What if your endpoint defenses aren’t as strong as you think they are? In this episode, ThreatLocker Chief Product Officer Rob Allen challenges conventional security thinking and invites RSA attendees to test their systems in real-time—with a rubber ducky and a radically different approach to Zero Trust.
At this year’s RSAC Conference, the team from ThreatLocker isn’t just bringing tech—they’re bringing a challenge. Rob Allen, Chief Product Officer at ThreatLocker, joins Sean Martin and Marco Ciappelli for a lively pre-conference episode that previews what attendees can expect at booth #854 in the South Expo Hall.
From rubber ducky hacks to reframing how we think about Zero Trust, the conversation highlights the ways ThreatLocker moves beyond the industry’s typical focus on reactive detection. Allen shares how most cybersecurity approaches still default to allowing access unless a threat is known, and why that mindset continues to leave organizations vulnerable. Instead, ThreatLocker’s philosophy is to “deny by default and permit by exception”—a strategy that, when managed effectively, provides maximum protection without slowing down business operations.
ThreatLocker’s presence at the conference will feature live demos, short presentations, and hands-on challenges—including their popular Ducky Challenge, where participants test whether their endpoint defenses can prevent a rogue USB (disguised as a keyboard) from stealing their data. If your system passes, you win the rubber ducky. If it doesn’t? They (temporarily) get your data. It’s a simple but powerful reminder that what you think is secure might not be.
The booth won’t just be about tech. The team is focused on conversations—reconnecting with customers, engaging new audiences, and exploring how the community is responding to a threat landscape that’s growing more sophisticated by the day. Allen emphasizes the importance of in-person dialogue, not only to share what ThreatLocker is building but to learn how security leaders are adapting and where gaps still exist.
And yes, there will be merch—high-quality socks, t-shirts, and even a few surprise giveaways dropped at hotel doors (if you resist the temptation to open the envelope before visiting the booth).
For those looking to rethink endpoint protection or better understand how proactive controls can complement detection-based tools, this episode is your preview into a very different kind of cybersecurity conversation—one that starts with a challenge and ends with community.
Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974
Guest: Rob Allen, Chief Product Officer, ThreatLocker | https://www.linkedin.com/in/threatlockerrob/
Resources
Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
______________________
Keywords: rsac conference, cybersecurity, endpoint, zero trust, rubber ducky, threat detection, data exfiltration, security strategy, deny by default, permit by exception, proactive security, security demos, usb attack, cyber resilience, network control, security mindset, rsac 2025, event coverage, on location, conference
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
[00:00:00] Sean Martin: Marco,
[00:00:01] Marco Ciappelli: Sean,
[00:00:02] Sean Martin: are you excited? Look at that. Read my mind.
[00:00:06] Marco Ciappelli: want pizza?
[00:00:07] Sean Martin: I, I always want pizza. You know that,
[00:00:09] Marco Ciappelli: I know, I know.
[00:00:10] Sean Martin: know, I always want pizza.
[00:00:11] Marco Ciappelli: we had a great, uh, prep before, uh, he didn't record. We just spoke pretty much about pizza in San Francisco. So we are excited about RSA conference
[00:00:20] Sean Martin: RSA and all the pizza that comes with it. Exactly. Well, there are, there are some few good spots and evidently Rob knows of one he lost. He'll have to find it again
[00:00:31] Rob Allen: Yes,
[00:00:32] Sean Martin: he'll, he'll let us know where it
[00:00:33] Rob Allen: I, I, I know where it is. I just dunno what it's called and
[00:00:35] Marco Ciappelli: We will, we'll follow you. Just, just let her know when you go for a
[00:00:39] Sean Martin: catch your, your trail and, uh, we'll meet you there.
Uh, never pass up a good pizza and I never, never pass up RSA Marco. It's that time of year again. RSA conference,
[00:00:50] Marco Ciappelli: no. A good conversation.
[00:00:51] Sean Martin: 2025. Yes, nor good. Good conversation too. Exactly. And uh, it's great to have Rob on. Rob, good to see you again.
[00:00:59] Rob Allen: Good to see you again, [00:01:00] Sean.
[00:01:00] Sean Martin: It's, uh, it's, uh, coming up and you guys have a busy schedule, uh, a booth with a lot of stuff going on there.
Um, just a quick word for, you've been on the show before, but folks haven't met you yet. Uh, your role at Threat Locker, please, bro.
[00:01:16] Rob Allen: Uh, chief Product Officer.
[00:01:18] Sean Martin: Sure. And sweet. Look at that. You, you make all, you make all the good stuff. You're very humble.
[00:01:23] Rob Allen: chief podcast officer, but that's a completely separate thing.
[00:01:26] Sean Martin: There's
[00:01:26] Marco Ciappelli: is a role for that. I'm gonna apply because, uh, that's pretty much what I do and yep, there you go. There I have a career in front of me.
[00:01:35] Sean Martin: Well, you, you build all the cool stuff, Rob. And, uh, you, you've been busy on that front too. Uh, a lot of releases coming out and, and I have a feeling people are, are gonna be, I. Happy they came by your booth to see all the stuff that you've put together. I mean, you have, you have a great following of customers already and uh, we are at Zero Trust World and the feedback from everybody that was at the conference was, uh, incredible.
And [00:02:00] so people that meet you in San Francisco get to see some of the new stuff as well. Um, tell us,
[00:02:04] Marco Ciappelli: talking about Threat Locker,
[00:02:07] Sean Martin: we are talking
[00:02:07] Marco Ciappelli: probably say the name of the company,
[00:02:09] Sean Martin: I did say the name of the company,
[00:02:11] Marco Ciappelli: did. I didn't hear. I was thinking about
[00:02:13] Sean Martin: I said his role at Thread Locker, but
[00:02:14] Rob Allen: it.
[00:02:15] Sean Martin: you're just pizza too much,
[00:02:17] Marco Ciappelli: All right. And we may as well say that it's booth number 8, 5 4. So we got dead out of, get out of the way too. And that's, uh, one of the main reason why we're recording this pre-event conversation. Number one, to get the excitement going. We're gonna be driving Sean and I again, after many years of flying to San Francisco, we're gonna drive up.
Probably on the five. So that's not that exciting. I don't know if you guys are familiar with California Highways, but five is not, it's not the best one, but it's the fastest one we wanna get there and we wanna meet a ton of people. And I know I, I'm actually very excited about this conference and, uh, and I'm excited to know what's going on at your booth, Rob, [00:03:00] and, uh, what are you guys planning to do there?
Unveiling few things, demos, what else?
[00:03:05] Rob Allen: All, all the fun things, really. I mean, look, we love these conferences. We love them for a multitude of different reasons. As you mentioned, meeting existing customers is always fantastic. There's nothing better to, than to to meet an existing customer, catch up, get feedback, you know, are you happy? Anything we can do to make your life better.
It's a phenomenal way to, um, to connect with customers. Um, but also obviously to speak to people who've never heard of us. It's, uh, equally a great, um, a great opportunity to effectively spread the gospel, spread the good word, about what we're doing and why we're doing it, and why it's so important. So, um, we've got, obviously we're doing presentations.
I think that speaking times are TBC at the moment, but we're gonna be doing live presentations, live demonstrations at the booth. We're gonna have all the merchs. All the merchs. So if you need merchs, you need t-shirts, you want socks. [00:04:00] This is the boots to come to. We have got quality merch as well. We're doing a rubber ducky challenge.
Um, so basically we have a number of different data exfiltration techniques that we can do via rubber duckies. So if you think your current cybersecurity solution, stop this from stealing your data or stop us from stealing your data, come talk to us. We'll basically plug a rubber ducky into your computer and see what happens.
Um, fun
[00:04:25] Sean Martin: de describe that to us
[00:04:27] Rob Allen: So rubber ducky, uh, little hacking device looks like a ordinary, um, USB storage device. Um, it's actually a programmable keyboard, uh, pro programmable keyboard that you can pre-program with, for example, a PowerShell command that will accelerate all your files. Um, we. Have for many years done what we call the Duckie challenge, which is we say to people at events like this, look, if you think your current cybersecurity solution will stop this from stealing your data, come talk to us.
We plug it into your computer. If you win, you get to keep the rubber duckie. [00:05:00] If we win, we get to keep your data. Now
[00:05:04] Sean Martin: Sounds like a good deal.
[00:05:05] Rob Allen: Absolutely it is. But you would be amazed at how many people volunteer. I mean, we, it's, it's dozens and dozens and dozens of people have volunteered and pretty much every case we've got the data.
Um, the new thing is we now have multiple ways of doing it as well. So it's not just like we used to do it via PowerShell. Now we've got batch 12 versions using Curl. We've got. Python ver we've got all manner of different versions of, of stealing data. So one of them will work, but I'd be pretty confident that the OG version will work because it's worked for years.
Um, but it just shows people what potential holes there are in their security strategy, um, effectively. But we often give away. I dunno, we give, I think we might be giving away a trip to zero trust world for anybody who does volunteer and win. Um. We don't actually keep your data. We will delete it once it's been uploaded, so don't worry about that as well.
[00:05:56] Sean Martin: That the data's safe with us.
[00:05:58] Rob Allen: Temporarily,
[00:05:59] Sean Martin: [00:06:00] Yes. Exactly. Exactly. Well, I want to, um, maybe quickly, I know you have more stuff going on and, and, uh, we'll, we'll get to that quickly, but I, folks who aren't familiar with Threat Locker, why should they stop by? And maybe, maybe the better ask or question to ask is, what is your solution set and how does it, how does it help organizations?
So why, why, what are they gonna learn by stopping by?
[00:06:23] Rob Allen: Well, I was gonna answer your first question by saying handsome Irishmen.
[00:06:26] Sean Martin: So there's always that. Yeah, of course.
[00:06:28] Rob Allen: Yeah. But
[00:06:29] Sean Martin: a great.
[00:06:30] Rob Allen: thank you. Um, no. Well, I mean, fundamentally it's a different approach to cybersecurity. It's not more of the same. Uh, I mean, I was at RSA last year and it seemed like just. AI here. AI there. Our AI is better than your ai. Our AI is bigger than your ai.
It was like a, a, a sea of, uh, an AI competition. Um, we take a different approach to cybersecurity. So fundamentally what we do is be denied by default rather than permitting by default, and [00:07:00] denying by exception, which is most. You know, the strategy for most other tools. So it's a very different approach.
It's a very unique approach and a very, very, very effective approach. Um, so as I said, explaining that to people, showing people what it looks like, it's just, it's a fantastic opportunity to do that, um, in person rather than on podcasts and webinars and so on.
[00:07:23] Marco Ciappelli: Yeah. And you know what? I wanna touch one thing.
[00:07:26] Rob Allen: by the way.
[00:07:27] Marco Ciappelli: Yeah, go far.
[00:07:27] Rob Allen: Just, yeah, not, not saying anything bad about podcasts. Podcasts are awesome. Um,
[00:07:32] Marco Ciappelli: didn't hear you so.
[00:07:34] Rob Allen: that's fine. But yeah, no, just having those, uh, the opportunities to have conversations in, in person with people answering questions. What about this, what about that? What that kind of stuff. It's, it's, it's a much, uh, it's a much more personable, um, way to have these conversations.
[00:07:49] Sean Martin: Nothing beats in in person,
[00:07:50] Marco Ciappelli: Yeah, and that's exactly where I wanted to go. Like then we go back to talk a little bit about what you guys are presenting there, but the, the, the conference itself, you've been there obviously, you know your first [00:08:00] rodeo and it is all about the community. That's the one thing I'm excited. You know, it's gonna be year number, I think 12 or 13 for me.
Sean pretty much invented RSA, so he is been there quite a bit. But you know, to go back and see who is new in the industry and what the talk is and it the fact that it's been going more and more from just tech talk and we're cool and geeks and all of that to community. So, and, and I know how important is the community for Threadlocker as well.
So tell me, tell me a little bit about that. You, you kind of mentioned the back and forth with customers and, and how you.
[00:08:37] Rob Allen: Yeah, as I say, it's, it's just a really good way of getting feedback. But I mean, as you saw from Zero Trust World, I mean there, there's uh, there's kind of the Threat Locker community, which is a fantastic community and one that I love greatly, but there's also the greater community. Um, and as I said, that, that is fundamentally who we want to connect to, who we want to talk to.
[00:09:00] Um, at RSA.
[00:09:04] Sean Martin: And in terms of, uh, I know you're doing, uh, is it a, a giveaway with, with, uh, hotel rooms and I
[00:09:12] Rob Allen: I'd forgotten about this. I'd completely forgotten about this. So, um, broadly speaking, as I understand it, the um, hotel bellman will be dropping envelopes underneath people's doors at some stage during a conference. I dunno when exactly. If you get one of these, bring it to the threat locker booth, unopened.
And each one basically, well, sorry, now every one, some of them, I'm not sure how many of them basically wins $500 or up to $500, uh, or something like that. As I said, I'd, I'd actually forgotten about that from last year. But yeah, we did it last year as well and uh, quite a lot of people won quite a few, um, dollars.
So
[00:09:53] Sean Martin: Don't,
[00:09:53] Marco Ciappelli: So I'm, I'm in an Airbnb on the other side of the bridge. Am I gonna get one
[00:09:58] Rob Allen: Marco, I will bring one to you [00:10:00] personally.
[00:10:00] Sean Martin: That's right.
[00:10:01] Marco Ciappelli: leave?
[00:10:04] Rob Allen: Yeah, yeah, yeah. But if you get, and sorry, I, I will stress, if you get one, you have to bring it unopened to the booth. If you open it, you ain't getting nothing.
[00:10:13] Sean Martin: Look at that. You can't, you can't peak
[00:10:17] Rob Allen: Nope. No
[00:10:17] Sean Martin: anticipation. Can't let it get you.
[00:10:19] Marco Ciappelli: It's about resisting the temptation, like a real social engineer type of thing, like.
[00:10:25] Sean Martin: Well, well, speaking of community and, and in person and the, you have demonstrations, you're gonna be doing presentations as well, but for folks who've caught stories of with threat Locker on ITSP magazine, you've, you've heard us say this mindset, and I think, I think having a chance to actually talk with somebody face to face about what this mindset means, um.
Is super important. So, uh, can you maybe touch on how some of the conversations you plan to have will help people kind of reframe how they think of Zero Trust and how they look at their environment? [00:11:00] I.
[00:11:00] Rob Allen: Yeah, absolutely. I mean, as I said, fundamentally our mission, um, as we see it, is to change the paradigm of endpoint security. So for many, many years, the paradigm of end endpoint security has been to allow everything except what. We, and by we, I mean, xve knows to be bad. Um, now, unfortunately, that approved approach has pretty much been proven not to work.
Every time there's a ransomware attack, it proves that approach does not work because basically nobody knows everything that is bad, because if somebody did, it would be the only product and there will be no such thing as ransomware. The fact is attacks are happening every day and it shows that that approach is not.
Succeeding. I mean, it has a value and you might stop most of the bad things because, you know, maybe somebody knows most of the bad things, but nobody knows all of the bad things. I mean, there are, you know, 160,000 new pieces of malware released every single day. I mean, [00:12:00] how do you possibly keep up with that?
I mean, the evidence, which suggests that you just can't. So again, our minds have changed, our mind shift change. That we're trying to encourage is, rather than doing that, rather than allowing everything except that switch known, which is known to be bad, why don't you just allow what's required and block everything else?
So going from basically default allow to default deny. Now, you know, people think that sounds scary and it sounds terrible, and it sounds really hard to manage. It's not. And that's the beauty of Threat Locker is it makes it manageable, it makes it attainable. It makes it achievable to even, you know, smaller organizations.
Um, but. It's just, it's a different way of looking at the problem of cybersecurity, but. If you combine basically that with a level of detection, a level of, okay, let's make decisions, let's try and react, et cetera, then that's pretty much your definition of a well-balanced security stack. Um, so rather than just depending on detection, 'cause again, the [00:13:00] problem with detection is it's reactive, is it's, oh no, something is happening, we better do something about it.
So we're talking about balancing proactive. With reactive, so proactive blocking. And the beauty about it is, is if something is going down, you're gonna know about it or detect it when it's not allowed to happen, rather than when it is, is allowed to happen. So it's not responding per se, it's, Hey, this is attempting to happen, but Threat Locker has stopped it.
[00:13:27] Marco Ciappelli: Well in a minimal time and maximum security. It's definitely everybody's dream when you work in security, right? It's like it's not stopping, uh, the business from running, especially if it's a small, medium sized business. It's not that ma main concern. It's to actually stay in business. And unfortunately now security is part of staying in business.
So, um,
[00:13:50] Rob Allen: And, uh, to, to that point, uh, Marco. So there's a very important caveat to the deny by default, which is permit by Exception. So it's deny by [00:14:00] default, permit by exception, but the permit by exception, is what allows your business to continue to run the permit. By exception is what allows people to do their jobs.
The deny by default is what keeps you safe. But permit by exception is a really important part of that as well. But again, it's not a blanket permit. It's not allow everything by exception, it's allow what's needed. By exception
[00:14:20] Sean Martin: Yeah. And I think, I think that's where your, uh, your, your secret sauce comes in. Um, threat locker. And I mean, I heard it at Zero Trust World
[00:14:29] Rob Allen: whi which
[00:14:29] Sean Martin: that, that
[00:14:30] Rob Allen: sauce, we have many
[00:14:31] Marco Ciappelli: They have.
[00:14:32] Rob Allen: Yes,
[00:14:33] Sean Martin: the manageability of, of that, of that, uh, managed by exception.
[00:14:37] Rob Allen: Yeah, I know, as I said, we make it at attainable, achievable possible. There's a few different things. I mean, we create policies for people automatically, so you don't have to figure out what's needed in every machine.
We have built-in applications, application definitions that we maintain updates. So basically our applications team are doing the hard work around allow listing so you don't have to. So there's, as I said, many secret sauce and many parts to it that make it manageable [00:15:00] and attainable and achievable.
[00:15:01] Marco Ciappelli: Yeah. And what, what, uh, what can people expect if they come at the booth? Like, what, what kind of demo are you running there? Do you know that?
[00:15:08] Rob Allen: Am I allowed to say Hanon Irishman again?
[00:15:11] Marco Ciappelli: Sure.
[00:15:12] Sean Martin: Demonstrating the.
[00:15:13] Rob Allen: Yeah, I'm trying to remember, is there gonna be multiple? Okay. There's gonna be at least one handsome Irishman. Um, but yeah, we're gonna be doing demonstrations. As I said, the Duckie challenge. We'd probably do that, um, to anyone and everyone that will volunteer their computer to have it plugged into. Um, I've just got confirmation of the timing.
So apparently on Tuesday at 12:00 PM we're doing zero trust for zero days, um, which is a. Um, example or a story about a hospital that we helped not get hit. Um, we're doing a network control, uh, related one. So about controlling network access, apparently at 2:00 PM no, uh, yeah, 2:00 PM. Um, and just basically, and funny it should be, I should have mentioned the, the detection complementing [00:16:00] protection, but we're doing a detection to complement zero trust, um, presentation on Thursday at 11:00 AM.
So yeah, those, it's gonna be a bunch of stuff, but I mean, as I said, it's mainly around the conversations. It's mainly around the meeting with people. We don't wanna be lecturing to people. It's more
[00:16:15] Marco Ciappelli: Just show up when you can. There is a lot to see, a lot to do. Bigger than ever, so.
[00:16:21] Rob Allen: merch, you be assured, we will
[00:16:23] Marco Ciappelli: And I can, I can be a witness for a witness for the quality. 'cause
[00:16:28] Sean Martin: was gonna say the
[00:16:29] Marco Ciappelli: got a nice t-shirt that I'm really, really enjoying
[00:16:32] Rob Allen: is tremendous merch. In fact, to be honest, Marco, I'm kind of disappointed you're not wearing it right now,
[00:16:37] Marco Ciappelli: you know, lemme see if I can find it.
[00:16:40] Rob Allen: I'm sure it's there. I'm sure it's there. You're probably wearing it
[00:16:42] Marco Ciappelli: it. I have it.
[00:16:43] Rob Allen: that. Yeah. But no, we will merch you.
[00:16:46] Marco Ciappelli: Well, we are most definitely excited, so I think we should, uh, Sean, make a, a round again, uh, the, the booth number and, uh, when.[00:17:00]
[00:17:00] Sean Martin: Uh, I'm gonna wrap it up with, with, uh, you mentioned, well, I mentioned secret sauce, but then you, you've also touched on the sauce as well. And, uh, Marco, you like ketchup on pizza, right?
[00:17:11] Marco Ciappelli: Yeah, that and pineapple. Now bring me that and I'm Italian.
[00:17:17] Sean Martin: I don't think so. No. No extra sauces on pizza.
[00:17:20] Marco Ciappelli: No, no, no, no. Absolutely no,
[00:17:22] Sean Martin: no, no. We'll have fun. We'll, uh, we'll enjoy seeing the whole threat locker team booth 8 54 RA conference in
[00:17:30] Marco Ciappelli: in the South Expo hall, if you're familiar. That's in the south.
[00:17:35] Sean Martin: Yep. And get your, uh, get your rubber ducky. Share your data.
[00:17:40] Rob Allen: Please.
[00:17:40] Sean Martin: hope, hope not to share your data, but, uh, I, I can honestly say the, uh, the entire team, uh, threat Locker is super fun, super nice, super professional, and have a lot of, a lot of great information to share and, and, uh, I encourage everybody to be part of the threat locker community and, and [00:18:00] stop by and get dressed.
[00:18:02] Marco Ciappelli: There you go. And as far as everybody else, stay tuned, we will be there. Of course, we will create a ton of content. Of course, we will also talk to you guys again on location, so we'll go deeper in the threat locker stories and, uh. We will if you can't make it San Francisco's 'cause No, everybody can just stay tuned on ITSP magazine and we will follow the event for you and share it.
[00:18:30] Sean Martin: Absolutely. And Rob, you can just deliver the, uh, the envelope to me for Marco. I'll take care of it for him.
[00:18:37] Rob Allen: Consider its, consider its own, consider its
[00:18:39] Marco Ciappelli: Leave it on the windshield.
[00:18:40] Sean Martin: That's right. That's right. Well, thanks everybody. We see you, uh, see you in San San Francisco. And uh, thanks Rob. Thanks to the entire threat locker team for, uh, being part of this and, uh, see everybody there.
[00:18:52] Rob Allen: You're you're very welcome, Sean and Marco. Thank you very much and look forward to seeing you.
[00:18:56] Marco Ciappelli: Yeah. Thank you.