Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
headphones
Down the Security Rabbithole Podcast (DtSR)

Down the Security Rabbithole Podcast (DtSR)

Rafal (Wh1t3Rabbit) Los

The DtSR Podcast is dedicated to the cyber security profession - with timely topics, lively personalities, deep dives, and no fear of the third rail. Running since 2011 - founded by Rafal Los (aka "@Wh1t3Rabbit"), and co-hosted by James Jardine and now featuring Mr. Jim Tiller - the weekly show will entertain you while you're learning something.
On Twitter/X: https://twitter.com/@DtSR_Podcast
On YouTube: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
On LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/

profile image

1 Listener

Share icon

All episodes

Best episodes

Seasons

Top 10 Down the Security Rabbithole Podcast (DtSR) Episodes

Goodpods has curated a list of the 10 best Down the Security Rabbithole Podcast (DtSR) episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Down the Security Rabbithole Podcast (DtSR) for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Down the Security Rabbithole Podcast (DtSR) episode by adding your comments to the episode page.

Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 556 - Will Regulation Price Out the Competition

DtSR Episode 556 - Will Regulation Price Out the Competition

Down the Security Rabbithole Podcast (DtSR)

play

06/20/23 • 48 min

Send the hosts a message - try it now!

TL;DR:
On this software security and regulation-focused episode of the podcast, the OG of AppSec (Jeff Williams) joins James & I to talk about the latest spate of regulations that require self-attested transparency about what companies are doing with respect to securing their software via supply chain and direct action.
Jeff contends this is a good thing and it's hard to argue that transparency drives good - however - I'm always curious what this does to those who struggle to afford to do better, which is what the vast majority of vendors to FedGov are.
Interesting discussion, join us!
YouTube Video: https://youtube.com/live/iavtEVADp4g
Guest

Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.

Listen on: Apple Podcasts Spotify

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

profile image

1 Listener

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 237 - NewsCast for March 21st 2017

DtSR Episode 237 - NewsCast for March 21st 2017

Down the Security Rabbithole Podcast (DtSR)

play

03/21/17 • 49 min

Send the hosts a message - try it now!

The Cost of Cybercrime - Let’s Take a Different Perspective

Home Depot to Pay Banks $25 Million in Data Breach Settlement

Survey: Experience Preferred Over Education When Hiring For Cybersecurity

  • The survey of 350 IT security professionals gauged their attitudes toward the skills shortage in cybersecurity. Some 93 percent agreed that experience is more important than qualifications. A further 73 percent claimed that it didn't matter whether IT staff were college graduates when it came to getting the job done.
  • Qualifications are considered degrees and certifications
    • The rub -- and what they didn’t ask -- is how do you assess the experience and capability of professionals to sol

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 448 - YGHT Knock Knock Who's There

DtSR Episode 448 - YGHT Knock Knock Who's There

Down the Security Rabbithole Podcast (DtSR)

play

05/25/21 • 48 min

Send the hosts a message - try it now!

Prologue

You've GOT to hear this!

This week on the podcast, I invited Martin Zizi of Aerendir, to talk about how we can use technology to not only distinguish between humans and non-humans (bots?) but also how to identify humans with staggering levels of precision - using commonly available and inexpensive components. He's got humor, an eclectic background, and great knowledge of the topic. Join us!

Guest

  • Martin Zizi
    • Bio: Dr. Martin Zizi, MD-Ph.D, deep expertise in Molecular Biophysics and Neurosciences. He is one of the Founders & CEO of Aerendir Mobile Inc. He is the inventor of the NeuroPrint®, a cloudless AI-supported neural-tapping technology that can be used for authentication, identification, encryption, secure TLS, and bot segregation. Following his early years in the United States as a Scientist at the Walter Reed Army Institute of Research where he worked on very advanced projects, he had a 20-years dual-track career, leading both academic and strategic projects as a top scientist in 3 fields and was also a Chief Scientific Officer for Belgian DoD. Martin was a sought-after advisor for the Belgian, the EU governments, international organizations (UN) and the industry. Aerendir Mobile Inc. is his second start-up. He was #2 at another start-up in the Medical technology vertical.
    • LinkedIn: https://www.linkedin.com/in/martinzizi/
    • Twitter: https://twitter.com/MartinZ_uncut
    • Aerendir Mobile, Inc.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 207 - NewsCast for August 16th 2016

DtSR Episode 207 - NewsCast for August 16th 2016

Down the Security Rabbithole Podcast (DtSR)

play

08/18/16 • 47 min

Send the hosts a message - try it now!

Quick note from Michael about the Straight Talk Framework & Program -- >

  • Get your free copy at https://securitycatalyst.com/straight-talk-framework/
  • Launched a new program last week... boy, did I learn a lot.
    • Mostly, it’s my failure to explain. I’m going to chronicle some of the lessons over the next few days and share them
    • If you’ve already downloaded the questions - I’d love to chat with you about your experience...
    • If you find yourself in a situation like this, let’s chat. 25 minutes on the phone and we’ll both benefit
  • Until Monday, August 22nd, chance to get on board early and benefit yourself; i’ve got a lot to share this week and into the future. We’re at the start of something big!

Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?

The Future Of ATM Hacking

  • http://www.darkreading.com/endpoint/the-future-of-atm-hacking/d/d-id/1326549
  • We didn’t have a problem, but we went ahead with the solution. Looking back on it, imagine some straight talk on this fiasco?
  • Yes, I realize some of you like the elegance of chip + pin; do you like the UX? Because it sucks. And if you lament the mag stripe, does that mean you stopped using a terrestrial radio, too?
  • Our need as leaders - in the enterprise and across the industry - is to focus limited energy and assets on the areas that create the most value

Apple will reward hackers with "bug bounty" to find flaws

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - * DtR Episode 50 - The Emergence of Geopolitics in InfoSec

* DtR Episode 50 - The Emergence of Geopolitics in InfoSec

Down the Security Rabbithole Podcast (DtSR)

play

07/22/13 • 42 min

Send the hosts a message - try it now!

Welcome down the rabbithole as we hit EPISODE 50! I'm thrilled that we've made it this far, and look forward to having you along for the ride into the future! At this point, I'd like to encourage you to listen to some of the fascinating guests we've had on this show, people I'm proud to have had a chat with, in the past archives... suggest guests, or just leave us a comment.

/Wh1t3Rabbit

In this episode...

  • We try and discuss 'defense in depth' on the geopolitical scale
  • @packetknife drops the truth about 'geopolitics experts' in InfoSec
  • Ali explains navigating the undocumented security requirements in emerging markets
  • We talk about whether all this stolen data from enterprise has actually made a difference
  • Ali discusses the 'western sense of intellectual property' (eye-opening!)
  • Deperimeterization - why #InfoSec must adapt this RIGHT NOW, but seems allergic to it
  • Ali drops 'lawfare' on us - and why #InfoSec must know its options
  • Wwe discuss why people 'generally just don't get it' when it comes to moving to triage over 'secure'
  • Ali decides he wants to be Frank, or is that frank? :-)

Guest

  • Ali-Reza Anghaie ( @PacketKnife ) - Ali is a resident expert (or as much as one can be) on geopolitics from his unique background, experience and perspective. He's a well-known figure in the community and has deep insight into the things that most of us read in the media, and pretend to understand. He's the perfect guest for Episode 50!

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtR Episode 42 - Threat Modeling

DtR Episode 42 - Threat Modeling

Down the Security Rabbithole Podcast (DtSR)

play

05/28/13 • 47 min

Send the hosts a message - try it now!

In this episode...

  • John discusses some of the foundational principles of Threat Modeling
  • We talk about why threat modeling is like your time in high school
  • We discuss why threat modeling is such an incredibly important tool to the enterprise
  • John gives us some nuggets of his experience with threat modeling enterprise applications

Guest

  • John Steven ( @m1splacedsoul ) - John Steven is the Internal CTO at Cigital with over a decade of hands-on experience in software security. John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant, John has provided strategic direction as a trusted advisor to many multi-national corporations. John’s keen interest in automation keeps Cigital technology at the cutting edge. He has served as co-editor of the Building Security In department of IEEE Security & Privacy magazine, speaks with regularity at conferences and trade shows, and is the leader of the Northern Virginia OWASP chapter. John holds a B.S. in Computer Engineering and an M.S. in Computer Science both from Case Western Reserve University.
    John is known for his in-depth work in software security, his expertise in the field of threat modeling, and his snarkcasm. If you don't follow John on Twitter or haven't attended one of the talks he's been known to give occasionally - I recommend you do so.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 284 - MSS SOS

DtSR Episode 284 - MSS SOS

Down the Security Rabbithole Podcast (DtSR)

play

02/20/18 • 50 min

Send the hosts a message - try it now!

This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen).

This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little. A lot.

Join us! And spread the word!

Guest:

  • Scott Stanton ( @Scott_Stanton ) - Information Security leader with experience in the High Tech, Manufacturing, Engineering, Services, and Energy industries. My technical depth includes application development, IP networking, operating systems, virtualization, and storage systems. Scott is currently the Senior Manager of Infrastructure Security at a medical technology company.

If you've noticed the new logo, it's courtesy of a phenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: http://fb.com/CzaplarskiArt. Peter is also the artist behind Vengence Nevada (found here, for you comic lovers: https://www.comixology.eu/Vengeance-Nevada-1/digital-comic/593731 ) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 211 - NewsCast for Sept 13th 2016

DtSR Episode 211 - NewsCast for Sept 13th 2016

Down the Security Rabbithole Podcast (DtSR)

play

09/15/16 • 48 min

Send the hosts a message - try it now!

Chrome to label more sites as insecure in 2017

A USB Device is all it takes to steal credentials from locked PCs

DHS chief: 'Very difficult' for hackers to skew vote

  • Link: http://thehill.com/policy/national-security/294956-homeland-head-very-difficult-for-hackers-to-skew-vote
    • Instead of dismissing the claim, let’s explore the merits
    • Then let’s consider what, if anything, it means for enterprise security
  • “It would be very difficult through any sort of cyber intrusion to alter the ballot count, simply because it is so decentralized and so vast,” he said, noting the series of state, local and county systems involved in running elections. “It would be very difficult to alter the count.”
    • Decentralized and vast - the merits
    • How many companies make the systems - so is it as decentralized as we’d like
    • How much of what you do in the enterprise is decentralized?
    • What are your points of failure - or the easy pathways to attack?
  • If someone did alter the vote... would we know? How would we know?
  • What’s the impact of appearing to alter the vote?
  • Depending on your organization... how would you h

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015

DtSR Episode 140 - Ethics of Hacking Live from AtlSecCon 2015

Down the Security Rabbithole Podcast (DtSR)

play

04/27/15 • 38 min

Send the hosts a message - try it now!

In this episode...

  • What about public safety, where do we draw the line on open research?
  • Self-regulation? Disclosure? What are our options...
  • What makes a researcher? We discuss
  • “Chilling security research”
  • A quick dive into bug bounty programs; do they help?
  • Ethics vs. moral compass ...we discuss
  • Hacker movies, and what they’re doing for our profession

Guests

  • Keren Elezari ( @K3r3n3 ) - brings years of experience in the international cyber security industry to the stage. Since 2000, Keren has worked with leading Israeli security firms, government organizations, Global Big 4 and Fortune 500 companies. Keren holds a CISSP security certification, a BA in History and Philosophy of Science and is currently a senior research fellow with the prestigious Security & Technology workshop at Tel Aviv University. In 2012, Keren held the position of Security Teaching Fellow with Singularity University, a private think tank, founded by Dr. Ray Kurzweil and sponsored by Google & NASA amongst others. Since 2013, Keren covers emerging security technologies and trends as a security industry analyst with GIGAOM research, a leading independent media hub. In 2014, Keren became the first Israeli woman to be invited to speak at the prestigious international annual TED conference. Keren’s TED talk has been viewed by 1.2 million people, translated to more than 20 languages and selected for TED’s list of ‘Most Powerful Ideas in 2014’ and for Inc.com’s list of ‘Top TED Talks of 2014’.
  • Kellman Meghu ( @kellman ) - heads up a team of Security Architects for CheckPoint Software Technologies Inc., the worldwide leader in securing the Internet. His background includes almost 20 years of experience deploying application protection and network-based security. Since 1996 Mr. Meghu has been involved with consultation on various network security strategies to protect ISP's in Southern Ontario as well as security audits and security infrastructure deployments for various Commercial and Governmental entities across Canada and the Central United States. Kellman has delivered security talks in private corporate focused events, at school internet safety classes for students and teachers, as well as public events such as, SecureWorld Seattle, The Check Point Experience, Bsides St. Johns, Bsides San Francisco, Bsides Iowa, Bsides Detroit, Secure360, Trilateral Conference, and Sector lunch keynote for 2014. Kellman has contributed to live TV interviews in the Toronto area with CP24, CityNews, and CHCH TV, as well as radio stati

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode
Down the Security Rabbithole Podcast (DtSR) - DtSR Episode 644 - Inside the Minds of Great Product Managers

DtSR Episode 644 - Inside the Minds of Great Product Managers

Down the Security Rabbithole Podcast (DtSR)

play

03/11/25 • 44 min

Send the hosts a message - try it now!

TL;DR: This week's episode shifts the focus from leadership in the enterprise, to leadership in the vendor space. Building security products that innovate, inspire, and meet market and customer demand is far from trivial. Meet two of the best in the business - Arash Marzban and Bryan Lares - and hear what makes the job exciting, and how they make it great.

YouTube video: https://youtube.com/live/wA9-vgusyI0

Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.

Listen on: Apple Podcasts Spotify

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

bookmark
plus icon
share episode

Show more best episodes

Toggle view more icon

FAQ

How many episodes does Down the Security Rabbithole Podcast (DtSR) have?

Down the Security Rabbithole Podcast (DtSR) currently has 694 episodes available.

What topics does Down the Security Rabbithole Podcast (DtSR) cover?

The podcast is about News, Security, Infosec, Risk, Tech News, Hacking, Podcasts, Technology, Cyber and Cybersecurity.

What is the most popular episode on Down the Security Rabbithole Podcast (DtSR)?

The episode title 'DtSR Episode 556 - Will Regulation Price Out the Competition' is the most popular.

What is the average episode length on Down the Security Rabbithole Podcast (DtSR)?

The average episode length on Down the Security Rabbithole Podcast (DtSR) is 43 minutes.

How often are episodes of Down the Security Rabbithole Podcast (DtSR) released?

Episodes of Down the Security Rabbithole Podcast (DtSR) are typically released every 7 days.

When was the first episode of Down the Security Rabbithole Podcast (DtSR)?

The first episode of Down the Security Rabbithole Podcast (DtSR) was released on Sep 13, 2011.

Show more FAQ

Toggle view more icon

Comments