Episodes
Prologue Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise known as "features", in the various platforms? On this show, we're interested in learning more about Timur's research and what he's uncovered. You'll want to do what I did, check your phone's NFC payments settings, once this show is over.
Published 01/18/22
Prologue We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds. Building resilient and secure clouds isn't just about security, it's about design and architecture that adheres to good practices. Microsoft's CAF is fantastic place to start - listen here to learn more. Guest Mark Simos LinkedIn: https://www.linkedin.com/in/marksimos/  Twitter: @marksimos
Published 01/11/22
Prologue This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. Taking us back to early wireless hacking where you had to have the right wireless PCMCIA card and drivers, to today where things are a little more complicated but oddly not too much has changed. Guest Eric Escobar LinkedIn: https://www.linkedin.com/in/eric-escobar/ 
Published 01/04/22
Prologue Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he tells us stories and anecdotes on things he's seen and the threats gadgets face. It's a very interesting discussion, and might just make you a little more paranoid before it's over. Guest Bentsi ben-Atar https://www.linkedin.com/in/bentsi-ben-atar-6b0128/ Check out Sepio - https://sepio.systems/ 
Published 12/28/21
Prologue Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn't yours? I'm guessing you've answered yes - and if so, you need to listen to this episode. As we travel and move around with our smart devices, we don't always have our charging cables & blocks with us, and that can lead to disaster. Hear more from Robert Rowley on how "juice jacking" can cause security problems we aren't even aware of. Guest Robert Rowley LinkedIn:...
Published 12/21/21
Prologue In a technically deeper episode, Ev joins Rafal to discuss how security has made productivity challenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev asks us to image an entirely new paradigm of productive access to necessary resources - so listen in and dream big with us. Guest: Ev Kontsevoy LinkedIn: https://www.linkedin.com/in/kontsevoy/  Teleport: https://www.linkedin.com/company/go-teleport/ 
Published 12/14/21
Prologue This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we really need more buzzwords? Mark Alba from Anomali joins me this week to discuss this, and I think it'll help sort things out for you, it sure did for me. I'm still not a big fan of new buzzwords, but at least I get it now. Guest Mark Alba LinkedIn:...
Published 12/07/21
Prologue Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great guest and Mike Kiser has some interesting opinions he's definitely not holding back on. Thanks for listening - we hope you enjoy this episode. And special thanks to SailPoint for bringing Mike to the mic. Guest Mike Kiser LinkedIn: https://www.linkedin.com/in/mike-kiser/ 
Published 12/02/21
Prologue Folks, the video of this episode which was live-streamed to our YouTube channel is here: https://youtu.be/IYVB_LNhURQ - and if you can, watch it. Huge mega-thanks to Microsoft and Lightstream for bringing together Jeff and Mark on this one to deliver some truly phenomenal content. This week is Azure Security Benchmark (not baseline, oops) version 3.0 hot off the presses. We talk about what it is, how to apply it, and where and why it's so useful for keeping not just your Azure...
Published 11/30/21
Prologue Fair warning y'all, this episode may have been just slightly more fun than the Surgeon General allows. That said, on this one we not only made up some new terms ("Threat Instructions", Anton) but also had some fun describing what a well-functioning system of highly automate-able threat data would look like. And as it turns out, it's CrowdSec's "Fire" data set. Fascinating conversation, and most fascinating of all is that as Philippe described how it functions, Anton could find...
Published 11/23/21
Prologue Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual! Straight from Enfuse Chuck Dodson joins Rafal & James to talk about digital evidence collection, management, and processing in the realm of law enforcement. A fascinating look at the law enforcement side of things, and a topic perspective most of us never have occasion to think about, unless you're in the fight. Guest Chuck Dodson https://www.linkedin.com/in/chuckdodson/  ...
Published 11/18/21
Prologue In this episode, we host a lady who only needs one name, like a movie or rock star. But "Jax" deals with topics we normal people don't have the stomach for, like CMMC and government security. In this episode, she joins us to talk about the current Executive Order on Cybersecurity ( Executive Order 14028, May 12, 2021 - https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity ) and the implications and impact it will, might, and could have....
Published 11/15/21
Prologue Let me start by saying how much I enjoy chatting with Rick Howard, today's podcast guest. Rick's been on before, and we always go long (especially on this one, sorry not sorry), but the content is well worth your time. On today's episode, we chat about "Zero Trust" and where technology meets concept, what's missing, and what's next. If you think you know all these is to know about Zero Trust, I promise you, you'll learn something new. Guest Rick Howard LinkedIn:...
Published 11/09/21
Prologue On Episode 471, as we rapidly hurl towards our 500th episode, we bring back Chris Romeo to talk about threat modeling. Specifically, we discuss threat modeling of software - with developers, methodologies, silos, incentives, and outcomes all in play for discussion. Chris has been doing this a while, and has some deep insights into what it takes to make things work - and he we welcome your feedback on how you do it. Guest Chris Romeo  LinkedIn:...
Published 11/02/21
Prologue On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to talk about leadership, and sports apparently. Thanks to the NJ Chapter of ISC2 ( https://www.linkedin.com/groups/4425593/ )for submitting questions and Ken for joining us to guest-host. On this episodes, we ask Ann to talk to us about leadership challenges, and what's in store for the future. Also, we briefly talk sports teams and discover Ann...
Published 10/26/21
Prologue This week on a ridiculously awesome episode of the DtSR Podcast the one and only Mr. Steve Perkins of Nubeva joins Rafal & James to talk about something worth shouting about. They've figured out how to beat ransomware... yes, there are a few 'catch' things, but the tech seems solid and the possibilities endless. Give this episode a listen, then scroll below to click the links, and give this a look for yourself! Guest Steve Perkins LinkedIn:...
Published 10/19/21
Prologue This week, we get to meet Sean Jackson. You may not know Sean, but his journey may feel familiar. He got here much like many of you, and his story of discovery and understanding of his role in the business as "the security guy" is something you should probably know. There are many paths into our profession, and there are many different ways to view what we do - Sean's is compelling as it is timeless. Give it a listen, and join me on his journey. Guest Sean Jackson LinkedIn:...
Published 10/12/21
Prologue This week, Kim Lewandowski joins Rafal & James to talk about Google's latest contribution to the Open Source software movement - Supply-chain Levels for Software Artifacts (SLSA). We have a great conversation, and I hope you guys go watch the video (when it comes out) and check out the axe in the background. I never did find the interesting logo Kim talks about- maybe one of you will find it and post it to #DtSR on Twitter! Guest Kim Lewandowski LinkedIn:...
Published 10/05/21
Prologue This week, fresh off his Twitter rant, Travis McPeak joins Rafal to talk about the goat rodeo that vulnerability management in the enterprise. Travis talks about the multitude of reasons vulnerability management is so difficult, and what we can be done about the whole mess. Great episode, lots of great discussion and big thanks to Travis for the contribution to the topic. This needs more discussion, folks! Guest Travis McPeak LinkedIn: https://www.linkedin.com/in/travismcpeak/ ...
Published 09/28/21
Prologue I have no excuses, and no ideas, how this show has made it so far without having the one and only JJ as a guest. She's been doing network security and architecture for a long time, in addition to being a force for good. Her focus on NAC (Network Access Control) shines through in this discussion too. Hilarity ensues. Guest Jennifer ("JJX") Minella LinkedIn: https://www.linkedin.com/in/jenniferminella/ Twitter: https://twitter.com/jjx
Published 09/21/21
Prologue This week our pal and previous guest Patrick Miller joins us to talk about the power grid, current state of the thing, and what he's working on in the power generation and distribution sector. It's a strange place where 8" floppy disks and DOS 2.2 still live. Yeah, go search those, you think there's a 0-day for DOS 2.2? Guest Patrick C. Miller LinkedIn: https://www.linkedin.com/in/millerpatrickc/ Twitter: https://twitter.com/PatrickCMiller/  
Published 09/14/21
Prologue This week our friend Ira Winkler joins Rafal & James to talk about the human element in cyber security. Ira, like us, absolutely loathes the phrase "stupid user" - so you'll want to hear what he's working on, and his comments on the space.
Published 09/07/21
Prologue With all the craziness going on in the world, from terrorism, to catastrophically botched withdraws from a 20 year war, to the incredible proliferation of ransomware, and "cyber privateering" making a comeback in the news - it's as good a time as any to discuss open source intelligence, collection, and analysis. Aki is a guy who would know a little bit of something about the topic, because anytime someone has to choose the way they describe their past "work" - you know their...
Published 08/31/21
Prologue Let me start off by saying that this episode isn't about politics. It's about facts, claims made, and election security facts and myths. I want to thank Rob Graham for getting on the show and sharing his experience on short notice, and providing insights from Mike Lindell's "Symposium". It's truly eye-opening, and hopefully a conversation that strikes at the core of what we need to hear right now. Guest Robert Graham Twitter - https://twitter.com/erratarob
Published 08/26/21
Prologue Thanks to Okta, for providing what is surely an entertaining (at least to record) and informative episode with some really cool guests. Bharat and John join James and Raf to talk about CIAM (a term Raf had to look up) and all things authentication history, past, and present. By the way, if you haven't registered, you should register for this very cool Okta Developer Day "Auth for All".   Guests John Pritchard LinkedIn: https://www.linkedin.com/in/jpritchard/  Bharat Bhat ...
Published 08/23/21