In this episode...

• We discuss "big data", what the heck it really is, and whether it's something new, something old, or something marketing made up
• Marcus does interpretive dance, and makes up new words
• Alex (shockingly) disagrees with Marcus, and actually describes 'data science'
• We hear Marcus talk about "NBS - never before seen" detection and why it's so critical
• We collectively agree (it's OK to be shocked) that "big data" is not a product
• Marcus discusses why you should be defending against the sniper
• The guests disagree on whether we have too little data, or whether we just don't know how to make it work for us
• Alex puts on a tinfoil hat ...

Guests

• Marcus Ranum ( @mjranum ) - Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is a pioneer in security technology who was one of the early innovators in firewall, VPN, and intrusion detection systems. Since the late 1980s, Marcus designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer to founder and CEO of NFR. In SC Magazine's 20th Anniversary Edition, Marcus was named as one of the top industry pioneers over the last 20 years. Marcus is currently the CSO at Tenable.
• Alex Hutton ( @alexhutton ) - Alex is the Director of Operations Risk & Governance for a very, very large financial, so he has to stay incognito. Frankly, it doesn't matter much whether he says where he works, the dude's one of the smartest people I know, and lives, breathes, and often excretes 'risk' knowledge.

Synopsis

This timely podcast is right on the heels of the US vs. Cotterman decision from the 9th Circuit Court of Appeals. One of the watershed decisions on privacy and digital law, this is an extremely important case that touches on whether government agents can take and search your digital property while crossing the border with or without cause or suspicion. Michael and Shawn give their analysis, and we get some critical information for international business travelers, as well as those of us in the security community who regularly cross the US border with sensitive, potentially encrypted or password-protected information.

Link to the original 9th Circuit Court of Appeals decision: http://cdn.ca9.uscourts.gov/datastore/opinions/2013/03/08/09-10139.pdf

You're not going to want to miss this podcast.

Guests

1. Michael Schearer ( @theprez98 ) - Security consultant and penetration tester by day, law student and hacker by night, proud Navy veteran, writer, promoter of civility in political discourse, Philadelphia and Penn State sports fanatic, practicing philomath, and last but certainly not least, Dad and Husband. Michael maintains a fantastic blog at http://theprez98.blogspot.com.
2. Shawn E. Tuma ( @shawnetuma ) - Partner at the law firm BrittonTuma and an attorney with a broad based business, litigation, and intellectual property litigation experience combined with his unique expertise with cutting-edge legal issues such as computer fraud, data security, privacy, and social media law. Shawn is a member of the Information Security Committee of the Section of Science & Technology Law for the American Bar Association and the Privacy, Data Security, and e-Commerce Committee of the State Bar of Texas. Shawn maintains a great resource for analysis on legal decisions http://www.shawnetuma.com.

Synopsis

Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of interest including the ugly phrase "it's a business decision" and why we say that. We also dive into how decisions are made, and why security and business are still often at odds on goals and acceptable 'risks'... and why our recommendations and guidance still falls on seemingly deaf ears.

We sample some of the sage wisdom of J.W. Goerlich as he runs his IT and security organization, and how he asks his security employees to think business, and put themselves into the frame of reference of the business when making decisions.

Jen Fox brings up Miller's Law, and teachs us to ask "What is that true of?" when framing discussions in the business context with non-technologists. Jen makes us think about frames of reference. She tells us that we must assume that a statement someone makes is true ... from their frame of reference and we simply must get inside their frame of reference to understand their thinking.

Steven Fox gives us a little bit of a glimpse into the government world where you can't always go sit down with the decision maker, and have to depend on your relationships, cooperation, and sometimes back-room politics to get things done.

I invite you to listen in, this is a timeless discussion that everyone should participate in.

Guests

• J.W. Goerlich - @JWGoerlich - Information Systems and Information Security Manager. Regular InfoSec practitioner, occasional speaker and writer. INTJ. #MiSec, #BSidesDetroit, #CSA, #Owasp
• Jen Fox - @J_Fox - Making security accessible to the end user. Independent consultant, biz analyst, tech-to-biz translator, and diplomat. CIPP/IT and locksport enthusiast.
• Steven Fox - @Securelexicon - I am a Security Architect at the U.S. Dept of the Treasury & Penetration Tester passionate about security as a business value and differentiator.

Synopsis

Shawn and I have been trying to get together to record an episode for what seems like forever. We first started talking about the CFAA (Computer Fraud and Abuse Act) when it was ruled that a person could not be charged as a 'hacked' under the CFAA by their employer when they accessed information improperly if the employed did not restrict that access appropriately. Shawn's expert insight here as an attorney dealing with the CFAA shines as we talk about hacking, vulnerability research, and other critical topics to the hacker culture, information security industry and security professionals.

You're not going to want to miss what Shawn has to say... I want to thank him for his time, and encourage anyone who needs the sort of advice Shawn has to give him a call, or send him a Tweet.

Guest

Shawn E. Tuma - Shawn E. Tuma is an experienced business, litigation, and intellectual property attorney at BrittonTuma who helps businesses and individuals assess, avoid, and resolve business and legal issues. Shawn has spent his career handling cases before state and federal courts alike and is well versed in both traditional and emerging areas of the law. In addition to his career-long business law and litigation practice, he has developed a niche practice as a thought-leader in emerging areas of such as computer fraud, data breach, privacy, and social media law, with a strong command of the Computer Fraud and Abuse Act. Shawn enjoys handling highly complex commercial, technological, and intellectual property matters as much as he does those that are more traditional. Shawn can be found on Twitter as @shawnetuma.

Synopsis

I sat down with Bill at ISSA International in Anaheim, CA in the fall of 2012 to discuss what it's like, and what types of challenges he faces in the fast-paced, hybrid world of security at Netflix. We talked about some of the challenges his environment faces, and more generic issues that are endemic to the evolving security landscape. It's fascinating to hear Bill's take on what the big picture items are, and how security is really in a state of evolution right now. Join us, I tihnk you'll love this episode.

Guest

Bill Burns - Director of IT Security and Networking, Netflix - Bill is a silicon valley titan, his name is associated with the likes of Infoblox, Riverbed and Netflix. Currently he's the Director of IT Security and networking at Netflix managing security in a hybrid cloud, traditional IT world, and facing some of the most complicated challenges in today's tough security landscape.

Synopsis

To kick off January on the Down the Rabbithole podcast I have Mikko Hypponen, the "malware adventurer" and Chief Resarch Officer from F-Secure Corp and we're talking about the state of malware and 'viruses' digging into the modern threat landscape and maybe digging up a bit of nostalgia from the late 90's. This is a fascinating conversation so I invite you to break out your old boot sector and COM viruses and join us for some interesting discussion!

Guest

Mikko Hypponen - Chief Research Officer at F-Secure Corp., TED speaker, and self-professed "malware adventurer". He can be found on Twitter at @Mikko