Tag Archives: Richard Morrell


Live from RSA Conference 2016

This week I am in San Francisco recording a special radio show for TheStack.com and Red Hat called "Locked Down" I will be talking to the brightest and the best at RSA, expect to see a variety of shows going live over the week, discussing everything about the growing technologies, emerging products and the challenges that we are facing in security.

How do I get the show ?

If you have an iOS device simply subscribe via the Apple Podcast client on iOS available from the Apple store (or via Overcast or your podcast client of choice), simply search for "Locked Down" once installed. Stitcher Internet Radio App also is carrying the show.  SoundCloud is also carrying the stream.

If you have an Android device install Player.FM or BeyondPod and again search on "Locked Down" and subscribe. Stitcher Internet Radio App just like Player.FM and BeyondPod carries the show - all installable from the Google Play store. You can also listen in via SoundCloud.

If you are in a browser you can listen to all the shows as they appear using Player.FM directly by bookmarking and clicking http://bit.ly/1KWVVaB directly via your desktop, or via Stitcher http://stitcher.com/s?fid=84147&refid=stpr in Safari, Firefox or on any Mac or Windows browser. Stitcher doesn't always play well with Chrome, if you're a Chrome browser user click the Player FM link.

You can listen to episode 1 here in this post or visit SoundCloud's stream 

Yesterday I was at London Ceph Days, an event co hosted by Red Hat and Dell talking the latest Ceph goodness. Great venue near Barbican, well attended but for those who couldn't make it or geographically seperated by distance I thought I'd take a mini studio of HD video cam, and some small studio lights and do a recording with Russ Turk VP of Community at Inktank, now a Red Hat company.

Always a pleasure to talk with Russ, we have a mutual employment history going back a long time and he's genuinely passionate about storage, cloud and the open source movement that we've spent so long working to prosper.

Here's the video. It will scale up to 720 and 1080p if you change your viewing options accordingly.



Early this morning I recorded remotely with Mark Cox Director of Product Security Engineering at Red Hat and one of the founders of the OpenSSL Foundation talking about the latest OpenSSL vulnerability. Listen in to find out what it means for you, the real actual picture of what it means for the industry and a proper picture of risk and mitigation.

I broke the Heartbleed SSL story to the world so this time I thought we'd do it properly and have something you could listen in to.

Click the link below to listen in or subscribe to my iTunes show,

 Download the podcast in MP3 format here - or alternatively browse the RSS.

Ten days ago I did a podcast with Richard Clarke, ABC News Cyberterrorism correspondent and advisor to the White House and three former US presidents. Little did I know that three days later the world would react to the release of the information around the OpenSSL vulnerability now known as Heartbleed.

To get a podcast with Richard is a bit of a coup. He doesn't speak to very many media outlets in the IT space and certainly not with the reach and the focus around Cloud that I have. Since I put it on air almost 30,000 folk have listened to it and it's started conversations and featured in articles about who knew what within intelligence agencies and the NSA about who knew what and when they became aware.

My feeling is - does it matter ? I would hope, as a peace appreciating freedom appreciating citizen of the modern world that the agencies out there react and work in a manner that is forward thinking and communicative. Indeed all my own personal experience having worked in intelligence and in defence is that they are stretched, badly paid and badly appreciated and rely on relationships with industry just to tread water. I find it very hard to believe that the question who knew what when where is relevant to us going to Cloud.

More the question is on you the deployer, the architect, the developer to ensure you use a certified OS, you have a patch strategy, you own your reporting and your logging and you make sure you understand and breathe governance. Understanding blended control matrixes that allow you to own your footprint in public private or open hybrid cloud mated to a risk environment that conforms to your appetite or GRC tables.

Richard went on the record without being prompted - on my microphones - stating for a fact that mandated US Government behaviour was to patch and interact unless there was a massive stated case with interagency ministerial support to behave otherwise. I took him at his word and I'm no doubt many would argue otherwise. I looked him in the eye and that is genuinely good enough for me.

You can listen in to the podcast via iTunes or Stitcher or you can follow the link to the direct download / stream below and make your own mind up.

   You can listen to or download the show here