Down the Security Rabbithole Podcast (DtSR)

TL;DR:  This week's episode came from my (Rafal) brain. I've been reading far too much LinkedIn, and the "influencer" postings have been making me crazy. So, here we are. We talk through some of these posts, many of which are AI generated I think, and have a little fun with it. Call it...therapy.YouTube Video: https://youtube.com/live/uZVfkge8bQEHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Join Jeff Collins, Raja Mukerji, and John Dickson, experts in AI security, as they dive into the complexities of safeguarding artificial intelligence. Discover how traditional security practices adapt alongside new AI technologies and the ethical concerns surrounding data leakage. They explore the challenges of governance and the need for effective legislation, while also discussing innovative methods for analyzing AI behavior. The trio emphasizes proactive strategies and employee training to enhance security, advocating for a culture that prioritizes cybersecurity in AI development.

Raja Mukerji, a cybersecurity expert, joins John Dickson and Jeff Collins to dive into the exciting world of AI in cybersecurity. They explore AI's unique capabilities that current tools can't match and debate whether AI will replace or augment human roles in security operations. With a focus on practical use-cases and limitations, they shed light on the balance needed between automation and human expertise. Intriguingly, they also discuss challenges for newcomers in the field and the innovative utilization of data beyond security.

Join Erik Bloch, a technical expert on AI, and John Dickson, who offers insights into its unique characteristics, as they delve deeper into artificial intelligence. They discuss the intricate mechanics and challenges of AI, touching on its energy demands and ethical implications. The conversation shifts to AI's transformative impact on fields like healthcare and law, emphasizing human oversight. They explore the risks of blind trust in AI and hint at the exciting technological evolution ahead, leaving listeners eager for the next installment.

In this engaging discussion, John Dickson, CEO of Byte Whisper Security and a security veteran with over 30 years in the field, dives into the fascinating world of AI and security. He humorously shares insights from his career while exploring the complex duality of AI—potentially beneficial yet fraught with risks. The conversation highlights the challenges organizations face in integrating AI into their workflows and emphasizes the need for critical thinking amidst growing technology reliance. Dickson also touches on the importance of preserving traditional skills in a tech-driven world.

Sounil Yu, CTO and co-founder of Knostic and former chief scientist at Bank of America, joins to explore the intriguing question of whether machines can be taught discretion. The discussion highlights the implications of AI in a society on the brink of an AI era. Topics include the challenges of data access and the 'need to know' principle in organizations, as well as the necessity for customized AI guardrails to prevent biased outcomes. Yu emphasizes the importance of balancing clean data and strategic access to enhance security in a digital landscape.

TL;DR: On this "live on the scene" episode from Zero Trust World 2025 sponsored by Threat Locker - I have the distinct pleasure to speak with Rich Latayan about his career leading big-company security programs as CISO and his current endeavor.YouTube: <coming soon>Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: As per the usual, this year's RSA Conference 2025 wrap-up is with my friend Ray Canzanese, Jr. We sit in the beautiful sunshine atop the Moscone Center (gardens) and have an interesting, conversation about a number of interesting topics not the least of which is the puppies and baby goats at this year's event (well played, vendors, well played).YouTube Video: https://youtu.be/LSdEMlKRZmwHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Sometimes LinkedIn gives us an opportunity to record something meaningful - and in this episode we find a conversation with Ross Hosman's perspective on how to address the strained relationship between buyer and seller, CISO and vendor - in a meaningful way that you'll hopefully benefit from.Sales people, take notes. CISOs ... you too.YouTube video: https://youtube.com/live/e_SbcB2ZsD8Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This episode is a follow-up on two episodes, building up to this conversation. On episode 629 Hed Kovetz introduced us to "Identity Security" (https://dtsr.buzzsprout.com/2153215/episodes/16174464-dtsr-episode-629-what-the-hell-is-identity-security) and then on episode 646 Ward Pyles started the conversation about how security tools really aren't set up to protect from the identity perspective (https://dtsr.buzzsprout.com/2153215/episodes/16854549-dtsr-episode-646-ward-pyles-on-human-centric-security-for-real). Well - now we invited them both onto the show to talk it through and solve the problem Ward identified with the tech Hed spoke of.The result was better than we expected.YouTube video: https://youtube.com/live/N7cyIOdChtwHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast