
Down the Security Rabbithole Podcast (DtSR)
Rafal (Wh1t3Rabbit) Los
The DtSR Podcast is dedicated to the cyber security profession - with timely topics, lively personalities, deep dives, and no fear of the third rail. Running since 2011 - founded by Rafal Los (aka "@Wh1t3Rabbit"), and co-hosted by James Jardine and now featuring Mr. Jim Tiller - the weekly show will entertain you while you're learning something.
On Twitter/X: https://twitter.com/@DtSR_Podcast
On YouTube: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
On LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/

1 Listener
All episodes
Best episodes
Seasons
Top 10 Down the Security Rabbithole Podcast (DtSR) Episodes
Goodpods has curated a list of the 10 best Down the Security Rabbithole Podcast (DtSR) episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Down the Security Rabbithole Podcast (DtSR) for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Down the Security Rabbithole Podcast (DtSR) episode by adding your comments to the episode page.

DtSR Episode 556 - Will Regulation Price Out the Competition
Down the Security Rabbithole Podcast (DtSR)
06/20/23 • 47 min
Send the hosts a message - try it now!
TL;DR:
On this software security and regulation-focused episode of the podcast, the OG of AppSec (Jeff Williams) joins James & I to talk about the latest spate of regulations that require self-attested transparency about what companies are doing with respect to securing their software via supply chain and direct action.
Jeff contends this is a good thing and it's hard to argue that transparency drives good - however - I'm always curious what this does to those who struggle to afford to do better, which is what the vast majority of vendors to FedGov are.
Interesting discussion, join us!
YouTube Video: https://youtube.com/live/iavtEVADp4g
Guest
- Jeff Williams
- LinkedIn: https://www.linkedin.com/in/planetlevel/
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

1 Listener

DtSR Episode 644 - Inside the Minds of Great Product Managers
Down the Security Rabbithole Podcast (DtSR)
03/11/25 • 43 min
Send the hosts a message - try it now!
TL;DR: This week's episode shifts the focus from leadership in the enterprise, to leadership in the vendor space. Building security products that innovate, inspire, and meet market and customer demand is far from trivial. Meet two of the best in the business - Arash Marzban and Bryan Lares - and hear what makes the job exciting, and how they make it great.
YouTube video: https://youtube.com/live/wA9-vgusyI0
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

* DtR Episode 50 - The Emergence of Geopolitics in InfoSec
Down the Security Rabbithole Podcast (DtSR)
07/22/13 • 42 min
Send the hosts a message - try it now!
Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into the future! At this point, I'd like to encourage you to listen to some of the fascinating guests we've had on this show, people I'm proud to have had a chat with, in the past archives... suggest guests, or just leave us a comment.
/Wh1t3Rabbit
In this episode...
- We try and discuss 'defense in depth' on the geopolitical scale
- @packetknife drops the truth about 'geopolitics experts' in InfoSec
- Ali explains navigating the undocumented security requirements in emerging markets
- We talk about whether all this stolen data from enterprise has actually made a difference
- Ali discusses the 'western sense of intellectual property' (eye-opening!)
- Deperimeterization - why #InfoSec must adapt this RIGHT NOW, but seems allergic to it
- Ali drops 'lawfare' on us - and why #InfoSec must know its options
- Wwe discuss why people 'generally just don't get it' when it comes to moving to triage over 'secure'
- Ali decides he wants to be Frank, or is that frank? :-)
Guest
- Ali-Reza Anghaie ( @PacketKnife ) - Ali is a resident expert (or as much as one can be) on geopolitics from his unique background, experience and perspective. He's a well-known figure in the community and has deep insight into the things that most of us read in the media, and pretend to understand. He's the perfect guest for Episode 50!
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

DtSR Episode 217 - NewsCast for October 25th 2016
Down the Security Rabbithole Podcast (DtSR)
10/25/16 • 47 min
Send the hosts a message - try it now!
The Massive DDoS That Hit Dyn.Org
- Massive DDoS disrupts a ton of popular websites (Netflix, Twitter, etc)
- IoT used to amplify attack
- What does this mean for corporate users, home users, and vendors?
- https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
Verizon Reviewing Terms of Yahoo Deal As Revenue Slides
- Is this really the result of the breach or did someone just get cold feet?
- We’re speculating, but we’ve heard this type of talk before
- To be honest, Yahoo! saw a rise in earnings over what was projected
- http://www.wsj.com/articles/verizon-revenue-falls-below-views-1476966420
- Why are companies still making their end-users follow ridiculous policies?
- Selfies? Is that a viable replacement?
- What about SMS as an OTP replacement that NIST ‘deprecated’?
St. Jude Medical to Create Cybersecurity Advisory Board; Muddy Waters Releases More Vulnerability Allegations
- The ‘fight’ between the short-sell firm and St. Jude Medical is back
- Smack in
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

DtSR Episode 284 - MSS SOS
Down the Security Rabbithole Podcast (DtSR)
02/20/18 • 50 min
Send the hosts a message - try it now!
This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen).
This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little. A lot.
Join us! And spread the word!
Guest:
- Scott Stanton ( @Scott_Stanton ) - Information Security leader with experience in the High Tech, Manufacturing, Engineering, Services, and Energy industries. My technical depth includes application development, IP networking, operating systems, virtualization, and storage systems. Scott is currently the Senior Manager of Infrastructure Security at a medical technology company.
If you've noticed the new logo, it's courtesy of a phenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: http://fb.com/CzaplarskiArt. Peter is also the artist behind Vengence Nevada (found here, for you comic lovers: https://www.comixology.eu/Vengeance-Nevada-1/digital-comic/593731 ) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

DtSR Episode 207 - NewsCast for August 16th 2016
Down the Security Rabbithole Podcast (DtSR)
08/18/16 • 47 min
Send the hosts a message - try it now!
Quick note from Michael about the Straight Talk Framework & Program -- >
- Get your free copy at https://securitycatalyst.com/straight-talk-framework/
- Launched a new program last week... boy, did I learn a lot.
- Mostly, it’s my failure to explain. I’m going to chronicle some of the lessons over the next few days and share them
- If you’ve already downloaded the questions - I’d love to chat with you about your experience...
- If you find yourself in a situation like this, let’s chat. 25 minutes on the phone and we’ll both benefit
- Until Monday, August 22nd, chance to get on board early and benefit yourself; i’ve got a lot to share this week and into the future. We’re at the start of something big!
Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?
- http://www.techtimes.com/articles/173282/20160811/microsoft-accidentally-leaks-golden-keys-that-unlock-secure-boot-protected-windows-devices-oops.htm
- Bottom line: backdoors are always discovered, compromised
- Another take away: key management... sounds easy, is rarely so.
- If you have the need to manage keys in your enterprise, don't try to do this yourself
The Future Of ATM Hacking
- http://www.darkreading.com/endpoint/the-future-of-atm-hacking/d/d-id/1326549
- We didn’t have a problem, but we went ahead with the solution. Looking back on it, imagine some straight talk on this fiasco?
- Yes, I realize some of you like the elegance of chip + pin; do you like the UX? Because it sucks. And if you lament the mag stripe, does that mean you stopped using a terrestrial radio, too?
- Our need as leaders - in the enterprise and across the industry - is to focus limited energy and assets on the areas that create the most value
Apple will reward hackers with "bug bounty" to find flaws
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

Down the Rabbithole - Episode 09 - Jeff Reich Explains "Table Stakes" and Other InfoSec Genius
Down the Security Rabbithole Podcast (DtSR)
01/16/12 • 40 min
Send the hosts a message - try it now!
Synopsis
This episode with Jeff was awesome, recorded at the OWASP LASCON security conference, I got a chance to sit down with Jeff in person and talk shop. I always learn something, but in this podcast Jeff dispensed his usual wisdom in buckets, I could barely write this stuff down fast enough. We covered the raising of the "information security table stakes", and what the last 15 years have meant to the information security profession in terms of evolution. We went into a discussion on how information security can avoid being a cost center and feeling the traditional expansion and contraction with workload and economic times, and I learned what the phrase "it was a business decision" really means. In case you need one more compelling reason, Jeff brought up yet another gem when he discussed how the business pushes the boulder off the cliff, then expects information security to change its trajectory mid-fall ... you're not going to want to miss this. I had a wonderful time catching up with Mr. Reich, and you'll enjoy this podcast, that's a promise.
Guest
- Jeff Reich - (hint: it's prounounced "rich") - A solid history of developing and providing expertise and leadership on information security and all associated disciplines by integrating Managed Risk into the business in the energy, manufacturing, technology and financial services industries. Successfully created and implemented comprehensive Security and Risk Management Infrastructure for a large oil and gas company as well as four of the largest Internet and e commerce providers in their respective industries. Holds a national reputation of excellence through results, publications and presentations of value. Known for ability to hire, train and inspire high performance teams that support and help drive the core business structures. [LinkedIn: http://www.linkedin.com/in/jreich]
In addition to that, I've known Jeff for a very, very long time throughout his illustrious career, and have always been amazed by his ability to dispense one-liner wisdom, like this one on a recent blog post on "The compliance hamster wheel": "I have been saying for years that simply chasing compliance is like chasing your tail. You probably won't catch it and if you do, it will hurt."
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

DtR Episode 42 - Threat Modeling
Down the Security Rabbithole Podcast (DtSR)
05/28/13 • 47 min
Send the hosts a message - try it now!
In this episode...
- John discusses some of the foundational principles of Threat Modeling
- We talk about why threat modeling is like your time in high school
- We discuss why threat modeling is such an incredibly important tool to the enterprise
- John gives us some nuggets of his experience with threat modeling enterprise applications
Guest
- John Steven ( @m1splacedsoul ) - John Steven is the Internal CTO at Cigital with over a decade of hands-on experience in software security. John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant, John has provided strategic direction as a trusted advisor to many multi-national corporations. John’s keen interest in automation keeps Cigital technology at the cutting edge. He has served as co-editor of the Building Security In department of IEEE Security & Privacy magazine, speaks with regularity at conferences and trade shows, and is the leader of the Northern Virginia OWASP chapter. John holds a B.S. in Computer Engineering and an M.S. in Computer Science both from Case Western Reserve University.
John is known for his in-depth work in software security, his expertise in the field of threat modeling, and his snarkcasm. If you don't follow John on Twitter or haven't attended one of the talks he's been known to give occasionally - I recommend you do so.
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

DtSR Episode 569 - Keeping Secrets a Secret
Down the Security Rabbithole Podcast (DtSR)
09/19/23 • 39 min
Send the hosts a message - try it now!
TL;DR:
This week's show features Oded Hareven, Co-Founder & CEO at Akeyless, and we cover some topics that are important, but brand new to us. Oded started a secrets management company and addressed some of the challenges and new technology with us.
First, we discuss the "secret zero" problem (the one I worry about quite often), then zero-knowledge secrets management, and finally, this thing called "distributed fragmented crypto" (which is a bit mind-blowing honestly). I think you'll enjoy this podcast, as it's a little more technical than most, and something you may not hear elsewhere.
YouTube Video: https://youtube.com/live/uNtoFbFrTjo
Guest:
- Oded Hareven
- LinkedIn: https://www.linkedin.com/in/odedhareven/
- Akeyless website: https://akeyless.io
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

DtSR Episode 187 - NewsCast for March 29th, 2016
Down the Security Rabbithole Podcast (DtSR)
03/29/16 • 40 min
Send the hosts a message - try it now!
In this episode...
- BadLock bug (which now has a website, a graphic, and more hype than Bieber) is out there
- Is the bug really worth all this hype?
- Is this anything more than a PR stunt, and a big marketing opportunity?
- Everyone has an opinion, but one thing is for certain, this bug is making big waves
- http://www.wired.com/2016/03/hype-around-mysterious-badlock-bug-raises-criticism/
- Your wireless mouse is probably a security risk... seriously.
- RF-based mice typically don't use encryption or mutual authentication
- Some do (all of my Microsoft & Logitech mice tell me they mutually authenticate & encrypt... I think)
- How far up, or down, your risk register is this one; and how much should it matter to enterprise?
- http://www.thefiscaltimes.com/2016/03/23/Your-Wireless-Mouse-May-Be-Exposing-You-Cyber-Hackers
- Your Node.js package manager could be an entry point for worms?
- Now that everything has functionality over our endpoints...
- Dependencies seem to be (at least partially) to blame here (who's surprised?)
- http://news.softpedia.com/news/node-js-package-manager-vulnerable-to-malicious-worm-packages-502216.shtml
- Ransomware is getting nastier (and more effective)
- Remember it's just a business model, so they actually are pretty good at unlocking, support, etc once you pay up
- What happens when a hospital system gets locked/encrypted -- real lives are at stake here!
- Enterprise advice? Backup, test, and take it all offline regularly so you can recover
- This is only going to get worse. Much, much worse.
- http://www.itsecurityplanet.com/experts-corner/hospital-hit-with-ransomware-contagion-declares-internal-emergency
- http://www.healthitoutcomes.com/doc/backup-recovery-system-control-ransomware-attack-0001
- http://www.healthcareitnews.com/news/ransomware-wreak-havoc-2016-icit-study-says
>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
Show more best episodes

Show more best episodes
Featured in these lists
FAQ
How many episodes does Down the Security Rabbithole Podcast (DtSR) have?
Down the Security Rabbithole Podcast (DtSR) currently has 683 episodes available.
What topics does Down the Security Rabbithole Podcast (DtSR) cover?
The podcast is about News, Security, Infosec, Risk, Tech News, Hacking, Podcasts, Technology, Cyber and Cybersecurity.
What is the most popular episode on Down the Security Rabbithole Podcast (DtSR)?
The episode title 'DtSR Episode 556 - Will Regulation Price Out the Competition' is the most popular.
What is the average episode length on Down the Security Rabbithole Podcast (DtSR)?
The average episode length on Down the Security Rabbithole Podcast (DtSR) is 43 minutes.
How often are episodes of Down the Security Rabbithole Podcast (DtSR) released?
Episodes of Down the Security Rabbithole Podcast (DtSR) are typically released every 7 days.
When was the first episode of Down the Security Rabbithole Podcast (DtSR)?
The first episode of Down the Security Rabbithole Podcast (DtSR) was released on Sep 13, 2011.
Show more FAQ

Show more FAQ