Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!

TL;DR: On this "live on the scene" episode from Zero Trust World 2025 sponsored by Threat Locker - I have the distinct pleasure to speak with Rich Latayan about his career leading big-company security programs as CISO and his current endeavor.

YouTube: <coming soon>

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=...

Send the hosts a message - try it now!

TL;DR: As per the usual, this year's RSA Conference 2025 wrap-up is with my friend Ray Canzanese, Jr. We sit in the beautiful sunshine atop the Moscone Center (gardens) and have an interesting, conversation about a number of interesting topics not the least of which is the puppies and baby goats at this year's event (well played, vendors, well played).

YouTube Video: https://youtu.be/L...

Send the hosts a message - try it now!

TL;DR: Sometimes LinkedIn gives us an opportunity to record something meaningful - and in this episode we find a conversation with Ross Hosman's perspective on how to address the strained relationship between buyer and seller, CISO and vendor - in a meaningful way that you'll hopefully benefit from.

Sales people, take notes. CISOs ... you too.

YouTube video: https://youtube.com/liv...

Send the hosts a message - try it now!

TL;DR: This episode is a follow-up on two episodes, building up to this conversation. On episode 629 Hed Kovetz introduced us to "Identity Security" (https://dtsr.buzzsprout.com/2153215/episodes/16174464-dtsr-episode-629-what-the-hell-is-identity-security) and then on episode 646 Ward Pyles started the conversation about how security tools really aren't set up to protect from the...

Send the hosts a message - try it now!

TL;DR: This week's guest is BugCrowd's founder Casey Ellis. Casey's a pioneer in the security space and has some tremendous insights on how he started his business and what the future holds. Casey explains why it's important to think like a criminal, and why the 'locksmith' version of a hacker (versus 'burglar') is so important to today's security pr...

Send the hosts a message - try it now!

TL;DR: This week we're joined by the one and only Mike Privette - to talk about the market forces pushing and pulling cyber security's momentum. Whether you're into startups a la VC funding, or looking to refurbish companies a la Private Equity - this conversation is an analysis of the market from someone who knows a thing or two about the whole game. Oh yeah, and Mike writes thi...

Send the hosts a message - try it now!

TL;DR: If you're deciding whether to listen to this episode - let me help you - YES. This episode is about the application of AI to one of the most difficult problems facing security teams - what and where is my most sensitive information? Face it, you have no idea - and maybe, just maybe, AI is part of the answer. Shiran Bareli joins Jim and Rafal to talk it over, and it's a doozy.

Yo...

Send the hosts a message - try it now!

TL;DR: This week Ward Pyles joins Jim Tiller and myself to talk about a relatively unremarkable topic - people-centric security. We've talked about it a bunch but it's not until this episode that something finally clicked in my brain. When Ward talks about the data that security needs - see if you can pick it up too.

Also - I'm trying some new bonus content - the "After Show&...

Send the hosts a message - try it now!

TL;DR: This week's episode is a sit-down in person at Zero Trust World 2025 (sponsored by ThreatLocker) with Ryan Benner. Ryan's the caretaker of "anything that powers up", as he puts it, which means this small organization's security is also his responsibility. So how do you do it with next to no staff, and on a small budget? And how do you even begin to "Zero Tru...

Send the hosts a message - try it now!

TL;DR: This week's episode shifts the focus from leadership in the enterprise, to leadership in the vendor space. Building security products that innovate, inspire, and meet market and customer demand is far from trivial. Meet two of the best in the business - Arash Marzban and Bryan Lares - and hear what makes the job exciting, and how they make it great.

YouTube video: https://youtub...

Send the hosts a message - try it now!

TL;DR: This week's podcast features the wisdom and wit of Merlin Namuth - currently serving as the CISO for the city & county of Denver. Merlin provides insights into how he views the first 90 days of a CISO's role with a new organization, frameworks and processes he goes through to get his bearings and start a successful residency.

YouTube Video: https://youtube.com/live/8y7bsKlBB...

Send the hosts a message - try it now!

TL;DR: This episode was recorded live from Zero Trust World 2025 in Orlando, FL sponsored by ThreatLocker. Chase Cunningham joins after finishing an epic keynote where he eviscerates security dogma and the repeated stupidity of the Cyber sector. Chase & Rafal discuss Zero Trust, implications, implementation, and value.

YouTube: 

Big thanks to ThreatLocker for hosting Zero Trust World 2025 - c...

Send the hosts a message - try it now!

TL;DR: On this episodes we welcome Kevin Fielder, CISO @ NatWest Boxed & Mettle, Advisor, investor, Coach, and speaker to talk about building guard rails and principles to minimize security's negative impact on business and technology while raising the bar for attackers.

YouTube Video: https://youtube.com/live/xYPdHkUW0TQ

Send the hosts a message - try it now!

TL;DR: This week is a real treat! Eva Georgieva - a seasoned cybersecurity automation engineer - joins me, James, and Jim to talk about automation in cyber. We talk about challenges, what to automate first, good versus bad automation, and even get a little practical.

YouTube: https://youtube.com/live/lA20Mgl3AxE

Send the hosts a message - try it now!

TL;DR: This week's episode features a long-time-coming discussion with Richard Bird discussing his book "Famous with 12 people", and the "influencer culture" in cybersecurity. It's an interesting discussion on how our industry works, and who makes it really turn.

YouTube: https://youtube.com/live/hk42GbjzDZQ?feature=share

Send the hosts a message - try it now!

TL;DR: This week's episode is all about a growing issue in CyberSecurity (and I'm sure it's there in other disciplines as well) - "specialization" or more to the point "over-specialization". Why is it a problem? Matt Shufeldt, a returning guest and friend of the pod, joins us to talk about it and suggests some ways we can avoid the giant iceberg we're car...

Send the hosts a message - try it now!

TL;DR: On this episode Amanda Berlin, Senior Product manager at Blumira, joins Jim and Rafal to talk about her career, the second edition of her book, and building products for SMBs that "don't suck". The unfortunate fact is that there aren't a lot of products designed for the unique challenges of companies that can't afford an army of security analysts, or consultants....

Send the hosts a message - try it now!

TL;DR: Kayla Williams, CISO of Devo, joins Rafal & James on this episode to talk about her career path, the importance of the "financial perspective" and the need for well-rounded security leaders who understand business first and foremost. A wonderful episode for leaders and those who want to be.

YouTube Video: https://youtube.com/live/axl8V-ayMjU

Send the hosts a message - try it now!

TL;DR: Oh boy. Welcome to 2025, and the first podcast of the year is off to a flyer. Robert "RSnake" Hansen & Patrick Dennis join Jim and I to talk about "trust" - and we touch on everything from AI to politics and everything in between.
What state is trust in, and why is it really bad? And ... now what?!

Required background reading:

• Patrick's origin...