Tue, 27 September 2016
Quick update and invitation from Michael: starting to explore rolling out services and improving the Straight Talk Framework. If you’re up to discuss with me - I’ll offer a brief overview and then a “setup for Straight Talk” review to explore how to get you started. It’s a real offer because I know we’ll both learn. And then I’ll get a better sense of where to focus and how to help more people in our industry.
Note on yahoo: we’ll talk to Shawn later
How are Healthcare Data Breach Victims Affected by Attacks?
We're told data breaches cost millions on average - but this security study disagrees
NIST launches self-assessment tool for cybersecurity
House to vote on cyber bill for small businesses
Direct download: DtSR_Episode_213_-_NewsCast_for_September_27th_2016.mp3
Category:NewsCast -- posted at: 12:00am CDT
Tue, 20 September 2016
In this episode, we talk with Mike Tierney, who is the brand-new CEO at Veriato. In our conversation we talk through a primer on insider threat, and use the great example of hosting a dinner party.
Mike has loads of nuggets of wisdom from his experience and we're certain that if you're a seasoned insider threat professional, or just thinking about the topic and wondering if you can do anything to protect your company - this show will be a good primer for furthering your discussion and learning.
Listen in, comment and share with your colleagues! Our show is always safe for the office and educational.
Talk back! Use our Twitter hashtag #DtSR to discuss this episode, ask questions, or suggest other topics or guests for the future!
Wed, 14 September 2016
Chrome to label more sites as insecure in 2017
A USB Device is all it takes to steal credentials from locked PCs
DHS chief: 'Very difficult' for hackers to skew vote
Big business worried more about data loss than hackers – survey
Obama Names Retired Air Force General as First Federal CISO
Direct download: DtSR_Episode_211_-_NewsCast_for_Sept_13th_2016.mp3
Category:NewsCast -- posted at: 10:01pm CDT
Tue, 6 September 2016
In this episode James and I invite Vlad Klasnja from Optiv's Office of the CISO, and Hudson Harris, Chief Privacy Officer at HarrisLOGIC, to talk about data protection. From defining the concept to providing some insight into how we can actually protect confidential information - we talk through a lot of complex issues in this segment. Join us!
Mon, 29 August 2016
NewsCast for Tuesday August 30th, 2016
Clinic Won’t pay breach protection for victims
California Bill would add security standards to data breach law
St. Jude stock shorted on heart device hacking fears
A Temperature-check on the state of application security
Important Apple patch for ‘Trident’
Direct download: DtSR_Episode_209_-_NewsCast_for_August_29th_2016.mp3
Category:NewsCast -- posted at: 11:57pm CDT
Tue, 23 August 2016
This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk through the sudden popularity of the attack vector, the way the underground "criminal enterprise" has scaled and grown and the future of being a bad guy.
If you have occasion to talk to your organization's leadership on the ransomware epidemic, you need to listen to this podcast first.
Direct download: DtSR_Episode_208_-_Beyond_the_Ransomware_Economy.mp3
Category:Enterprise Security -- posted at: 12:58am CDT
Thu, 18 August 2016
Quick note from Michael about the Straight Talk Framework & Program -- >
Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?
The Future Of ATM Hacking
Apple will reward hackers with "bug bounty" to find flaws
Turbulence Ahead: Delta Computer Outage Is Just The Start, Say Experts
Risk vs reward – when good data becomes dangerous
Chief Security Officer May Be The Job Of The Future That No One Wants
Direct download: DtSR_Episode_207_-_NewsCast_for_August_16th_2016.mp3
Category:NewsCast -- posted at: 12:14am CDT
Tue, 9 August 2016
In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk through our industry's obsession with vulnerabilities, dive headlong into the thorny issue of security research, talk through the various issues with disclosure and even delve into some ethics issues.
This episode is content-packed with some content that you will likely want to talk to us about. So here's how to find us:
Steve on Twitter: @SushiDude
Hashtag for the show: #DtSR
Steve's Bio (from LinkedIn - https://www.linkedin.com/in/steve-christey-coley-66aa1826):
Editor / Technical Lead for the Common Vulnerabilities and Exposures (CVE) project; Technical Lead for the Common Weakness Enumeration (CWE); co-author of the "Responsible Vulnerability Disclosure Process" IETF draft with Chris Wysopal in 2002; participant in Common Vulnerability Scoring System (CVSS) and NIST's Static Analysis Tool Exposition (SATE). My primary interests include secure software development and testing, understanding the strengths and limitations of automated code analysis tools, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research.
Direct download: DtSR_Episode_206_-_Vulnerabilities_Disclosure_Ethics_Research_and_Security.mp3
Category:Enterprise Security -- posted at: 10:41pm CDT
Fri, 5 August 2016
Quick note from Michael about the Straight Talk Framework -- >
$2.7 Million HIPAA Penalty For Two Smaller Breaches
Is the GOP seriously considering endorsing vigilante hacking?!
NIST declares the age of SMS based 2-factor authentication over
The ninth circuit holds that accessing a website after receiving a cease and desist order does violate CFAA
A “famed hacker” is Grading Thousands of programs
Direct download: DtSR_Episode_205_-_NewsCast_for_August_2nd_2016.mp3
Category:NewsCast -- posted at: 10:59pm CDT
Tue, 26 July 2016
This week, Chris Romeo joins Michael, James and I to talk about changing the security posture of an organization by changing culture. This episode talks through tough issues like incentives, measurements and success factors. This episode with Chris is of particular interest for leaders and those who are working hard to change companies at their core, for the long term.
Chris Romeo's bio:
Chris Romeo is CEO and co-founder of Security Journey. His passion is to bring application security awareness to all organizations, large and small. He was the Chief Security Advocate at Cisco Systems for five years, where he guided Cisco’s Secure Development Life Cycle program, empowering engineers to "build security in" to all products at Cisco. He led the creation of Cisco’s internal, end-to-end application security awareness program launched in 2012. Chris has twenty years of experience in security, holding positions in application security, penetration testing, and incident response. Chris holds the CISSP and CSSLP certifications, and is a frequent conference speaker at RSA and AppSec.
Tue, 19 July 2016
Researchers have come up with a 'cure' for ransomware
The government has officially issued a 'fact sheet' on randomware
Pokemon Go! - a neat idea with big issues potentially
FDIC hacked but covered it up, didn't report
The Fiat/Chrysler bug bounty program
Direct download: DtSR_Episode_203_-_NewsCast_for_July_19th_2016.mp3
Category:NewsCast -- posted at: 12:00am CDT
Tue, 12 July 2016
This week on the Down the Security Rabbithole podcast, Brandon Dunlap is back for his second show. Following up on Episode 158 where we discussed outsourced security, this time around we talk through the next iteration of what "Managed Security" and outsourcing means to security.
You're not going to want to miss this episode!
As always, hit up our hashtag on Twitter at #DtSR and you can find Brandon on Twitter as well at @bsdunlap if you want to talk to him directly.
Tue, 28 June 2016
** Our 200th numbered episode! **
A note from Raf:
Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our podcast. We are absolutely floored with the support and listenership we've received. The average show now gets just under 2,500 downloads when released in the first week, and that number goes up every week. So from the bottom of my heart, I humbly thank you and hope you'll continue to listen, share, and comment.
This week's episode is titled "Privacy, Security, Risk and Law Collide" as we host Dr. Chris Pierson and our recurring legal eagle from the great state of Texas, Shawn Tuma. If you don't have Shawn added on Twitter, you should go follow him right now.
In this week's episode we discuss the increasingly overlapping world of what was once "IT security" which has now started coming together with privacy, risk and law. Chris is uniquely poised to talk on the subject, as you will hear his credentials speak for themselves. You'll want to get comfortable, pay attention, and give this episode a careful listen as we take you down the security rabbithole for the 200th time.
Direct download: DtSR_Episode_200_-_Privacy_Security_Risk_and_Law_Collide.mp3
Category:Enterprise Security -- posted at: 12:00am CDT
Tue, 21 June 2016
In this episode..
The "Nuclear Bomb" analogy isn't working, stop using it"
iOS apps will require secure https connections by 2017
Inside Sierra: How apple watch “auto unlock” will let you jump straight into MacOS
FICO to Offer 'Enterprise Security Scores'
Why don't banks care more about credit card security?
Cisco launches $10 million scholarship to tackle cybersecurity talent shortage
Direct download: DtSR_Episode_199_-_NewsCast_for_June_21st_2016.mp3
Category:NewsCast -- posted at: 12:00am CDT
Tue, 14 June 2016
On this episode of the Down the Security Rabbithole podcast, Dawn-Marie Hutchinson, currently an Executive Director within the Optiv Office of the CISO joins us and we talk about the things that she's learned over her career working with legal counsel, CISOs and solving problems. A fantastic episode with lessons learned, and executive leadership crammed into less than an hour. Give it a listen!
Find Rie on Twitter at @CISO_Advantage
UPDATE: Thanks to Sean Jackson (@74rku5) who has hand-transcribed the show. I haven't read this, personally, so if there if he slipped any humor I can't be held accountable!
Direct download: DtSR_Episode_198_-_What_Legal_Counsel_Wishes_CISOs_Knew.mp3
Category:Enterprise Security -- posted at: 3:53pm CDT