May 14, 2025 • 29 mins
Tune in today for another special episode as we bring on Telarus Solution Engineer, Trevor Burnside. Today's episode is titled: Straight from RSA: What Shocked Us, What Inspired Us? Trevor and Jason Stein, VP of Security at Telarus, were recently at RSA, the world's largest security conference in San Francisco. Trevor comes on to dissect what they heard, what it means, and why you care! There were lots of key moments and products, lots of AI embedding in, and as always, Trevor folks on how to take what they learned and apply it all as an advisor, both with strategy, key questions, and conversations.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to the podcast designed to fuel your success in selling
technology solutions. I'm your host, Josh Lopresto,
SVP of Sales Engineering at Telaris, and this is Next Level
Biztech. Hey everybody, welcome back.
We've got another special episode for you Today.
(00:20):
We are talking about RSA. And if you don't know what RSA
is, we're going to tell you. So we're going to talk today.
RSA and security, specifically RSA recap straight from RSA, who
Trevor and Jason Stein were justat what shocked us, what
inspired us. So Trevor Burnside, solution
engineer from Toleros back on with us.
Welcome on man. Hey, appreciate it.
(00:42):
Yeah, good to be back. So you got to see a lot of good
stuff. You've been a traveling man.
You were just out at RSA. Talk to us a little bit about
for the for the advisors that don't know what RSA is, where is
it, what is it and then we'll kind of jump into it.
Yeah, RSA, they sponsor one of the largest cybersecurity
(01:03):
conventions in the US so this iswhere, you know, all the vendors
in the space get together, you know, large Expo hall in San
Francisco, you know, hundreds ofvendors at this point.
It only gets bigger every year, is what they keep saying right.
The, the participation, the amount of attendees, the amount
of vendors there, it just gets bigger and bigger to a point
(01:26):
where it's, it's, it's multiple days, hours and hours on an Expo
hall floor. You're seeing the latest and
greatest as well as, you know, names that people have known in
the security space for a long time.
So it's a it's a cool thing to go to.
There's a couple of these like, you know, similar like a Black
Hat or you know, St. Conn, some of those right from
the cybersecurity meet up. This is more on that vendor side
(01:49):
though on that more commercialized space.
So really a a good space for us to go to and see what's on the
market today. And is that, I mean, we, we,
we've done a couple of these recaps recently and, and, and
previously Kobe and I, we just talked about Google next had
about 30,000 people and then we did AWS reinvent also in Vegas
really can't get enough of Vegasapparently.
(02:11):
And that was 100,000 plus, you know roughly what, how many did
they talk about how many people RSA is these days or what that's
gotten to I? I saw the last decimal was
around like 40,000 around there,you know, plus or minus, but a
significant amount of people going and San Francisco, I mean
big city, but just completely floods the, the, the city.
(02:32):
I mean, everywhere you walk around in that block, you know,
near the Marcy Pony Center, it'slike, you know, just just
everywhere, all the brands, everyone with tech, you know,
polo shirts on and everything. It's just a complete over
overtake of the city. It's kind of cool, but certainly
can be overwhelming. Lots of tech, lots of khakis.
Yeah. All that.
(02:54):
OK, so maybe kick us off with what your, your, your first
impressions, your first time going what, what stood out to
you the most and then maybe justjump into it.
Was there any initial kind of products and or or or vendors
that stood out to you the most? Yeah, I think it it, it wasn't
hard. I mean, going going to San
(03:14):
Francisco right now, I mean, anyone that would go there,
you'd see every billboard everywhere.
It has something about AI, you know, big brand service now, you
know, Salesforce, all these guyshave have giant billboards and
it's all about what they're doing with AI and how they're
implementing it. So I think the the messaging is
going out, you know, to on that side inside RSA and on the in
(03:36):
the vendors, it all of them had something to do with AI or
wanted to talk about it to the sense of this is what we've just
come out with and this is how we're implementing AIML into
that. I know it might sound like, you
know, we're beating a dead horsewith this, you know, in the
industry like that, You know what we're just talking about AI
every day. How do we, you know, it's, it's
(03:58):
a buzzword, you know, Agentic, first genet, you know,
generative LLM, all this kind ofstuff, right?
And some of it turns into kind of buzz phrases.
But really at this point it's, you got to understand it because
it's here, it exists, it's productized, it's ready to go.
So now relatively in its infancy, of course, you know,
(04:22):
but it's productized and able tobe purchased and implemented
today. That was the main thing that
stood out was, you know, you read Gartner reports and the the
2025 Gartner report or, or for this year predictions for this
year is all about AI. And really, you look at the
market and you see how it's the market's following suit.
(04:46):
What about is is? You think about that, right?
That's your initial reactions. What are you seeing from a their
product or vendor that was therethat maybe surprised you in a
way that you weren't you weren'texpecting?
Yeah, there is. I mean, there's a lot of
product, a lot of vendors that Ihad never heard of or, or, and
we met a lot of the, you know, the crowd Strike Sentinel one,
(05:07):
these guys have giant booths, right?
And, and, and certainly they're,they're full boring adoption of
these kinds of, you know, bleeding edge technology.
I actually enjoyed mostly like the some of the smaller booth,
smaller vendors on the outskirts, right, that you can
have a kind of a different conversation with and doing,
doing things I haven't heard of before in the MDR space and sock
(05:30):
space. You know, a lot of that's pretty
well understood, but there's a lot of vendors out there that
are emerging, you know, are emerging in security.
They have some really cool offerings, stuff that stuck out
to me, specifically SoC or agentic AI in SoC teams,
augmenting SoC teams, you know, a traditional security analyst,
(05:54):
you know, look at their alerts logs, that kind of stuff.
A lot of different ways you can actually use AI in that
scenario, whether that's built into the platforms you're using
currently on the SIM, MDR, otherwise or agentic AI overlays
that it doesn't matter what platform you're using on the
software side, you can actually have these agentic AI trained
(06:17):
SoC analyst to do decision making, level 1, level 2
remediation and really take someof that kind of lower, you know,
stuff that's pretty easy from like a security analyst.
Take that off their plate, let them do the harder stuff and get
more out of your, you know, fulltime employees and have SoC
(06:38):
being augmented with AI. Think that's, you know, there's
a lot of different offerings around that right now.
OK, so, so let's back up for a second.
I think it's as a good time to kind of frame up how we got to
where we're at, right? We're we're talking a lot about
over the last couple months, if you've been to, we were just at
the AI Summit in Salt Lake and we've had others recently.
(06:59):
Let's just back up a little bit.Let's stay specific around the
journey of of security and products in security, right?
So many years back, we think about one of the first things
that we saw in security. Of course, you know, firewalls
for a business, things like that, your Cisco's, your Palos
and, and those are those are great, right?
Those are great to, you know, let people know that we've got
(07:21):
an alarm on the door. Don't break in, You know, all of
those things, those examples. Well, and then at the endpoints
we had, you know, the old, back in the old days, it was Norton
and McAfee that would hog down your computer.
And I think the frame was, thosewere really built on signature
basis. We, we knew the viruses that
exist, we knew the bad things that existed.
(07:42):
And we said pattern matching. If those patterns come up and
those viruses come up, block them and keep me safe.
Great. And then it seems like the bad
guys wised up a few steps and all of a sudden, you know,
adware came out, spyware came out, people were writing
patterns on viruses that nobody had ever seen before.
So you had these things, what, 0days, right, where this just
(08:04):
came out. There's no fix for this.
Microsoft comes out with patch Tuesday.
You know, all these things sort of started to happen and mature.
And so then it seems like if we just look at maybe the last
couple years, we talk about endpoints for just a second,
there was this idea of MDR, right?
Endpoint detection, EDR, endpoint detection, response,
(08:25):
manage detection and response. And then, of course, the other
acronym, right, XDR is born. So it's really this much more
wider swath and now you're talking about when we think of
the sock and the SIM, that log correlation engine that, that
everything feeds into traditional thought.
What on on sock, you got a, you got a group of eyes on glass and
(08:47):
they look for bad things. Then they look for alerts,
right? Like that's your, your, your,
your normal sock. So now laying that stage where,
you know, I, I guess maybe it seems like the next step was,
well, security's sitting here saying, well, we've had machine
learning kind of looking at, youknow, getting better pattern
matches over time. Where does, where does AI take
(09:10):
this or better yet, frame up a little bit of agentic AI?
Like what did you see in that context of evolutionary wise?
Where are we and where does thattake it next?
Yeah. Well, I think you look take a
look at some of those, you know,traditional maybe security sock
teams or you're talking about you know what you got a SIM.
(09:31):
You're you're doing all this logingestion from all these
sources. It goes into a single platform
where I can do make some correlation do telemetry across
across my platforms. Some of the problems or pain
points with that is all right, this is great.
I can dump all my logs into one spot, but now I've got tons and
tons and tons of logs. I'm getting all these alerts
(09:52):
because of it. So now with security analysts,
you know, burnouts being at a high rate because you know, if
you get, you know, 3000 alerts is the same as zero alerts,
right? Because you know, you, which one
do you look at, right? None of them.
Now from a SIM perspective, there's ways to, to do the
telemetry to kind of reduce those false positives, but
there's still a lot of false positives and there's still a
(10:13):
lot of alerts that need to be addressed.
But are are are pretty small, right, or or low criticality.
So do you need more people? Do you need more people to start
doing this? Because you're adding more logs,
you know, as as environments getbigger, you're adding more
things, more alerts, more sys logs that when it gets into
that. To your question about agentic,
(10:36):
AII mean the difference. A lot of people are more
familiar with that generative AI, you know, ChatGPT, clod,
those type of things. Agentic is kind of that new
buzzword that everyone's using where it's agents that can work
on your behalf. So they actually make decisions
based on that machine learning and, and, and algorithm, things
(10:57):
like that based on pattern recognition and, and data really
right data-driven reasoning where they can actually do
things on your behalf and interact with the environment.
So it's not just generate some text, do some stuff they
actually go through and depending on the hooks you have,
they can interact with the environment on your behalf.
That's that agentic over that comes into.
(11:18):
So having that used in a SoC team changes things because now
as a security analyst, if I haveno, I've got a bunch of false
positives. I can actually offload some of
that response to a gentic AI that can recognize patterns, has
that data reasoning of OK, out of the, you know, in this
scenario, this is 99.999% false positive, right?
(11:41):
I can let something else do thatreasoning and handle it and do
the remediation based on my playbooks or runbooks that I
want it to do. And I can focus on criticality
or higher criticality and takingcare of things that that maybe I
don't trust an AI to handle. I still want to have my hands on
that, but I can reduce my false positives, reduce my Tier 1
remediation and then that goes 24/7.
(12:04):
I don't have to worry about, youknow, it's working on the
weekends when I may not be. That's fair.
It seems like the bad guys really don't work very much
between 8:00 and 5:00. Seems like they've almost
figured out that that's when most people are there paying
attention to things. Are are are you seeing?
I mean, we, we we talked about this a little bit at the AI
Summit in Salt Lake last week and we got to see some live
(12:27):
demos of real time attacks, realtime rollbacks, AIML platforms
from our providers, mitigating that threat, rolling it back,
blocking it. And it seems like this agentic
piece is just such a next natural step as people are
being, you know, driven for efficiencies in the sock,
(12:48):
efficiencies in the business, things like that.
It it seems like that's AI want to shift a little bit to, OK,
how does the TA have some of this conversation?
If you're ATA, you see some of these iterations that are coming
and maybe you want to approach the customers and talk a little
bit further about making the sock better leveraging, you
(13:09):
know, this like a lower cost SIMor cut saving there.
How would you frame it up for the TA to be ready to have some
of these conversations when as we have this kind of ejectic AI
and AI in the sock making the sock better?
Yeah, No, that's a great question.
I was actually at RSAI thought about this of like, if I'm ATA,
how do I sell some of these things?
(13:30):
What, what kind of conversationswould I have with clients And
you know, thinking about clientsthat I've worked with in the
past depending on security and their maturity and their
posture, right? There's a, there's certainly a
market of, hey, we've got, we'vegot 3 analysts on staff.
We've got 2 analysts on staff. We have one guy, right, who who
does all of our alerts. Well, the next step, you know,
(13:52):
historically has been you need asock, you need to talk as a
service. Here's the price point.
Look at the telemetry. We're going to charge you for,
you know, depending on on the offering, right, log ingestion
rates, things like that. And you're just looking at the
cost and like, well, you know, maybe they don't have the budget
for it. Maybe they can't get that
budget. If they've got people on staff
(14:12):
that do security, we don't want to replace them because we want
to keep people, you know, it's always in their best interest to
have someone on the on staff that that no security and, and
has their best interest at at heart.
But can we get more out of theirefforts?
And, and if it's two, if it's three people, they're certainly
not able to do run a 24/7 stock.They're not looking at all the
(14:35):
alerts. They may not have the
capabilities to do full remediation or they're just
weighed down with, you know, level 1 stuff and they're not
getting or not seeing a lot of that those higher critical
alerts that they should be working on.
So in that case that I think there's certainly a market of,
hey, we, we have a practice. We don't have the resources to
(14:55):
have a full operating 24/7 stock.
We may not have the budget to move that way.
I think Agentic AI makes a lot of sense to plug into those
scenarios of, OK, you've alreadyhave your own runbooks, you
already have a, a pretty good process built out.
Augment your current efforts with agents, with AI agents and
(15:16):
see what that does from an ROI perspective.
You get more out of your, your, you know, full time employees,
They're not as burnt out and youdon't have to potentially move
to that full sock as a service and, and feel like, you know, if
I'm a security employee, maybe my job is getting replaced,
right? For are we outsourcing to a full
MSSP? You know there could be friction
there that it doesn't have to exist with this.
(15:37):
So if you think about, I guess, OK, while, while we're on this
track of the TA and the customerconversation, 2, two thoughts
here, maybe lots of tools. There's a flood of tools and,
and, and now we're introducing different ones that create a
different level of efficiency, right?
So it's necessary, but how do we, how, how do we have the
(15:58):
advisors help the customers prioritize what, what matters
the most, right? You're in a lot of these
discovery calls. You get to see this first hand.
How do we do that? Yeah, I mean that even at RSA
going there with and just being flooded with so many products
and tools, right, it, it's overwhelming in the sense of
(16:19):
like if I was a customer going into that type of scenario and
then like, OK, where do I, wheredo I start, right.
I think it goes back to the basics as far as risk
management, you know, just basicrisk management of OK, what are
my where do my most valuable assets?
What are they worth to me and what am I spending to protect
them? And then also understanding that
the business impact if they're compromised, that's going to
(16:41):
give you where you should start in the sense of, OK, you know,
what is my budget? And then what do I need to focus
on, on, on protecting it and adding value back to the
organization as far as, you know, integrity of data,
availability of that data, right?
What? And there's a lot of tools now
to do that. I think, you know, traditional
(17:03):
agents or, or trusted advisors have a, a certainly a spot
there. There's so much out there to
understand, even when you're trying to understand it, it,
it's it, you know, there, it's apretty, pretty high task to
understand everything. I think that's why we have MSS
PS in our portfolio that really understand that, that we can
(17:25):
leverage to to be experts when it comes to tooling and they can
make those recommendations on which tools to go to, especially
MSS PS that are platform agnostic.
Then we have certainly a few in our portfolio that that can do
that and and help guide customers.
But trusted advisors are not going anywhere when it comes to
security. There's there's a lot out there
(17:46):
and customers need help understanding it.
So I'm going to I'm going to shift here, I'm going to shift
in just a second to the scary things that are that you saw
some of the things that we know about the bad guys that are
doing. But maybe one one final thought
on on Tasmania and conversationsand and how how are in those
when the customers, these SMB kind of mid market customers,
(18:10):
what is it? What is it good enough?
I I know we want to do the best of the best.
I know we want to give everybodytop shelf Cadillac and all that
stuff. If Cadillac still top shelf, I
don't know. Everybody's car choices are
different, but what's a good enough strategy from an AI, you
know, working towards that? Or what are the pieces that
people should be thinking about so we can have those
(18:31):
conversations more? Yeah, that's a hard question in
the sense of because I think starting somewhere right now is
really what is what's important.And what I've been telling
clients is coming up with a strategy, you know,
understanding maybe they don't know exactly where AI is going
to help from an efficient PC perspective, but they can
(18:53):
understand how much are we spending or where are we
spending most of our money in the organization that's not
getting as much a return on investment as potentially it
could. And then maybe starting there,
that could be security that could be otherwise, right.
With the secure or with the AI conversation, though, I would
say the wait and see approach isnot the way to go.
(19:17):
Starting something and having a strategy around it, whether
that's, hey, we want to we want to use AI in our organization.
How do we protect it? How do we make sure that the
data governance is, is acceptable that it, it only has
access to the data we want it to?
Or how do we use AI in our security posture, you know, so
that we can use it to defend against, you know, next
(19:40):
generation threats that are, that are out there right now.
But doing nothing and waiting tosee what's going to happen is,
is the wrong move. Because you look at, you know,
the, the threat actors especially are not waiting.
They're not waiting and see they're they're using like tools
like a ChatGPT to create malwareto find vulnerabilities.
(20:02):
And as we know at this point, using generative AI makes us
faster, makes us more agile, makes us quicker to, to get, you
know, our tasks done. It's the same thing with bad
guys. They're using the same tools in
similar ways. And if we if we don't, we're
going to be behind the 8 ball. So let's think about that.
There's two stats that I love totalk about in this.
(20:24):
The stat #1 is that we ran the tech trends from last year,
right? New one, new one coming here
later this year. But the tech trends report says,
and this was from the IT decision makers that we
surveyed, it was that 92% of customers want to hear from an
advisor, right? That number is up from recent
years. And so that proves this channel
(20:47):
really does thrive in complexity.
And so hey, they need, they needmore help more than ever.
Then B1 in three enterprises said that they need help and
they need an advisor. So to your point, never been a
better time to be an advisor and, and having these
conversations, they really thrive in those complexities.
And then the final thought that that I think is helpful is, you
(21:10):
know, 15% according if it's likea GEICO commercial, 15% or less,
15% under that have any sort of AI governance plan in place
right now. So your customers, again, it's
so new, it's so early. They, we need to do it and we
need to be ready. We can't wait and see for the
next scary thing. But we, you know, the, the, it
(21:31):
just proves it's right for the conversation.
I think validates all the data validates.
Yeah. And we've had a lot of
conversations this year around data governance, AI governance,
you know, whatever you want to call it.
It really starts with that basics of are we doing data
labeling, data classification, what's our hygiene when it looks
like or when it comes to that kind of stuff, right?
Foundational aspects of of, you know, a security practice that
(21:56):
may have been not at the forefront of a lot of people's
security posture this year, where we've seen more
opportunity around that of just,hey, let's get our eight our
data ready. Let's make sure it's it's clean.
Let's make sure that it's that we understand where our data
lives, where we're accessing it.And if you think that, you know,
(22:16):
that those are still conversations that are, are far
out, you know, and, and aren't really occurring every single
week where we have opportunitiesaround this.
So just asking clients, hey, areyou labeling your data?
Are you classifying your data? And if they're not, it's well,
you know, that's Part 1 of an AIstrategy on securing AI.
(22:39):
So a lot of stuff we can do there and and you know, happy to
have those conversations. So let's shift it to, you know,
the AI fight, I guess a little bit.
So, you know, for, for anybody that hasn't listened, you know,
you've been on the podcast before.
We talked about some really coolstuff with your prior military
background. You you, you've seen some
things, you've been through sometrainings that most people on
(23:02):
this audience will not ever get to experience or see.
And so I want to think about, you know, you've got a glimpse
into what the bad guys are doingright.
And so if we pivot that to from a cyber perspective, what are
you, what are you seeing out there or hearing out there in
RSA or broader of what the bad guys are doing and how they're
(23:22):
using AI and how they're trying to stay of, of leveraging that
is a tool to their benefit? Yeah, I mean, I, I've said this
before and just generally, you know, with when it comes to
generative AI or otherwise that,you know, AI can make, you know,
someone bad, pretty good and make someone good, really great,
right. And the bad guys are certainly
taking advantage of that. As an example, I, I actually
(23:45):
built a website. I'm not a software developer.
I didn't, you know, I didn't learn code for years and years
as a kind of project experiment thing.
I actually with ChatGPT and someother generative LLMS, I built a
web page that actually was working well in JavaScript and
did a lot of the stuff I wanted to do.
(24:06):
I learned some code. So I knew what I was kind of
doing. But I, I, if I took that away, I
would not be able to have done what I did.
That same thing can occur with malware, with finding
vulnerabilities, exploits, delivering exploits, payloads,
all of that. If I know some of the basics of
that kind of stuff, I can use AIto augment my efforts to make me
(24:27):
much, much better than I then I relatively should be, right?
We got to do the same thing on cybersecurity.
I actually think, you know, coming into the practice, if
you're a new security analyst, AI can make you better, make you
quicker, faster, be able to respond to threats and punch
above your, your, you know, yourknowledge space because of that
(24:49):
thing, because of AI. So we got to be doing the exact
same things that the bad guys are doing.
Well, and we saw that early on too.
And this is still, I mean, even a thing, right?
It's the DDoS for hireright blowup a, you know, blow up traffic
to a website, blow up traffic toto some infrastructure.
And, you know, that takes down DNS, that takes down all these
(25:10):
things. I mean, all those are still out
there from a dark web perspective.
Now it's just even worse. And it's just even more powerful
because you've got the power of hyperscaler compute, you've got
the power of AI. And it's like the, it's like the
what? I hate The Cheesecake Factory
menu, right? There's just so many choices in
that. Now there's even more, it feels
(25:32):
like, and even more powerful ones.
Yep. I guess maybe, maybe let's wrap
it up here. Final thoughts.
What are the discovery questions?
What are your favorite thoughts?Scariest thing you saw, you
know, while you're at RSA wildest product you saw things
(25:54):
that you're most, you know, excited to kind of see coming
forward and just, you know, mixed in here.
Let's let's get a few of your favorite kind of questions to
help uncover those needs for TAS.
Yeah, I saw a a specific product.
Well, I'll answer it really specifically.
There's a product that it detects AI in the sense of when
(26:15):
you're on a false web page. And I saw some of the stuff that
they did and I saw some false web pages that were 100%
identical to real web pages. So you can, you know, people
spoofing web pages or otherwise,you know, really, you know, from
a generic level of, you know, you click a link, you think
you're on Facebook and you're not on Facebook, but it looks
exactly like it, like exactly you.
(26:40):
I mean, you look at what AI can do with, you know, photography
and, and generating images and all that stuff.
And you're like, I, I, I can't tell if it's a real image or
not. Some, you know, depending on
the, the engine, the same thing with web pages and the guy, you
could think you're on the right page and it could be completely
malicious. And we actually, there's tools
out there AI detecting AI that are doing this because humans
(27:02):
can't. Now you look at it and you're
like, I, there would be no way that I would know that I was on
a spoofed web page because they can hide A lot.
They can mask the domains. A lot of that kind of stuff is,
is just getting so good. So that was a scary thing of of
I think at some point we're going to be questioning our
reality on on, you know, the Internet of what are we
actually, am I on the right place?
(27:23):
Am I, you know, am I where I think I am right.
And we may need AI to to start detecting it.
And, and, and yeah, I mean, someof these early demos already of,
you know, obviously the AI voicecloning, the biometrics and the
things that that impacts and, and, and already seeing some of
these proof of concepts of the tools that are out there for
(27:45):
this AI video clone, this AI avatar clone sitting in on your
Zoom session, right? So we used to just laugh and
say, well, of course, like the finance person just needs to
know that I wouldn't send that. Well, now not only can I
validate that I am me, I can geton video and it looks like me.
I think to your point, it's it'll, you know, it, it, it
needs to keep everybody in a question everything constantly
(28:09):
mindset, right? And these tools, I think we have
to leverage the tools to be ableto help us because even even in
a question everything, when you question everything, we just we
can't make it a questioning process.
We have to use technology to help knock down some of that.
Yeah, 100%. Good stuff.
All right, man, love the download.
(28:31):
Love that you got to go see a lot of this stuff.
I know it's all fresh. It's all lots of crazy things
that you learned. Look forward to continuing to
hear more from that. But appreciate you coming on,
man. Thanks for thanks for all the
share. Yeah.
Thanks so much for the time. Great talking with you.
All right, everybody, as always,don't forget every Wednesday
these episodes drop. Whether you're listening to
(28:51):
Apple, Spotify, all of the above, make sure that you get
that so that you can help your customers and and have some of
these conversations and we're here to help.
So until next time, I'm your host, Josh Lopresto, SVP of
sales engineering, Delaris, Trevor Burnside, solution
engineer. This has been RSA recap.
What shocked us, what inspired us.
Until next time. Next Level Business has been a
(29:13):
production of Tulare Studio 19. Please visit telaris.com For
more information.
Welcome to the podcast designed to fuel your success in selling
technology solutions. I'm your host, Josh Lopresto,
SVP of Sales Engineering at Telaris, and this is Next Level
Biztech. Hey everybody, welcome back.
We've got another special episode for you Today.
(00:20):
We are talking about RSA. And if you don't know what RSA
is, we're going to tell you. So we're going to talk today.
RSA and security, specifically RSA recap straight from RSA, who
Trevor and Jason Stein were justat what shocked us, what
inspired us. So Trevor Burnside, solution
engineer from Toleros back on with us.
Welcome on man. Hey, appreciate it.
(00:42):
Yeah, good to be back. So you got to see a lot of good
stuff. You've been a traveling man.
You were just out at RSA. Talk to us a little bit about
for the for the advisors that don't know what RSA is, where is
it, what is it and then we'll kind of jump into it.
Yeah, RSA, they sponsor one of the largest cybersecurity
(01:03):
conventions in the US so this iswhere, you know, all the vendors
in the space get together, you know, large Expo hall in San
Francisco, you know, hundreds ofvendors at this point.
It only gets bigger every year, is what they keep saying right.
The, the participation, the amount of attendees, the amount
of vendors there, it just gets bigger and bigger to a point
(01:26):
where it's, it's, it's multiple days, hours and hours on an Expo
hall floor. You're seeing the latest and
greatest as well as, you know, names that people have known in
the security space for a long time.
So it's a it's a cool thing to go to.
There's a couple of these like, you know, similar like a Black
Hat or you know, St. Conn, some of those right from
the cybersecurity meet up. This is more on that vendor side
(01:49):
though on that more commercialized space.
So really a a good space for us to go to and see what's on the
market today. And is that, I mean, we, we,
we've done a couple of these recaps recently and, and, and
previously Kobe and I, we just talked about Google next had
about 30,000 people and then we did AWS reinvent also in Vegas
really can't get enough of Vegasapparently.
(02:11):
And that was 100,000 plus, you know roughly what, how many did
they talk about how many people RSA is these days or what that's
gotten to I? I saw the last decimal was
around like 40,000 around there,you know, plus or minus, but a
significant amount of people going and San Francisco, I mean
big city, but just completely floods the, the, the city.
(02:32):
I mean, everywhere you walk around in that block, you know,
near the Marcy Pony Center, it'slike, you know, just just
everywhere, all the brands, everyone with tech, you know,
polo shirts on and everything. It's just a complete over
overtake of the city. It's kind of cool, but certainly
can be overwhelming. Lots of tech, lots of khakis.
Yeah. All that.
(02:54):
OK, so maybe kick us off with what your, your, your first
impressions, your first time going what, what stood out to
you the most and then maybe justjump into it.
Was there any initial kind of products and or or or vendors
that stood out to you the most? Yeah, I think it it, it wasn't
hard. I mean, going going to San
(03:14):
Francisco right now, I mean, anyone that would go there,
you'd see every billboard everywhere.
It has something about AI, you know, big brand service now, you
know, Salesforce, all these guyshave have giant billboards and
it's all about what they're doing with AI and how they're
implementing it. So I think the the messaging is
going out, you know, to on that side inside RSA and on the in
(03:36):
the vendors, it all of them had something to do with AI or
wanted to talk about it to the sense of this is what we've just
come out with and this is how we're implementing AIML into
that. I know it might sound like, you
know, we're beating a dead horsewith this, you know, in the
industry like that, You know what we're just talking about AI
every day. How do we, you know, it's, it's
(03:58):
a buzzword, you know, Agentic, first genet, you know,
generative LLM, all this kind ofstuff, right?
And some of it turns into kind of buzz phrases.
But really at this point it's, you got to understand it because
it's here, it exists, it's productized, it's ready to go.
So now relatively in its infancy, of course, you know,
(04:22):
but it's productized and able tobe purchased and implemented
today. That was the main thing that
stood out was, you know, you read Gartner reports and the the
2025 Gartner report or, or for this year predictions for this
year is all about AI. And really, you look at the
market and you see how it's the market's following suit.
(04:46):
What about is is? You think about that, right?
That's your initial reactions. What are you seeing from a their
product or vendor that was therethat maybe surprised you in a
way that you weren't you weren'texpecting?
Yeah, there is. I mean, there's a lot of
product, a lot of vendors that Ihad never heard of or, or, and
we met a lot of the, you know, the crowd Strike Sentinel one,
(05:07):
these guys have giant booths, right?
And, and, and certainly they're,they're full boring adoption of
these kinds of, you know, bleeding edge technology.
I actually enjoyed mostly like the some of the smaller booth,
smaller vendors on the outskirts, right, that you can
have a kind of a different conversation with and doing,
doing things I haven't heard of before in the MDR space and sock
(05:30):
space. You know, a lot of that's pretty
well understood, but there's a lot of vendors out there that
are emerging, you know, are emerging in security.
They have some really cool offerings, stuff that stuck out
to me, specifically SoC or agentic AI in SoC teams,
augmenting SoC teams, you know, a traditional security analyst,
(05:54):
you know, look at their alerts logs, that kind of stuff.
A lot of different ways you can actually use AI in that
scenario, whether that's built into the platforms you're using
currently on the SIM, MDR, otherwise or agentic AI overlays
that it doesn't matter what platform you're using on the
software side, you can actually have these agentic AI trained
(06:17):
SoC analyst to do decision making, level 1, level 2
remediation and really take someof that kind of lower, you know,
stuff that's pretty easy from like a security analyst.
Take that off their plate, let them do the harder stuff and get
more out of your, you know, fulltime employees and have SoC
(06:38):
being augmented with AI. Think that's, you know, there's
a lot of different offerings around that right now.
OK, so, so let's back up for a second.
I think it's as a good time to kind of frame up how we got to
where we're at, right? We're we're talking a lot about
over the last couple months, if you've been to, we were just at
the AI Summit in Salt Lake and we've had others recently.
(06:59):
Let's just back up a little bit.Let's stay specific around the
journey of of security and products in security, right?
So many years back, we think about one of the first things
that we saw in security. Of course, you know, firewalls
for a business, things like that, your Cisco's, your Palos
and, and those are those are great, right?
Those are great to, you know, let people know that we've got
(07:21):
an alarm on the door. Don't break in, You know, all of
those things, those examples. Well, and then at the endpoints
we had, you know, the old, back in the old days, it was Norton
and McAfee that would hog down your computer.
And I think the frame was, thosewere really built on signature
basis. We, we knew the viruses that
exist, we knew the bad things that existed.
(07:42):
And we said pattern matching. If those patterns come up and
those viruses come up, block them and keep me safe.
Great. And then it seems like the bad
guys wised up a few steps and all of a sudden, you know,
adware came out, spyware came out, people were writing
patterns on viruses that nobody had ever seen before.
So you had these things, what, 0days, right, where this just
(08:04):
came out. There's no fix for this.
Microsoft comes out with patch Tuesday.
You know, all these things sort of started to happen and mature.
And so then it seems like if we just look at maybe the last
couple years, we talk about endpoints for just a second,
there was this idea of MDR, right?
Endpoint detection, EDR, endpoint detection, response,
(08:25):
manage detection and response. And then, of course, the other
acronym, right, XDR is born. So it's really this much more
wider swath and now you're talking about when we think of
the sock and the SIM, that log correlation engine that, that
everything feeds into traditional thought.
What on on sock, you got a, you got a group of eyes on glass and
(08:47):
they look for bad things. Then they look for alerts,
right? Like that's your, your, your,
your normal sock. So now laying that stage where,
you know, I, I guess maybe it seems like the next step was,
well, security's sitting here saying, well, we've had machine
learning kind of looking at, youknow, getting better pattern
matches over time. Where does, where does AI take
(09:10):
this or better yet, frame up a little bit of agentic AI?
Like what did you see in that context of evolutionary wise?
Where are we and where does thattake it next?
Yeah. Well, I think you look take a
look at some of those, you know,traditional maybe security sock
teams or you're talking about you know what you got a SIM.
(09:31):
You're you're doing all this logingestion from all these
sources. It goes into a single platform
where I can do make some correlation do telemetry across
across my platforms. Some of the problems or pain
points with that is all right, this is great.
I can dump all my logs into one spot, but now I've got tons and
tons and tons of logs. I'm getting all these alerts
(09:52):
because of it. So now with security analysts,
you know, burnouts being at a high rate because you know, if
you get, you know, 3000 alerts is the same as zero alerts,
right? Because you know, you, which one
do you look at, right? None of them.
Now from a SIM perspective, there's ways to, to do the
telemetry to kind of reduce those false positives, but
there's still a lot of false positives and there's still a
(10:13):
lot of alerts that need to be addressed.
But are are are pretty small, right, or or low criticality.
So do you need more people? Do you need more people to start
doing this? Because you're adding more logs,
you know, as as environments getbigger, you're adding more
things, more alerts, more sys logs that when it gets into
that. To your question about agentic,
(10:36):
AII mean the difference. A lot of people are more
familiar with that generative AI, you know, ChatGPT, clod,
those type of things. Agentic is kind of that new
buzzword that everyone's using where it's agents that can work
on your behalf. So they actually make decisions
based on that machine learning and, and, and algorithm, things
(10:57):
like that based on pattern recognition and, and data really
right data-driven reasoning where they can actually do
things on your behalf and interact with the environment.
So it's not just generate some text, do some stuff they
actually go through and depending on the hooks you have,
they can interact with the environment on your behalf.
That's that agentic over that comes into.
(11:18):
So having that used in a SoC team changes things because now
as a security analyst, if I haveno, I've got a bunch of false
positives. I can actually offload some of
that response to a gentic AI that can recognize patterns, has
that data reasoning of OK, out of the, you know, in this
scenario, this is 99.999% false positive, right?
(11:41):
I can let something else do thatreasoning and handle it and do
the remediation based on my playbooks or runbooks that I
want it to do. And I can focus on criticality
or higher criticality and takingcare of things that that maybe I
don't trust an AI to handle. I still want to have my hands on
that, but I can reduce my false positives, reduce my Tier 1
remediation and then that goes 24/7.
(12:04):
I don't have to worry about, youknow, it's working on the
weekends when I may not be. That's fair.
It seems like the bad guys really don't work very much
between 8:00 and 5:00. Seems like they've almost
figured out that that's when most people are there paying
attention to things. Are are are you seeing?
I mean, we, we we talked about this a little bit at the AI
Summit in Salt Lake last week and we got to see some live
(12:27):
demos of real time attacks, realtime rollbacks, AIML platforms
from our providers, mitigating that threat, rolling it back,
blocking it. And it seems like this agentic
piece is just such a next natural step as people are
being, you know, driven for efficiencies in the sock,
(12:48):
efficiencies in the business, things like that.
It it seems like that's AI want to shift a little bit to, OK,
how does the TA have some of this conversation?
If you're ATA, you see some of these iterations that are coming
and maybe you want to approach the customers and talk a little
bit further about making the sock better leveraging, you
(13:09):
know, this like a lower cost SIMor cut saving there.
How would you frame it up for the TA to be ready to have some
of these conversations when as we have this kind of ejectic AI
and AI in the sock making the sock better?
Yeah, No, that's a great question.
I was actually at RSAI thought about this of like, if I'm ATA,
how do I sell some of these things?
(13:30):
What, what kind of conversationswould I have with clients And
you know, thinking about clientsthat I've worked with in the
past depending on security and their maturity and their
posture, right? There's a, there's certainly a
market of, hey, we've got, we'vegot 3 analysts on staff.
We've got 2 analysts on staff. We have one guy, right, who who
does all of our alerts. Well, the next step, you know,
(13:52):
historically has been you need asock, you need to talk as a
service. Here's the price point.
Look at the telemetry. We're going to charge you for,
you know, depending on on the offering, right, log ingestion
rates, things like that. And you're just looking at the
cost and like, well, you know, maybe they don't have the budget
for it. Maybe they can't get that
budget. If they've got people on staff
(14:12):
that do security, we don't want to replace them because we want
to keep people, you know, it's always in their best interest to
have someone on the on staff that that no security and, and
has their best interest at at heart.
But can we get more out of theirefforts?
And, and if it's two, if it's three people, they're certainly
not able to do run a 24/7 stock.They're not looking at all the
(14:35):
alerts. They may not have the
capabilities to do full remediation or they're just
weighed down with, you know, level 1 stuff and they're not
getting or not seeing a lot of that those higher critical
alerts that they should be working on.
So in that case that I think there's certainly a market of,
hey, we, we have a practice. We don't have the resources to
(14:55):
have a full operating 24/7 stock.
We may not have the budget to move that way.
I think Agentic AI makes a lot of sense to plug into those
scenarios of, OK, you've alreadyhave your own runbooks, you
already have a, a pretty good process built out.
Augment your current efforts with agents, with AI agents and
(15:16):
see what that does from an ROI perspective.
You get more out of your, your, you know, full time employees,
They're not as burnt out and youdon't have to potentially move
to that full sock as a service and, and feel like, you know, if
I'm a security employee, maybe my job is getting replaced,
right? For are we outsourcing to a full
MSSP? You know there could be friction
there that it doesn't have to exist with this.
(15:37):
So if you think about, I guess, OK, while, while we're on this
track of the TA and the customerconversation, 2, two thoughts
here, maybe lots of tools. There's a flood of tools and,
and, and now we're introducing different ones that create a
different level of efficiency, right?
So it's necessary, but how do we, how, how do we have the
(15:58):
advisors help the customers prioritize what, what matters
the most, right? You're in a lot of these
discovery calls. You get to see this first hand.
How do we do that? Yeah, I mean that even at RSA
going there with and just being flooded with so many products
and tools, right, it, it's overwhelming in the sense of
(16:19):
like if I was a customer going into that type of scenario and
then like, OK, where do I, wheredo I start, right.
I think it goes back to the basics as far as risk
management, you know, just basicrisk management of OK, what are
my where do my most valuable assets?
What are they worth to me and what am I spending to protect
them? And then also understanding that
the business impact if they're compromised, that's going to
(16:41):
give you where you should start in the sense of, OK, you know,
what is my budget? And then what do I need to focus
on, on, on protecting it and adding value back to the
organization as far as, you know, integrity of data,
availability of that data, right?
What? And there's a lot of tools now
to do that. I think, you know, traditional
(17:03):
agents or, or trusted advisors have a, a certainly a spot
there. There's so much out there to
understand, even when you're trying to understand it, it,
it's it, you know, there, it's apretty, pretty high task to
understand everything. I think that's why we have MSS
PS in our portfolio that really understand that, that we can
(17:25):
leverage to to be experts when it comes to tooling and they can
make those recommendations on which tools to go to, especially
MSS PS that are platform agnostic.
Then we have certainly a few in our portfolio that that can do
that and and help guide customers.
But trusted advisors are not going anywhere when it comes to
security. There's there's a lot out there
(17:46):
and customers need help understanding it.
So I'm going to I'm going to shift here, I'm going to shift
in just a second to the scary things that are that you saw
some of the things that we know about the bad guys that are
doing. But maybe one one final thought
on on Tasmania and conversationsand and how how are in those
when the customers, these SMB kind of mid market customers,
(18:10):
what is it? What is it good enough?
I I know we want to do the best of the best.
I know we want to give everybodytop shelf Cadillac and all that
stuff. If Cadillac still top shelf, I
don't know. Everybody's car choices are
different, but what's a good enough strategy from an AI, you
know, working towards that? Or what are the pieces that
people should be thinking about so we can have those
(18:31):
conversations more? Yeah, that's a hard question in
the sense of because I think starting somewhere right now is
really what is what's important.And what I've been telling
clients is coming up with a strategy, you know,
understanding maybe they don't know exactly where AI is going
to help from an efficient PC perspective, but they can
(18:53):
understand how much are we spending or where are we
spending most of our money in the organization that's not
getting as much a return on investment as potentially it
could. And then maybe starting there,
that could be security that could be otherwise, right.
With the secure or with the AI conversation, though, I would
say the wait and see approach isnot the way to go.
(19:17):
Starting something and having a strategy around it, whether
that's, hey, we want to we want to use AI in our organization.
How do we protect it? How do we make sure that the
data governance is, is acceptable that it, it only has
access to the data we want it to?
Or how do we use AI in our security posture, you know, so
that we can use it to defend against, you know, next
(19:40):
generation threats that are, that are out there right now.
But doing nothing and waiting tosee what's going to happen is,
is the wrong move. Because you look at, you know,
the, the threat actors especially are not waiting.
They're not waiting and see they're they're using like tools
like a ChatGPT to create malwareto find vulnerabilities.
(20:02):
And as we know at this point, using generative AI makes us
faster, makes us more agile, makes us quicker to, to get, you
know, our tasks done. It's the same thing with bad
guys. They're using the same tools in
similar ways. And if we if we don't, we're
going to be behind the 8 ball. So let's think about that.
There's two stats that I love totalk about in this.
(20:24):
The stat #1 is that we ran the tech trends from last year,
right? New one, new one coming here
later this year. But the tech trends report says,
and this was from the IT decision makers that we
surveyed, it was that 92% of customers want to hear from an
advisor, right? That number is up from recent
years. And so that proves this channel
(20:47):
really does thrive in complexity.
And so hey, they need, they needmore help more than ever.
Then B1 in three enterprises said that they need help and
they need an advisor. So to your point, never been a
better time to be an advisor and, and having these
conversations, they really thrive in those complexities.
And then the final thought that that I think is helpful is, you
(21:10):
know, 15% according if it's likea GEICO commercial, 15% or less,
15% under that have any sort of AI governance plan in place
right now. So your customers, again, it's
so new, it's so early. They, we need to do it and we
need to be ready. We can't wait and see for the
next scary thing. But we, you know, the, the, it
(21:31):
just proves it's right for the conversation.
I think validates all the data validates.
Yeah. And we've had a lot of
conversations this year around data governance, AI governance,
you know, whatever you want to call it.
It really starts with that basics of are we doing data
labeling, data classification, what's our hygiene when it looks
like or when it comes to that kind of stuff, right?
Foundational aspects of of, you know, a security practice that
(21:56):
may have been not at the forefront of a lot of people's
security posture this year, where we've seen more
opportunity around that of just,hey, let's get our eight our
data ready. Let's make sure it's it's clean.
Let's make sure that it's that we understand where our data
lives, where we're accessing it.And if you think that, you know,
(22:16):
that those are still conversations that are, are far
out, you know, and, and aren't really occurring every single
week where we have opportunitiesaround this.
So just asking clients, hey, areyou labeling your data?
Are you classifying your data? And if they're not, it's well,
you know, that's Part 1 of an AIstrategy on securing AI.
(22:39):
So a lot of stuff we can do there and and you know, happy to
have those conversations. So let's shift it to, you know,
the AI fight, I guess a little bit.
So, you know, for, for anybody that hasn't listened, you know,
you've been on the podcast before.
We talked about some really coolstuff with your prior military
background. You you, you've seen some
things, you've been through sometrainings that most people on
(23:02):
this audience will not ever get to experience or see.
And so I want to think about, you know, you've got a glimpse
into what the bad guys are doingright.
And so if we pivot that to from a cyber perspective, what are
you, what are you seeing out there or hearing out there in
RSA or broader of what the bad guys are doing and how they're
(23:22):
using AI and how they're trying to stay of, of leveraging that
is a tool to their benefit? Yeah, I mean, I, I've said this
before and just generally, you know, with when it comes to
generative AI or otherwise that,you know, AI can make, you know,
someone bad, pretty good and make someone good, really great,
right. And the bad guys are certainly
taking advantage of that. As an example, I, I actually
(23:45):
built a website. I'm not a software developer.
I didn't, you know, I didn't learn code for years and years
as a kind of project experiment thing.
I actually with ChatGPT and someother generative LLMS, I built a
web page that actually was working well in JavaScript and
did a lot of the stuff I wanted to do.
(24:06):
I learned some code. So I knew what I was kind of
doing. But I, I, if I took that away, I
would not be able to have done what I did.
That same thing can occur with malware, with finding
vulnerabilities, exploits, delivering exploits, payloads,
all of that. If I know some of the basics of
that kind of stuff, I can use AIto augment my efforts to make me
(24:27):
much, much better than I then I relatively should be, right?
We got to do the same thing on cybersecurity.
I actually think, you know, coming into the practice, if
you're a new security analyst, AI can make you better, make you
quicker, faster, be able to respond to threats and punch
above your, your, you know, yourknowledge space because of that
(24:49):
thing, because of AI. So we got to be doing the exact
same things that the bad guys are doing.
Well, and we saw that early on too.
And this is still, I mean, even a thing, right?
It's the DDoS for hireright blowup a, you know, blow up traffic
to a website, blow up traffic toto some infrastructure.
And, you know, that takes down DNS, that takes down all these
(25:10):
things. I mean, all those are still out
there from a dark web perspective.
Now it's just even worse. And it's just even more powerful
because you've got the power of hyperscaler compute, you've got
the power of AI. And it's like the, it's like the
what? I hate The Cheesecake Factory
menu, right? There's just so many choices in
that. Now there's even more, it feels
(25:32):
like, and even more powerful ones.
Yep. I guess maybe, maybe let's wrap
it up here. Final thoughts.
What are the discovery questions?
What are your favorite thoughts?Scariest thing you saw, you
know, while you're at RSA wildest product you saw things
(25:54):
that you're most, you know, excited to kind of see coming
forward and just, you know, mixed in here.
Let's let's get a few of your favorite kind of questions to
help uncover those needs for TAS.
Yeah, I saw a a specific product.
Well, I'll answer it really specifically.
There's a product that it detects AI in the sense of when
(26:15):
you're on a false web page. And I saw some of the stuff that
they did and I saw some false web pages that were 100%
identical to real web pages. So you can, you know, people
spoofing web pages or otherwise,you know, really, you know, from
a generic level of, you know, you click a link, you think
you're on Facebook and you're not on Facebook, but it looks
exactly like it, like exactly you.
(26:40):
I mean, you look at what AI can do with, you know, photography
and, and generating images and all that stuff.
And you're like, I, I, I can't tell if it's a real image or
not. Some, you know, depending on
the, the engine, the same thing with web pages and the guy, you
could think you're on the right page and it could be completely
malicious. And we actually, there's tools
out there AI detecting AI that are doing this because humans
(27:02):
can't. Now you look at it and you're
like, I, there would be no way that I would know that I was on
a spoofed web page because they can hide A lot.
They can mask the domains. A lot of that kind of stuff is,
is just getting so good. So that was a scary thing of of
I think at some point we're going to be questioning our
reality on on, you know, the Internet of what are we
actually, am I on the right place?
(27:23):
Am I, you know, am I where I think I am right.
And we may need AI to to start detecting it.
And, and, and yeah, I mean, someof these early demos already of,
you know, obviously the AI voicecloning, the biometrics and the
things that that impacts and, and, and already seeing some of
these proof of concepts of the tools that are out there for
(27:45):
this AI video clone, this AI avatar clone sitting in on your
Zoom session, right? So we used to just laugh and
say, well, of course, like the finance person just needs to
know that I wouldn't send that. Well, now not only can I
validate that I am me, I can geton video and it looks like me.
I think to your point, it's it'll, you know, it, it, it
needs to keep everybody in a question everything constantly
(28:09):
mindset, right? And these tools, I think we have
to leverage the tools to be ableto help us because even even in
a question everything, when you question everything, we just we
can't make it a questioning process.
We have to use technology to help knock down some of that.
Yeah, 100%. Good stuff.
All right, man, love the download.
(28:31):
Love that you got to go see a lot of this stuff.
I know it's all fresh. It's all lots of crazy things
that you learned. Look forward to continuing to
hear more from that. But appreciate you coming on,
man. Thanks for thanks for all the
share. Yeah.
Thanks so much for the time. Great talking with you.
All right, everybody, as always,don't forget every Wednesday
these episodes drop. Whether you're listening to
(28:51):
Apple, Spotify, all of the above, make sure that you get
that so that you can help your customers and and have some of
these conversations and we're here to help.
So until next time, I'm your host, Josh Lopresto, SVP of
sales engineering, Delaris, Trevor Burnside, solution
engineer. This has been RSA recap.
What shocked us, what inspired us.
Until next time. Next Level Business has been a
(29:13):
production of Tulare Studio 19. Please visit telaris.com For
more information.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.