TL;DR: On this episode of the pod, Jim Tiller and I talk through the hot takes published about the SEC vs SolarWinds and Brown, and why so many people are getting it all wrong. I highly encourage you to go read the actual indictment before giving your opinion.  Link to the SEC page: https://www.sec.gov/news/press-release/2023-227YouTube video: https://youtube.com/live/9z4g9p3BW-YMy YouTube "short" on this subject: https://youtube.com/shorts/o1Qsdy5xU-o Support the show>>> If you're...

TL;DR: Executive Conference organizers - this episode is for YOU. On today's episode of the podcast, it's just James and I on the microphone discussing all of these executive security events you may be getting invited to. They're just generally bad - people with big titles rattling off corporate marketing speak, with low attendance and low value. Or ...is there a better way? We discuss, and offer some suggestions to conference organizers to make these events fun and worthwhile again. Link...

TL;DR: This week on the pod, Andrew Morris & Tom Venables from Turnkey Consulting join me for a semi-regular check-in from the consultancy world as we discuss the overwhelming problem with technology. Specifically, we talk about tools strategies for budget squeezes, filling niche use cases, and how to rationalize what you've got if you want more. Come check out the video - Tom's background is totally worth it. YouTube video: https://youtube.com/live/Dmss-pGAsyE Guests Tom...

TL;DR: This week on an interesting show that dives into the world of healthcare cybersecurity, Dan Dodson joins James and I to discuss the state of things, the reason for some of the chaos, and what the future outlook could be. The challenges are many, the outlook can be bleak, and while we have challenges both in business and technology (a la technical debt) - there is hope for a bright, secure, future. Give this episode a listen. Youtube Video:...

TL;DR This week on the podcast Jerry Plaza from Netskope joins us to talk about the (re?)convergence between the network and security functions as policy, enforcement, and connectivity necessarily once again converge. It's been a long journey - but this time we think it's going to stick - hear why. Youtube video: https://youtube.com/live/RbobEfNMk2M Guest Gerry PlazaLinkedIn: https://www.linkedin.com/in/gerry-plaza/BuzzcastKeep up to date on the latest podcasting tech & news with the...

TL;DR Working with security vendors is tough - and it's not getting better. Market consolidation, product maturity, innovation - all of that has to be factored in to develop a strategy and deal with the constant change. Whatever your current strategy - Brent, Rafal, and James discuss some options and how it could be. YouTube Video: https://youtube.com/live/R2-CKVBsexI Guest Brent DeterdingLinkedIn: https://www.linkedin.com/in/brent-deterding/Security UnfilteredCyber Security can be a...

TL;DR: On this episode of the podcast - Rafal is joined by long-time friends and colleagues, Jim Tiller, Matt Shufeldt, and reformed analyst Anton Chuvakin to discuss the role and value of the virtual CISO. Or maybe it's the "fractional CISO". Or maybe it's something else? We work through value prop, how to pick a worthwhile partner in a fractional CISO, and advice for avoiding the dangers that come with bad advice, and worse engagement. YouTube Video:...

TL;DR; This is part 2 of 2 - for this amazing topic! Please join us for both parts, and check out the full-length video online and available RIGHT NOW. On this episode of the DtSR Podcast, I welcome Kristin Demoranville and Nelson Estrada Hernandez to talk about the food industry and how cyber security can and should be a vital part in this absolutely critical topic. YouTube Video (full 62 minutes): https://youtube.com/live/72z70zYLxyc Links: Agriculture ISAC:...

TL;DR; This is part 1 of 2 - for this amazing topic! Please join us for both parts, and check out the full-length video online and available RIGHT NOW. On this episode of the DtSR Podcast, I welcome Kristin Demoranville and Nelson Estrada Hernandez to talk about the food industry and how cyber security can and should be a vital part in this absolutely critical topic. YouTube Video (full 62 minutes): https://youtube.com/live/72z70zYLxyc Links: Agriculture ISAC:...

TL;DR: This week's show features Oded Hareven, Co-Founder & CEO at Akeyless, and we cover some topics that are important, but brand new to us. Oded started a secrets management company and addressed some of the challenges and new technology with us. First, we discuss the "secret zero" problem (the one I worry about quite often), then zero-knowledge secrets management, and finally, this thing called "distributed fragmented crypto" (which is a bit mind-blowing honestly). I think you'll...

TL;DR: This week we are starting a quarterly segment with Sean Scranton and Shawn Tuma - that's right folks, you'll get our favorite breach coach aka "The oh-shit moment guy" and one of the most knowledgeable cyber insurance people together on the podcast four times a year (at least). So what did we cover on this show? Oye - looks like White Castle (yeah, my favorite of all time burger place from back in Illinois!) is in hot water, the SEC is ... well, being the SEC, and there's a bunch of...

TL;DR: I'm so excited to announce this podcast. This week the one and only Dominic Vogel joins me on the show to talk about SMBs - you know, those building blocks of the economy that most vendors pretend don't exist because it doesn't make them big $$$. And it's a whopper of a conversation with insights, ideas, and conversation that is looking to change things for the better. Hell, at least raise the awareness (wilful?) of the problems SMBs face. YouTube Video Stream:...

TL;DR: Kellman's been one of the guests I've been chasing for years but he's always been too busy or too tied up in corporate requirements to be on the podcast - but now he's available and here we are. Kellman's got a lot of years behind him slinging network security gear, so it's a bit of a surprise to some that he has pivoted hard into cloud concepts and has some harsh truths for people who still think of old security paradigms when it comes to new technologies like, ahem, the cloud. Join...

TL;DR: This week's episode is packed with content, as the one and only Jim Tiller joins James and me for a podcast that ...well ...does a fair bit of analysis of Black Hat, the industry, and several other things that are probably top of mind for you as well. Let's not spoil it for you - give it a listen (and watch the video, it's good) YouTube Video: https://youtube.com/live/se5M5vq5bcI Guest Jim TillerLinkedIn: https://www.linkedin.com/in/jimtillersecurity/Connect with DtSR on LinkedIn:...

TL;DR: On this episode of post-Black Hat 2023, my buddy Will Gragido joins me to talk about what we saw, what we learned, and what shenanigans transpired. We're focused on marketing and booths - how do vendors differentiate, what do conferencegoers take away, and what makes your booth or offering unique? What about AI? Yeah, we talk about all of that. YouTube Video: https://youtube.com/live/cWwKA-2XsQU  Guest Will GragidoLinkedIn: https://www.linkedin.com/in/gragido/Connect with DtSR on...

TL;DR This week is Black Hat 2023, or "Hacker Summer Camp" if you prefer. That means that the hype machine will be working overtime, times 10, so here's an episode made to throw some cold water on the madness, and poke a little fun before things go entirely sideways. I hope you enjoy this show, and as always, I welcome your comments on LinkedIn! Guest Karim HijaziLinkedIn: https://www.linkedin.com/in/karimhijazi/Damian ProfancikLinkedIn: https://www.linkedin.com/in/damianprofancik/YouTube...

TL;DR: I crashed a party on Security Uncorked and the crew that was having the discussion was kind enough to indulge me and my "bombs" (questions, really) - so I decided to have JJ and Josh on DtSR, and James and I continued the debate and conversation. This was so much more fun than it should have been, but the result is something I think we can be happy with - a healthy debate, some conclusions reached, and a lot of "it depends". Take a listen and make up your own mind. Security Uncorked...

TL;DR: This week my old buddies Jason Clark and James Robinson join James and me to talk about "AI" and the realm of possibilities (and risks) that it is. We discuss Artificial Intelligence (AI) as a generational leap in technology - but also the risks it poses for corporations (and real-life, real people too). Listen to the pod in your ears, and watch the video - trust me, you'll laugh along. YouTube Livestream (replay): https://youtube.com/live/HyxhBVdTdB8 Guests Jason ClarkLinkedIn:...

TL;DR: This week's episode is a come-back episode from the appearance I did on Dan Kuykendall's "Dan on Dev" podcast a couple of days ago. We started such a fun conversation, we just couldn't let it end there. We go through some interesting (in my opinion) history of the AppSec space, Dan does a little "back in my day" stuff, and I get all "Get off my lawn". You'll enjoy the episode if for no other reason than the nostalgia...oh sweet nostalgia. Go subscribe to Dan's channel on YouTube, he's...

TL;DR You've got a slightly different episode this week - it's just James and I on the mic to talk through one of my favorite topics. But first! ... we have to talk about "Threads" and the social media "too much" that's happening. Then we talk about the Law of Diminishing Returns in cyber security -from budget to effort - "How much is good enough?" YouTube Link: https://youtube.com/live/eA6ugisBZb4 Connect with DtSR on LinkedIn:...

Tl;DR:     ** Happy Birthday America! ** This week the podcast is celebrating America's birthday by releasing an episode that is a conversation with one of my favorite Canadians. Mark Nunnikhoven is one of the foremost cloud and large scale security professionals, and if anyone in security understands how to explain some of the stresses and strains of security at massive scale it's Mark. We talk about what he's working on, and how we as an industry can start addressing security problems at...

TL;DR: On this week's episode we have an expert in leadership with experience in the Federal/Military sector as well as the civilian side. Bo talks about how culture can be changed, ways to approach your constituents, and which styles of information dissemination work best in organizations both large and small. If you're thinking about how to get your team more "security aware" and more bought in - this is an episode you must hear. Guest: Bo BirdwellLinkedIn:...

TL;DR: On this software security and regulation-focused episode of the podcast, the OG of AppSec (Jeff Williams) joins James & I to talk about the latest spate of regulations that require self-attested transparency about what companies are doing with respect to securing their software via supply chain and direct action. Jeff contends this is a good thing and it's hard to argue that transparency drives good - however - I'm always curious what this does to those who struggle to afford to do...

TL;DR: On this 555th episode, James Wickett joins James and me on an interesting discussion on AppSec, developer relationships, and why we just can't seem to make it work. Or maybe we're making it work but not giving ourselves credit? Listen in to this conversation and find out. This one will hook you in, as James, James, and I have a slightly depressing conversation that  I think ends in something to be hopeful about. YouTube video stream replay: https://youtube.com/live/UIXtZy61CKU...

TL;DR This week's episode goes down the AppSec rabbit hole with Francesco Cipollone (call him "Frank") as we discuss some of the ins and outs of the modern software security challenge.  We're all over the place on topics, but the message, in the end, is sane. YouTube video replay: https://youtube.com/live/tJ6pvV3f0uA   Guest: Francesco CipolloneLinkedIn: https://www.linkedin.com/in/fracipo/Connect with DtSR on LinkedIn:...