Detailed
Compact
Art
Reverse
March 7, 2019
This isn’t the easiest thing to do. Now that I’m writing the podcast post after recording and editing the podcast, I have a sense of relief. For the last month plus, I’ve tried to decide whether or not to shut down the podcast. The fact that it took this long to record a final episode tells me that it was time. I wrote about my reasoning in a blog post on the main page. This may or may not be the end. That largely depends on if someone would like to pick up the podcast and produce it themselves. I’d love to guide and mentor someone on the journey. The podcast has been beneficial to me and the many people who have reached out providing appreciative feedback. I’d love to see it continue. I’m also content that this is the end of the podcast. I will be at BSides Nashville shooting pictures and very likely be at DEFCON manning the Social Engineering door. Come see high or reach out to me on social media (@TimothyDeBlock) or email (timothy[.]deblock[@]gmail[.]com).
January 14, 2019
Daniel (@notdanielebbutt) and Kyle (@chaoticflaws) are the two guys I go to for clicking on suspicious links. Recently, I’ve been seeing more Emotet. So, I wanted to have the guys on to talk about the malware that is making a comeback. The CFP is open for Converge Conference. The conference is May 16 and 17. They’ll have one day for blue team topics and one day for red team topics. Make sure to submit your malware related talk topics. Also make sure to check out MiSec if you’re in Michigan.
January 4, 2019
2018 was a good year. I made some format changes that I’m really happy with. I picked up some new audio equipment. I resolved my recording process (I think). I’m not a big statistics guy. I don’t really care if two people or 200 people listen. I’m just happy to have some really great conversations with people and contribute back to the community. I’ve got a new recording setup that will hopefully make producing a podcast much easier. I’ve setup a Twitch channel for gaming and potentially recording EIS episodes on. Follow for notifications on when I go live. I’ll be trying my first EIS episode Monday, January 7, 2019, at 8:30 p.m. CT. I’ve also turned what was my attempt at a GamerSec Discord channel into the Exploring Information Security channel. Here you can interact with us while record (or on Twitch). Join other people interesting in the podcast. Game with other infosec professionals. Thank you for being a listener of the podcast. I am refreshed from my month off and energized for what’s ahead in 2019.
November 26, 2018
Micah (@WebBreacher), Josh (@baywolf88), and Justin (@jnordine) join me to go over a variety of topics at DerbyCon 2018. The Hyatt was kind enough to provide space near the bar (shout to the amazing Lauren).
November 19, 2018
Micah (@WebBreacher), Josh (@baywolf88), and Justin (@jnordine) join me to go over a variety of topics at DerbyCon 2018. The Hyatt was kind enough to provide space near the bar (shout to the amazing Lauren).
November 8, 2018
This past DerbyCon, I had the opportunity to take the Advanced OSINT with Ryan (@joemontmania) and Colleen (@UnmaskedSE). The course was great! It was different from some of the other OSINT courses I’ve taken. They covered very specific techniques and tools. After presenting on those techniques and tools we were given the opportunity to dive in from a free-form standpoint.
October 31, 2018
This is a solo episode. I had the idea after sitting in a vendor pitch today where one of the sales guy mentioned that passwords WILL die. I disagree. I think passwords have been around for a long time and will continue to be around. They’re easily replaceable and is stored in the most secure location. Unless there are mind readers, then we’re all just screwed anyway. I would love some thoughts and feedback on this one.
October 22, 2018
Stu (@cybersecstu) is a Co-Founder of The Many Hats Club, which is a massive Discord community and podcast. Earlier this year, Stu started sharing Unusual Journeys. I love this series because it highlights that there is no true path into infosec. He’s had 18 series so far and each story is fascinating.
October 15, 2018
Stu (@cybersecstu) is a Co-Founder of The Many Hats Club, which is a massive Discord community and podcast. Earlier this year, Stu started sharing Unusual Journeys. I love this series because it highlights that there is no true path into infosec. He’s had 18 series so far and each story is fascinating.
October 8, 2018
Claire (@ClaireTills) doesn’t have your typical roll in infosec. She sits between the security teams and marketing team. It’s a fascinating roll and something that gives her a lot of insight into multiple parts of the business. What works and what doesn’t work in communicating security to the different areas. Check her blog out.
October 1, 2018
Claire (@ClaireTills) doesn’t have your typical roll in infosec. She sits between the security teams and marketing team at Tenable. It’s a fascinating roll and something that gives her a lot of insight into multiple parts of the business. What works and what doesn’t work in communicating security to the different areas. Check her blog out.
September 24, 2018
When I have guests hop on the podcast, I usually try to break the ice a little and get them warmed up for the episode. Often times these can turn into some really good conversation about the infosec field. I'd like to start capturing those conversation and release them (with the person's permission), because there are some really great insights. I've released this episode early to the people on my newsletter (check below to get in on the fun). I wanted to get feedback and also give people who sign-up some bonus content, which is something I hope to do more.
September 17, 2018
Wes (@kai5263499) is not a security person. He is a developer. A developer that understands security and why it's important. He deals a lot with automation and working with container technology.
September 10, 2018
Wes (@kai5263499) is not a security person. He is a developer. A developer that understands security and why it's important. He deals a lot with automation and working with container technology.
September 5, 2018
Justin (@jms_dot_py) is the creator of Hunchly. I got to know Hunchly at SANS SEC487 OSINT training earlier this year. It's a fantastic tool that takes screenshot as the web is browsed. This is very useful for investigations involving OSINT. I'm also finding it useful for incident response, particularly for clicking on phishing pages. I sometimes forget to take screenshots as I'm investigating a phishing page. Having Hunchly means, I don't have to worry about taking screenshots. I then use the screenshots for reports and training. It's a really useful tool.
August 27, 2018
Paul (@paulpaj) wrote a blog post on how to make a successful burp extension and get it published in the Burp Store. A lot of the recommendations in the article are from Paul's experience handling extension submissions for the Burp Store.
August 20, 2018
Michael (@SiliconShecky) wrote a blog post on his site at the beginning of the year titled, It is CFP season... So what. In the article he hit on rejections and I thought it'd make for a great podcast topic. More recently, he wrote a blog post on the, Anatomy of a Rejected CFP. The article walks through his rejected CFP for DerbyCon.
August 13, 2018
Chris (@cmaddalena) joins me to discuss crafting a phishing email. This is something I've recently explored at work. Having little to no experience actually crafting a phish, I decided I'd go to someone who does this on a regular basis. Check out Chris' ODIN tool for automating intelligence gathering, asset discovery, and reporting.
August 6, 2018
Chris (@cmaddalena) joins me to discuss crafting a phishing email. This is something I've recently explored at work. Having little to no experience actually crafting a phish, I decided I'd go to someone who does this on a regular basis. Check out Chris' ODIN tool for automating intelligence gathering, asset discovery, and reporting.
July 31, 2018
Micah (@WebBreacher), is a SANS Instructor and author of the SEC487 OSINT course. He recently had his second class in Denver, Colorado (more dates here). During that class he found people asking about how to navigate the waters of OSINT resources. His solution was to start the OSINT Resource Classification System (ORCS). It's a call for the OSINT community to standardize on how resources are categorized. YOGA or Your OSINT Graphical Analyzer is meant to be a visual aid for people looking to navigate the streets of OSINT resources.
July 16, 2018
Stuart (@Stuart_A_Scott) and George (@georgegerchow) both have contributed content to CloudAcademy on GDPR. Stuart has a nine hour course on using AWS Compliance Enabling Services. George has a done a webinar and written an article on the topic. Both are well spoken and highly informed on the topic. They provide a lot of good direction for anyone looking to account for GDPR in their organization (pro tip: everyone should be looking into this).
July 9, 2018
Stuart (@Stuart_A_Scott) and George (@georgegerchow) both have contributed content to CloudAcademy on GDPR. Stuart has a nine hour course on using AWS Compliance Enabling Services. George has a done a webinar and written an article on the topic. Both are well spoken and highly informed on the topic. They provide a lot of good direction for anyone looking to account for GDPR in their organization (pro tip: everyone should be looking into this).
July 2, 2018
Sean (@SeanThePeterson), is one of the most passionate infosec people you don't know. He recently did a talk at ShowMeCon on how to crack passwords. It was his first ever talk and pretty damn good. Sean joined me to give me his insights into password cracking.
June 25, 2018
Cliff (@BismthSalamandr), recently gave a talk at ShowMeCon on GDPR and why everyone should care. It's a really good talk and a great primer if you haven't dug into GDPR, yet (you should). Cliff is a recovering lawyer, so he's providing a different angle than your normal security professional.
June 18, 2018
Tanya (@shehackspurple), is a former developer turned security person. She speaks regularly at conferences around the globe. The topics often focus on working with developers to improve security, which is something I believe in. She's a project lead for OWASP DevSlop.
June 14, 2018
Amanda Berlin (@InfoSystir), Wik (@jaimefilson), David Cybuck (@dpcybuck), April Wright (@aprilwright), and Dave Chronister (@bagomojo) join me on the live EIS panel at ShowMeCon, June 7, 2018. This is the first panel I've ever done for the podcast. It went so well, I hope to do more in the future. We cover a variety of topics and have a few laughs.
June 4, 2018
Jayson (@jaysonstreet), is the VP of Information Security at Sphereny. He and April Wright (@aprilwright) are doing training at both Black Hat and DerbyCon on how to achieve security awareness through social engineering. The training focuses on helping blue team members setup effective security awareness programs.
May 28, 2018
Jayson (@jaysonstreet), is the VP of Information Security at Sphereny. He and April Wright (@aprilwright) are doing training at both Black Hat and DerbyCon on how to achieve security awareness through social engineering. The training focuses on helping blue team members setup effective security awareness programs.
May 21, 2018
It's another podcast special! This one was at Converge and BSides Detroit. This one took a little bit to get going. When we did we got into a little bit of everything. Topics both in infosec and topics outside of infosec.
May 14, 2018
Amanda (@InfoSystir) gave a keynote at Converge last week. The topic: mental health. It's a great talk and something I recommend people watch. Mental health is very important in our field. A lot of us were bullied coming up through school. Others grew up in awful environments. We've gotten past those challenges to become successful information security professionals. There are still scars, however, and if we don't identify and address them it will lead to unhealthy actions. Especially, since we are in a high-stress field that is overwhelmed. We need to have an open dialogue about mental health. The downside to have a poor mental health. We need to share ideas on how to better address our state of minds. Often we feel alone. We are not. If you feel like you are in a bad place mentally, there are resources that can help. Call a hotline (1-800-273-8255). Do a Google search. There are people who can help. Family, friends, or mentors. You matter.
May 7, 2018
Keith (@andMYhacks), is a solutions architect at Bugcrowd. He's also the co-host of Application Security Weekly. While Keith works at Bugcrowd, he also has a lot of experience participating in bug bounty programs. Check out his website AttackDriven.io.
April 30, 2018
Micah (@WebBreacher) has spent the last year plus putting together the SANS SEC487 course. The course focuses on Open-Source Intelligence Gather and Analysis (OSINT). I had the pleasure of attending the very first iteration of the course. I had an absolute blast and would recommend the course to anyways (even those outside of infosec).
April 23, 2018
Micah (@WebBreacher) has spent the last year plus putting together the SANS SEC487 course. The course focuses on Open-Source Intelligence Gather and Analysis (OSINT). I had the pleasure of attending the very first iteration of the course. I had an absolute blast and would recommend the course to anyways (even those outside of infosec).
April 16, 2018
Steve (@SteveD3) has been covering BEC types of attacks for the past year at CSO. These types of attacks are increasing. It may get worse with GDPR requirements next month. This ended up being one of the more difficult podcasts to get scheduled. Steve and I had to cancel on each other a few times because of phishing related stuff.
April 9, 2018
Interviews are a nerve-racking process. Preparation provides more confidence and the ability to anticipate curve balls in an interview. Being prepared allows you to have more brain power when there is a question you didn't anticipate. When you're prepared, it shows. People tend to like candidates who are prepared. They can tell by how direct and decisive answers are to questions. There is one caveat to this. If your interview with someone as part of a network, there is more leniency in the interview.
April 2, 2018
Daniel (@notdanielebbutt) and Kyle (@chaoticflaws) are two of the people I go to when I need to have a better understanding of what a malicious link does. They're passion for clicking on links is out of this world. They also provide some really good insights into the work of clicking on links most people shouldn't. I asked if they'd be willing to walk me through building out a machine that could help me do what they do. They kindly obliged and thus another open mic podcast is born.
March 26, 2018
I'm taking a different approach to solo episodes and the podcast. I am going to blog about the solo episode before recording it. This will allow me to collect my thoughts. As a result of this, I hope, that it'll make the solo episode much more smoother. Usually, I write down some points and then just riff off that. Because I'd like to write more I figured this would be one way to improve quality of the podcast, while also providing some more elaborate show notes. With that, let's get to the topic at hand.
March 19, 2018
Jess (@drjessicabarker) runs the @cyberdotuk account on twitter and website. She's also the co-founder of Redacted Firm (@redactedfirm). She wrote an article last year that covered recommendations and tips for submitting to a conference Call for Papers (CFP). It all started with a tweet asking what's holding people back from submitting to a conference. Over 6,000 responses later there were a variety reasons, including "I don't know enough.' The article goes on to ask several organizers for their suggestions on submitting. In this podcast episode we dive into the article and much more.
March 12, 2018
Jess (@drjessicabarker) runs the @cyberdotuk account on twitter and website. She's also the co-founder of Redacted Firm (@redactedfirm). She wrote an article last year that covered recommendations and tips for submitting to a conference Call for Papers (CFP). It all started with a tweet asking what's holding people back from submitting to a conference. Over 6,000 responses later there were a variety reasons, including "I don't know enough.' The article goes on to ask several organizers for their suggestions on submitting. In this podcast episode we dive into the article and much more.
March 5, 2018
I've already written a couple blog posts on the topic. I've also created a GitHub page to track all my resources I intend to use in the presentation and training. The idea of the content is that we can use social engineering (like the red team) in our day-to-day interactions at work. We can use the same techniques to build better relationships and build better security mindsets in our organization. If you prefer soft skills.
February 26, 2018
Micah Hoffman (@WebBreacher) is a SANS instructor who will be teaching a brand new SANS course, SANS487: Open-Source Intelligence Gathering and Analysis. Kirby Plessas (@kirbstr) runs her own training company Plessas Experts Network, Inc. There is an online training portal that you can use to learn more about OSINT. Josh Huff (@baywolf88) is a Digital Forensics Private Investigator and OSINT addict. He runs the Learn All The Things website. This is a new format for the podcast that I am trying out. It's a lot like the conference episodes I do: It's longer; I allow swearing; and there is no format or direction. I asked for OSINT questions on Twitter and got some pretty good ones back for people to answer. I can turn this into a live show that would allow for people watching to interact with the guests on the show. I need feedback on whether or not this of interest to people. Hit me up on Twitter (@TimothyDeBlock) or email (timothy[.]deblock[@]gmail[.]com)
February 19, 2018
Chris (@humanhacker) is the Chief Human Hacker at Social-Engineer, Inc. He's the author of several social engineer books. He also has his own podcast. This past summer he announced the Innocent Lives Foundation, which has the objective of unmasking anonymous online child predators through OSINT and relationships with law enforcement. He is a social engineering Hulk in the field of information security.
February 12, 2018
Chris (@humanhacker) is the Chief Human Hacker at Social-Engineer, Inc. He's the author of several social engineer books. He also has his own podcast. This past summer he announced the Innocent Lives Foundation, which has the objective of unmasking anonymous online child predators through OSINT and relationships with law enforcement. He is a social engineering Hulk in the field of information security.
February 5, 2018
Wes (@kai5263499) is a cloud engineer, who loves to dig into Apple product security. Last year (and on a previous episode) he discuss how Macs get malware. He's back again this year to discuss how to hack iOS. He will be speaking at BSides Hunstville February 3, 2018. If you have a chance to go, be sure to check out his talk. Also, check out is OSX security awesome list on GitHub. It's a really useful set of links on This dude is really smart.
January 29, 2018
Wes (@kai5263499) is a cloud engineer, who loves to dig into Apple product security. Last year (and on a previous episode) he discuss how Macs get malware. He's back again this year to discuss how to hack iOS. He will be speaking at BSides Hunstville February 3, 2018. If you have a chance to go, be sure to check out his talk. Also, check out is OSX security awesome list on GitHub. It's a really useful set of links on This dude is really smart.
January 22, 2018
Ryan (@th3b00st), Kyle (@chaoticflaws), and Kate (@vajkat) help put on one of the best conferences. Last year was my first year at the conference. I was not disappointed. They had a workshop on application security; a room set aside to get resume feedback; Ham radio exams; and much more. They also had three days of wonderful talks with some really great speakers. At lunch there are multiple treks to go grab a coney dog. The call for papers is currently open. They're looking for speakers and to add more workshops this year. Tickets are also available now. Make sure to grab yours and I'll see you at Converge and BSides Detroit May 10-12.
January 15, 2018
Matt (@matt_tesauro) and Aaron (@weavera) are the project leads for the OWASP AppSec Pipeline. The project provides resources and guidance for building out your own appsec pipeline within a development team. Building a pipeline is important in helping get security embedded within software.
January 8, 2018
2017 was a great year for the podcast. I saw increased listernership. We had a new episode format that involved talking to several security professionals at various conferences. I've also seen an increase in companies and public relation firms reaching out to me to pitch guests. In 2018 I'd like to explore some new formats. There may be a conference panel in the future. I also expect to look at advertising and sponsorship for the podcasts. I also need to work on an archive feed for older episodes.
January 1, 2018
Micah (@WebBreacher), this past year, spoke on imposter syndrome and how to overcome it. It's something we all deal with (even several years into our careers). It's useful, but also dangerous for those of us in the information security community. We need to try and compare ourselves to others less and speak more positively internally.
December 24, 2017
Chris (@chrissanders88) grew up at a disadvantage. He wasn't rich or handed a great educations. He speaks of being part of the free lunch kids at school. He's managed to turn himself into a successful information security professional, with his own company and non-profit. A lot of that is due to his teachers and mentors encouraging his interest in computers. The Rural Technology Fund is a way for him to give back and give other kids an opportunity to see if they have a spark for technology.
December 18, 2017
Chris (@cmaddalena) gave a talk at DerbyCon this past year on writing Win32 Shellcode. We've talked before on a previous podcast around why building your own tools is important. Chris has also written several tools for his day job and for public consumption. His most recent tool is ODIN, a passive recon tool for penetration testers.
December 11, 2017
Chris (@cmaddalena) gave a talk at DerbyCon this past year on writing Win32 Shellcode. We've talked before on a previous podcast around why building your own tools is important. Chris has also written several tools for his day job and for public consumption. His most recent tool is ODIN, a passive recon tool for penetration testers.
December 4, 2017
April (@aprilwright) and I met earlier this year at ShowMeCon. She shared with me the concept of the Orange Team. Which is an idea around the security (blue) team working more closely with the development (yellow) team. I loved the idea and wanted to hear more. She spoke about the topic at BlackHat and DefCamp. Unfortunately, the recordings of her session haven't been released yet. So, I decided to have her on to discuss in more detail.
November 27, 2017
Max (@maxrmccarty) has a great course called Securing Your Node.Js Web App available on Pluralsight. The course is five and a half-hours long, walking through the basics on security. Security for NodeJS is not unlike security for other languages and technologies. If you can secure other web apps you can secure NodeJS.
November 20, 2017
Adam (@adam_baldwin) is the team lead at Lift Security and founder of the Node Security Platform. NSP is one of the simplest tools to put into a development life cycle for NodeJS. It checks for vulnerable packages in an environment during pull requests or builds. This allow developers to quickly and easily identify packages that put their applications at risk.
November 13, 2017
Getting outside of the infosec echo chamber is something I've wanted to do for the past year. Spending time at infosec events is important for a career. It's great for networking and knowledge sharing. We need to do those same things at non-infosec events. For me that means getting out to developer events. I am speaking at Nodevember at the end of November 2017 and also at CodeMash in early January 2018. For better security I think it's a crucial activity.
November 6, 2017
Brandon (@brandonlwilson) spoke at BSides Knoxville in 2017. I had the pleasure to be in attendance for his talk. The talk was technical and very interesting. Brandon talked about how he tried to take his old 90s car and fix it himself. The was a malfunction in the anti-theft system that kept the car from running. He decided to go deeper. Unfortunately, he was unable to fix his car. He did, however, learn a lot from the experience.
October 30, 2017
Rick (@rick_tracy), is very passionate about the CSF from NIST. The framework is meant to help organizations become more mature from a security standpoint. The CSF provides guidance on implementing security controls and countermeasures. It's not meant to be a one size fits all framework, but something that each organization can cater to their organization.
October 24, 2017
Mike (@theblacklabguy) joins me to discuss his OWASP project Threat Dragon. The project is meant to give developers an easy use tool for performing threat modeling. The project is built on NodeJS and AngularJS. It has a slick easy-to-use interface and Github integration. His roadmap for the project include Bitbucket integration and a rule engine that will help with threat modeling.
October 16, 2017
This is likely the last podcast conference special of the year. It's a good one. We had quite the crew to record this one and got very in-depth and deep on topics related to infosec. Big shout out and thanks again to Dave for bringing the mics and participating in the podcast. I've been pleasantly surprised with how this and the other podcasts have turned out. I've gotten some great feedback and I plan to do more of these in the future. It was also floated to me that we record one of these as a panel at one of the conferences. We'll see.
October 9, 2017
This is another EIS podcast special at BSides Augusta. I have some close friends joining me for this one. Adam, Jeff, and Robert all part of a local user group in Columbia, South Carolina, aptly named ColaSec. I also worked with Adam and Robert at my first security gig. BSides Augusta is one of my favorite BSides events. It's really well run. It has a great facility and there's so much to do. In fact, I took part in my first conference capture the flag (CTF) with some of the guys from ColaSec. It was quite the experience and a lot of fun. I highly recommend the conference for those free in mid-September.
October 2, 2017
Kate (@vajkat) is a senior security consultant at Secure Ideas. She recently wrote an article on setting up a targeted pineapple. In the article she walks through setting up a pineapple. What I really enjoy about the article is that she walks through some of the issues she runs into setting up the pineapple. It's a really good example of how to work through problems using troubleshooting techniques.
September 25, 2017
Danny, is the Director of Product Marketing for Ericom (@EricomShield). He came on the show to talk about isolated browsing. Which is a technology that I've never heard of before. It's similar to virtual machines and technology like Citrix, which provide solutions that help isolate a user. Isolated browsing is different. It uses containers (like Docker) to provide a user with a browser that is completely separate from the computer. This has the advantage of keeping things like malware of user computer and in a contained environment.
September 19, 2017
This is a solo episode where I share my thoughts on why it's hard to get into infosec. I've been on both sides of the interview process. In this episode I share my own personal experience (where I failed), as well as what I've seen on why people didn't get the role they wanted. This topic deals with the skills shortage topic often discussed on Twitter and other media. It's a very nuanced topic. I wanted to focus on what those applying could do better to apply and interview for an opportunity.
September 11, 2017
Michelle (@MlleLicious) was one of the contestants who competed on Friday in the Social Engineering Capture The Flag (SECTF). This year the SECTF focused on video game companies and Michelle (happily) pulled Disney. Getting up on stage in front of hundreds of people is already a nerve racking proposition. Now add in that you have to interact with another human being to try and get them to divulge information for points. As you'll hear this was Michelle's first year at DEFCON. She dove right in to the event and walked away from the even with an amazing experience.
September 4, 2017
Kyle (@chaoticflaws) is someone I've started to get to know this year. He's an organizer of Converge and BSides Detroit. He's also an organizer for MiSec. Talking with him I noticed a strong interest in memory forensics. This allowed us to geek out a bit on the topic considering I have experience with performing memory forensics as part of incident response. It was one of the more interesting things I've done in security.
August 28, 2017
Chris (@cmaddalena), Kyle (@chaoticflaws), and Daniel (@notdanielebbutt) join me at DEFCON to discuss various topics ranging from conferences like DEFCON, Blackhat, and BSides Las Vegas to bird feeders. We read a couple passages from the POC||GTFO bible available from no start press.
August 21, 2017
Both Allan (@uuallan) and Tim (@TimJGallo) are in the Unite States. This makes starting a BSides in France challenging and intriguing. Both organizers love wine and saw an opportunity to put France on the BSides map. BSides Bordeaux (@BsidesBDX) is October 21, 2017, in Bordeaux France. The venue is Mama Shelter (which has a wicked video). Tickets are limited so be sure to grab one soon.
August 14, 2017
Chris (@cmaddalena) returns to talk about how he got his OSCP. He didn't get it on his first attempt. He did learn from his first attempt, though, and passed the exam on his second attempt. He was willing to come on the podcast to describe his experience and provide tips for others looking to acquire the certification. The exam is not easy. It's a 24-hour exam that includes writing a report as well as performing a penetration test. Preparation for the exam is very important.
August 7, 2017
Chris (@cmaddalena) returns to talk about how he got his OSCP. He didn't get it on his first attempt. He did learn from his first attempt, though, and passed the exam on his second attempt. He was willing to come on the podcast to describe his experience and provide tips for others looking to acquire the certification. The exam is not easy. It's a 24-hour exam that includes writing a report as well as performing a penetration test. Preparation for the exam is very important.
July 31, 2017
Jim (@manicode) is an active member in the application security field. He's been a board member for OWASP. He's a regular speaker at OWASP conferences and he provides appsec training nine months out of the year. I recently had the opportunity to tune into a webinar put on my Jim discussing the steps to secure application development. He's got a wealth of knowledge and provides actionable advice for anyone wanting to move in that direction.
July 24, 2017
Chris (@chrissanders88) recently put up a blog post titled, The Cult of Passion. In this post he discusses the concept of passion being a requirement in information security. This is something I've railed against in the path. Like Chris I think it sets the bar higher for those trying to get in. They feel like they have to spend 18 hours of their day doing infosec related things. That is in fact not the case and there are plenty of successful people in infosec that don't eat, sleep, and breath infosec.
July 17, 2017
Micah (@WebBreacher) gave a talk at BSides DC last year on joining the infosec community. For Micah it took him a while to get involved. He jumped right into the deep end by going to DEFCON. Several years later he decided to get more involved in the community and quickly discovered several of the benefits from doing that. I had a similar experience, attending DEFCON in the early 2000s. I wouldn't attend another security conference until 10 years later. There are a lot of benefits to getting involved in the infosec community. You get to contribute and make the community a little better. You get to meet some awesome people. You will have more job opportunities open up. Community engagement shows initiative and allows you to meet people looking to fill roles.
July 10, 2017
Micah (@WebBreacher) gave a talk at BSides DC last year on joining the infosec community. For Micah it took him a while to get involved. He jumped right into the deep end by going to DEFCON. Several years later he decided to get more involved in the community and quickly discovered several of the benefits from doing that. I had a similar experience, attending DEFCON in the early 2000s. I wouldn't attend another security conference until 10 years later. There are a lot of benefits to getting involved in the infosec community. You get to contribute and make the community a little better. You get to meet some awesome people. You will have more job opportunities open up. Community engagement shows initiative and allows you to meet people looking to fill roles.
July 3, 2017
ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference. Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.
June 26, 2017
Daniel (@notdanielebbutt) is a malware analyst at a fortune 500 company. I recently caught up with Daniel at Converge and BSides Detroit. We had a great conversation about malware analysis. Talking about the topic with him you can tell he is very passionate and excited about the subject. Which is why I decided to have him on the podcast for a little chat.
June 19, 2017
Daniel (@notdanielebbutt) is a malware analyst at a fortune 500 company. I recently caught up with Daniel at Converge and BSides Detroit. We had a great conversation about malware analysis. Talking about the topic with him you can tell he is very passionate and excited about the subject. Which is why I decided to have him on the podcast for a little chat.
June 12, 2017
Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences. Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).
June 5, 2017
Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences. Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).
May 29, 2017
Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences. Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).
May 22, 2017
Adrian (@Irongeek_adc) contributes a lot to the infosec community. He's at a lot of different conferences around the country. When he attends dinners at those conferences you can usually see him carrying around a big chain of locks and a monster wallet of lock picks. I've learned to pick locks with Adrian at a few of these dinners and thought it would make a good topic for the podcast. In this episode we discuss: How to lock pick What are Bogota picks How video games are bad for lockpicking What is lock bumping What happens when you bring lock picks on a plane
May 15, 2017
DerbyCon tickets went on sale May 6, 2017. Two minutes before the official release time, tickets were already sold out. This led to some controversy surrounding the release of tickets five minutes before. This was something that the conference has done for years. Last year the conference sold out in hours. This year it became a problem. There is still plenty of time to secure a ticket. Here are some ways to do that (h/t @PyroTek3). DerbyCon Twitter account: DerbyCon plans to release more tickets in smaller batches. Watch their Twitter account for more information. Watch Twitter: Plans change. People will be selling tickets leading up to the conference. Expect an increase in people looking to sell their tickets the month before the conference. I would also recommend paying attention for when speaker notifications go out. Usually around early August. Submit a talk: The year I began speaking, I got accepted to speak at DerbyCon. The conference prefers new talks and loves new speakers. If you have an idea go for it. You never know. Volunteer: It takes a lot of people to run a conference. Volunteers get a free ticket to the con. You will have to work the conference. Which also may result in making some new friends and connections. Sponsor the conference: DerbyCon is still looking for sponsors. Included in the sponsor package are tickets to the con. Contests: Keep a look out for contests involving tickets. For example the Brakeing Down Security podcast is putting on a CTF for DerbyCon tickets.
May 8, 2017
Price (@pricemcdonald) recently gave a hardware hacking talk at BSides Indy. Which I had the pleasure to attend. I was fascinated by the content he provided for the talk and decided to have him on. Hardware hacking is not something we see too much, but it is out there. It's used in physical penetration tests and for other learning opportunities. Listening to Price you can tell he has a strong interest in the topic.
May 1, 2017
Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.
April 24, 2017
Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.
April 17, 2017
Wes (@kai5263499) spoke about this topic at BSides Hunstville this year. I was fascinated by it and decided to invite Wes on. Mac malware is a bit of an interest for Wes. He's done a lot of research on it. His talk walks through the history of malware on Macs. For Apple fan boys, Macs are still one of the more safer options in the personal computer market. That is changing though. Macs because of their increased market share are getting targeted more and more. We discuss some pretty nifty tools that will help with fending off that nasty malware. Little Snitch is one of those tools. Some malware actively avoids the application. Tune in for some more useful information.
April 10, 2017
I can't say enough good things about Dave (@bagomojo). Last year was my first opportunity to attendee and speak at ShowMeCon (@ShowMeConSTL). He and the organizers did a tremendous job taking care of the speakers and attendees. There was great content, activities, food, parties, and the venue was top notch. This is one of the most well run and classiest conferences I've had the opportunity to attendee. I am excited to have the opportunity to speak again at the conference. The conference has a different feel than other security conferences. It has more of a business feel. Which is a nice change of pace. This gives businesses in St. Louis an opportunity to tap into the vast knowledge of infosec community. It gives speakers of the infosec community an opportunity to show businesses how deep the infosec rabbit hole goes. I highly recommend (and often do) this conference to everyone in IT security.
April 3, 2017
Justin (@jnordine) is the creator of the OSINT Framework. The page is a spider web of tools and other OSINT resources that you can get lost in for days. It's a fabulous tool for those just getting in or those who use OSINT on a daily basis. He created it as a way to keep up with all the OSINT resources out there.
March 27, 2017
Ed (@EdgarR0jas) has recently switched roles. In that role he's researching the internet of things. The internet of things is everywhere and it's starting to become an issue for the security community. From baby monitors to IP cameras to fridges, everything in the home is becoming connected. The issue comes in with the security being embedded in these device. There isn't any and it's allowing malicious people to create massive bot armies for distributed denial of services (DDoS). It's a tough problem to solve. Luckily, Ed is on the case.
March 20, 2017
BSides Nashville (@bsidesnash) is the second BSides I attended and the only one I've attend each year since it's inception. It's a really well put together conference. They have three tracks. They have the usual side areas with lock picking, hardware hacking, and a kids area. The best part though is the lunch. They cater lunch from Martin's BBQ. One of Nashville's best BBQ places. I would put the food up against any conference. I join Jen (@jsmardak) and Finn (@FinnBreland) to talk about all that and much more.
March 13, 2017
Jeff is a good friend of mine and one that I leaned on heavily when I was working in a SOC. He's been a IT Security Analyst for a while now and loves what he does. We've spent countless hours discuss SOC life. We've talked about nuances and some of the things he sees on a regular basis monitoring a college campus. I decided it would make for an interesting podcast episode.
March 6, 2017
Rory (@raesene) gave a talk over the summer at BSides London 2016 on the myths of Docker. Docker is a technology being used by more and more development teams. We're even starting to see security tools run on Docker, such as OWASP ZAP. With more teams using Docker we need to have an understanding of how to secure it.
February 28, 2017
In this job posting edition of the Exploring Information Security podcast, who is looking for more in infosec?This is a bonus episode of the podcast. This is a solo podcast where I discuss open positions and people looking for opportunities. I plan to do these based on demand. If you would like to submit a position you are looking to fill or looking for an opportunity send me an email timothy.deblock[at]gmail[dot]com or hit me up on Twitter @TimothyDeBlock.Employers looking to fill a roleSr. Splunk Admin - Premise HealthSplunk experience a plusSIEM experience and management is requiredMust live in Nashville, TN, or be willing to relocateJr. Pen Tester - Premise HealthTesting experience a plusFamiliarity with testing toolsMust live in Nashville, TN, or be willing to relocateSr. Endpoint Security Consultant - OptivFocus on Carbon BlackOptiv's Architecture & Implementation ServicesLocation anywhere50% travel timeFill out position or contact Brad Pace (brad.pace[at]gmail[dot]com)Quicken LoansMultiple positions open at Quicken Loans as we continue to mature our information security team. All positions would require relocation to the metro Detroit area, no remote opportunities unfortunately. Great team of people, great company culture and atmosphere. At the end of the day the positions are what you make them. - Robert Knapp @power_napz or robertknapp[at]quickenloans[dot]comSr. Information Security AnalystInformation Security EngineerInformation Security Architect People looking for an opportunityJoshua Ovalle - ResumeType of work: Entry levelInterested Areas:I have been interested in the idea of breaking down and building up security networks and things of that sort. I had always pictured hacking as something fun and challenging. Challenging things are what really get me involved more deeply in my work.Experience:Navy Aviation Electronics Technician. My experiences are with mostly physical maintenance (wire running, electronic testing, circuit card installation/testing and software instillation. I am also familiar with Microsoft computers and Apple products.Community Contribution:I have recently started dedicating time to a prison ministry at my church spending time with the children of men and women who are incarcerated by teaching and playing sports with them.Education:I graduated high school in 2009 and went to college for 2 semesters until I decided to join the military.Willing to Relocate:I am currently in San Diego, and with a new born i don't know if i could relocate any time soon.Coding Experience:I don't have any experience with coding, but I am willing to learn it.How to contact:email: jgovalle[at]gmail[dot]comAgain if you are looking to fill a role or looking for an opportunity email me timothy.deblock[at]gmail[dot]com [RSS Feed] [iTunes]
February 27, 2017
Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.
February 20, 2017
Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.
February 13, 2017
Frank (@TheDevilsVoice) is the lead organizer of BSides Indy (@indybsides). I am excited to be traveling to the conference this year. I will be taking pictures and speaking at the event. I decided to have Frank on to talk about BSides Indy to gauge what type of BSides event I can expect. The theme I got from my chat with Frank is that it's a very laid back type of BSides with a lot of the usual events. They have some wonderful speakers. A lock pick village and a place for hacking Internet of Things (IoT) devices. Hack4Kidz for the little ones and a devious capture the flag (CTF) event. I am excited to go. Tickets are still available. General Admission is $15 for Saturday. Hack Harder (Friday workshops) and the Saturday talks are $30. If you're a student or broke tickets are free. See you there!
February 6, 2017
Greg (@_GRRegg) is one of three project leads for the OWASP project DefectDojo. The project is an appsec automation and vulnerability management tool. This is something I wish was around when I first started managing vulnerabilities for the development team. It has got a lot of great features including metrics, integration with JIRA, automatic ticket creation, vulnerability de-duping, and of course it allows appsec teams to manage vulnerabilities in development. A demo site is available. It's open-source (as all OWASP projects are). I would recommend anyone having to manage vulnerabilities check this project out.
January 30, 2017
I continue my discussion with Michael Santarcangelo on decentralized IT. We talk about: Roles and responsiblities; Having leadership buy in; being adaptable; building better relationships; and doing better with less.
January 23, 2017
Michael (@Catalyst) has talked about decentralized IT before on a couple other podcasts. It's a concept that I am currently experiencing in my day-to-day role. I work with the development team to improve security in the software development life cycle. I sit with the dev team. I attend meetings. I am a resource for them to approach about security concerns and questions. I am having quite a bit of success. Which is why I wanted to have Santarcangelo on to have a discussion around this concept. It's something that I think more teams should be looking into as an approach for working with other departments and teams.
January 16, 2017
Paul (@PaulCoggin) is the founder and organizer of BSides Hunstville (@BSidesHSV). I will be attending the conference for the first time this year. The conference is in it's fifth year of existence. In our discussion I found something unique about the conference. Paul doesn't deal with sponsors like some other BSides conferences. Which isn't a bad thing and I'm interested to see how that plays out in talks and networking opportunities. The lineup of speakers looks fantastic.
    15
    15
      0:00:00 / 0:00:00