Claim OwnershipDown the Security Rabbithole Podcast (DtSR)
Subscribed: 2,964Played: 68,278
Subscribe
© 2025 Down the Security Rabbithole Podcast (DtSR)
Description
This is Cybersecurity's premier podcast. Running strong since 2011 Rafal Los, James Jardine, and Jim Tiller bring a no-nonsense, non-commercial approach to our profession. DtSR brings interviews and discussion with people you want to meet, and stories you have to hear. So whether you're just starting out, or are decades deep into your career, you'll always learn something on this show.
On Twitter/X: https://twitter.com/@DtSR_Podcast
On YouTube: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
On LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
717 Episodes
Reverse
TL;DR: We heard RSnake's take on CVSS and CVEs and such, now let's hear Brian "Jericho" Martin's take. The gloves are off, and the opinions go native when we take this episode live. Brian doesn't pull any punches, and apparently I'm the only one without a pocket full of $2 bills? Sorry for the explicit rating, that's Brian's fault. YouTube Video: https://youtube.com/live/2-3Jzks5myc?feature=share Have something to say? Let's hear it. Support the show >>> Please consider clicking...
TL;DR: Patching. Your least favorite thing. Well, it turns out that most of the work we have been doing in the last 20+ years has been for nothing. Robert "RSnake" Hansen's theory, backed by a lot of data, seems to point to a much bigger problem in cyber, and it's time we talk about it. Rob's Closing Keynote that started this conversation: https://youtu.be/80ZtAsuC4v4?si=-liUcLX4adz092yP YouTube Video: https://youtube.com/live/k4kvKWZVh78 Have something to say? Let's hear it. Support the...
TL;DR: This week's pod features your favorite hosts reflecting on how security has lost its way. When everything is a catastrophe, nothing is. When every breach is world-ending, none of them matter. Have we completely lost the plot? Prepare to have a good think. YouTube Video: <coming soon> Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
TL;DR: On this week's pod - Sean Scranton and Shawn Tuma make a return appearance to talk about Cyber (Security) Insurance. Some see it as the answer to cyber's problems, while others see it as just another question. Which is it? Is it just a matter of perspective? Listen in and find out! YouTube Video: https://youtube.com/live/GiuheFiFO78 Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-...
TL;DR: This week's pod is all about healthcare-related data that is bought and sold the world over - and how you this data can be utilized while still preserving privacy. In this mind-blowing segment, John Kuhn of Integral joins Jim and I to talk about the vast quantities of data that's bought, sold, and aggregated for healthcare research - and how it can be used for good, while still preserving people's privacy (or what's left of it - debate ensues). YouTube Video: https://youtube.com/l...
TL;DR: If you've ever wondered what goes through the mind of a top-tier CISO, wonder no longer. This week's episode features Trey Ford talking a little nostalgia, and a little of what's on his mind as a CISO. Fantastic episode, shout out to BugCrowd for the episode. Youtube video: https://youtube.com/live/uFl45Tb93gY?feature=share Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
TL;DR: Let's talk, err, lament, Third Party Risk programs. Who has time for these, and is there any real value in identifying 3rd party risks? Or is it just all theater for the lawyers? Paul Farley joins Jim, James and Rafal to chop it up. Dive in with us, and see what you think. YouTube Video: https://youtube.com/live/Le23nkaybfE Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-...
TL;DR: This week's episode is what happens when I go on vacation and have a little time to think. So here we go - let's talk about this Jaguar Land Rover was compromised and ransomware spread. The damage has been 'extensive' to the point where they stopped everything... are there any lessons here? Links https://www.theguardian.com/business/2025/sep/20/jaguar-land-rover-hack-factories-cybersecurity-jlrhttps://www.theguardian.com/business/2025/sep/20/jaguar-land-rover-hack-factories-...
TL;DR: This podcast features our friend Bo Birdwell who sits down with us to explain the ins and outs of the new DFARS CMMS update. Jim and Bo cover a lot of ground, and James and I are along for the ride asking questions. Great episode if you're in the space, worrying about what this latest update means to you. YouTube Video: https://youtube.com/live/0cl1S4f3g8E Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=...
TL;DR: This week's returning guest is Doug Cavit, but this time he's here to talk about the Internet apocalypse. Partly driven by AI, but mostly we discuss automated content generation, bots, and consumption as we reach the conclusion that it's all coming crashing down... sooner than we'd like. YouTube Video: https://youtube.com/live/tUJgdrh3ws8 Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-...
TL;DR: Michael Reichstein joins the pod this week to talk about "rock star CISOs" and those who trade equity for their souls. It's an interesting discussion but this one comes with a warning label: If you're easily offended, do not listen to this. Michael's post that started this conversation: https://www.linkedin.com/posts/mreichstein_cybersecurity-leadership-businessethics-activity-7361753110983135233-YSct YouTube video: https://youtube.com/live/N1mD_HLYDxU Have something to say? Let's he...
TL;DR: This week's pod features our favorite former analyst Anton Chuvakin, and an AppSec OG Jeff Williams as we tackle the subject of AppSec's favorite new acronym - ADR. What is it? Why is it? Should it be? We answer all these questions and more, and laugh along the way a bit too. YouTube Video: https://youtube.com/live/69xeGDoDYbU Links Contrast's latest threat report (referenced in the show)An in-depth ADR Explainer (helpful!)Run-Time Security Explained (for those wanting to learn more)Ha...
TL;DR: This week's returning guest is the man, the myth, the Alpaca farmer, Philippe Humeau of CrowdSec. Life comes at you fast, threats come at you faster. The good news is - defenses can keep up. Listen in, then go check out CrowdSec! YouTube video: https://youtube.com/live/7Xc99bXCfwQ Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Y...
TL;DR: This week's guest is Dr Sam Liles - who's been CISO'ing since most of us have been in the industry. Sam gets it, and he has some perspective on what's going on with all this market consolidation. What is it good for? He's got some things to say, and he's not shy about it. YouTube: https://youtube.com/live/ROEA6z5Q-sk Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...
TL;DR: This week's show is a testament to surviving a week of Hacker Summer Camp out in Las Vegas. I have an interview with Ray Canzanese, Jr. (again, because y'all love him) and a bit of my take-away / rant from the week I spent out in the desert. Enjoy, I hope you made it home safe and learned something. Good God it was hot. YouTube Video: ( standby, waiting on me to edit ) Thanks again to my friends at Netskope! Have something to say? Let's hear it. Support the show >>>...
** Early release, due to Black Hat Conference and RaffCon XVIII. TL;DR: This episode is all about #RaffCon. Ever wanted to know what the heck it is? Well, Raffael Marty and I break it down, give you a little history, and reminisce. As we got into Black Hat week, this is the perfect precursor to #RaffCon XVIII. YouTube video: https://youtube.com/live/jwArV_EwuZc Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the sho...
TL;DR: This is one of the most important episodes we've done on this podcast. The CISO and CIO have a complicated, dynamic, and often ugly relationship - but what should it be like? How can the two work together and evolve their roles together, for the benefit of everyone in the business? Larry Whiteside, Jr. ( Co-Founder and President at Confide) and Dennis McDonald ( Chief Information & Security Officer at Jack Henry ) lay down a conversation that's worth a repeated listen. YouTube...
TL;DR: This week's conversation is all about the Customer Success team featuring Nick Puetz and Steve Dakhe. These guys have significant seat time building, operating, and perfecting the CSM role - and we're here to talk about it. What is a CSM? Why do they exist? And what is their role in customer engagement? Listen in, find out! YouTube: https://youtube.com/live/lCen-1Vt_K8 Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to su...
TL;DR: This week we took a sit-down with serial entrepreneur, Will Gragido. Will has been a part of several innovative start-ups, and is now onto his next one. He's a product innovator with a pragmatic sense of what customers need, and he's here to give you the run-down of what drives him, what got him here, and things you should think about if you're thinking of setting off on your own. YouTube video: https://youtube.com/live/qkAi6Nj8kII Have something to say? Let's hear it. Show Sponso...
TL;DR: Did you miss us? Yes, we're back with Sam Masiello and we're talking about whatever is on his mind. Well ...there's geopolitics and Iranian hackers and frankly we need to talk about what it means for your security program. Thanks for joining us, Sam! YouTube Video: https://youtube.com/live/H-4ZktBIUDE Have something to say? Let's hear it. Show Sponsor: ThreatLockerAllow what you need, block everything else... Including ransomware.Disclaimer: This post contains affiliate links. If ...
Download from Google Play
Download from App Store
United States
Worst episode ever... (Okay I haven't listened to all 400), but..
You're talking about "hacker summer camp" but you don't go. That feels off.
wow you guys need to visit defcon again. Your impressions are off