for the discussion and recognition of the DtSR audience!

Apr 10, 2018
DtSR Episode 290 - What Ails the CMS

This week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in InfoSec love to hate on. We talk about Drupal, Wordpress and all the other CMSes out there that have similar issues.


Highlights from this week's show include...

  • Why start a company that does CMS security (they're hopeless anyway right?)
  • How many of the most popular CMSes are actually not as bad as you may think, security wise
  • The core, the plug-in infrastructure, and plug-ins
  • Finding, responding to, and fixing bugs in the modern software world


  • Tony Perez ( @Perezbox ) - [Tony has perhaps one of the coolest LinkedIn write-ups, so I'm pasting it here.] Tony is a proven business leader and operator. He is a former US Marine (2000 - 2005), and former CEO of Sucuri (2011 - 2017), a website security platform that was acquired by GoDaddy in April 2017. He has proven experience taking a security product from startup to a global, multi-national, organization. 

    His core competency revolves around: leadership, management, marketing, product position, product pricing, sales, business institutionalization, revenue and organizational strategy. 

    He believes that our greatest responsibility in sales and marketing is to bridge the gap between the value a customer expects from your product, and the value you assume you are delivering. 

    He brings with him an intoxicating level of energy, work ethic and passion. Excelling in high-tempo environments, and executing flawlessly against strategies. He is adamant about self-reflection and self-actualization, placing energy on learning his weaknesses and building on them. 

    He is horrible at spelling, but amazing at motivating people. He is known for challenging people to be better, to strive for more, to never settle for the cards they've been dealt. He was a leader of Marines, and today he's a leader of people, technology and industry.
Apr 03, 2018
DtSR Episode 289 - Neither Security Nor Privacy

This week, join DtSR as Rafal sits down across the virtual table with the one and only Robert Hansen. Rob (aka @Rsnake ) discusses his roots of being an almost-bad-guy, to the security of browsers, and privacy. Plus we get to reveal something pretty awesome...


Highlights from this week's show include...

  • Rob's fascination with alien conspiracy theories
  • A back history of browsers you've never heard of, that you benefit from today
  • Google...
  • Security vs. Privacy - why you don't actually get either
  • A secret reveal from Rob about his exciting new venture
Mar 27, 2018
DtSR Episode 288 - Experienced Opinions

This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an industry old-timer (sorry buddy, we're old) and has some seriously valid opinions on many things. We discuss some interesting topics, and apologize for nothing.


Highlights from this week's show include...

  • It's conference season again... and time for more buzzword bingo
  • Marketing people are the worst...except we're all complicit
  • Threat Intelligence. Again. Still. Yep.
  • Let's go hunting for threats - who should have a threat hunt team, and why
  • Mergers, acquisitions, and the future of our industry



  • Will Gragido ( @WGragido ) - Will Gragido is a seasoned security professional with over 20 years’ experience in networking and information security. Will’s extensive background is the result of his service as a United States Marine, a consultant with the world renowned International Network Services, Internet Security Systems (now IBM ISS), McAfee, Damballa, Cassandra Security, RSA Netwitness, Carbon Black, Digital Shadows and now Digital Guardian where he leads the organization’s Advanced Threat Protection Product Line as its Director.
Mar 20, 2018
DtSR Episode 287 - Armored and Battle Tested

In case y'all don't read LinkedIn or Twitter - Rafal recently joined Armor (, so what better time to interview the CEO Chris Drake than right now.

So this week, Chris Drake joins us in the studio to talk about his background (which is quite interesting, by the way) and how he got to start a fast-paced cloud security-as-a-service company.


Highlights from this week's show include...

  • The road starts with jumping out of airplanes
  • The Butterball story
  • More discussion on challenges with existing security models
  • Security-as-a-Service vs. Managed Security (MSS) - differences and big differences



  • Chris Drake, Founder and CEO of Armor ( @ChrisDrake ) - Chris is currently the founder and CEO of Armor, a fast-paced cloud Security-as-a-Service provider. If you want more on Chris, you'll have to listen to the podcast.
Mar 13, 2018
DtSR Episode 286 - Breach vs Incident vs Lawyers

This week's DtSR Podcast sits down in the offices of Shawn Tuma to discuss an update on the law with regards to data breaches, or incidents - and what the differences between. We talk through current events, past history and look into the future a bit.

Highlights from this week's show include...

  • the legal differences in the words we use (breach vs. incident)
  • notification and disclosure in a global economy
  • planning, preparation, and the big day
  • costs - specifically around insurance - when things go badly
  • right to sue for current, and future, damages (did they really happen?)
  • overview of GDPR, and the cornucopia of other local, regional, national, and international laws as they are evolving


Mar 06, 2018
DtSR Episode 285 - Alt-Tab Alt-Tab Swivel-Chair

We have a treat for you folks this week!

On episode 285 of the podcast I'm joined by three well repected, forward thinking, and entrepreneurial-minded security executives to talk about about some of the challenges they see in the industry and what they're doing to solve them.

From cloud, to threat intelligence, staffing, and other scaling issues - we address the issues head-on, and provide some insight into what these three are thinking going forward.

*The audio quality isn't the usual high-quality I expect to publish, so my apologies for that in advance. Somewhere the recording tool I use had an issue, but I did my best to make sure you could hear the speakers clearly. Apologies for the background noise on this recording.



  1. Susan Magee
  2. Dustin Wilcox
  3. Jason Clark


If you've noticed the new logo, it's courtesy of a phenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: Peter is also the artist behind Vengence Nevada (found here, for you comic lovers: ) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!

Feb 27, 2018
DtSR Episode 284 - MSS SOS

This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen).

This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little. A lot.

Join us! And spread the word!


  • Scott Stanton ( @Scott_Stanton ) - Information Security leader with experience in the High Tech, Manufacturing, Engineering, Services, and Energy industries. My technical depth includes application development, IP networking, operating systems, virtualization, and storage systems. Scott is currently the Senior Manager of Infrastructure Security at a medical technology company.


If you've noticed the new logo, it's courtesy of a phenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: Peter is also the artist behind Vengence Nevada (found here, for you comic lovers: ) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!

Feb 20, 2018
DtSR Episode 283 - Testing Security Into Applications

This week an old friend, Vinnie Liu of Bishop Fox, joins Raf and James to talk about the history of App Sec. We started trying to test ourselves secure, and we continue to come back to it - so this episode is a walk down memory lane and a glimpse into the future of application security.

Don't forget to like us on iTunes and share with your colleagues!



  • Vinnie Liu ( @VinnieLiu ) - Vincent Liu (CISSP) is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. With nearly two decades of experience, Vincent is an expert in security strategy, red teaming, and product security; and at Bishop Fox, he oversees firm strategy and client relationships. 
Feb 13, 2018
DtSR Episode 282 - DDoS - Past, Present, and Future

Join us this week on Down the Security Rabbithole as Barrett Lyon (who knows a thing or two about DDoS) is our guest to talk about the evolution of the art and science of kicking people off of a network. Barrett is the authority on DDoS, with over 20 years in the field, going back to when angry teenagers flooded each other off of IRC servers.

This is a fun episode that walks through DDoS - where it came from, how it evolved, and what we can expect in the future. TLDR; yes ...your fridge may one day DDoS your toaster.



Barrett Lyon ( @BarrettLyon ) -

Barrett Lyon is the Vice President of Research and Development for the Neustar Security Solutions’ portfolio. He spearheads the development of innovative new products and solutions for the company’s industry-leading DDoS, DNS and cybersecurity solutions.
Mr. Lyon is a serial entrepreneur and a well-respected cybersecurity thought leader with experience building leading edge network services and infrastructure. Prior to Neustar, Mr. Lyon founded and served as its Chief Technology Officer. In 2009, he co-founded XDN, Inc. and served as its CEO. As Chief Technology Officer, he led the strategy and technical operations at BitGravity, a company he co-founded. Previously, Mr. Lyon founded Prolexic Technologies and served as its Chief Technology Officer, where he created the first successfully managed service to defend enterprises from Distributed Denial of Service (DDoS) attacks.
His authority and over 20 years of experience in the network security space has led to numerous collaborations with a majority of the tier-one and tier-two carriers in North America and Europe, and at National Security Agencies in Europe and the U.S. Outside of the security field, he has been active proponent in the advancement of the Internet. Mr. Lyon was responsible for the Opte Project, often referred to as the Internet Mapping Project and he formed He has been published in several security and non-security related books.


Feb 06, 2018
DtSR Episode 281 - Exploiting and Defending Human Behavior

This week, go Down the Security Rabbithole with James and Raf as they host Robert Sell. Robert took 3rd place at the Defcon SECTF (Social Engineering Capture-the-Flag) in 2017 and he has some lessons to you in the enterprise.

"Social Engineering" (while a ridiculous and non-descriptive term) is a real attack vector. How are you defending your enterprise?

Listen in. Then talk back on Twitter at #DtSR or LinkedIn!



Jan 30, 2018
DtSR Episode 280 - A Cloud Container Security Primer

This week, Chris Rosen from IBM joins us to talk about cloud containers - and the security (or lack thereof) of them. There is a paradigm change coming which significantly impacts security - if we're ready for it. Chris talks us through the dramatic changes (or maybe not) of doing cloud security with containers and the impact to the shared responsibility model.

Join us, and let us know what you think by leaving us a comment, either here or on iTunes.



Jan 22, 2018
DtSR Episode 279 - Deeper Down the SDP Rabbithole

This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and related infrastructure.


Related DtSR listening:


Jan 16, 2018
DtSR Episode 278 - The Meltdown Over Spectre

Welcome Down the Security Rabbithole. This week we bring Jeff Schilling from Armor to talk about Spectre and Meltdown - the two hottest topics of the security right now and for the foreseeable future.


While you listen to us talk, check out these links:

And the obligatory "I patched and things got worse" post:


Jan 09, 2018
DtSR Episode 277 - An Outside In Look at Security and Innovation

Happy New Year, 2018.

Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that was office-friendly, informative, and focused on advancing our trade. Over the years I've gotten some encouraging comments from people ranging from those trying to get into our industry, to those who are leading large organizations' security practices. I'm encouraged by you all, and thank you for supporting us.

Now, let's get on with 2018.

On this first episode of 2018, James and I welcome Ben Kepes who is a long-time friend of mine and and industry analyst. Ben isn't your typical analyst though, because he has a healthy dose of skepticism, an eye for bullsh**, and he's trusted by vendor and buyer alike. Oh, also, he's a Kiwi so he's got that going for him too.

Sit back, enjoy, and leave us a comment if you are so moved.

Jan 02, 2018
DtSR Episode 276 - Game Changer in ICS (no FUD edition)

What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety systems in industrial controls (ICS).

Why: You've probably read about it, and depending on what you read you may only have the hype or half the story.

Who: As always, Sergio Caltagirone from Dragos is the master at telling a great story, from just the facts. He's part of the team that did the analysis, wrote the narrative, and then ended up on countless phone calls explaining it to executives and national security types. He knows his craft.


We invited him on this special episode to give you the inside story, to separate some of the hyperbole from reality - so listen up.


Dec 26, 2017
DtSR Episode 275 - Beyond 2017 A New Hope

For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "What will get us there". If you've not had a chance to listen to that show, you absolutely should do that first.

Haroon shares his perspective including...

  • "The cloud has won"
  • Fundamentals are still hard, we're still largely failing at them
  • Hackers make the best engineers when you give them a problem to solve
  • Where do we go from here, into 2018, is there hope?
Dec 19, 2017
DtSR Episode 274 - Let's Talk Power Grid

This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed.

Patrick and I discuss resiliency (over actual security) in the grid, and focus on transmission, generation, and "getting it all working again" from a life safety perspective. It's a fascinating discussion, don't miss it!


** Apologies for some of the audio quality, we had "choppy" issues on Skype and I edited the best I could.

Dec 13, 2017
DtSR Episode 273 - Automate or Die (w/Demisto)

Join James and Rafal, one last time, live from Enfuse Conference (Las Vegas, NV) this past summer.

In this episode, we track down a personal friend of Raf's - Bob Kruse, Demisto, VP Sales & Alliances, and talk about the need for the enterprise to automate and orchestrate.

Oh, also, Bob pretty much said by 1 year from the recording of that episode he would get an "Automate or Die" tattoo. So just to be on the safe side, we'll give him until next year, about this time. Game on, Bob.

Dec 05, 2017
DtSR Episode 272 - Innovation, Startups, and the Security Bubble

This week, Grant and Mark join me live and in person in Las Vegas at the Amazon AWS re:Invent conference to talk about the security marketplace, innovation, "the bubble" and more.

Here's the announcement we talked about at the opening of the show



Nov 28, 2017
DtSR Episode 271 - The Secrets of Influence Through Communication

This week James and I are fortunate enough to have one of the best keynote speakers I've ever seen on the show. He's an amazing speaker, a brilliant magician and a sharp dresser - this guy is the real deal.

Straight off the keynote stage at the Security Advisor Alliance (SAA) Summit in Denver ... ok maybe not straight off, Vinh Giang joins us to talk about how to influence people while you're up there giving a talk or speech.

Grab something to take notes with - trust me, this one is chock full of brilliant nuggets.


Guest: Vinh Giang ( Twitter: @AskVinh and Facebook: ) is a brilliant self-made public speaker, magician, and all-around snappy dresser.

Nov 21, 2017
DtSR Episode 270 - Secrets of InfoSec at Scale

Ladies and gentlemen - we have our first 3-time guest! Brandon Dunlap, my good friend and industry titan, joins the podcast for his third trip down the rabbit hole.

In this episode Brandon Dunlap (@bsdunlap) and I talk through the challenges of security at scale, in person and live from Seattle. In the previous two episodes that Brandon has done on this show we've talked about the challenges of scaling information security teams, and this time we go deep into the strategies that work, where the lines are drawn and some lessons learned form a very successful career doing exactly this - infused at scale.


The previous two appearances of Brandon on this show are:

We invite you to listen, take notes, and converse with us on #DtSR on Twitter, or on this post on LinkedIn.

Nov 15, 2017
DtSR Episode 269 - Industrial Internet of Things (IIOT)

This week, we have a repeat guess with Robert M. Lee joining our show to talk about the Industrial Internet of Things. Rob's just finished a conference his company, Dragos, Inc, just started to educate and help increase awareness and research for the Industrial Internet of Things.

Whether you think you know what the IIOT is, or whether you can admit to yourself you need to be know more - this podcast will have it all.

We also reference a podcast with Dr. Timothy Chou (link: DtSR Episode 250 - Deconstructing the Internet of Things ). If you haven't read his book, "Precision" (link: ) it's the basis for a lot of this discussion.


Thanks to Rob again for being on the show!

Nov 07, 2017
DtSR Episode 268 - CISOs Survival Guide

Welcome down the Security Rabbithole, friends and colleagues!

This week, my guest is Larry Whiteside, Jr. (we know him as the best dressed man in InfoSec). Larry joins the podcast while James is out to discuss the life and times of a CISO. He has extensive experience as a CISO and security leader, working across multiple market verticals from energy to healthcare, in addition to being a former colleague advising CISOs.

Larry dispenses his brand of knowledge with a little bit of an edge, a little dose of realism, and a lot of fun. If you've never had the pleasure of working with Larry - it's something I advise you do at some point in your career. He's even been referred to as the "CISO Whisperer" by people who know and have worked with him. All else failing, Larry can always give you fashion advice, and up your sock game.

Game on!

Oct 31, 2017
DtSR Episode 267 - Cyber Security Awareness Month Wrap

This week, James and Raf cover the tail-end of Cyber Security Awareness Month. It's been an interesting week of news and of course let's talk about awareness.

Have you completed your mandatory training?

-- This weeks' talking points

Namaste Health Care security incident, announcement

DHS Imposes DMARC on Federal Agencies

Cyber Security Awareness Training

  • Are we over it yet?
  • Raf says he's always late, and it's always the same thing... does it work?
  • What are some better alternatives? (there have to be better)
  • Does your job offer/mandate awareness training? Does it WORK?!
    • How would you even know??
Oct 24, 2017
DtSR Episode 266 - Leadership Perspective with Michael

This week we're getting the band back together!

Michael Santarcangelo joins us for a segment we'll be featuring regularly (look for is every 6 weeks or so) on the leadership perspective. Security could use some leadership, and we will be enlisting Michael to talk about current events and lessons for leadership.

Tune in, and you may just end up with something you can use in your day job.

Oct 17, 2017
DtSR Episode 265 - Privacy and Paranoia

This week's Down the Security Rabbithole Podcast asks - "Are you paranoid enough about your privacy? or do you simply not have any?" with a couple of gentlemen who would know.

Join James and Raf as we go down the rabbit hole one more time, this time talking about the breadcrumbs, fingerprints, and digital privacy violations you voluntarily give up in your everyday life. It's a little scary, but the trade-off we make for the sake of convenience is very real.

Grab your tinfoil hat and your burner phone and enjoy!

Oct 10, 2017
DtSR Episode 264 - Windows Forensics Then and Now

This week, Harlan Carvey joins James and I to talk about the evolution of Windows forensics over the last decade and half or so. Harlan has more experience than most when it comes to diving into the Windows machine from a forensics perspective and is a well-spoken author of many books and blogs.



  • Harlan Carvey ( @keydet89 ) - Digital forensics and incident response analyst with past experience in vulnerability assessments and penetration testing. Conducts research into identifying and parsing various digital artifacts from Windows systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. Developer of RegRipper, one of the most widely used tools for Windows Registry analysis. Has developed and teaches several courses, including Windows Forensics, Registry, and Timeline Analysis.
Oct 03, 2017
DtSR Episode 263 - Legal Update Q3 2017

On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our legal-eagle Shawn Tuma!

We're continuing our policy of not piling on to data breach hysteria, but will be covering some of the legal ramifications of recent disclosures, a possible national data breach law and a few other things that will make this show a must-listen. Shawn's unique perspective and true expert insights give you talking points and a download of facts that you wouldn't get listening to the talking heads and mainstream media.

Enjoy, share with your colleagues, subscribe via RSS, and don't forget to talk back to us on Twitter using the hashtag #DtSR.


Thanks for listening!

Sep 26, 2017
DtSR Episode 262 - Deeper Down the Cyber Liability Insurance Rabbithole

This episode, in conjunction with the Security Advisor Alliance ( ) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the things security leaders need to know as Travis and Stephen get right to the heart of matters.

Required pre-listening...

Check out the first episode (way back in the archives) on DtSR Episode 34 - The Inside Scoop on Cyber Liability Insurance ( ) with Christine Marciano ( @DataPrivacyRisk ).

Then, go grab episode 172, our 2nd foray into this topic titled "The Truth on Cyber Insurance" ( ) with Eran Kahana and L. Keith Burkhardt and dive a little deeper.


As always, thoughts and comments are more than welcome and discussion using the hashtag #DtSR is encouraged!

Sep 20, 2017
DtSR Episode 261 - Deeper Down the ML Rabbit Hole

Welcome to another Down the Security Rabbithole episode folks!

This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and the shenanigans that surround it. We talk through what ML is, some use-cases and further dispell some common myths. We even have a little fun, who knew.



Sep 13, 2017
DtSR Episode 260 - The Immense Challenge of Protecting Office 365

This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On this episode we cover:

  • What we mean by at scale in regards to Office 365
  • Some pros and cons of the Office 365 platform as it pertains to security and safety
  • Eary warning, early detection, and how easy it is to really break things

There's so much more too! We even skipped talking about current events to give this show maximum run-time. Sit back, grab something to take notes with, and listen up. The lesson begins now.



  • Rudra "Rudy" Mitra - ( @rudramitra ) Rudra is the Director of Information Protection for the Office 365 platform. He works on extremely large-scale projects to ensure the safety and security of client data and the platform itself. LinkedIn profile is here:
Sep 05, 2017
DtSR Episode 259 - Risk Communication Primer

As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". Communicating 'risk' is a nuanced, subtle and often time-based endeavor so we feel like everyone should have at least some background in it.

Sit back, relax, and again...start taking notes furiously.



  • Claire Tille ( @ClaireTills ) - Communication researcher trying to get into information security. I write about applying comm theory to infosec and case studies in my blog (
Aug 31, 2017
DtSR Episode 258 - Big Scary Numbers

This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we believe security goes awry when it comes to 'big, scary numbers'. Listen in...


-- Top News

Aug 22, 2017
DtSR Episode 257 - Software Ate the Perimeter

This episode of Down the Security Rabbithole Podcast was recorded live and in person in Las Vegas at the Black Hat Conference 2017. Raf had a chance to sit down across the microphone from Jason Garbis of Cryptzone to talk about a the software defined perimeter.

SDP is a relatively new space many of us in security aren't familiar with, so we decided we'd record a primer on the topic, narrated by someone who is expertly involved in the practitioner side (through the CSA, Cloud Security Alliance) developing the standards and the provider side (Cryptzone) developing products and services towards the specification.

This is a more technical-focused podcast than many of our others, so sit back, grab a notepad and get ready to learn something.

For more of Jason's work, check out this link:


  • Jason Garbis - Vice President of Products for Cryptzone, where he's responsible for the company's product strategy and product management. Garbis has over 25 years of experience with technology vendors, including roles in engineering , professional services, product management, and marketing. Jason joined Cryptzone from RSA, and holds a CISSP certification.
Aug 16, 2017
DtSR Episode 256 - Rick Howard on the Record

This week - Rick Howard joins us and goes on the record to talk about the Security Canon and a few other interesting things you're just going to have to listen to, in order to find out.

— Top News
Here's what we talked about with Rick Howard...
The Cyber Security Canon
  • Check it out
  • Reading material for newbies and others of us
  • Patrolling Cyberspace — my homework
The Cyber Threat Alliance
  • Sharing intelligence - amongst competing vendors
  • Palo Alto leading the endeavor, with a group of 6
  • Some things are above competition — that’s worthy of a clap
  • If your vendors isn’t part of this alliance, ask them why not?

Guest Info

Aug 09, 2017
DtSR Episode 255 - Security and Human Nature

This week on the Down the Security Rabbithole Podcast, John Nye ( @EndIsNye_Com ) to talk about the human aspect of the cyber security equation. Getting away from blaming the user, we talk through the human nature side of the business with a focus on social aspects and behavior modification.

A fascinating discussion you'll want to listen to over and over again, for sure!

Aug 01, 2017
DtSR Episode 254 - Lowdown and Dirty ICS

This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics.


Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago.


Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in that sector.


Thanks again for joining us, Sergio!

Jul 25, 2017
DtSR Episode 253 - Defending the Small-to-Medium Enterprise

On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.


  • Blue Cross Blue Shield of Alabama sends out USB sticks
    • Security elitists up in arms
    • We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content?
    • To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives
    • So what do we suggest?
    • More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against?
  • MySpace has a major account password reset flaw, allowing account take-over


This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points:

  • SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer?
  • How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins
  • SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back)
  • Other challenges - including how to achieve scale



  • Shon Gerber
    • Current
      • CISO for multinational chemical company with approximately 10K employees
    • Recent Past
      • Security Operations Supervisor for multi-national company 100K employees 
      • Senior Security Architect with multi-national 
      • Air Force Red Team - Squadron Commander
      • Multi-Disciplinary (Physical / Network Penetration Testing of Critical Systems)
Jul 18, 2017
DtSR Episode 252 - DFIR with Lesley Carhart

In this smasher of an episode James and I are joined by Lesley Carhart live from Enfuse Conference in Las Vegas to talk about the DFIR (Digital Forensics and Incident Response) as a broad field. There is SO much to talk about here, you'll want to listen twice.

Make sure that if you missed Enfuse this past year, you don't miss 2018. It's a great conference where you get to meet and talk with folks like Lesley and many others in this field.

Jul 11, 2017
DtSR Episode 251 - General Data Protection Regulation (GDPR)

This week on Down the Security Rabbithole Episode 251 (wow, can you believe we've published 251 full episodes?!) James and I host a roundtable of privacy and data protection experts and talk about the looming EU regulation known affectionately as GDPR.

The Global Data Protection Regulation (GDPR for short) impacts all companies that either do business with EU citizens, or operate in the EU. Basically, everyone. It's a huge deal and there really isn't a "wait and see" option.

Listen in, and if you have feedback provide it!


Does anyone really read these show notes? Reply on Twitter with #DtSR!



Jun 27, 2017
DtSR Episode 250 - Deconstructing the Internet of Things

Fresh off of his closing keynote at Enfuse Conference 2017 in Las Vegas, Dr. Timothy Chou joins us to talk about the difference between the Internet of People and the Internet of Things.

Even though many people talk about the IoT we still fail to understand the gravity and enormity of the problem we face and how information security professionals are so far behind the 8-ball here. Dr. Chou spend some time with us to dispense wisdom interlaced with humor to make it stick.



  • Dr Timothy Chou is a technologist, a lecturer, and published author. He has written a book called 
    "Precision: Principles, Practices and Solutions for the Internet of Things" that delves into an Internet of Things many don't really understand yet. While most of us focus on the Internet of People (gadgets and things meant to be operated by people) Dr. Chou focuses on the IoT where people aren't just optional, they're unnecessary.
Jun 20, 2017
DtSR Episode 249 - Finding a Way

This week, James and i try out a new format for the show. We hope you enjoy the blend of news commentary and an interview. 




  • Kevin Pope ( @screamingbyte ) - Kevin is a long-time friend of the show, and someone who has a fantastic story only he can tell. From struggling to thriving and the story to get there.
Jun 13, 2017
DtSR Episode 248 - Nick Hyatt On Ransomware

This podcast episode was recorded live to tape from Enfuse Conference 2017 from Las Vegas. If you didn't get a chance go get out this year to one of the premier DFIR (Digital Forensics and Incident Response) conferences you missed a heck of an event. 

James and I want to thank Guidance Software for the invitation, for having us out, and for access to some truly amazing guests for this series of recordings.

For #248 sit back and listen to Nick Hyatt talk with James and Raf about ransomware - fresh from his Enfuse Conference talk to your ears.


Enjoy and as always please hit us up on Twitter at #DtSR.



  • Nick Hyatt ( @Skelet0wn3d ) - Nick is currently the Senior Incident Management Consultant at Optiv Security, Inc. responsible for incident response, threat hunting, digital forensics, and malware forensics using a variety of skills and tools. He has hands-on knowledge and understanding of malware forensics, observation, removal, and threat hunting. Additionally, Nick has hands-on experience with digital forensics, malware forensics, data mapping, threat hunting, and e-discovery in different scales, from start-up and SMB environments to Fortune 500 environments.
Jun 06, 2017
DtSR Episode 247 - Internet of Things Forensics

Live once again from Enfuse Conference 2017 in Las Vegas, James and I interview Amber Schroader, the President and CEO of Paraben. This interview happened because you all voted and asked for it..ok and because she's a fantastic person to interview.

Be prepared for a little humor and a lot of knowledge.


Special thanks again to Enfuse and the Guidance Software team for having us out and getting us access to some downright amazing guests!

May 30, 2017
DtSR FeatureCast - Enfuse Conf 2017 - Theresa Payton

As James and I continue to publish our Enfuse Conference 2017 series of episodes we are this week joined by Theresa Payton. Theresa is the former CIO of the George W. Bush White House Administration, and now on the show Hunted where she runs a team of cyber trackers.



  • Theresa Payton ( @TrackerPayton) - Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy. As CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of Dark Cubed, a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover strategic opportunities and identify new and emerging threats.

    Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.

    In 2015 Theresa was named a William J. Clinton distinguished lecturer by the Clinton School of Public Service. She is the author of several publications on IT strategy and cybersecurity and a frequent speaker on IT risk. In 2014 she co-authored, with Ted Claypoole, the book Privacy in the Age of Big Data​: Recognizing Threats, Defending Your Rights, and Protecting Your Family, which was subsequently featured on the Daily Show with John Stewart.

    Among her numerous accolades and recognitions, Theresa was named one of the top 25 Most Influential People in Security by Security Magazine and One of Infosec’s Rising Stars and Hidden Gems by Tripwire. In 2005 she was honored as Charlotte, NC’s Woman of the Year.
May 26, 2017
DtSR FeatureCast - Enfuse Conf 2017 - DFIR Students

Continuing our series recorded live at Enfuse Conference 2017 in Law Vegas, this episode features two USC students who are part of a large contingent here to learn and make connections.

Tatiana and Ayman join us to talk about how they got here, what they are planning for their future along with some general thoughts on DFIR and our industry!



May 24, 2017
DtSR FeatureCast - Enfuse Conf 2017 - Keynote Patrick Dennis

Today, CEO Patrick Dennis joins the Down the Security Rabbithole Podcast right after his keynote to talk about the conference, what's going on at Guidance, and the state of defense.

This is a FeatureCast so we get right to the point in an easy-to-listen format.


Thanks for listening!

May 24, 2017
DtSR FeatureCast - Enfuse Conf 2017 - Preamble

We kick off a week of on-the-scene podcasts live'ish from Enfuse Conference 2017, hosted by Guidance Software in Las Vegas, Nevada with Lori Chavez VP of Corporate Marketing. She is the brains responsible for the amazing conference including speakers, content and everything else.

Lori gives YOU an insider preview of Enfuse 2017, and tells us a little about what we can expect and some history of the conference - and we can't wait to give you MORE!

Stay tuned in all week as we bring you more fantastic content from Enfuse Conference 2017. And as always, use the hashtag #DtSR to talk back to James and I or #EnfuseCon17 to interact with speakers and attendees!

Just for DtSR listeners - we will post a special coupon code for next year's registration... just for listening. Don't miss it later this week!

May 23, 2017
DtSR Episode 246 - Finding and Responding to Badness

This week we are live from Enfuse Conference 2017 in Las Vegas, Nevada.

Special thanks to Guidance Software for having us out and getting us access to a whole host of fantastic speakers.

On this episode Greg Hoglund and Ryan Butterworth of Outlier Security join us to talk about the DFIR space with all it's problems including a shortage of qualified labor and sub-optimal tools. This fantastic discussion wanders all over the DFIR space including the "data problem" and tools, tools, tools.

That tool that Greg mentions, which is free, is right here:



  • Greg Hoglund - Founder and CEO, Outlier Security, Inc.
  • Ryan Butterworth - Principal Software Engineer, Outlier Security, Inc.
May 23, 2017
DtSR Episode 245 - NewsCast for March 16th 2017

Microsoft warns ransomware cyber-attack is a wakeup call

United flight attendant accidentally leaked door codes online

Keylogger discovered preinstalled on some HP laptops

May 16, 2017
DtSR Episode 244 - A Government CISOs Perspective

This week - live and in person from Denver, Colorado and the RMISC Conference I interview Stephen E. Coury the CISO of the County and City of Denver. The conversation leads off with Stephen's journey through cloud computing and weaves through some of the challenges municipalities and city governments are facing. It's a fantastic conversation that is readily applied to both public and private organizations - you need to check this out.

Thanks Stephen for coming out and talking to us!



  • Stephen E. Coury - CISO of the County and City of Denver, CO. 
May 10, 2017
DtSR Episode 243 - NewsCast for May 2nd 2017

Chrome to mark more HTTP pages ‘Not Secure’

  • In October, 2017, all HTTP sites will be marked ‘Not Secure’ while in incognito mode.
    • Incognito mode allows surfing the internet without saving your browsing history.
  • Enterprise:
    • Have you seen any negative feedback from the previous changes to show not secure?
    • Does this change your priority for moving to always HTTPS for all sites?
  • Link:


2017 Verizon DBIR Highlights: Analyzing the Latest Breach Data in 10 Years of Incident Trends


Hacker leaks episodes from Netflix show and threatens other networks




May 02, 2017
DtSR Episode 242 - Management and Leadership

This week the team gets together to talk Management and Leadership in the security industry and in general. Our very own Michael Santarcangelo joins us as our featured guest to dispense knowledge on leadership by the truckload. So grab a cup of coffee, something to take notes and listen in.

Apr 26, 2017
DtSR Episode 241 - NewsCast for April 18th 2017

NewsCast for Tuesday April 18th, 2017


Dallas Tornado Sirens Hijacked


Two Inmates in Ohio Jail Hacked it From the Inside


SWIFT Launches New Anti-Fraud Controls in Wake of Wire Frauds


Huge Adobe Security Update Just Released


Insider Threat - Engineer Arrested for Stealing Code

Apr 18, 2017
DtSR Episode 240 - The Truth About Machine Learning

This week the Down the Security Rabbithole podcast hosts Sven Krasser of CrowdStrike. Sven is an actual machine learning data science expert (as opposed to an "expert") who has been dabbling in machine learning, artificial intelligence and other forms of advanced computational science for a long while before it was popular in security. This week we James and Raf sit him down for 45 or so minutes to discuss the real facts and separate them from the fiction of what machine learning really is and the promise that it may hold for the enterprise security world.

As always, join us, share, and engage our crew using the hashtag #DtSR on Twitter.

We'd like to take a moment to thank Sven and Crowdstrike for the time and expertise to our show.



  • Sven Krasser ( @SvenKrasser ) - Dr. Sven Krasser currently serves as Chief Scientist at CrowdStrike where he leads the machine learning efforts utilizing CrowdStrike’s Big Data information security platform. He has productized machine learning-based systems for over a decade and most recently led the research and development of the first fully machine learning-based anti-malware engine featured on VirusTotal. Dr. Krasser has authored numerous peer-reviewed publications and is co-inventor of more than two dozen patented network and host security technologies.
Apr 11, 2017
DtSR Episode 239 - NewsCast for April 4th 2017

Pew Center Survey Finds Americans Lack Understanding of Cybersecurity Measures


Suspect Charged in USD 100m Whaling Scheme


Google's Android Security 2016 Year in Review Report: Android Security Improving


U.S., U.K. warn airports, nuclear facilities of cyberattacks


Neiman Marcus data breach settlement tells us plenty about the ROI of security

  • We’ve been saying this for a while - proportional security is what’s needed
  • There is no such thing as “secure” - why do many CISOs still push for it?
  • A settlement of $1.6M is likely cheaper than total cost of big security program
  • What would $1.6M spending on security mean?
  • Can you define “good enough” security?


Apr 06, 2017
DtSR Episode 238 - March 2017 Update with Shawn Tuma

This week, on the Down the Security Rabbithole Podcast, Michael and I are back with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from Dallas, breaks down the latest issues that affect Cyber Security and the Law - with that business perspective you've come to expect from our podcast.

As always, we love hearing from you and if you have questions don't hesitate to hit us up on Twitter using hashtag #DtSR or you can always hit up Michael (@catalyst), myself (@Wh1t3Rabbit) or Shawn (@ShawnETuma) directly!

Thanks for listening and spread the word!

Mar 28, 2017
DtSR Episode 237 - NewsCast for March 21st 2017

The Cost of Cybercrime - Let’s Take a Different Perspective

Home Depot to Pay Banks $25 Million in Data Breach Settlement

Survey: Experience Preferred Over Education When Hiring For Cybersecurity

  • The survey of 350 IT security professionals gauged their attitudes toward the skills shortage in cybersecurity. Some 93 percent agreed that experience is more important than qualifications. A further 73 percent claimed that it didn't matter whether IT staff were college graduates when it came to getting the job done.
  • Qualifications are considered degrees and certifications
    • The rub -- and what they didn’t ask -- is how do you assess the experience and capability of professionals to solve the sorts of problems you have?
    • Straight Talk on hiring… check it out.
  • Split results on whether communication or technical skill was more important; hint - it’s communication. You can be the smartest one in the room, but if no one understands you…
    • But it’s also awkward to suggest that you can’t have both good technical and good communication skills. You can. Period.

How Risk Modeling Propels the Cyber Insurance Market Forward





Mar 21, 2017
DtSR Episode 236 - Enterprise Architecture 2017

Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 ( ).

This episode is a revisitation on Enterprise Architecture and it's importance to security with a perspective on enterprise tech stack, business segmentation and micro services in a modern distributed enterprise. Marie-Michelle's experience and extensive insight into the topic should give you something to think about as you go back to your day job in security.


GuestMarie-Michelle Strah ( @CyberSlate ) - Marie-Michelle Strah. PhD is currently Senior Principal in the Enterprise Architecture Group at Infosys Ltd and based in New York City. A highly collaborative, diplomatic and inspiring thought leader Michelle is able to effectively drive business and technology strategy and business insights across corporate boundaries and departmental silos. A seasoned management and technology consultant, she specializes in strategy development, cloud transformation enterprise information modernization and innovation management efforts to drive global growth while minimizing cost and risk in complex organizations. She has PhD from Cornell University, was a Javits Fellow and is a US Army veteran. Connect with Michelle on Skype/Twitter/Instagram/Snapchat @cyberslate |

Mar 14, 2017
DtSR Episode 235 - NewsCast for March 7th 2017

A Note on the Passing of a Legend

Are SysAdmins Violating the CFAA?

Yahoo Board Sends Message That Echoes

Cloud-connected toys

So … AWS S3 Went Dead, You’ll Never Guess Why

Mar 08, 2017
DtSR Episode 234 - Straight Talk on National Security

This week, the interview is extra special because we have a guest I've personally been following for a long while, and I finally got a chance to virtually sit down and talk through his considerable areas of expertise.

I'm pleasured to say we had a chance to sit down virtually with Professor Tom Nichols and talk international affairs, foreign policy and all the important things getting lost in the off-color political arguments lately. These are important issues to cyber security professionals that impact our daily lives - but rarely get discussed by someone with actual, credentialed expertise.

Enjoy this one, friends, I know we did recording it. I want to thank Tom for being an awesome guest and lending his time to our show.

If you want to read Tom's latest book, you can get it on Amazon, link HERE.



  • Tom Nichols ( @RadioFreeTom ): 

    Dr. Thomas M. Nichols is a Professor in the Department of National Security Affairs at the U.S. Naval War College and at the Harvard Extension School, where he worked with the U.S. Air Force to create the program for the Certificate in Nuclear Deterrence Studies. He is a former Secretary of the Navy Fellow, and held the Naval War College's Forrest Sherman Chair of Public Diplomacy. Dr. Nichols was previously the chairman of the Strategy and Policy Department at the Naval War College. Before coming to Newport, he taught international relations and Soviet/Russian affairs at Dartmouth College and Georgetown University.

    Dr. Nichols was personal staff for defense and security affairs in the United States Senate to the late Sen. John Heinz of Pennsylvania, and was a Fellow at the Center for Strategic and International Studies in Washington, DC. He is currently a Senior Associate of the Carnegie Council on Ethics and International Affairs in New York City. He was recently a Fellow in the International Security Program at the John F. Kennedy School at Harvard University.

    He is the author of several books and articles, including Eve of Destruction: The Coming of Age of Preventive War (University of Pennsylvania Press, 2008), and No Use: Nuclear Weapons and U.S. National Security (University of Pennsylvania, 2014). His most recent book, The Death of Expertise: The Campaign Against Established Knowledge and Why It Matters was released by Oxford in 2017.

    Dr. Nichols holds a PhD from Georgetown, an MA from Columbia University, the Certificate of the Harriman Institute for Advanced Study of the Soviet Union at Columbia, and a BA from Boston University.

Mar 01, 2017
DtSR Episode 233 - Reflecting on RSA Conference 2017

This week, fresh on the close of RSA Conference 2017 James, Michael and I discuss the happenings of the conference, lessons, and features along with some inside anecdotes you won't get from anywhere else. Of course, we add our own unique blend of snark and humor - but that's what gets you listening and coming back for more.

We'd like to say a big thank you to everyone who voted for us in the RSA Social Security (Security Bloggers) Awards. We didn't win, but we feel good about the audience we've acquired and will keep working hard to spread the message. So to all of you, thank you.


Let's get on with the show!

Feb 21, 2017
DtSR Episode 232 - Security, Fraud, Digital Payments

This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating discussion, we discuss many of the topics security executives and leaders are talking about right now - but as you have come to expect this is less about 'security' and more about protecting what matters.

We want to thank Neira for taking the time out of her busy schedule to join us on the show, and encourage discussion on the topics we covered - if you listen, and you have an opinion (I know you do) then let's discuss using the hashtag #DtSR on twitter.



  • Neira Jones (@NeiraJones) - Independent Advisor & International Speaker| Payments | Digital Innovation | Information Security | Fraud
    Non-Executive Director, Cognosec
    Chairman, Comcarde
    Chairman Advisory Board, Ensygnia
    Advisory Board Member & Ambassador, Emerging Payments Association
    Partner, Global Cyber Alliance
Feb 15, 2017
DtSR Episode 231 - NewsCast for February 7th 2017

It is that time of year of W-2 Scams


Cops use pacemaker data to charge homeowner with arson, insurance fraud


Facebook rolls out 2FA Hardware

  • A move that goes past SMS. Not the first time we have seen this technique (many sites support Yubikey). What type of adoption will we see?
  • Can we check to see if facebook has stock in hardware key companies?
    • Or what was that selection process like?
  • Enterprise: how does this work in your organization?
    • Do/did you block USB and other methods?
    • Do you block facebook? - by policy or actual?
    • How do you educate people about this?
  • Link:


5 Cybersecurity Tools Your Company Should Have

  • This is aimed at SMBs; as such, not sure these are the right suggestions
  • HOWEVER - most enterprises work with SMBs - how are you helping them level their game up?
  • Which of these can/do you do to help them get where they need to be?
  • How does helping them help you, benefit the industry?
  • Link:


Appeals Court Blocks Target Data Breach Settlement

Feb 08, 2017
DtSR Episode 230 - The IoT You Got for Christmas

On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the finer points of Internet of Things (IoT) security ... or complete lack thereof.

If you own gadgets that are 'connected' or you are ever around them (hint: you're surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017.



Jan 31, 2017
DtSR Episode 229 - NewsCast for January 24th 2017

Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled)



Digital transformation forces businesses to rethink cybersecurity


Mobile is still the safest place for your data


The WhatsApp Backdoor That Isn’t


Organizational complexity is the greatest threat to cybersecurity

  • This article is in a healthcare IT publication, not security - interesting?
  • We know the enemy of security is complexity
  • Why does it feel like security tends to make things complex?


Jan 25, 2017
DtSR Episode 228 - Another Look at Endpoint Security

This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing risk/usability and how some of the things you've heard about endpoint may simply be ... wrong.

Join James and I as we let Paul endow us with his wisdom and experience... take some notes, this one's going to be good.


  • Paul Hershberger - @pjhersh13 - Director IT Global Security Risk and Compliance at The Mosaic Company.
Jan 18, 2017
DtSR Episode 227 - NewsCast for January 10th 2017

St. Jude, MedSec and the FDA


New York financial regulator to delay cyber security rules


Massachusetts makes data breach reports available online


California passes law making ransomware illegal


Online databases dropping like flies, with >10K falling to ransomware groups


TV anchor says live on-air ‘Alexa, order me a dollhouse’ - guess what happens next



  • Appropriate for coverage or do you think just providing a quick mention and the link in the show notes?
Jan 12, 2017
DtSR Episode 226 - Targeted Threats Facts From Fiction

Welcome to the first Down the Security Rabbithole Podcast episode of 2017!

We would like to kick off this year, and the run to episode 250 with an episode that dissects the facts from the fiction on the topic of "Advanced Threats". With all the talk in the news about the Russians "hacking the US election" (yes, that's absolutely silly to call it that) and talk of retaliation, it's important to have a frank discussion on the merits of the concept of advanced threats.

Sit back, grab a coffee and listen. I know you'll want to listen to this one more than once!


If you have a moment, and you actually read the show notes, we would love it if you could give us a rating on iTunes or actually leave a comment on the podcast page. Get engaged on Twitter, using the hashtag #DtSR!


Guest Biography

Sergio Caltagirone hunts evil.  He spends his days hunting hackers and his evenings hunting human traffickers.  After 9 years with the US Government, over 3 years at Microsoft and now at Dragos, Sergio not only hunted the most sophisticated targeted hackers in the world but also applied that intelligence to protect billions of users worldwide and safeguarding civilization through the protection of critical infrastructure and industrial control systems.  He co-created the Diamond Model of Intrusion Analysis proudly helping thousands of others bring more pain to adversaries by strengthening hunters and intelligence analysts. He also proudly serves as the Technical Director of the Global Emancipation Network, a Non-Governmental Organization, leading a world-class all-volunteer team hunting human traffickers and finding their victims through data science and analytics working towards saving tens of millions of lives.

You can find Sergio on Twitter at @cnoanalysis



Jan 03, 2017
DtSR Episode 225 - NewsCast for December 20th 2016

Merry Christmas, Happy New Year everyone!


May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the very best and a healthy, prosperous and fulfilling 2017.

We will be back in 2017 with another great DtSR Episode... but before we go - here's one last NewsCast for 2016.


Yahoo - setting records again - biggest hack ever

Netgear Routers - Simple fix, Difficult fix

Microsoft Patches dangerous backdoor in skype for Mac OSX

Flash being relegated by MS’s Edge browser… is it time?

Dec 20, 2016
DtSR Episode 224 - Pointing the Finger of Responsibility

On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be responsible for patching the devices they own? Is it the vendor who sells the wares? Is it the manufacturer who sells things with security issues?

What if it was everyone's problem? How do we police, legislate and ultimately assign blame? Should we be assigning blame, and more importantly what gives with this fascination for blaming the victim?

Lots of questions are asked and we start to tackle some of the answers...maybe.


Dec 13, 2016
DtSR Episode 223 - NewsCast for December 6th 2016

Federal Government Disproves the Myth of Cyber Talent Shortage

5 Mistakes to Avoid to Hire Qualified Application Security Talent

Obama Cyber Security Commission to [Finally] Present Its Report

  • Seems like lots of fluff. But is there any actual substance here?
  • Protect, defend, and secure today’s information infrastructure and digital networks
  • Innovate and accelerate investment for the security and growth of digital networks and the digital economy
  • Prepare consumers to thrive in a digital age
  • Build cybersecurity workforce capabilities
  •  Better equip government to function effectively and securely in the digital age
  •  Ensure an open, fair, competitive, and secure global digital economy

The First Question Security Leaders Need to Ask Before the Breach Happens

Amazon Unveils Anti-DDoS Service for Customers

  • The company is offering two levels of protection
  • AWS Shield Standard monitors incoming web traffic for customers and uses anomaly algorithms and other analysis techniques to detect malicious traffic in real-time
  • The company also announced AWS Shield Advanced, a version designed to protect against more aggressive and sophisticated attacks
  • This is big news - because DDoS has become an effective tool of cyber extortionists


Dec 06, 2016
DtSR Episode 222 - Zero Trust Security Model

This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's implemented. It's a concept everyone should be familiar with by now - but I bet you aren't!

Join us, and as always provide feedback to the team using the hashtag #DtSR on Twitter, and you can always ping John directly at @Kindervag as well.

Nov 30, 2016
DtSR Episode 221 - NewsCast for Nov 22 2016

DHS Releases Strategic Principles for Securing the Internet of Things

What about the “need” for IoT legislation?

Facebook buys black market passwords to keep your accounts safe

Michael just got back from Boston, hosting a CISO Leadership Conferences. We discuss the trends that came up…  

→ just the trends…

  • Importance of a shared vision between the business and information security
  • Placing a higher value on skillsets vs. specific certifications/experience when seeking team members
  • How to enable the business and minimize asset loss
  • Creating a roadmap and measuring metrics/progress
  • Importance of reputational risk within an organization
  • Educating the board on your roadmap progress and threats, while keeping communication functional
  • Many organizations are placing a higher value on selecting the right cyber insurance
  • Challenges around third party vendor management
Nov 22, 2016
DtSR Episode 220 - Blaming the Breach Victim

This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off the hamster wheel.

As always, #DtSR on Twitter to join in our conversation.

Nov 15, 2016
DtSR Episode 219 - NewsCast for Nov 8th 2016

It is election day.. Have you voted?


Beware, IPhone Users: Fake retail apps are surging before the holidays


Moving Beyond EMET


Tesco Bank blames ‘systematic sophisticated attack’ for account losses

  • Fraud system appears to be working - good
  • ~40,000 accounts affected, ½ of those lost money
  • Tesco is putting funds back, making things right
  • Core banking assets don’t appear compromised, ATMs and such still work
  • Potentially an issue with website, fixable

Google Discloses “Critical Flaw” in Microsoft OS 10 Days After Notifying

Nov 08, 2016
DtSR Episode 218 - The Business of Security

This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are running their criminal enterprise, security teams have struggled to be business-relevant. This discussion starts to dive into how to align security and business goals, answering the "how much is enough?" question and so much more.

Thanks to Chad for joining us. We encourage you to ask questions and leave comments here in the comments section or on Twitter at #DtSR. You can talk to Chad directly at @cboeckm on Twitter.

Nov 01, 2016
DtSR Episode 217 - NewsCast for October 25th 2016

The Massive DDoS That Hit Dyn.Org

Verizon Reviewing Terms of Yahoo Deal As Revenue Slides

Passwords - We’re Still Giving Out Horrible Advice

St. Jude Medical to Create Cybersecurity Advisory Board; Muddy Waters Releases More Vulnerability Allegations

Oct 25, 2016
DtSR Episode 216 - Why Software Insecurity is Still a Thing

This week, #DtSR takes a trip down Software Security lane or as some call it "How are we still writing code with bugs that we found relatively concrete fixes for in the late 90's?" (I may have been watching too many John Oliver episodes...)


Jeff Williams ( @Planetlevel ) and Tyler Shields ( @txs ) join me to talk this topic over from where we've been, to what we're doing now, to what the solution to this mess will be one day in the future. It's an interesting conversation that should stir up some emotion if you've been in AppSec or software security as there really are no docile opinions on this topic (or many others in security, unfortunately).


Plug in, listen and enjoy.

Oct 19, 2016
DtSR Episode 215 - NewsCast for October 11th 2016

‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests


Our insulin pumps could be hacked, warns Johnson & Johnson


FBI arrests NSA contractor who stole sensitive data


Oct 11, 2016
DtSR Episode 214 - Financial Impact of Breaches

Grab a cup of coffee, jack in your earphones and listen up.

DtSR Episode 214 is addressing the issue of breaches, and their material financial impact to an organization.

The premise is simple - when you have a breach, are you going to see massive stock price drop, client exodus and so on? We sit down with legal expert and DtSR regular Shawn Tuma and researcher Jon Nichols to talk this through with James, Michael and yours truly.


Check this episode out. It may sting a bit, but once you come to grips with its reality - the world looks a little different.

Oct 04, 2016
DtSR Episode 213 - NewsCast for September 27th 2016

Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If you’re up to discuss with me - I’ll offer a brief overview and then a “setup for Straight Talk”  review to explore how to get you started. It’s a real offer because I know we’ll both learn. And then I’ll get a better sense of where to focus and how to help more people in our industry.

Note on yahoo: we’ll talk to Shawn later


How are Healthcare Data Breach Victims Affected by Attacks?

  • It opens with some hype: “Healthcare cybersecurity attacks are much more prevalent and common because the industry typically has weaker approaches to data security, states”
  • What’s to like? Maybe? → someone is working to explore the potential actual harm from breaches
  • This article, however, is just an attack
  • Why it matters? People read this stuff. They reinforce it. Fiction becomes fact because it gets repeated so much

We're told data breaches cost millions on average - but this security study disagrees

NIST launches self-assessment tool for cybersecurity


  • Boosters say the document will help specialists explain the importance of cybersecurity to the company's bottom line — the "holy grail" of business cybersecurity. But some critics have questioned how useful it will be to smaller companies.
  • “NIST Cybersecurity Framework — a document that catalogues the five areas of cybersecurity every company needs to know: identify, protect, detect, respond and recover.”  
  • I like these five. Need to check out the process itself.
  • It’s open for comment. Personally, I’d love to hear from our audience
    • Using the NIST framework?
    • Checking out the tool?
    • Planning to make comments?


House to vote on cyber bill for small businesses

Sep 27, 2016
DtSR Episode 212 - Insider Threat Primer

In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.

Mike has loads of nuggets of wisdom from his experience and we're certain that if you're a seasoned insider threat professional, or just thinking about the topic and wondering if you can do anything to protect your company - this show will be a good primer for furthering your discussion and learning.

Listen in, comment and share with your colleagues! Our show is always safe for the office and educational.


Talk back! Use our Twitter hashtag #DtSR to discuss this episode, ask questions, or suggest other topics or guests for the future!

Sep 20, 2016
DtSR Episode 211 - NewsCast for Sept 13th 2016

Chrome to label more sites as insecure in 2017

A USB Device is all it takes to steal credentials from locked PCs

DHS chief: 'Very difficult' for hackers to skew vote

  • Link:
    • Instead of dismissing the claim, let’s explore the merits
    • Then let’s consider what, if anything, it means for enterprise security
  • “It would be very difficult through any sort of cyber intrusion to alter the ballot count, simply because it is so decentralized and so vast,” he said, noting the series of state, local and county systems involved in running elections. “It would be very difficult to alter the count.”
    • Decentralized and vast - the merits
    • How many companies make the systems - so is it as decentralized as we’d like
    • How much of what you do in the enterprise is decentralized?
    • What are your points of failure - or the easy pathways to attack?
  • If someone did alter the vote… would we know? How would we know?
  • What’s the impact of appearing to alter the vote?
  • Depending on your organization… how would you handle the same sort of situation? How would you convey confidence to the executives and board?

Big business worried more about data loss than hackers – survey

  • Link:
  • This might feel like a “surprise” or a “shake your head” moment; but maybe it’s a signal of where we need to focus
  • If you’re in the enterprise, where (and how) would you rank the concerns?
  • What is the impact from data loss? Relative to a “breach” 
  • And then note: “But 15% of the companies Wells Fargo surveyed don’t require any employee training on cyber security, according to the report.”
    • That’s because the industry still botches this; 
    • I’m finally going to write up a series on this - and I’ll time it for October - make something productive out of security awareness month
  • Overall, this signals a need to seek better alignment with the executives and board; might I say… you need some straight talk

Obama Names Retired Air Force General as First Federal CISO

  • Link:
  • Position so broad… is it even useful?
  • Some notes of interest
  • General Officer (1 star)
  • Among Touhill's past positions was a 2-year stint as CIO and director of C4 systems, the nation's military transportation combatant command. 
  • He also served for nearly 1½ years as CIO and director for communications and information for the air mobility command. He retired from the Air Force in 2005 after nearly 22 years of service.
    • Reports to Federal CIO -- based in White House Office of Management & Budget
    • So they see this as a tech play only?
  • “ the blog, say Touhill will leverage his considerable experience in managing a range of complex and diverse technical solutions with his strong knowledge of civilian and military best practices, capabilities and human capital training, development and retention strategies.”
    • So basically… we have no idea what he’s doing or why
    • Only has 4 months
    • Window dressing?
Sep 15, 2016
DtSR Episode 210 - Data Protection Primer

In this episode James and I invite Vlad Klasnja from Optiv's Office of the CISO, and Hudson Harris, Chief Privacy Officer at HarrisLOGIC, to talk about data protection. From defining the concept to providing some insight into how we can actually protect confidential information - we talk through a lot of complex issues in this segment. Join us!



  • Hudson Harris - Chief Privacy Officer at HarrisLOGIC
  • Vlad Klasnja - Data Protection and Privacy Manager at Optiv
Sep 07, 2016
DtSR Episode 209 - NewsCast for August 29th 2016

NewsCast for Tuesday August 30th, 2016


Clinic Won’t pay breach protection for victims

California Bill would add security standards to data breach law

St. Jude stock shorted on heart device hacking fears

A Temperature-check on the state of application security

Important Apple patch for ‘Trident’

Aug 30, 2016
DtSR Episode 208 - Beyond the Ransomware Economy

This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk through the sudden popularity of the attack vector, the way the underground "criminal enterprise" has scaled and grown and the future of being a bad guy.

If you have occasion to talk to your organization's leadership on the ransomware epidemic, you need to listen to this podcast first.

Aug 23, 2016
DtSR Episode 207 - NewsCast for August 16th 2016

Quick note from Michael about the Straight Talk Framework & Program -- >

  • Get your free copy at
  • Launched a new program last week… boy, did I learn a lot.
    • Mostly, it’s my failure to explain. I’m going to chronicle some of the lessons over the next few days and share them
    • If you’ve already downloaded the questions - I’d love to chat with you about your experience…
    • If you find yourself in a situation like this, let’s chat. 25 minutes on the phone and we’ll both benefit
  • Until Monday, August 22nd, chance to get on board early and benefit yourself; i’ve got a lot to share this week and into the future. We’re at the start of something big!

Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?

The Future Of ATM Hacking

  • We didn’t have a problem, but we went ahead with the solution. Looking back on it, imagine some straight talk on this fiasco?
  • Yes, I realize some of you like the elegance of chip + pin; do you like the UX? Because it sucks. And if you lament the mag stripe, does that mean you stopped using a terrestrial radio, too?
  • Our need as leaders - in the enterprise and across the industry - is to focus limited energy and assets on the areas that create the most value

Apple will reward hackers with "bug bounty" to find flaws

  • The more we press on it, the more that we understand bug bounties and the like are just externally sourced (on spec) testing.
  • If you caught our last interview, we continued to explore the distinctions between research and testing; and rest assured, we’ll continue. When it comes to bug bounties, then, how does Apple do relative to structuring the deal of testing their software and devices?

Turbulence Ahead: Delta Computer Outage Is Just The Start, Say Experts

Risk vs reward – when good data becomes dangerous

Chief Security Officer May Be The Job Of The Future That No One Wants

Aug 18, 2016
DtSR Episode 206 - Vulnerabilities, Disclosure, Ethics, Research and Security

In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk through our industry's obsession with vulnerabilities, dive headlong into the thorny issue of security research, talk through the various issues with disclosure and even delve into some ethics issues.

This episode is content-packed with some content that you will likely want to talk to us about. So here's how to find us:

Steve on Twitter: @SushiDude

Hashtag for the show: #DtSR


Steve's Bio (from LinkedIn -

Editor / Technical Lead for the Common Vulnerabilities and Exposures (CVE) project; Technical Lead for the Common Weakness Enumeration (CWE); co-author of the "Responsible Vulnerability Disclosure Process" IETF draft with Chris Wysopal in 2002; participant in Common Vulnerability Scoring System (CVSS) and NIST's Static Analysis Tool Exposition (SATE). My primary interests include secure software development and testing, understanding the strengths and limitations of automated code analysis tools, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research.

Specialties: Vulnerability research, vulnerability management, software security.

Aug 10, 2016
DtSR Episode 205 - NewsCast for August 2nd 2016

Quick note from Michael about the Straight Talk Framework -- >

  • I’ve separated the framework from the programs; the framework is free and available for download from my website. More on the way!
  • To support both the framework and the programs, I’ve just finished a video that introduces the 5 questions; I have an optional workbook available and make a special offer at the end of the video
  • I’m about to launch an online offering… stay tuned for details


$2.7 Million HIPAA Penalty For Two Smaller Breaches

Is the GOP seriously considering endorsing vigilante hacking?!

NIST declares the age of SMS based 2-factor authentication over

The ninth circuit holds that accessing a website after receiving a cease and desist order does violate CFAA

A “famed hacker” is Grading Thousands of programs

Aug 06, 2016
DtSR Episode 204 - On Changing Culture

This week, Chris Romeo joins Michael, James and I to talk about changing the security posture of an organization by changing culture. This episode talks through tough issues like incentives, measurements and success factors. This episode with Chris is of particular interest for leaders and those who are working hard to change companies at their core, for the long term.


Chris Romeo's bio:

Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring application security awareness to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Secure Development Life Cycle program, empowering engineers to "build security in" to all products at Cisco. He led the creation of Cisco’s internal, end-to-end application security awareness program launched in 2012. Chris has twenty years of experience in security, holding positions in application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP certifications, and is a frequent conference speaker at RSA and AppSec.

Jul 26, 2016
DtSR Episode 203 - NewsCast for July 19th 2016

Ransomware that's 100% pure JavaScript? Sort of...

Researchers have come up with a 'cure' for ransomware

The government has officially issued a 'fact sheet' on randomware

Pokemon Go! - a neat idea with big issues potentially

FDIC hacked but covered it up, didn't report

The Fiat/Chrysler bug bounty program


Jul 19, 2016
DtSR Episode 202 - Outsourced but Better

This week on the Down the Security Rabbithole podcast, Brandon Dunlap is back for his second show. Following up on Episode 158 where we discussed outsourced security, this time around we talk through the next iteration of what "Managed Security" and outsourcing means to security.

You're not going to want to miss this episode!

As always, hit up our hashtag on Twitter at #DtSR and you can find Brandon on Twitter as well at @bsdunlap if you want to talk to him directly.

Jul 12, 2016
DtSR Episode 200 - Privacy, Security, Risk and Law Collide

** Our 200th numbered episode! **


A note from Raf:

 Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our podcast. We are absolutely floored with the support and listenership we've received. The average show now gets just under 2,500 downloads when released in the first week, and that number goes up every week. So from the bottom of my heart, I humbly thank you and hope you'll continue to listen, share, and comment.

This week's episode is titled "Privacy, Security, Risk and Law Collide" as we host Dr. Chris Pierson and our recurring legal eagle from the great state of Texas, Shawn Tuma. If you don't have Shawn added on Twitter, you should go follow him right now.

In this week's episode we discuss the increasingly overlapping world of what was once "IT security" which has now started coming together with privacy, risk and law. Chris is uniquely poised to talk on the subject, as you will hear his credentials speak for themselves. You'll want to get comfortable, pay attention, and give this episode a careful listen as we take you down the security rabbithole for the 200th time.



  • Dr. Chris Pierson, CSO and General Counsel, Viewpost

    Dr. Chris Pierson is the EVP, Chief Security Officer & General Counsel for Viewpost. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute.  Previously, Chris was the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s U.S. banking operations leading its privacy and data protection program.  Chris was also a corporate attorney for Lewis and Roca where he established it’s Cybersecurity Practice representing companies on security and data breach matters. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and gives keynotes/speaks at national events and is frequently quoted on cybersecurity.

Jun 28, 2016
DtSR Episode 199 - NewsCast for June 21st 2016

In this episode..


The "Nuclear Bomb" analogy isn't working, stop using it"

  • This is important with respect to how security people talk to real-life issues
  • Here is another example:


iOS apps will require secure https connections by 2017


Inside Sierra: How apple watch “auto unlock” will let you jump straight into MacOS


FICO to Offer 'Enterprise Security Scores'


Why don't banks care more about credit card security?


Cisco launches $10 million scholarship to tackle cybersecurity talent shortage

Jun 21, 2016
DtSR Episode 198 - What Legal Counsel Wishes CISOs Knew

On this episode of the Down the Security Rabbithole podcast, Dawn-Marie Hutchinson, currently an Executive Director within the Optiv Office of the CISO joins us and we talk about the things that she's learned over her career working with legal counsel, CISOs and solving problems. A fantastic episode with lessons learned, and executive leadership crammed into less than an hour. Give it a listen!


Find Rie on Twitter at @CISO_Advantage


UPDATE: Thanks to Sean Jackson (@74rku5) who has hand-transcribed the show. I haven't read this, personally, so if there if he slipped any humor I can't be held accountable!


Jun 14, 2016
DtSR Episode 197 - NewsCast for June 7th 2016

In this episode...



Are people "going offline" as a result of increasing dangers of the Internet?


"Sandjacking" allows attackers to install evil iOS apps

  • IF that attacker is physically holding your device
  • AND your device is unlocked
  • AND it takes a while because you have to backup, and restore a phone ... one app at a time
  • SO this isn't something you do to infiltrate someone's phone while they walk away for a few minutes to the restroom
  • Cool trick bro, but where on the spectrum of critical things does this fall?
  • The technique is called "Su-A-Cyder" ... awful name, lose points


Dropbox takes heat for a breach, that wasn't their breach


Lenovo's asking people to uninstall it's bloatware "Accelerator" app

Jun 07, 2016
DtSR Episode 196 - Jason Witty

On this episode of the Down the Security Rabbithole podcast, I get the pleasure of sitting down with one of my all-time favorite Chief Security Executives, Mr. Jason Witty. He's had a long career of successful security leadership, and in this podcast he sits down with us to talk about risk, threats and words we often confuse.

You're not going to want to miss this episode.

May 31, 2016
DtSR Episode 195 - NewsCast for May 24th 2016

This week the gang's all here to talk about some news happenings. Michael, James and I talk through some of the stories we've been tracking.

Have something you've been reading and want to talk about? Hit us on Twitter with hashtag #DtSR and suggest a topic/story for the next NewsCast!


Tennessee Amends Breach Notification Statute

FFIEC’s New Mobile Security Guidance: An Assessment

Software “glitch” kills Formula1 car mid-race

LinkedIn plays down 117 million user breach of data sale

May 24, 2016
DtSR Episode 194 - Update on Cyberlaw w Shawn Tuma

In this episode...


Michael and I welcome back Shawn Tuma, our resident Cyber Law Expert from the great state of Texas. We discuss some of the recent cases (unlocking an iPhone!) and some of the tough issues facing the court systems today. Shawn provides insights into the use of the finger (not joking) and some amusing and frustrating aspects of cyber law as the courts continue to evolve. Join us!

May 17, 2016
DtSR Episode 193 - NewsCast for May 10th, 2016

In this episode..


ImageTragick - major flaw in open source image processing toolkit

Detroit company loses $495k to wire fraud

The Ransomware Epidemic (Optiv blog)

Undetectable flaw in Qualcomm-powered Android phones is a huge deal

White Hat hacker sent to the clink for going too far

May 10, 2016
DtSR Episode 192 - Healthcare and Critical Infrastructure Security

In this episode...

Join our guest Larry Whiteside, Michael and I as we record live from InfoSec World 2016 in sunny Orlando, Florida! We talk through the life of a CISO, and the challenges of being in the Healthcare and Critical Infrastructure spaces and the similarities and differences. Larry has had a very diverse and successful career leading some of the most challenging organizations, so we dig into some of the things he's faced, how he's addressed some of those bigger leadership-level challenges, and just the mess that healthcare and critical infrastructure are in right now.


Don't miss this episode!



Note: I'm blessed with being able to work with Larry on a daily basis at Optiv. I highly encourage you to listen to this podcast and share with your friends and colleagues in the healthcare and critical infrastructure space.

May 04, 2016
DtSR Episode 191 - NewsCast for April 26th 2016

In this episode...

Only about a third of companies know how many vendors access their systems

No firewall, second-hand $10 routers are to blame for Bengladesh bank heist

Jim McKelvey's Launchcode is helping unconventional tech talent

  • internal mentorships could be the key
  • who out there is doing this, talk back to us using hashtag #DtSR on Twitter

The Simpson's math secret is the key to better security ... ?


Apr 26, 2016
DtSR Episode 190 - Interview with Lance James

In this episode, James, Michael and I are live from InfoSec World 2016 and we get the pleasure of interviewing Lance James fresh off the keynote stage. In this intimate, fast-paced and bold interview we talk through some of the challenges InfoSec is facing today, and where Lance believes we should be going.


If you haven't been to InfoSec World, we highly recommend going next year. The content team continues to provide a solid mix of technical, managerial and transitioning information security speakers. Make sure you have this one on your calendar for next year, and being the family!

Apr 20, 2016
DtSR Episode 189 - NewsCast for April 12th 2016

In this episode...


Pros examine mossack-fonseca breach: Wordpress plugin, Drupal likely suspects

WordPress pushes free https encryption for all hosted sites

If you can't break crypto, break the client

Executives - "We're not responsible for cyber security"


Apr 12, 2016
DtSR Episode 188 - Security Talent Truths

Intro song: "Josh Gabriel - Deep Down"; Intro/Outro v/o courtesy of @ToddHaverkos

Apr 05, 2016
DtSR Episode 187 - NewsCast for March 29th, 2016

In this episode...


Mar 29, 2016
DtSR Episode 186 - Becoming a CISO

In this episode


I posed some questions to Joey, an InfoSec professional who had recently moved into a CISO role in a midwest retail company:

  • Let's talk a little bit about the background you had before walking into your first day as a CISO...
  • How long have you been in your role, and what do you think "so far"?
  • What do you think were the biggest lessons you've learned in your time as a new CISO?
  • What do you make of all the talk about CISO burn-out rates, and the average tenure of a CISO being less than 2 years?
  • What do you see as the role of the CISO in today's business climate?
  • How do you work with other IT leadership, and executive leadership to make your mark and do your job?
  • From your experience, what do you think someone who is taking a new CISO role, or thinking about doing so, should know?
Mar 22, 2016
DtSR Episode 185 - NewsCast for March 15th 2016

In this episode...


The FTC is getting into providing guidance on password changes


Dwolla hit by CFPB and fined $100,000

  • Who is the CFPB (Consumer Finance Protection Bureau)?
  • This opening sentence is crucial: "The Consumer Financial Protection Bureau (Bureau) has reviewed certain acts and practices of Dwolla, Inc. (Respondent, as defined below) and has identified the following law violations: deceptive acts and practices relating to false representations regarding Respondent’s data-security practices in violation of Sections 1031(a) and 1036(a)(1) of the Consumer Financial Protection Act of 2010 (CFPA), 12 U.S.C. §§ 5531(a), 5536(a)(1)"


FTC To Study Credit Card Industry Data Security Auditing


Bengladesh bank hackers steal ~$100M

Mar 21, 2016
DtSR Episode 184 - A CISO Post-RSA WrapUp

In this episode, we wind down from RSA Conference 2016 and talk with Jonathan and Michael, both security executives and leaders at their respective companies whom were both out at RSA Conf and share with us some of their insights, lessons learned, and discuss some of the more interesting topics.


Join James and I for an informative, insightful, and slightly unnerving conversation about the state of our industry. If you missed RSA Conference (or even if you were out there but wish you weren't) this is one you're going to want to listen to at least once.

Mar 16, 2016
DtSR Episode 183 - NewsCast for March 1st 2016

This is RSA Conference week, so while Rafal is out in San Francisco trying to make it through another one, James and Michael break down the news events that you may have missed.


300,000 Homes affected by security alarm bug


82 Percent of company boards are concerned about security


See something suspicious online, Homeland Security wants to know about it


Antivirus update breaks Internet browsing due to glitch

  • Apparently, update blocks getting to many internet sites due to flagging javascript as virus
  • We have seen this many times before.
  • What to consider:
    • Do you have a plan to handle this type of situation in your business?
    • Do you understand your model to identify the potential risks to then consider response plans?

Hospital pays $17,000 ransom after crooks hold data hostage

Mar 01, 2016
DtSR Episode 182 - Apple Versus the FBI

In this episode...

  • Michael and I moderate what turns out to be an expert-filled panel discussion on the real issues of the Apple vs FBI debate
  • Shawn Tuma, our favorite cyber attorney, provides expert insights into the statutes, laws and applicable legislation in this case
  • Dave Kennedy, Von Welch and Gary bring their technical expertise and background to discuss the issues from a technology and policy perspective

We think this is one of those landmark podcast episodes you'll want to listen to a few times. Lots of interesting content here, and we encourage you to share!


Don't forget, #DtSR on Twitter!

Feb 23, 2016
DtSR Episode 181 - NewsCast for Feb 16 2016

In this episode


Class action lawsuit against SuperValu dismissed

Nieman Marcus - breached again (with another lesson this time)

  • So is it official, not having MFA is weak authentication?
  • Is someone accessing accounts through the web interface with stolen passwords a “breach”?
  • Encryption would have done nothing to save any of this information as it was accessed through the interface.
  • Did they have account lockout?  What's the rest of the story here?

Hacker steals and releases information on 30,000 FBI and DHS employees

Hacked toy company tries a different tactic


Feb 16, 2016
DtSR Episode 180 - From the CISO Perspective

In this episode...

  • Andrew discusses a few of the key challenges making it difficult for the healthcare sector right now
  • Robb, Andrew and Raf discuss the importance of identity in the corporate environment
  • Robb and Andrew give some of their wisdom for the successes and failures of CISOs (and the broader security industry)
  • We discuss the technical vs executive CISO approach (which is better?)
  • Robb and Andrew provide some unfiltered advice for CISOs and those who want to become them


  • Robb Reck ( @RobbReck ) - Chief Information Security Officer at Ping Identity, contributor to ISSA Denver with a long history as a successful security executive and leader.
  • Andrew Labbo - Drew is the CISO at Denver Health and Hospital Authority and is the owner and principal of RMHG, which offers HIPAA consulting and HIPAA advisory services. Drew has over 15 years’ experience with information security and technology and over 10 years’ experience as a Privacy and Data Security Officer. He is an expert on HIPAA Privacy and Security Rule regulations as well as HITECH and Omnibus regulatory updates. Drew’s recommendations are guided by his education in health administration and experience and leadership integrating privacy and security controls with health information technology infrastructure and applications, as well as treatment, payment, operations, and human subjects research workflows and processes.
Feb 09, 2016
DtSR Episode 179 - NewsCast for Feb 2nd 2016

In this episode


Employees may face penalties if they misinterpret security policies?

New lawsuit filed blaming Twitter for ISIS attack

SCADA/ICS make incident response more complicated

Only in NYC: Dept of Consumer Affairs warns parents of baby monitor hacks


Feb 02, 2016
DtSR Episode 178 - What Will Get Us There

In this episode

  • What goes us here - so where are we?
  • Where do we go, and how? (addressing stunt hacking)
  • We discuss how we can influence outcomes, without hand waving and endangering lives
  • What about truly understanding risk, versus ‘security stuff’?
  • Michael breaks out the “risk catnip”
  • Raf asks Haroon - “What are the 2-3 things security does right now, that we should just quit?”
  • We discuss some of the breakers that are turning into builders, and implications
  • With the rate of bad vastly outpacing the rate of good - what’s the solution?


  • Haroon Meer ( @haroonmeer- Haroon is an internationally acclaimed long-time industry insider and is working hard to change the "how we've always done it" dynamics. His talk "What got us here, won't get us there" is now world famous. He works over at Thinkst and does some pretty amazing things you should check out.
Jan 26, 2016
DtSR Episode 177 - NewsCast for January 19th, 2016

In this episode

FTC imposes a $250,000 fine for "false advertising" of encryption

NY wants to ban encrypted smart phone sales

Las Vegas casino is suing cybersecurity firm over "woefully inadequate" work

  • Are there ethical implications here of a competitor defining negligence?
  • Burden of proof is on casino to prove "woefully inadequate" - but against what standard?
  • Does this ultimately raise quality, price or both for IR services?

The FDA issues draft guidance of security guidelines

OpenSSH bug found, fixed

Jan 19, 2016
DtSR Episode 176 - 2015 InfoSec Legal Review

We open up our 2016 year interviewing Shawn Tuma on the show. Shawn is our legal eagle, and a regular contributor to the podcast. This episode ran a little bit long (OK a lot long) but I think you'll enjoy the show... 


In this episode...

  • Most important cybersecurity-related legal developments of 2015
    • Tectonic Shift that occurred with “standing” in consumer data breach claims
      • Discussion of law prior to Neiman Marcus case, and post Neiman Marcus
      • Does this now apply to all consumer data breach cases?
      • Immediate impact? Companies now liable?
      • Lesson is in seeing the trend and how incrementalism works
  • Regulatory Trends
    • FTC & SEC gave hints in 2014, post-emergence of Target details
    • Wyndham challenged authority – came to fruition in August 2015
    • SEC not far behind – significant case in September 2015
    • Aggressiveness of FTC is substantial – FTC v. LabMD … all over LimeWire
  • Officer & Director Liability
    • 2014 – SEC Comm. fired the warning shot … pointed the finger
    • Shareholder derivative litigation
    • Individual liability of IT / Compliance / Privacy “officers”
  • Major 2016 Legal Trends
    • Regulatory enforcement … which, by the way, is why NIST is becoming default
    • Shareholder Derivative – much more likely than consumer class actions at this time
    • Lessons from both of these: when you need to persuade the “money folks” that they need to act, mention D&O Liability (especially Caremark) and Regulatory focus on individuals … now they're in the cross-hairs
    • Realization that cybersecurity is more of a legal issue than anything else (IT or business) b/c it is the legal requirements and consequences that ultimately drive everything
Jan 13, 2016
DtSR Episode 175 - NewsCast for January 5th 2016

In this episode...


Juniper has a backdoor problem

Iranians broke into New York dam in 2013 and “had a look around”


Facebook announced it’s dumping Adobe Flash


191 Million US voter records found ‘unprotected’ by a researcher


PayPal rolls out the welcome mat for hackers


PCI Council extends encryption deadline

Jan 05, 2016
DtSR Episode 174 - Health Check on Healthcare InfoSec

In this episode...

  • We discuss what in the world is going on in the healthcare space, and why they’re such a target for attackers
  • Dustin discusses why the explosion in digitalization in health care is both amazing and terrifying
  • We discuss future-proofing “smart” healthcare
  • I stumble on “the fundamentals”
  • Dustin discusses the security of “data analytics” in the healthcare space
  • I ask how we can make health care professionals better security people, without making them security people
  • I ask Dustin what the healthcare industry should be doing, going forward into 2016


  • "Dustin" is a progressive CISO at a Fortune 250 Healthcare organization
Dec 28, 2015
DtSR Episode 173 - NewsCast for December 14th 2015

In this episode...

  1. Vizio is getting sued, over data their TVs collect?
  2. Wyndham settles (caves to) the FTC
  3. The US Federal Bureau of Investigation (FBI) admits to using 0day vulnerabilities
  4. Google introduces DLP into Google Apps
  5. Black boxes on ships can be hacked
Dec 14, 2015
DtSR Episode 172 - The Truth on Cyber Insurance

Thanks for joining us! This is a very important episode with true experts on the topic of cyber insurance. I was lucky enough to get an attorney and a VP of an insurance firm who specialize in the topic and their depth of knowledge and candor may shock you.

The net is that cyber insurance is a positive for our industry.


In this episode..


  • Eran says that if you don’t do good security, the courts will frown down upon that
  • Keith tells us why insurance covers security, but it does not cover negligence
  • We start back on the discussion on the importance of knowing your critical assets
  • Keith discusses why the insurance market is essentially a mirror of your program
  • Eran talks about how his team dissect and investigate breaches to improve understanding
  • Keith and Eran discuss how the process of buying cyber insurance can actually lead to improved security


Dec 07, 2015
DtSR Episode 171 - When the FTC Attacks

In this episode

I interview Mike Daugherty - author of The Devil Inside the Beltway [ link] live from the Security Advisor Alliance first-ever Summit in Dallas, TX. Mike was kind enough to sit down with me (twice, thanks to a tech failure) and tell his absolutely surreal story of what happened to him, his company at the hands of what can only be described as an insane situation.

If you own a business, or manage a business, or work in enterprise -- you need to hear Mike's story. If it wasn't documented and video recorded, you'd never believe it's true.

Truth be told, I've been a supporter of the FTC as an advocate for the victims of breaches - the person who's information is stolen. After hearing Mike's story... I have had my mind completely changed.

Nov 30, 2015
DtSR Episode 170 - Minneapolis CISO Summit Roundtable 1

In this episode

  • We start a constructive discussion addressing the problem of the ‘talent shortage’
  • The panel discusses the general lack of understanding of the big picture challenge from both sides: business and security
  • The panel discusses basic security issues in an expanding ecosystem of Internet connected things
  • The panel discusses some real potential solutions to our talent issue



Nov 23, 2015
DtSR Episode 169 - NewsCast for November 16th 2015

In this episode...

Nov 16, 2015
DtSR Episode 168 - Practical Enterprise Threat Intelligence

In this episode

  • Rob & Liam discuss the practical applications of threat intelligence for today's enterprise
  • We discuss what enterprise threat intelligence really is (and also what it isn't)
  • We discuss the place of feeds, tools, processes and people in the mechanics of the program
  • We discuss the need to conduct a program-based intelligence approach for the enterprise


  • Liam Randall ( @hectaman ) - With a career spanning 20 years, Liam Randall has worked at every level of the information systems pipeline- from building and operating large networks, developing and maintaining large 100M+ e-commerce solutions, to designing and implementing global network security monitoring sensor grids. A frequent speaker and trainer at security conferences Liam has trained over 1000 students on advanced incident response with a focus on leveraging the open source Bro Platform. 
  • Robert M. Lee ( @RobertMLee ) - Robert M. Lee is the founder and CEO at Dragos Security LLC where he helped design and build CyberLens - a cyber situational awareness software tool for critical infrastructure networks. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year.
Nov 09, 2015
DtSR Episode 167 - NewsCast for Nov 2nd 2015

In this episode...

Nov 02, 2015
DtSR Episode 166 - Cyber Security From Board Room to White House

In this episode...

  • Raf sits down with Howard Shmidt to talk about Cyber Security from the public to private sectors and everything in between.
  • Howard & Raf talk through challenges of cyber security in the board room
  • Howard gives us some of the challenges that government faces, from his experience
  • Don't miss this episode!



  • Howard A. Schmidt ( @HowardAS ) - Former Supervisory Special Agent,Director of Computer Crime and Information Warfare, AF OSI, Former CSO Microsoft Corp. Former Chairman of White House Critical Infrastructure Protection Board, VP, CISO eBay Inc. Special Agent, US Army CID (Reserves). Law Enforcement Officer Chandler Police Department, AZ
Oct 26, 2015
DtSR Episode 165 - NewsCast for October 19th, 2015

In this episode...

Oct 19, 2015
DtSR Episode 164 - 3rd Party and Supply Chain Risks

In this episode...


  • Josh Douglas - CTO for Raytheon Cyber Products – has nearly two decades of experience in helping global enterprises and government agencies secure their most prized business/mission assets. During his past 9 years at Raytheon, he has overseen Raytheon’s Cyber Security Intelligence Operations, Malware Concepts, Security Infrastructure Operations and Research Technologies tasked to produce effective forward-looking cyber software solutions to contain and control advanced threats. These solutions are used to help commercial and government entities protect their enterprises and the global cyber supply chain from ever-changing advanced persistent threats and malware.

    Prior to joining Raytheon, Joshua has a successful track record in network security operations and engineering management positions, securing enterprise environments while promoting contextual response. Prior employers include Enterasys Networks, Kronos, Genuity, MIT Lincoln Laboratory and other prominent enterprises. Joshua earned a Bachelor of Science Degree in Computer Science from Appalachian State University and currently holds a number of technical computer and network security certifications. LinkedIn:
Oct 12, 2015
DtSR Episode 163 - NewsCast for October 5th, 2015

In this episode...

Oct 05, 2015
DtSR Episode 162 - OSINT and Privacy in a Digital World

In this episode...

  • Kirby tells us what OSINT is
  • We discuss how much we are giving away on digital channels?
  • We discuss if there is such a thing as anonymity anymore
  • Location sharing in apps — the bad, the ugly, the scary
  • Kirby and Michael discuss “checking up on your executives”
  • Raf talks about “logo pages” — why do these still exist?!
  • Kirby gives us some thoughts on OPSEC
  • Kirby leaves us with a dose of reality about privacy in today’s world



  • Kirby Plessas ( @kirbstr ) - Kirby is the CEO of Plessas Experts Network, Inc. She did some things before this too, but we can't tell you about them or we'd have to black-bag you and send you to Gitmo. You can get her LinkedIn bio here:
Sep 28, 2015
DtSR Episode 161 - NewsCast for Sept 21st, 2015

On this episode of the NewsCast

Sep 21, 2015
DtSR Episode 160 - Leadership from a Navy SEAL

In this episode...

  • Brandon, Michael and I discuss the challenges of leadership and how leadership is more than just telling people what to do. Brandon gives us some of his back-stories and anecdotes to illustrate his points on leadership along the way.
  • I promise you'll love this episode, and I highly encourage you to go donate what you're able to, to Red Circle Foundation (


  • Brandon Webb ( @BrandonTWebb ) - Brandon is a former Navy SEAL, bestselling author and CEO of Force12 Media. He founded Red Circle Foundation as a way to give back to the families of the Special Ops community in a meaningful way.


Sep 14, 2015
DtSR Episode 159 - NewsCast for Sept 7th 2015

In this episode

Sep 07, 2015
DtSR MicroCast 08 - Conference Engagement

In this MicroCast, live from HTCIA Conference 2015 in Orlando, FL, Michael and I quickly set the stage for a conversation on conference speaker/attendee engagement. 

[Raf] One of my biggest pet peeves as a speaker is getting a room-full of people who watch (and listen) me speak, wait for me to finish, and leave when I'm done.

[Michael] As an attendee, you need to know what you "do" and what you're looking for from the conference.


--> Here's the link to the article Michael mentions:


We welcome the discussion on this topic, #DtSR on Twitter!

Sep 01, 2015
DtSR Episode 158 - Managing Security with Outsourced IT

In this episode...

  • We discuss what life is like as the CISO when you have all the responsibility for, but no administrative access (or hands on keyboard)
  • Brandon tells his story about how his IT organization went from in-house, to out-house, and how they got where they are
  • Brandon tells us the process and strategy he uses to get a handle on his security
  • We discuss why visibility is one of the most important things to outsourced IT (and security)
  • Brandon tells a story of an incident where things went very sideways
  • We discuss the balance between outsourcer scalability and customer deviations
  • Brandon tells us why sometimes it takes 3 months to scan your environment for a vulnerability ( your head will explode )
  • …and so much more


  • Brandon Dunlap ( @bsdunlap ) - Brandon is the global Chief Information Security Officer for a an employee-owned, global leader in building critical infrastructure in energy, water, telecommunications and government services currently operating in more than 100 countries through consulting, engineering, construction, operations and program management.
Aug 31, 2015
DtSR Episode 157 - NewsCast for Aug 24th, 2015

In this episode...

Aug 24, 2015
DtSR Episode 156 - Leadership Defined Measured and Discussed

In this episode...

  • We discuss the ever-growing need for strong leadership in security
  • I ask whether experience and longevity in a position naturally brings leadership qualities
  • We talk through how leadership interplays with other competencies
  • Michael asks whether the security leader has a place at the executive table (the "big kids table")
  • Michael asks if the MBA has value in security leadership
  • We discuss the model my team uses for leadership and how we build them
  • Michael and Heath discuss various competency models for leadership
  • We discuss measuring, KPIs and relative distance
  • We discuss how leaders can make better decisions
  • Heath leaves us with an Alex Hutton quote
Aug 17, 2015
DtSR Episode 155 - NewsCast for Aug 10th, 2015

In this episode...

Aug 10, 2015
DtSR Episode 154 - Enterprise Software Security Reloaded

In this episode

  • Raf asks - Why haven’t we solved the same old software security bugs?
  • James asks how a security team gets out of the way and still get better security?
  • We discuss threat modeling, and channel a bit of John Steven
  • Jeff talks about the OWASP ESAPI and standard security libraries and controls
  • Jeff talks about “libraries with known vulnerabilities” and the role of open source components
  • Raf brings up the ugly side of enterprise outsourcing - code development by committee
  • We discuss static, dynamic and run-time security tools
  • Raf asks Jeff what the RIGHT approach to creating a software program looks like



  • Jeff Williams ( @PlanetLevel ) - Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast. In 2002, Jeff co-founded and became CEO of Aspect Security, a successful and innovative consulting company focused on application security. Jeff is also a founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many other widely adopted free and open projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.
Aug 03, 2015
DtSR Episode 153 - NewsCast for July 27th, 2015

In this episode...

Jul 27, 2015
DtSR Episode 152 - The Great InfoSec Talent Shortage

In this episode

  • Talent shortage - is it real, and how bad is it?
  • We discuss: what does negative unemployment actually mean?
  • Michael asks- ecurity is still relatively new, how do we determined what “qualified” means?
  • What skills are necessary to be a good security professional?
  • Hiring - we discuss how we get better at screening potentially qualified employees
  • We discuss how we can vet out real experience, versus resume skills
  • Mark and Michael discuss specialization, automation, and optimizing our workforce
  • Mark shares his thoughts on growing and retaining top talent


  • Mark Orlando ( @MarkAOrlando )  - As the Director of Cyber Operations, Mark is responsible for Foreground’s Federal practice as well as the Virtual Security Operations Center (V-SOC) managed service. He leads a national team of analysts, engineers, incident responders, and managers who secure some of the most high profile networks in the Federal, financial, commercial, and power and utilities industries. As the senior operations subject matter expert, he is also responsible for security services strategy and advises on strategic Foreground initiatives such as threat intelligence analysis, custom analytics development. Mark is also a key advisor to the company’s award-winning educational unit, Foreground University. Prior to joining Foreground Security, Mark advanced through the technical ranks as a Security Analyst and Technical Lead in a variety of operations environments. In his 13+ years of experience, he has built and led security operations teams at the White House, the Department of Energy, the Pentagon, and numerous commercial organizations. He has also managed the operations division of a major Managed Security Service Provider supporting hundreds of private and public sector clients. Mark enjoys teaching and learning from others. He has presented on security operations and assessment at the Institute for Applied Network Security Forum and RSA Conference. Mark has earned the CISSP, PMP, CEH, ITIL, and multiple SANS GIAC certifications and holds a B.S. In Advanced Information Technology from George Mason University. Mark served in the US Marine Corp where he was a Marine Artillery NCO.

    Foreground Security (
Jul 20, 2015
DtSR FeatureCast - HTCIA International Conference 2015 Preview

In this episode...


  • Peter Morin joins us to talk through the upcoming HTCIA International 2015 Conference in sunny Orlando, Florida.
  • We talk through a preview of talks, events, and some interesting reasons you should be going to HTCIA Int'l
  • Check out the incredible lineup of keynotes, speakers and talks -
  • Come see the #DtSR crew live and in person as we record and broadcast from the conference
Jul 15, 2015
DtSR Episode 151 - NewsCast for July 13th, 2015

In this episode...

Jul 13, 2015
DtSR Episode 150 - A CEOs Perspective

In this episode

  • We take a little peek inside the mind of a CEO, from the security perspective
  • We discuss the state of information security in the last decade
  • Dan shares his wisdom on how the role of a security professional and security leadership has changed over the course of his career
  • We discuss about the talent shortage - and get an in-depth look at solving some of this problem
  • Dan shares with us his views on balancing people, processes and technology resources to achieve meaningful security
  • We talk strategy, and Dan and the guys talk through why it's so vital
  • We get Dan's "closing remark" (something you won't want to miss)



  • Dan Burns, CEO Optiv, Inc. -  Dan Burns brings more than 23 years of business, technology and security industry experience to his role as chief executive officer. In this role he is responsible for the development and implementation of high-level strategies and direction of the company’s growth. Being able to provide clear insight into navigating the complex information security landscape is a priority for Burns. His philosophy is to focus on building long-term relationships with clients, working with them to simplify their lives and becoming a trusted information security partner rather than a reseller or outside consultant.
    From 2002 when he co-founded Accuvant, until 2012 when he assumed his position as the company’s first CEO, Burns served as senior vice president of Accuvant’s sales organization. In that role, he was responsible for strategic planning, sales growth and problem resolution. Burns co-developed and helped to successfully execute on Accuvant’s initial vision – to build a company with the breadth, depth and capabilities to address the information security needs of organizations worldwide. He launched the sales force and grew it to a national powerhouse organization within a 10-year period, conducting business with nearly half of the Fortune 500, and driving $740M in revenue in 2014.
    Prior to his achievements with Accuvant, Burns was the regional vice president of sales for the western region of OneSecure. He played an integral role in transitioning the organization from a managed security services (MSS) provider to a product company, delivering to the marketplace the first intrusion prevention system (IPS) and generating $40M in product sales in the first year.
    Previously, as the western region vice president for Exault, an integrator, consulting organization and reseller, Burns secured some of the largest enterprise clients in the Rocky Mountain region and helped grow revenues to nearly $150M in two years. He also held positions at Access Graphics, Arrowpoint, and Netrex where he supported some of the largest telecommunication companies in building their information security programs, implementing technology and taking advantage of Netrex’s world-class MSS.
    Burns earned a bachelor’s degree in economics from San Jose State University
Jul 06, 2015
DtSR Episode 149 - NewsCast for June 29th 2015

In this episode

With me gone, James and Michael run feral!

  • It's June, so here are the top 3 security priorities for CISOs for 2015 (yes in June)
    • Boils down to: patch faster, improve credentials, code better
    • Is this the right list? 
    • It mentioned side-stepping cloud and mobility. What if migrating to the cloud offers the opportunity to not worry about patching or code, and improve your credentials? 
    • Someone pointed out to me that this matches the OPM hack; perhaps this is just content driven from that? Does that make it more or less valid?
    • Let us know… #DTSR
  • Cybersecurity tops advisors's compliance worries: poll
  • Why it's worth divorcing information security from IT
  • Keeping your kids safe (online) this summer -- with our very own TV star, James!
    • James, tell us about the experience - and how you don’t have nearly the control you think you’ll have
    • What did you do to prep?
    • What was your one big take away?
    • Now that you did the interview, any new thoughts?
    • Folks… what do you do? #DTSR - congratulate James on a great interview, then share your ideas (and yes, this is an enterprise play -- you can AND SHOULD share this with your employees)
Jun 29, 2015
DtSR Episode 148 - Focus on the CISO

In this episode...

  • What is the Security Advisor Alliance?
  • We discuss some of the issues facing CISOs today
  • Clayton gives us his perspective on how to solve some of those issues
  • Clayton tells us about the mission of the SAA
  • If your'e a CISO, are you signed up for the SAA Summit?  Shoot Clayton an email



Jun 22, 2015
DtSR Episode 147 - NewsCast for June 15th, 2015

In this episode...

Jun 15, 2015
DtSR Episode 146 - State of Enterprise Incident Response

In this episode...

  • Defenders are set up to fail? how and why
  • How do we fill forensics and IR positions?What skills and qualifications do forensics/IR need to have?
  • How can enterprises get better at IR from where they are today?
  • How do we solve some of the problems plaguing the security industry?



  • Andrew Case ( @attrc ) - Andrew Case is a senior incident response handler and malware analyst.He has conducted numerous large-scale investigations that span enterprises and industries. Andrew's previous experience includes penetration tests, source code audits, and binary analysis.  He is a core developer on the Volatility memory analysis framework and co-author of the highly popular and technical forensics analysis book "The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory".
Jun 08, 2015
DtSR Episode 145 - NewsCast for June 1st, 2015

Apologies to anyone who is having issues downloading this episode!

In this episode...

Jun 01, 2015
DtSR Episode 144 - Insights from the ISC2 2015 Survey

In this episode...

  • David Shearer, Executive Director for ISC2 joins us to talk about the results of the ISC2 2015 Information Security Workforce Study
  • We ask David to highlight some of the results
  • We discuss how malware and application security were identified as top threats 3 years in a row -- and what's to be done about this
  • We discuss the major discrepancy between priorities from this survey and recent CIO surveys
  • We discuss the importance of communication skills (identified in the survey) while leadership and business management are far down the scale
  • We discuss with David how under his leadership ISC2 can build a much tighter alignment to business -- not just more security certifications


  • David Shearer - David Shearer has more than 27 years of business experience including the chief operating officer for (ISC)², associate chief information officer for International Technology Services at the U.S. Department of Agriculture, the deputy chief information officer at the U.S. Department of the Interior, and the executive for architecture, engineering and technical services at the U.S. Patent and Trademark Office. Shearer has been responsible for managing and providing services via international IT infrastructures, and he has implemented large-scale SAP Enterprise Resource Planning (ERP) projects. Shearer holds a B.S. from Park College, a M.S. from Syracuse University, management and technical certificates from the U.S. National Defense University, and he is a U.S. federal executive presidential rank award recipient. As (ISC)² Executive Director, Shearer is responsible for the overall direction and management of the organization.


May 25, 2015
DtSR Episode 143 - NewsCast for May 18th, 2015

In this episode...


Note back from United Bug Bounty Team:

Posted with permission--


            Thank you for the question.  We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program.  If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.

            If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing.  We will check on our end and if we confirm a bug exists we will gladly reward them for their effort.  Does that make sense?


United Bug Bounty Team"

May 18, 2015
DtSR Episode 142 - Basics and Fundamentals, That Win

In this episode...

  • A quick walk-through of Rob’s talk (“Hacker ghost stories”), and why it’s completely relevant today
  • Simple things that work
    • blocking java (externally)
    • effectively blocking “uncategorized” sites in your forwarding proxies
    • (not) resolving DNS internally
    • (not) default routing to the Internet from inside
    • canaries in the coal mine, or evil canaries


  • James Robinson ( @0xJames ) - Currently the Director, Threat and Risk Management at Accuvant-Fishnet Security and part of the Office of the CISO. He has a long and storied career of success as an enterprise defender across various industries. 
  • Rob Fuller ( @mubix ) - Rob is an experienced InfoSec industry insider, with many interesting achievements and accomplishments. He's easily findable, as are his many public doings.
May 11, 2015
DtSR Episode 141 - NewsCast for May 4th, 2015

In this episode...

May 04, 2015
DtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015

In this episode...

  • What about public safety, where do we draw the line on open research?
  • Self-regulation? Disclosure? What are our options…
  • What makes a researcher? We discuss
  • “Chilling security research”
  • A quick dive into bug bounty programs; do they help?
  • Ethics vs. moral compass …we discuss
  • Hacker movies, and what they’re doing for our profession


  • Keren Elezari ( @K3r3n3 ) - brings years of experience in the international cyber security industry to the stage. Since 2000, Keren has worked with leading Israeli security firms, government organizations, Global Big 4 and Fortune 500 companies. Keren holds a CISSP security certification, a BA in History and Philosophy of Science and is currently a senior research fellow with the prestigious Security & Technology workshop at Tel Aviv University. In 2012, Keren held the position of Security Teaching Fellow with Singularity University, a private think tank, founded by Dr. Ray Kurzweil and sponsored by Google & NASA amongst others. Since 2013, Keren covers emerging security technologies and trends as a security industry analyst with GIGAOM research, a leading independent media hub. In 2014, Keren became the first Israeli woman to be invited to speak at the prestigious international annual TED conference. Keren’s TED talk has been viewed by 1.2 million people, translated to more than 20 languages and selected for TED’s list of ‘Most Powerful Ideas in 2014’ and for’s list of ‘Top TED Talks of 2014’.
  • Kellman Meghu ( @kellman ) - heads up a team of Security Architects for CheckPoint Software Technologies Inc., the worldwide leader in securing the Internet. His background includes almost 20 years of experience deploying application protection and network-based security. Since 1996 Mr. Meghu has been involved with consultation on various network security strategies to protect ISP's in Southern Ontario as well as security audits and security infrastructure deployments for various Commercial and Governmental entities across Canada and the Central United States. Kellman has delivered security talks in private corporate focused events, at school internet safety classes for students and teachers, as well as public events such as, SecureWorld Seattle, The Check Point Experience, Bsides St. Johns, Bsides San Francisco, Bsides Iowa, Bsides Detroit, Secure360, Trilateral Conference, and Sector lunch keynote for 2014. Kellman has contributed to live TV interviews in the Toronto area with CP24, CityNews, and CHCH TV, as well as radio station interviews and news articles across Canada and the US.
  • Mark Nunnikhoven ( @marknca ) - focuses on helping organizations as they move from the data centre to hybrid environments to working fully in the cloud. Bringing over 15 years of practical experience to the table, he is regularly sought after to speak on cloud computing, usable security systems, and modernizing security practices.
Apr 27, 2015
DtSR Episode 139 - NewsCast for April 20th, 2015

In this episode...

Apr 20, 2015
DtSR Episode 138 - Useful Knowledge on Intelligence

In this episode...

  • Where do you even start with “threat intelligence”?
  • Ryan talks about context, and why it’s *the* most important thing when it comes to threat intel
  • How does a SME make use of a “luxury item” like threat intelligence?
  • Michael asks what are 1-2 things you can do *immediately* as an SME?
  • What are the basics, beyond the basics of security? Where do you make your first investment?
  • Getting your own house in order is harder than it sounds, so what then?
  • Michael drops some #RiskCatnip
  • Michael breaks down the “feedback loop” and his basic questions to ask/answer
  • Down the rabbit hole of shiny boxes, standards, and productized threat intelligence
  • The overlap of data on commercial threat intelligence providers



  • Ryan Trost - Ryan is the CIO of ThreatQuotient and knowledgeable on matters of intelligence with his extensive background and history in the community.
Apr 13, 2015
DtSR Episode 137 - NewsCast for April 6th, 2015

In this episode...

Apr 06, 2015
DtSR Episode 136 - Crypto and Privacy with Jon Callas

In this episode...

  • Jon Callas gives a little of his background and his current role
  • We talk through why cryptography is so hard, and so broken today
  • Jon overviews compatibility, audit and making cryptography useful
  • Jon brings up open source, security, and why "open is more secure" is bunk
  • We talk through "barn builders" vs. "barn kickers" and why security isn't improving
  • We talk through how to do privacy, active vs. passive surveillance
  • We talk through anonymous VPN providers, anonymization services, and how they're legally bound
  • Jon talks about appropriate threat modeling and knowing what we're protecting
  • We talk through patching -- how to do patching for Joe Average User
  • Bonus-- Mobile is as secure (or more) than what we're used to on the desktop


  • Jon Callas ( @JonCallas ) - Jon Callas is an American computer security expert, software engineer, user experience designer, and technologist who is the co-founder and CTO of the global encrypted communications service Silent Circle. He has held major positions at Digital Equipment Corporation, Apple, PGP, and Entrust, and is considered “one of the most respected and well-known names in the mobile security industry.” Callas is credited with creating several Internet Engineering Task Force (IETF) standards, including OpenPGP, DKIM, and ZRTP, which he wrote. Prior to his work at Entrust, he was Chief Technical Officer and co-founder of PGP Corporation and the former Chief Technical Officer of Entrust.
Mar 30, 2015
DtSR Episode 135 - NewsCast for March 23rd, 2015

Remember folks, as you listen reach out to us on Twitter and hit the hashtag #DtSR to continue the conversation, and speak your mind! Let's hear what your take is on the stories we discuss...maybe you have a unique angle we've not considered?

In this episode--


Mar 23, 2015
DtSR Episode 134 - Fundamental Security

In this episode...

  • Michael C and the team talk bout "going back to basics" and the need for security fundamentals
  • Michael C talks a little about why we (security professionals) fail at fixing problems at scale
  • We dive into the need for automation, and Michael C talks about why creating more work for security professionals is a bad thing
  • Michael C and the crew talk through why many of our metrics fail, highlighting the need to get away from the typical dashboard approach of "bigger numbers is better"
  • We discuss the balance between false positives and false negatives -- a super critical topic
  • Rafal brings up the role security professionals play in software security, and why we can't be expected to drive the daily tasks
  • We talk through centralized vs. de-centralized security, and how to understand which works better, and where
  • Michael C gives us his 3 key take-aways for listeners (don't miss these!)
  • We talk through "assume breach", and what it means for security


  • Michael Coates ( @_mwc ) - Currently, Michael is the Trust and Security Officer at Twitter where he leads the information security team and drives overall security efforts across the organization to a common goal and objective. Michael is a staple of the OWASP community now serving on its board and having contributed countless hours and lines of code to the effort. 
Mar 16, 2015
DtSR Episode 133 - NewsCast for March 9th, 2015

In this episode--

Mar 09, 2015
DtSR Episode 132 - Good Guys, Bad Guys, and Reality

In this episode...

  • We learn the origins of "RSnake" as told by Rob himself
  • Rob gives us a peek into the dark side, from his contacts and experiences
  • We discuss the black-hat economy as it's verticalized, specialized, and matured
  • Rob discusses the balancing act of the good vs. bad and why the situation is as bad as it needs to be
  • We discuss some of the things businesses and defenders really need to worry about
  • Rob gives us his view of the inevitability of security from SMB to enterprise -- and why things are so good, or bad, or just right
  • We discuss the different ways security is being understood, implemented and matured and why it's futile to chase absolutes
  • Michael and Rob dive into the labor shortage in security - real, perceived, or misunderstood?
  • Rob gives us his outlook on where things are going over the next decade or so



  • Robert "RSnake" Hansen - ( @RSnake ) - Strategic. Web security expert. Visionary. Robert brings more than 20 years of web application and browser security experience, innovation, and vision to the WhiteHat Security team. Under Robert’s leadership, WhiteHat Labs successfully launched Aviator, the most secure browser available, for Mac and Windows, quickly racking up more than 170,000 downloads in less than six months. When asked about WhiteHat Labs’ mission, Hansen said, “Labs will strive to provide prototypes that go beyond customer expectations, to delight the user.” Before WhiteHat, Robert was the CEO of SecTheory and Falling Rock Networks. Robert has co-authored several books including XSS Exploits and Website Security for Dummies. Robert is also the author of Detecting Malice. He is a member of WASC, APWG, IACSP, ISSA, APWG and has contributed to several OWASP projects, including originating the XSS Cheat Sheet. When he is not breaking the web to make it stronger, Robert enjoys watching Formula One racing.
Mar 02, 2015
DtSR Episode 131 - NewsCast for February 23rd, 2015

In this episode--

Feb 23, 2015
DtSR Episode 130 - Where Law and Cyber Collide

In this episode


  • Shawn Tuma ( @ShawnETuma ) - In addition to being a perennial favorite on this show, Shawn is an attorney with expertise in computer fraud, social media law, data security, intellectual property, privacy, and litigation. He's a Texan, a Christian, a family man, an author & and speaker - and an all-around awesome guy.
Feb 16, 2015
DtSR Episode 129 - NewsCast for February 9th, 2015

Topics covered

Feb 09, 2015
DtSR MicroCast 07 - Taking Security Seriously

This is the 7th installment (call it a rebirth) of the MicroCast. Short and to the point, Michael and James talk about the phrase breached companies use - "We take your security seriously..."

 .. join the conversation at #DtSR on Twitter!

Feb 08, 2015
DtSR Episode 128 - When Breach, Buy the Dip

Fans - If you haven't booked your ticket for InfoSec World 2015 in sunny Orlando, FL check this out. Register using our code CLD15/RABBIT for 15% off.

If you want a chance to go for FREE, listen to Episode 127 for your chance!


In this episode...

  • John gives us a little lesson on markets, and why they move up/down, commentary for the information security professional
  • John discusses what #BTFD means
  • John uses the Target example of why security professionals, marketers, and much of the media got it completely wrong
  • John educates us on insurance, compliance and liability
  • My head explodes...


  • John Foster ( @dearestleader ) - Mr. Foster has 19 years of technology experience but left technical infosec in 2003 to pursue a career in Compliance and Ethics. He now focuses on bribery & corruption, environmental issues, and other interesting topics, but infosec keeps appearing in compliance and finance. He is an investor with experience in stock, foreign exchange, options, and futures which allows him to see past the data breach hype. He is a Certified Treasury Professional, Six Sigma Black Belt, and holds certificates in ISO 9001, 14001, 20000, 22301, 27001, & 28000 from PECB. He is a partner at Bianco Foster Group, LLC which provides training and education services in ISO standards and an investor in several early stage startups.


Feb 02, 2015
DtSR Episode 127 - NewsCast for January 26th, 2015

** There is a special gift for our listeners in this episode, from our friends at InfoSec World 2015! Listen to find out how you can go for free.

 We have a promo code!

CLD15/RABBIT – 15% off for “Down the Rabbit Hole” listeners

Topics Covered

Watch this podcast page later this week for that freebie Michael told you about!

Jan 26, 2015
DtSR Episode 126 - The Defense Always Loses

In this episode...

  • The blog post that started it all -
  • Vince, tells us what he means by "Offense always wins, defense always loses"
  • We disagree over this snip from his blog post: "To “win” in cyber security, defense must be right 100% of the time, while offense only has to be right once. We must wake up to the reality that defense is an impossible task; no matter what actions we take, we will lose."
  • We discuss how we get away from being Eeyore defeatists?
  • Vince give us security strategies he is advocating knowing that defense is better equipped, and better funded
  • We briefly mention high-value assets, and why it's even more critical today than it has ever been before, and why we still stink at it
  • We challenge Vince to give us some tangible steps to managing risk better, to get away from winning/losing?
  • We discuss how we compress delivery time lines for security competencies? (Average time to deliver a technical control is months, plus budget cycle - maybe years)
  • We close with lessons learned from your Vince's rich experience that he'd like to share with the listeners, to change the nature of the win/lose conversation


  • Vince Crisler - Vince has done some very interesting things in his background including former Communications Officer with the US Air Force, who also worked at the White House as Presidential Communications Officerm backed security start-ups, and chairing a Washington DC OSINT group. He's definitely one of the people you should get to know.
Jan 19, 2015
DtSR Episode 125 - NewsCast for January 12th, 2015

Welcome to a new year of the Down the Security Rabbithole Podcast! We are kicking off this year with a guest on this morning's program, Phil Beyer joined us to talk about the last few weeks that have been a wild, wild ride in the security indsutry!

Thanks for your support so far, and we promise a fantastic 2015 to come.


Topics Covered

Jan 13, 2015
DtSR Episode 124 - PCI DSS and Security (Yes, Really)

Hi everyone! Welcome to the very first episode of the Down the Security Rabbithole Podcast for 2015! On this opening episode, Jeff Man joins us to talk truth to power on PCI-DSS and shatters myths for us.


In this episode

  • Jeff tackles some common misunderstandings about PCI
  • The crew discusses PCI – what’s right about it and what’s wrong about it
  • Jeff tells us why he believes if you’re secure you’re compliant, but if you’re compliant you’re probably not secure
  • The $64M question- Isn’t EMV, P2PE, and tokenization going to spell the end of PCI?
  • Jeff tells us what to look forward to with PCI DSS v3.0


  • Jeff Man ( @MrJeffMan ) - Mr. Man has 13 years of DoD experience (10 at NSA as a Cryptanalyst/Information Security Analyst), 18 years of commercial consulting – pen testing, vulnerability assessments, security architecture reviews, and 10 years as a QSA doing PCI (and yet he's never conducted a PCI audit and never been a CISSP). As a QSA he's been involved with most of the major companies that experienced breaches in the mid-2000’s (Walmart, TJX, Heartland) so he can speak with some credibility about recent breaches in the past year or so.
Jan 05, 2015
DtSR FeatureCast - 2014 Year in Review

Hey everyone! We're almost done with 2014 and another new year is right around the corner. We thought this was the perfect time to sit back, relax a little and reflect on the year that was...and boy was it ever!

Jack Daniel & Allison Miller join Michael, James and I on the podcast to talk it all out, share a few chuckles and try to make sense of it all!


Thanks for listening everyone, it's been an epic year and we look forward to more awesome things in 2015!

Dec 29, 2014
DtSR FeatureCast - US vs. Salinas ft. Shawn Tuma

In this episode

Attorney and CFAA expert Shawn Tuma joins us to talk about the US vs. Salinas case where Mr. Salinas was threatened with 440 years in jail, and now plead down to a misdemeanor. Prosecutorial discretion, or attorneys-gone-wild?


Dec 22, 2014
DtSR Episode 123 - NewsCast for December 15th, 2014
Dec 15, 2014
DtSR Episode 122 - Enterprise Architecture's Role in Security

In this episode

  • Michelle explains to us what Enterprise Architecture is, and what it isn't
  • Michelle gives her take on how both security and enterprise architecture both support each other
  • We discuss the roll of standards, standards, standards - and why you can't have security without it
  • We talk about GRC
  • We talk through roles & responsibilities definition between security, architecture, and the rest of IT
  • "Application Portfolio Rationalization" --the most impossible project. Ever.
  • Michelle schools us on data, high-value assets, meta-data and the really hard topics for security
  • Michelle gives us a series of examples of "HOW" we can find high-value assets, and start security there
  • Michelle addresses the phrase "business alignment" since it's pivotal to enterprise architecture


  • Michelle-Marie Strah ( @CyberSlate ) - Director, Enterprise Architecture at NBCUniversal – recently joined the newly formed Strategy and Architecture team at NBCUniversal designed to drive enterprise architecture, solutions architecture and innovation management across all companies in the NBCUniversal global portfolio. Previously she was at Microsoft Corporation worldwide headquarters where she was responsible for leading emerging markets cloud deployments, go to market and compete strategies in Latin America for public, private and hybrid cloud offers (both Azure and partner hosted clouds). As part of her role on the Applied Incubation Team she worked closely with partners, CIOs and government officials as well as internal CTO, legal, and chief security officer teams in the region to ensure privacy and security standards for government and private sector cloud adoption in Latin America. As an enterprise architect, Michelle specializes in governance, risk, compliance, information security and enterprise information management and has decades of experience in highly regulated industries, government, defense and healthcare.

Additional Links

Dec 08, 2014
DtSR Episode 121 - NewsCast for December 1st, 2014

Topics covered

Dec 01, 2014
DtSR Episode 120 - Hacking the Human (again)

In this episode

  • We revisit the 'human' side of hacking
  • Chris tells us all about the Defcon CTF his team has hosted
  • We discuss the role human nature plays in social engineering, or "Why the bad guys always win"
  • Chris gives us his tips for making it harder for social engineers
  • Michael and Chris talk metrics and measuring "getting better"



  • Chris Hadnagy@HumanHacker ) - Chris Hadnagy (author of Social-Engineering: The Art of Human Hacking and Unmasking the Social Engineer: The Human Element of Security) is a speaker, teacher, pentester, and recognized expert in the field of social engineering and security.

    Chris Hadnagy is the President and CEO of Social-Engineer, Inc. He has spent the last 16 years in security and technology, specializing in understanding the ways in which malicious attackers are able to exploit human weaknesses to obtain access to information and resources through manipulation and deceit.

    Chris is a graduate of Dr. Paul Ekman’s courses in Microexpressions, having passed the certification requirements with an “Expert Level” grade. He also has significant experience in training and educating students in non-verbal communications. He hold certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).

    Finally, Chris has launched a line of professional social engineering training and penetration testing services at Social-Engineer.Com. His goal is to assist companies in remaining secure by educating them on the methods used by malicious attackers. He accomplishes this by analyzing, studying, dissecting, then performing the very same attacks used during some of the most recent incidents (i.e. Sony, HB Gary, LockHeed Martin, Target, etc), Chris is able to help companies understand their vulnerabilities, mitigate issues, and maintain appropriate levels of education and security.

    Chris has developed one of the web’s most successful security podcasts, The Social-Engineer.Org Podcast, and the equally-popular SEORG Newsletter. Over the years, both have become a staple in most serious security practices and are used by Fortune 500 companies around the world to educate their staff.

    You can find Chris's articles for local, national, and international publications and journals, including Pentest Mag,, and local and national Business Journals.



Nov 24, 2014
DtR Episode 119 - NewsCast for November 17th, 2014

Note: The hashtag for the show on Twitter has changed, please connect with us using #DtSR going forward. Thanks!


Topics covered

Nov 17, 2014
DtR Episode 118 - Demystifying Threat Intelligence

In this episode

  • Adam and Dmitri discuss what is (and what isn't) threat intelligence
  • We discuss strategic, tactical and operational security intelligence
  • Who is using threat intelligence, and how?
  • Adam talks about the success factors, key points, and trends
  • Michael asks how an organization can know whether they're READY for a threat intelligence program
  • Adam explains the term "finished intelligence"
  • Adam describes tactical intelligence, while Dmitri gives his take on strategic intelligence
  • We discuss the merits of education and awareness - first
  • How important is attribution, really?
  • 3 critical things an enterprise *must be doing* before jumping into threat intelligence as a program


  • Adam Meyers ( @adamcyber ) - Adam Meyers has over a decade of experience within the information security industry. He has authored numerous papers that have appeared at peer reviewed industry venues and has received awards for his dedication to the field. At CrowdStrike, Adam serves as the VP of Intelligence. Within this role it is Adam’s responsibility to oversee all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Adam’s Global Intelligence Team supports both the Product and Services divisions at CrowdStrike and Adam manages these endeavors and expectations. Prior to joining CrowdStrike, Adam was the Director of Cyber Security Intelligence with the National Products and Offerings Division of SRA International. He served as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. He also provided both technical expertise at the tactical level and strategic guidance on overall security program objectives. During his tenure at SRA International, Adam also served as the Product Manager for SRA’s dynamic malware analysis platform Cyberlock.
  • Dmitri Alperovitch ( @dmitricyber ) - Dmitri Alperovitch is the Co-Founder and CTO of CrowdStrike Inc., leading its Intelligence, Technology and CrowdStrike Labs teams.  A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft.  Prior to founding CrowdStrike, Dmitri was a Vice President of Threat Research at McAfee, where he led company’s global Internet threat intelligence analysis and investigations. In 2010 and 2011, Alperovitch led the global team that investigated and brought to light Operation Aurora, Night Dragon and Shady RAT groundbreaking cyberespionage intrusions, and gave those incidents their names. In 2013, Alperovitch received the prestigious recognition of being selected as MIT Technology Review’s “Young Innovators under 35” (TR35), an award previously won by such technology luminaries as Larry Page and Sergey Brin, Mark Zuckerberg and Jonathan Ive. Alperovitch was named Foreign Policy Magazine’s Leading Global Thinker for 2013, an award shared with Secretary of State John Kerry, Elon Musk and Jeff Bezos. He was the recipient of the prestigious Federal 100 Award for his contributions to the federal information security in 2011 and recognized in 2013 as one Washingtonian’s Tech Titans for his accomplishments in the field of cybersecurity. With more than a decade of experience in the field of information security, Alperovitch is an inventor of eighteen patented technologies and has conducted extensive research on reputation systems, spam detection, web security, public-key and identity-based cryptography, malware and intrusion detection and prevention. Alperovitch holds a master's degree in Information Security and a bachelor's degree in Computer Science, both from Georgia Institute of Technology.
Nov 10, 2014
DtR FeatureCast - Norse Corp DDoS - Nov 7 2014

In this episode

  • Jeff explains a little bit about who Norse is, and why they were potentially targeted with a DDoS
  • We discuss what a DDoS is, how it becomes effective, and what methods/tools attackers use (in this case SNMP v2 reflection)
  • We talk about threat intelligence (reputational intelligence) and how companies and intelligence platforms can leverage this data to decrease risks actively


  • Jeff Harrell ( @jeffharrell ) - Jeff Harrell is the Vice President of Product Marketing at Norse, the leader in live attack intelligence. Jeff has over 15 years of experience in the IT Security industry leading product management and product marketing teams to build and market security solutions from end users to large enterprises. Jeff’s areas of expertise include cloud technology, threat intelligence, compliance, vulnerability management, configuration auditing, and encryption. Prior to Norse, Jeff worked for security and technology companies including nCircle, Qualys, McAfee, PGP, and eMusic.


Additional Links

Nov 07, 2014
DtR Episode 117 - NewsCast for November 3, 2014

Topics covered

Nov 03, 2014
DtR Episode 116 - Lines in the Sand on Security Research

In this episode

  • Chris attempts to explain the consternation with 'security research' right now
  • Kevin gives his perspective and why he doesn't quite understand why people don't see they're "breakin' the law"
  • Shawn discusses what parts of the CFAA he would like to see reformed
  • James drops the question - "What is a security researcher?" ..and rants a little
  • Kevin talks about why the security industry needs to self-regulate w/example
  • Chris and Kevin debate intent, and "stepping over the line"
  • Chris brings up the issue of bug intake at a large company
  • Spirited discussion about intent, regulation, actions and separating emotion from facts


  • Chris John Riley - ( @ChrisJohnRiley ) - Chris John Riley is a senior penetration tester and part-time security researcher working in the Austrian financial sector. With over 15 years of experience in various aspects of Information Technology, Chris now focuses full time on Information Security with an eye for the often overlooked edge-case scenario. Chris is one of the founding members of the PTES (Penetration Testing Execution Standard), regular conference attendee, avid blogger/podcaster ( /, as well as being a frequent contributor to the open-source Metasploit project and generally getting in trouble in some way or another. When not working to break one technology or another, Chris enjoys long walks in the woods, candle light dinners and talking far too much on the Eurotrash Security podcast.
  • Shawn Tuma - ( @ShawnETuma ) - Shawn is an attorney with expertise in computer fraud, social media law, data security, intellectual property, privacy, and litigation. He's a Texan, Christian, family man, author & speaker - and an all-around awesome guy.
  • Kevin Johnson - ( @SecureIdeas ) - Kevin is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is an instructor and author for the SANS Institute and a faculty member at IANS. He is also a contributing blogger at TheMobilityHub.
Oct 27, 2014
DtR Episode 115 - NewsCast for October 20th, 2014

Topics covered

Oct 20, 2014
DtR Episode 114 - Threat and Vulnerability Management

In this episode

  • Ron gives us a brief history of Tenable and TVM for the enterprise
  • Ron answers "How do you make network security obtainable and defendable?"
  • We discuss TVM as a fundamental principle to many other security program items
  • Ron tells us what the modern definition of "policy" is
  • We discuss some hurdles and challenges of TVM programs in an enterprise
  • We note that security scanning can always break stuff - so how do you get around that?
  • Ron tells us why TVM is so much more than scanning
  • Michael asks "Why are so many companies stuck in a Prince song (1999)?"
  • We attempt to tackle - compliance, risk, and managing to a goal
  • Ron answers the question - "Are we getting any better?"


  • Tenable logl
    Ron Gula ( @RonGula ) 
    - CEO and CTO at Tenable Ron co-founded Tenable Network Security, Inc. in 2002 and serves as its Chief Executive Officer and Chief Technology Officer. Mr. Gula served as the President of Tenable Network Security, Inc. He served as the Chief Technology Officer of Network Security Wizards which was acquired by Enterasys Networks. Mr. Gula served as Vice President of IDS Products and worked with many top financial, government, security service providers and commercial companies to help deploy and monitor large IDS installations. Mr. Gula served as Director of Risk Mitigation for US Internetworking and was responsible for intrusion detection and vulnerability detection for one of the first application service providers. Mr. Gula worked at BBN and GTE Internetworking where he conducted security assessments as a consultant, helped to develop one of the first commercial network honeypots and helped develop security policies for large carrier-class networks. Mr. Gula began his career in information security while working at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research. He was the original author of the Dragon IDS. Mr. Gula has a BS from Clarkson University and a MSEE from University of Southern Illinois.
Oct 13, 2014
DtR Episode 113 - NewsCast for October 6th, 2014

Topics covered

Oct 06, 2014
DtR FeatureCast - CFAA, Shellshock and Security Research - October 2nd 2014

Thank you to Shawn Tuma - an attorney specializing in CFAA and a good friend of our show - for stopping by and lending his expertise on this episode. If you enjoy Shawn's insights, consider following him on Twitter ( @ShawnETuma ) or just saying hello!


In this episode

  • We discuss the CFAA in regards to Robert Graham's brilliantly written blog post on the topic -
  • Shawn gives some key insights on the CFAA including historical context
  • Michael asks some tough questions on the discretion and applicability of CFAA prosecution
  • James goes on a rant about "security researchers" (it's a gem)
  • I'm pretty sure Shawn goes on the record saying security researchers should be credentialed..or was that me?
  • We get some advise from Shawn on where this topic goes next, and how to avoid being a target of prosection


  • Shawn Tuma - ( @ShawnETuma ) - Shawn is an attorney with expertise in computer fraud, social media law, data security, intellectual property, privacy, and litigation. He's a Texan, Christian, family man, author & speaker - and an all-around awesome guy.
Oct 02, 2014
DtR Episode 112 - DREAMR Framework

In this episode

  • DREAMR: What is it, and why is it so important to Enterprise Security today?
  • Examples of aligning business and security requirements and winning hearts & minds
  • How does a security organization get around "see I told you so!" security
  • An example of how to make the framework work for you
  • We discuss the importance of listening, then listening, then listening some more
  • Jessica and Ben explain "accomodating" the business
  • Jessica and Ben give us "One critical piece of advice"


  • Jessica Hebenstreit ( @secitup ) - Jessica Hebenstreit has been a member of the Information Security community for over a decade. Having worked on both the technical and business sides of various enterprises, Hebenstreit has a unique perspective that allows for more understanding when balancing competing interests. She is a successful and results-oriented Information Security expert with hands-on information security experience in security monitoring, incident response, risk assessment, analysis, and architecture and solution design. She holds the following certifications, CISSP, GIAC-GSEC, CRISC and SFCP. In March 2012, she earned her Masters of Science in IT (MSIT) specializing in Information Assurance and Security. She is currently the Manager of Security Informatics - Threat Analysis and Response at Mayo Clinic.  She is building a smart response architecture for incident response from the ground up.
  • Ben Meader ( @blmeader ) - Ben Meader is a Senior Security professional with a unique blend of technical acumen and business know-how. Meader’s security thought leadership has been battle tested at multi-national firms over the past 13 years ranging from network security and operational security to performing detailed risk assessments and implementing a firm-wide privacy program. He remains up to date in both security and business having received his M.B.A. from DePaul University and has a current CISSP. He is also active in the entrepreneurial community and is Co-Founder of a mobile application company on the side. His education and range of experiences in working with firms both large and small have given him a unique perspective on the role of security within different business cultures and how competing philosophies can collide.
Sep 29, 2014
DtR Episode 111 - NewsCast for September 22nd, 2014
Sep 22, 2014
DtR Episode 110 - Red Dragon Rising

In this episode

  • Separating the hype from reality of the Chinese hacking threat
  • The escalation of economic tensions between US & China, over hacking
  • What is the advice for the enterprise regarding state-sponsored attacks?
  • The challenge with the uni-directional intelligence flow for government/enterprise
  • The challenge with nation-state hacking of critical infrastructure
  • The worst-case scenario (quietly happening?)
  • Directly addressing the various APT reports (specifically APT1)
  • Does a cyber attack warrant a kinetic response?
  • Attribution is hard. Is it more than black-magic, and is anyone doing it right?
  • The great disconnect between the keyboard jockey and real-life consequences


Sep 15, 2014
DtR Episode 109 - NewsCast for September 8th, 2014

Topics covered

Sep 08, 2014
DtR Episode 108 - Security in State Government

In this episode

  • We discuss the largest challenges in the state government sector
  • Brian discusses balancing the need for openness versus security/secrecy
  • Phil talks about the challenge of balancing policy with agency needs in state government
  • Michael asks how state-level security justifies and prioritizes security requirements
  • Raf asks how policy is created that can be both effective, and broad
  • The group talks about metrics, policy implementation, and showing value to protecting citizens
  • The guys answer "What's the best piece of advice you've gotten in your career?


  • Philip Beyer ( @pjbeyer ) - Philip is a security professional with more than 12 years progressive experience. Currently leading information security for an organization as a function of business goals and risk profile. Consummate generalist with background in multi-client consulting and specialization in risk management, incident handling, security operations, software assurance (OpenSAMM, BSIMM), and technical compliance testing (ISO 27002, PCI-DSS, HIPAA). Confident leader, problem solver, relationship builder, technical communicator, public speaker, presenter, and security evangelist. Fast-paced learner with a strong work ethic and self-starter attitude.
  • Brian Engle ( @brianaengle ) - Currently the Chief Information Security Officer & Texas Cybersecurity Coordinator who is a results-oriented executive and leader with over 20 years of progressive experience in Information Technology and Information Security across the government, healthcare, manufacturing, financial services, technology, telecommunications and retail verticals. His specialties include risk management, project management, and cost effective delivery of appropriate security solutions within organizational risk tolerances. Consummate generalist with a background in effective incident management, security and network operations, vulnerability and threat management, as well as technical compliance evaluation and gap analysis.
Sep 01, 2014
DtR Episode 107 - NewsCast for August 25, 2014

Topics covered

Aug 25, 2014
DtR Episode 106 - My Compliance is Better Than Your Security

In this episode

  • Jason tells us why he isn't hating on compliance
  • Jason talks about how security people are often the source of the issues
  • Jason gives us his perspective on compliance-driven security
  • Jason correlates compliance to quality assurance in security
  • We talk about security's unbroken streak of failing at the basics
  • We lament poor metrics, why we suck at them, and what comes next
  • We discuss how you can tell whether an investment in security 'is working'
  • We discuss the need for repetitive and consistent security
  • Jaason gives us his three things that he wants to leave you with



  • Jason Oliver ( @jasonmoliver ) - Jason M Oliver, CISSP, CRISC is the Chief and CEO of Tikras Technology Solutions Corp, a Native American Owned Small Business, President at Arrow Ventures, a seasoned security industry veteran, leader, and lifelong pursuer of knowledge. His unique approach to solving security issues involves individualized plans tailored to meet each specific customer’s needs. His high level of unwavering integrity has been met by the highest regard from both customers and peers.
Aug 18, 2014
DtR Episode 105 - NewsCast for August 11, 2014

Topics covered

Aug 11, 2014
DtR Episode 104 - JW Goerlich - Security Leaders Series

In this episode

  • Who is J.W. Goerlich (redux from episode - 
  • How did he get to where he is now?
  • How does the security executive deal with the "moving finish line"?
  • JW discusses how 'security' people can break down barriers between "us" and "them"
  • We discuss why we still fail at the basics, and what all this means...
  • JWG tries to talk about his favorite controls framework
  • We discuss what difference it makes where the CISO reports in the enterprise
  • What will the CISO be, or need to do, in ~3-5 years?
  • We discuss hiring into InfoSec - from outside, or within ... and why?
  • JW gives us the one thing you need to remember



  • J.W. Goerlich ( @jwgoerlich ) - Results-driven IT management executive with a track record of building high performance teams and providing flawless execution. Leverages background in systems engineering, software development, and information security expertise to consistently lower operating costs and raise service levels. Designs solutions that support long-term strategic planning and create immediate impact throughout product lifecycle in process and efficiency gains.
Aug 04, 2014
DtR Episode 103 - NewsCast for July 28th, 2014

Topics covered


Not discussed, but interesting reads:

Jul 28, 2014
DtR Episode 102 - Security Leaders Series - Jim Tiller

In this episode

  • Jim Tiller - a few things you probably didn't know?
  • In the last 15 years, what has changed, and what hasn't?
  • Why isn't security moving forward?
  • "Complexity is the camouflage for bad guys" -Jim
  • Chasing the moving line of 'security'
  • "Fixing the airplane as it flies"
  • How do enterprise security organizations push away from playing 'prevent' permanently?
  • Fundamentals, fundamentals, fundamentals ... you're still failing
  • What things are CISOs doing that they're NOT right now?
  • Where will security be, as a discipline, in 10 year?


  • Jim Tiller ( @Real_Security ) - Jim has been in the security industry since the very early 90’s and has continued his mission in working with individuals, groups, organizations, and companies around the world to collaborate, develop, and implement business aligned security strategies and technologies. Through his career he's worked with and in numerous organizations for the advancement of information security technologies, practices, and standards and through these activities help organizations achieve their goals. Find Jim on LinkedIn here.
Jul 21, 2014
DtR Episode 101 - NewsCast for July 14th, 2014

Topics covered

Jul 14, 2014
DtR Episode 100 - Security Wisdom from Dan Geer

In this episode

  • Who is Dan Geer (just in case you live in a cave and don't know)
  • Dan's definition of security - "The absence of unmitigatable surprise"
  • What exactly is the pinnacle goal of security engineering?
  • Responsibility, liability and when software fails as a result of security issues
  • In a liability lawsuit - "What did you know, when did you know it?"
  • The fraction of the population who could sign an "informed consent" is falling - so now what?
  • Why ICANN is actually making all of this so much worse
  • What do we do about "abandoned software"?
  • Fixing security bugs in software is a tricky business...good, bad, worse
  • Are things getting better [in security]?
  • Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder
  • (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now?
  • (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away?


  • Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.

    Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.

    In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --
Jul 07, 2014
DtR Episode 99 - NewsCast for June 30th, 2014

Topics covered

Jun 30, 2014
DtR Episode 98 - Grr (Grr Rapid Response)

In this episode

  • What exactly is "GRR"?
  • What sorts of things can GRR do?
  • What is a hunt, and how does it scale across tens of thousands of machines?
  • How does GRR "hide" from malware?
  • How does GRR keep some of the great power it has from being abused?
  • Automating and integrating GRR with external sources and tools
  • Features, functions, capabilities and some magic from Greg
  • The future features, requests, and direction of GRR



  • Greg Castle - Greg has 10 years experience working in computer security. In his current role as Senior Security Engineer at Google, he is a developer and user of the open-source GRR live-forensics system. He also has strong interest and involvement in OS X security, having been responsible for the security of Google's OS X fleet for two years. His pre-Google job roles have included pentester, incident responder, and forensic analyst.


Jun 23, 2014
DtR Episode 97 - NewsCast for June 16th, 2014

Note: I want to thank Will Gragido for stopping by this morning to talk over the news with us. Always great to have someone with a fresh perspective, I hope you enjoy the show.


Topics Covered


Jun 16, 2014
DtR Episode 96 - A CIO Talks About CISOs

My apologies for some of the skips in this episode - we had some difficulty with the recording and ultimately I hope it doesn't take away from Joe's wonderful message.

Thanks for your patience.

In this episode

  • From CISO to CIO - making that leap
  • Does the CISO need to be technical? (answering that question, again)
  • What types of things does a CIO need to know?
  • Who should the CISO report to?
  • Any chance the CISO reporting structure shifts around?
  • A "Chief Data Officer"?
  • Are there too many 'splintered' job titles in the security/risk role?
  • Responsibility, accountability, and where the buck stops
  • What are 3 things security does right, and what are 3 things that we do terribly?
  • How big should your security budget be? (trick question)
  • What KPIs should security be reporting to the CIO? (the hardest question ever)
  • What resources are there for CIOs?



Jun 09, 2014
DtR Episode 95 - NewsCast for June 2nd, 2014

Note: Today, Kim Halavakoski joined us on the show to provide perspective all the way from Finland! We appreciate his international addition to the show, and hope the listeners enjoy the added brainpower.


Topics covered

Jun 02, 2014
DtR Episode 94 - ICANN, Tor, and Internet Freedom

In this episode

  • Jeff explains the background of the relationship between the US government, ICANN and IANA
  • What is the ITU and why is this $0 contract handoff to the ITU such a big deal?
  • What impact did Edward Snowden's actions have on the issue?
  • The potential issues with DNS, cross-border censorship and DNS
  • The importance of Tor, Freenet and challenges of implementation
  • Discussing the evolution of services like Tor through "nation-state firewalls"
  • Changing the image of anonymous services
  • Making Tor and similar services more user-friendly, and more prevalent


  • Jeff Moss ( @TheDarkTangent ) - Jeff, also known as The Dark Tangent, is an American hacker, computer security expert and internet security expert who founded the Black Hat and DEF CON computer Hacker conferences. His Wikipedia page can be found here.
May 26, 2014
DtR Episode 93 - NewsCast for May 19th, 2014


  • I want to thank Circle City Con as a sponsor for the show! I have one more ticket to give away ... so watch the #DtR hashtag on Twitter!
  • Thanks to special guest Philip Beyer for sitting in James' seat this morning...


Topics discussed

May 19, 2014
DtR Episode 92 - Rapid Incident Response [Guests: Robin Jackson, Dan Moore]

In this episode

  • Dan gives us the reality of living in what is commonly termed "the post-breach" world
  • Dan and Robin talk through the explosion in the numbers of malware samples
  • We discuss the different approaches to malware, crimeware, and the cross-over between them
  • Dan explains what "rapid incident response" really means and why it's essential
  • Dan and Robin give us some excellent examples of incident preparedness fundamentals
  • Dan gives us a lesson on implementing 'powerful tools' (and forgetting about them)
  • We talk through "who's doing it well?" (and we don't get a very hopeful answer)
  • Is it time to learn from our own and others mistakes? (how?)


  • Robin Jackson ( @rjacksix ) - Robin is an incident response and digital forensics specialist for HP Enterprise Security Services.
  • Dan Moore - Dan is an incident response and digital forensics specialist for HP Enterprise Security Services.
May 12, 2014
DtR Episode 91 - NewsCast for May 5th, 2014

Topics dicussed

May 05, 2014
DtR Episode 90 - Things Your Auto Insurance Knows [Anonymous guest]

In this episode

  • We discuss some of the new techniques auto insurance companies are using to custom-tailor rates to drivers
  • Our guest discusses some of the capabilities of the widgets available
  • Our guest discusses the 'call home' functions, and potential mis-use
  • We use 'big data' seriously
  • We talk about 'big data' and security - for real
  • Our guest gives us a realistic view about the type of data that's out there about your driving, habits, and tracking


  • Our guest is an industry insider, who for obvious reasons chose not to identify himself. We respect the guest's position, and kindly ask that our listeners do as well.
Apr 28, 2014
Administrivia - April 27th 2014

Hey listeners!


Thanks to everyone who's put us in their RSS feed and regularly grabs the latest content. I just ran a running average of the last 20 episodes, and as of right now we're averaging ~802 downloads/episode. That's awesome, and so much more than I ever thought this show would grow to! It's all thanks to you, for listening, spreading the word, and being fans.


As we near episode 100 I promise you an episode you'll want to listen to, and share with those you know. James and I are working hard to make it special, with a guest that's ... well ... you'll see.


Thanks for being a fan.

/Raf & James

Apr 28, 2014
DtR Episode 89 - NewsCast for April 21st, 2014

Topics discussed

Apr 21, 2014
DtR Episode 88 - Advanced Threat Actors [Panel Discussion]

In this episode

  • Advanced Threat Actors - more or less a threat right now than before? (how much is hype?)
  • Advanced Persistent Threat - is it really THAT advanced? (a "what" or a "who"?)
  • The distinction of what "APT" is ...and isn't
  • Touching on Mandiant APT-1 ...hype from reality
  • A quick discourse on corporate espionage!
  • How we respond to APTs ... is this just really "incident response" for a boogeyman?
  • The snake oil salesman behind "Automated APT defense"
  • Threat Intelligence - necessary, but what's the proper use?
  • Threat Intelligence requires collaboration, how do we do it?
  • Is our security failing, or is our perception of what we want it to do wrong?
  • Key take-aways for the enterprise professional


  • Steve Santorelli ( @SteveSantorelli ) - Manager of outreach at Team Cymru
  • John Pirc ( @jopirc ) - CTO of NSS Labs
  • J. Oquendo ( @advancedthreat ) - veteran threat researcher
  • Robin Jackson ( @rjacksix ) - veteran threat researcher, forensics expert at HP Enterprise Security Services
Apr 14, 2014
DtR Episode 87 - NewsCast for April 7th, 2014

Topics covered

Apr 08, 2014
DtR Episode 86 - From DDoS to Quantum Computing [Guest: Prof Alan Woodward]

In this episode

  • Rise of DDoS
    • Where did it come from
    • What's next
    • Why does it work
    • Spoofer project
    • 3-DOS attacks
  • Quantum computing
    • What is it
    • How is it different than what we commonly use today
    • What problems does it solve
    • How practical is it
  • The dark web
    • Where did it come from
    • Legitimate uses, turn into nefarious use-cases
    • Alternatives, adoption and options


  • Prof. Alan Woodward ( @ProfWoodward ) - Alan is not only a subject matter expert in computing, computer security and the impact technology has on business but brings to his roles a very broad range of experience in business management, technical management and project management.
    Whilst he has particular expertise in covert communications, forensic computing and image/signal processing, Alan is primarily a particularly good communicator, be it with clients, staff or investors. He is known for his ability to communicate complex ideas in a simple, yet passionate manner. He not only publishes in the academic and trade journals but has articles in the national press and appears on TV and radio. Despite the length of his experience, his hands-on ability with emerging technologies contributes significantly to the respect he is repeatedly shown when he leads teams where technology is involved.
    Alan has been involved in some of the most significant advances in computer technology and, although he continues to work in industry, he is actively involved with academia as a visiting Professor in the Department of Computing which is part of the Faculty of Engineering and Physical Sciences at the University of Surrey.
    His achievements have resulted in him rising to become a Fellow of various institutions including British Computer Society, Institute of Physics and Royal Statistical Society.

Did you catch all that? DtR is giving away a free ticket to Source Boston - if you're interested in being the lucky recipient - be the first to @Wh1t3Rabbit with "I just won a ticket to @SOURCEConf Boston courtesy of the #DtR Podcast!"

Mar 31, 2014
DtR Episode 85 - NewsCast for March 24th, 2014

Topics covered

Mar 24, 2014
DtR Episode 84 - Rise of the Security Machines [Guest: Alex Pinto]

In this episode

  • what is the promise of automation, and where did we go wrong (or right?)
  • the problems with 'volume' (of logging) and the loss of expressiveness
  • a dive into 'exploratory based monitoring'
  • how does log-based data analysis scale?
  • baselines, and why 'anomaly detection' has failed us
  • does machine learning solve the 'hands on keyboard' (continuous tuning) problem with SIEM?
  • does today's 'threat intelligence' provide value, and is it really useful?
  • decrying the tools - and blaming the victims
  • what is machine learning good at, and what won't it be great at?
  • log everything!



  • Alex Pinto ( @alexcpsec ) - Alex has almost 15 years dedicated to Information Security solutions architecture, strategic advisory and security monitoring. He has been a speaker at major conferences such as BlackHat USA, DefCon, BSides Las Vegas and BayThreat.
    He has been researching and exploring the applications of machine learning and predictive analytics into information security data sources, such as logs and threat intelligence feeds.
    He launched MLSec Project ( in 2013 to develop and provide practical implementations of machine learning algorithms to support the information security monitoring practice. The goal is to use algoritmic automation to fight the challenges that we currently face in trying to make sense of day-to-day usage of SIEM solutions.
Mar 17, 2014
DtR Episode 83 - NewsCast for March 10th, 2014

Topics covered