Cover image of Exploring Information Security - Timothy De Block
(42)
Technology

Exploring Information Security - Timothy De Block

Updated 2 months ago

Technology
Read more

The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.

Read more

The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.

iTunes Ratings

42 Ratings
Average Ratings
35
3
3
0
1

I just found this and it’s great!

By MsLaulei - Apr 02 2019
Read more
I am saddened and yet thrilled to finish listening to the other podcasts. I just founds this and it’s great!!!! It says FIN but you never know I can always hope! Ms Laulei De La ROsa on FB

Finally...

By teh_Plague - Jan 28 2016
Read more
This is the podcast I have been looking for. Keep up the great work!

iTunes Ratings

42 Ratings
Average Ratings
35
3
3
0
1

I just found this and it’s great!

By MsLaulei - Apr 02 2019
Read more
I am saddened and yet thrilled to finish listening to the other podcasts. I just founds this and it’s great!!!! It says FIN but you never know I can always hope! Ms Laulei De La ROsa on FB

Finally...

By teh_Plague - Jan 28 2016
Read more
This is the podcast I have been looking for. Keep up the great work!
Cover image of Exploring Information Security - Timothy De Block

Exploring Information Security - Timothy De Block

Latest release on Mar 07, 2019

Read more

The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.

Rank #1: How to become a penetration tester - Part 1

Podcast cover
Read more

In this reddish edition of the Exploring Information Security podcast, Andrew Morris of Endgame joins me to discuss how to become a penetration tester.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

In this episode we discuss:

  • What is a penetration tester?
  • Why become a penetration tester?
  • What writing a report is like
  • What is the day-to-day life of a pen tester

More resources:

[RSS Feed] [iTunes]

Feb 20 2017

25mins

Play

Rank #2: How to crack passwords

Podcast cover
Read more

In this crackerjack edition of the Exploring Information Security podcast, Sean Peterson of Parameter Security joins me to discuss password cracking.

Sean (@SeanThePeterson), is one of the most passionate infosec people you don't know. He recently did a talk at ShowMeCon on how to crack passwords. It was his first ever talk and pretty damn good. Sean joined me to give me his insights into password cracking.

In this episode we discuss:

  • What type of hardware is needed for password cracking
  • What type of attacks are used for password cracking
  • How to crack passwords
  • What's ahead for password cracking

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Jul 02 2018

30mins

Play

Rank #3: How to prepare for the OSCP - Part 1

Podcast cover
Read more

In this studious edition of the Exploring Information Security podcast, Offensive Security Certified Professional (OSCP) Chris Maddalena joins me to discuss how to prepare for the OSCP certification.

Chris (@cmaddalena) returns to talk about how he got his OSCP. He didn't get it on his first attempt. He did learn from his first attempt, though, and passed the exam on his second attempt. He was willing to come on the podcast to describe his experience and provide tips for others looking to acquire the certification. The exam is not easy. It's a 24-hour exam that includes writing a report as well as performing a penetration test. Preparation for the exam is very important.

In this episode we discuss:

  • What is the OSCP and OSCE
  • Why someone should pursue the OSCP
  • What is the test like
  • How Chris' first attempt went

More resources (h/t @KrvRob):

[RSS Feed] [iTunes]

Aug 07 2017

26mins

Play

Rank #4: How to implement the CSF from NIST

Podcast cover
Read more

In this skeleton edition of the Exploring Information Security podcast, I discuss the Cybersecurity Framework (CSF) from NIST with Rick Tracy the CSO at Telos.

Rick (@rick_tracy), is very passionate about the CSF from NIST. The framework is meant to help organizations become more mature from a security standpoint. The CSF provides guidance on implementing security controls and countermeasures. It's not meant to be a one size fits all framework, but something that each organization can cater to their organization.

In this episode we discuss:

  • What is NIST?
  • What is the Cybersecurity Framework?
  • Why it's important
  • How organizations implement the framework

More resources:

[RSS Feed] [iTunes]

Oct 30 2017

30mins

Play

Rank #5: Why getting into infosec is hard

Podcast cover
Read more

In this Han Solo edition of the Exploring Information Security podcast, I discuss my experience on why getting into infosec is hard.

This is a solo episode where I share my thoughts on why it's hard to get into infosec. I've been on both sides of the interview process. In this episode I share my own personal experience (where I failed), as well as what I've seen on why people didn't get the role they wanted. This topic deals with the skills shortage topic often discussed on Twitter and other media. It's a very nuanced topic. I wanted to focus on what those applying could do better to apply and interview for an opportunity.

In this episode:

  • Why people don't apply?
  • Why requirements can limit job opportunities
  • Why your resume sucks
  • How are you preparing for the interview?
  • What are you doing to improve your chances of getting an offer?

[RSS Feed] [iTunes]

Sep 19 2017

29mins

Play

Rank #6: How to hack iOS - Part 1

Podcast cover
Read more

In this fruity episode of the Exploring Information Security podcast, Wes Widner joins me to discuss how to hack iOS.

Wes (@kai5263499) is a cloud engineer, who loves to dig into Apple product security. Last year (and on a previous episode) he discuss how Macs get malware. He's back again this year to discuss how to hack iOS. He will be speaking at BSides Hunstville February 3, 2018. If you have a chance to go, be sure to check out his talk. Also, check out is OSX security awesome list on GitHub. It's a really useful set of links on This dude is really smart.

In this episode we discuss:

  • What is his talk about?
  • What's the difference between application and device hacking
  • What skills are needed to hack iOS
  • How Apple works with law enforcement

More resources:

[RSS Feed] [iTunes]

Jan 29 2018

27mins

Play

Rank #7: How to build your own tools - Part 1

Podcast cover
Read more

In this bird feeding episode of the Exploring Information Security podcast, Chris Maddalena joins me to discuss how to build your own tools.

Chris (@cmaddalena) gave a talk at DerbyCon this past year on writing Win32 Shellcode. We've talked before on a previous podcast around why building your own tools is important. Chris has also written several tools for his day job and for public consumption. His most recent tool is ODIN, a passive recon tool for penetration testers.

In this episode we discuss:

  • Why should someone build their own tool
  • What tool should people build?
  • How to get started building tools
  • What resources are available for building tools

[RSS Feed] [iTunes]

Dec 11 2017

25mins

Play

Rank #8: How to prepare for the OSCP - Part 2

Podcast cover
Read more

In this studious edition of the Exploring Information Security podcast, Offensive Security Certified Professional (OSCP) Chris Maddalena joins me to discuss how to prepare for the OSCP certification.

Chris (@cmaddalena) returns to talk about how he got his OSCP. He didn't get it on his first attempt. He did learn from his first attempt, though, and passed the exam on his second attempt. He was willing to come on the podcast to describe his experience and provide tips for others looking to acquire the certification. The exam is not easy. It's a 24-hour exam that includes writing a report as well as performing a penetration test. Preparation for the exam is very important.

In this episode we discuss:

  • How Chris' second attempt went
  • How to study for the OSCP
  • What the hardest part of the exam was for Chris
  • How the pointing system works

More resources (h/t @KrvRob):

[RSS Feed] [iTunes]

Aug 14 2017

29mins

Play

Rank #9: What's happening in OSINT?

Podcast cover
Read more

In this open edition of the Exploring Information Security podcast, I sit down with Micah Hoffman, Kerby Plessas, and Josh Huff to discuss Open Source INTelligence (OSINT).

Micah Hoffman (@WebBreacher) is a SANS instructor who will be teaching a brand new SANS course, SANS487: Open-Source Intelligence Gathering and Analysis.

Kirby Plessas (@kirbstr) runs her own training company Plessas Experts Network, Inc. There is an online training portal that you can use to learn more about OSINT.

Josh Huff (@baywolf88) is a Digital Forensics Private Investigator and OSINT addict. He runs the Learn All The Things website.

This is a new format for the podcast that I am trying out. It's a lot like the conference episodes I do: It's longer; I allow swearing; and there is no format or direction. I asked for OSINT questions on Twitter and got some pretty good ones back for people to answer. I can turn this into a live show that would allow for people watching to interact with the guests on the show. I need feedback on whether or not this of interest to people. Hit me up on Twitter (@TimothyDeBlock) or email (timothy[.]deblock[@]gmail[.]com)

In this episode we discuss:

  • Why it's important to automate OSINT
  • What tools are available for OSINT
  • Where does OSINT end and breaking the law begin?
  • Where can OSINT be used in an organization
  • How to get into OSINT
  • and much much more

More Resources:

[RSS Feed] [iTunes]

Feb 26 2018

1hr 27mins

Play

Rank #10: What is threat intelligence? - Part 1

Podcast cover
Read more

In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.

Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.

In this episode we discuss:

  • What is threat intelligence
  • How threat intelligence is useful
  • What are the benefits of threat intelligence
  • What needs to be done before threat intelligence

Resources:

[RSS Feed] [iTunes]

Apr 24 2017

30mins

Play

Rank #11: How to hack a car

Podcast cover
Read more

In this speedy episode of the Exploring Information Security podcast, Brandon Wilson joins me to discuss his adventures in hacking a car.

Brandon (@brandonlwilson) spoke at BSides Knoxville in 2017. I had the pleasure to be in attendance for his talk. The talk was technical and very interesting. Brandon talked about how he tried to take his old 90s car and fix it himself. The was a malfunction in the anti-theft system that kept the car from running. He decided to go deeper. Unfortunately, he was unable to fix his car. He did, however, learn a lot from the experience.

In this episode we discuss:

  • How Brandon got into car hacking?
  • What resources were available for hacking a car?
  • How long did the project take?
  • What tools are available for hacking a car?

[RSS Feed] [iTunes]

Nov 06 2017

25mins

Play

Rank #12: How to prepare for an infosec interview

Podcast cover
Read more

It's another solo episode! Next weekend I will be at BSides Nashville. Among the many other things I am slated to do, I am helping out with resume/interview workshop. As preparation for the workshop I put together a list of interview questions I intend to use.

I put out a tweet asking for interview questions from the Twitter community. I got back some really good questions. As I was putting the list together I decided this would make a great podcast. Preparing for an interview is very important. I increased my offer rate significantly once I started preparing for interviews. Prior to that I always tried to wing them. I spent 15 months looking for a job at one point. I would get interviews, but failed to get offers.

Interviews are a nerve-racking process. Preparation provides more confidence and the ability to anticipate curve balls in an interview. Being prepared allows you to have more brain power when there is a question you didn't anticipate. When you're prepared, it shows. People tend to like candidates who are prepared. They can tell by how direct and decisive answers are to questions. There is one caveat to this. If your interview with someone as part of a network, there is more leniency in the interview.

Preparation

There are multiple ways to prepare for an interview. Figure out what works best for you. What I have below and in the podcast are what I've used to be successful in interviews.

Look at the job posting

Review the companies job posting and your resume before going into an interview. If you're doing resumes write you should have a different one for each job you apply to. Remembering which resume you submitted is important. Tie your experience to the job posting. This will help with answering the question in a way that shows you're a fit for the role.

Look for key words in the job posting that you might be asked about in the interview. If you're going for a role in a security operations center (SOC), be prepared to answer networking questions. If you're doing application security be prepared to answer development questions. If you're going for a penetration tester role be prepared to talk about attack techniques and your methodology. You get the idea.

Write out questions and answers on 3x5 index cards

I use the list of 31 common interview questions from the muse. I pick the ones that apply and write them down on 3x5 index cards. I then flip them over and write down my answers in one word or short sentence. This allows me to practice my answers to questions such as, "What's your greatest strength/weakness" or more technical questions like, "How does DNS work?"

Practice, practice, practice

Go over the questions you've collected. Read out loud the question and say out loud your answer. Flip over to see that you've hit on your main point. Do this over and over again. Do this again in the waiting room or in the car (if you've arrived early, which I recommend) on the day of the interview. That's the benefit of writing questions and answers on 3x5 index cards, they fit nicely in a coat pocket.

You will practice questions that don't get asked. There is no way for you to anticipate all the questions you'll be asked. Getting the common ones and the ones you think will be asked will make the interview go much smoother. The less brain power you have to spend on a question the more you have for the questions you didn't anticipate.

Physical preparation

  Go get a haircut and make sure you still fit into your interview clothes. If you've out grown a pair of slacks you'll need to go buy a new pair. Prior to the interview you can ask what is the dress expectation. A suit is standard and something I often go with. I also have a pair of khakis and a sports coat in case they want me to dress down. Have at least two sets of interview clothes for multiple interviews. Dressing in the same thing twice is not a good look.

I feel uncomfortable going to an interview in just a t-shirt or polo shirt, even if that's what was recommended. I know some interviewers in our industry care less about dress. I believe in over-dressing rather than under-dressing, though.

Extra preparation

I applied for a job once that described the role as I would my dream job. I did all my usual preparation above. I had two really good interviews and was slated for a third. The first two were phone interviews. The third was going to be in person. It was expected that I would interview with the CISO and a one or two other managers (it ended up being six).

I decided that I would put together a short slide presentation. I practiced going through the presentation as part of my answer. I also went to the print shop and had them print out three bound copies of the presentation. It cost me about $35. I took this to the interview. Two questions in when we started discussing my vision for the role, I handed out the bound copies of the presentation. I then walked through my vision for the role. I got an offer for that job and I'm happy to say I'm still in that role.

Wrap-up and resources

Preparation is so important for a job interview. I failed at it for a long time. Some people can wing an interview and get an offer. I am not one of those people. Once I took the time and made the investment into preparation, I increased my offer rate. I turned down other positions, because I had the confidence that a better offer was coming. 

Review the job posting. Tie it to your experience. Write down common questions and ones you think might be asked. Practice. Say your answers out loud. Do that over and over again until you can answer question confidently and concisely. Then practice some more. Make sure what you wear to the interview is ready before the day of the interview. Scrambling around for something presentable creates more anxiety and nervousness. Finally, consider putting a presentation together. $35 was a great investment.

Before I go here are some great resources around preparation:

Hope to see you at BSides Nashville!

[RSS Feed] [iTunes]

Apr 09 2018

19mins

Play

Rank #13: How to overcome imposter syndrome

Podcast cover
Read more

In this fake episode of the Exploring Information Security podcast, Micah Hoffman joins me to discuss imposter syndrome.

Micah (@WebBreacher), this past year, spoke on imposter syndrome and how to overcome it. It's something we all deal with (even several years into our careers). It's useful, but also dangerous for those of us in the information security community. We need to try and compare ourselves to others less and speak more positively internally.

In this episode we discuss:

  • What is imposter syndrome?
  • Why people get imposter syndrome.
  • How to overcome imposer syndrome.
  • Stick around until the end to hear some real imposter syndrome.

[RSS Feed] [iTunes]

Jan 01 2018

28mins

Play

Rank #14: How to become a penetration tester - Part 2

Podcast cover
Read more

In this reddish edition of the Exploring Information Security podcast, Andrew Morris of Endgame joins me to discuss how to become a penetration tester.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

In this episode we discuss:

  • What tools a penetration tester uses
  • What skills are needed to be a penetration tester
  • Andrew discusses how he became a penetration tester

More resources:

[RSS Feed] [iTunes]

Feb 27 2017

18mins

Play

Rank #15: What are BEC attacks?

Podcast cover
Read more

In this phishy edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss business email compromise (BEC) attacks.

Steve (@SteveD3) has been covering BEC types of attacks for the past year at CSO. These types of attacks are increasing. It may get worse with GDPR requirements next month. This ended up being one of the more difficult podcasts to get scheduled. Steve and I had to cancel on each other a few times because of phishing related stuff.

In this episode we discuss:

  • What are BEC types of attacks?
  • Who is performing BEC attacks?
  • How are people falling for them?
  • What can people do protect against this type of attack?

[RSS Feed] [iTunes]

Apr 16 2018

27mins

Play

Rank #16: Why container security is important - Part 1

Podcast cover
Read more

In this shipped edition of the Exploring Information Security podcast, Wes Widner joins me to discuss container security.

Wes (@kai5263499) is not a security person. He is a developer. A developer that understands security and why it's important. He deals a lot with automation and working with container technology.

In this episode we discuss:

  • What are containers?
  • What are the different kind of containers?
  • What is Wes' experience with containers?
  • What are the big security concerns?

More Resources:

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Sep 10 2018

25mins

Play

Rank #17: What is advanced OSINT?

Podcast cover
Read more

In this whiskey fueled edition of the Exploring Information Security podcast, Ryan MacDougall and Colin Hadnagy of Social Engineer join me to discuss advanced OSINT.

This past DerbyCon, I had the opportunity to take the Advanced OSINT with Ryan (@joemontmania) and Colin (@UnmaskedSE). The course was great! It was different from some of the other OSINT courses I’ve taken. They covered very specific techniques and tools. After presenting on those techniques and tools we were given the opportunity to dive in from a free-form standpoint.

If you’d like to take the training, signup for their April 23-24, 2019, training in Denver Colorado.

Also, you can catch Ryan at the First Pacific Hackers Conference, November 9-11, 2018.

In this episode we discuss:

  • What is advanced OSINT

  • What is the mindset needed for OSINT

  • What are some of the tools used for OSINT

  • How to phish an organizationa

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Nov 08 2018

1hr 5mins

Play

Rank #18: How Macs get Malware

Podcast cover
Read more

In this installed episode of the Exploring Information Security podcast, Wes Widner joins me to discuss how Macs get malware.

Wes (@kai5263499) spoke about this topic at BSides Hunstville this year. I was fascinated by it and decided to invite Wes on. Mac malware is a bit of an interest for Wes. He's done a lot of research on it. His talk walks through the history of malware on Macs. For Apple fan boys, Macs are still one of the more safer options in the personal computer market. That is changing though. Macs because of their increased market share are getting targeted more and more. We discuss some pretty nifty tools that will help with fending off that nasty malware. Little Snitch is one of those tools. Some malware actively avoids the application. Tune in for some more useful information.

In this episode we discuss:

  • How Macs get malware
  • What got Wes into Mac malware
  • The history of Mac malware
  • What people can do to protect against Mac Malware

More resources:

[RSS Feed] [iTunes]

Apr 17 2017

26mins

Play

Rank #19: How to join the infosec community - part 1

Podcast cover
Read more

In this inclusive episode of the Exploring Information Security podcast, Micah Hoffman, a certified SANS instructor, joins me to discuss how to join the infosec community.

Micah (@WebBreacher) gave a talk at BSides DC last year on joining the infosec community. For Micah it took him a while to get involved. He jumped right into the deep end by going to DEFCON. Several years later he decided to get more involved in the community and quickly discovered several of the benefits from doing that. I had a similar experience, attending DEFCON in the early 2000s. I wouldn't attend another security conference until 10 years later.

There are a lot of benefits to getting involved in the infosec community. You get to contribute and make the community a little better. You get to meet some awesome people. You will have more job opportunities open up. Community engagement shows initiative and allows you to meet people looking to fill roles.

In this episode we discuss:

  • How Micah got into the community
  • What is the infosec community?
  • Why it's important to get involved
  • Where can someone get involved?

More resources:

[RSS Feed] [iTunes]

Jul 10 2017

27mins

Play

Rank #20: What is SANS SEC487? Part 1

Podcast cover
Read more

In this wide open edition of the Exploring Information Security podcast, Micah Hoffman joins me to discuss SANS SEC487 Open-Source Intelligence Gathering and Analysis.

Micah (@WebBreacher) has spent the last year plus putting together the SANS SEC487 course. The course focuses on Open-Source Intelligence Gather and Analysis (OSINT). I had the pleasure of attending the very first iteration of the course. I had an absolute blast and would recommend the course to anyways (even those outside of infosec). I wrote about the course on my blog.

In this episode we discuss:

  • What is SANS SEC487?
  • Who should attend the course?
  • What was the origin of the course?
  • How the beta went.

[RSS Feed] [iTunes]

Apr 23 2018

27mins

Play

The Final Episode

Podcast cover
Read more

In this final edition of the Exploring Information Security podcast, I talk about my reasons for stopping production on episodes.

This isn’t the easiest thing to do. Now that I’m writing the podcast post after recording and editing the podcast, I have a sense of relief. For the last month plus, I’ve tried to decide whether or not to shut down the podcast. The fact that it took this long to record a final episode tells me that it was time. I wrote about my reasoning in a blog post on the main page. This may or may not be the end. That largely depends on if someone would like to pick up the podcast and produce it themselves. I’d love to guide and mentor someone on the journey.

The podcast has been beneficial to me and the many people who have reached out providing appreciative feedback. I’d love to see it continue. I’m also content that this is the end of the podcast. I will be at BSides Nashville shooting pictures and very likely be at DEFCON manning the Social Engineering door. Come see high or reach out to me on social media (@TimothyDeBlock) or email (timothy[.]deblock[@]gmail[.]com).

Mar 07 2019

17mins

Play

What is Emotet?

Podcast cover
Read more

In this inagural stream of the Exploring Information Security podcast, Daniel Ebbutt and Kyle Andrus join me to talk about Emotet.

Daniel (@notdanielebbutt) and Kyle (@chaoticflaws) are the two guys I go to for clicking on suspicious links. Recently, I’ve been seeing more Emotet. So, I wanted to have the guys on to talk about the malware that is making a comeback.

The CFP is open for Converge Conference. The conference is May 16 and 17. They’ll have one day for blue team topics and one day for red team topics. Make sure to submit your malware related talk topics. Also make sure to check out MiSec if you’re in Michigan.

In this episode we discuss:

  • How is Emotet being constructed

  • What are some of the indicators of Emotet?

  • How Emotet is being mitigated

  • What does Emotet do?

[RSS Feed] [iTunes]

Jan 14 2019

31mins

Play

State of the podcast for 2018

Podcast cover
Read more

In this end of the year podcast, I discuss the state of the podcast for 2018 and what’s ahead for 2019.

2018 was a good year. I made some format changes that I’m really happy with. I picked up some new audio equipment. I resolved my recording process (I think). I’m not a big statistics guy. I don’t really care if two people or 200 people listen. I’m just happy to have some really great conversations with people and contribute back to the community.

2018 Statistics

Here’s a really interesting graph of my RSS Subscribers.

No, I don’t have 40,000 listeners. Some of that is inflated by other podcast directories ripping my feed. What I look for is a steady increase in subscribers, which did happen by the end of the year. Albeit with a weird dip in November (broken feed, maybe).

This is from iTunes Connect (Beta).

I can’t do a yearly review of podcast stats. Instead here’s the peek month of October for my iTunes listening habits. Looking through all the months, I can make some inferences about my audience. The hacking/red team content is the most popular. With a 25-28% consumption rate, the conference podcasts are turned off by most people before the end.

What’s ahead for 2019

I’ve got a new recording setup that will hopefully make producing a podcast much easier. I’ve setup a Twitch channel for gaming and potentially recording EIS episodes on. Follow for notifications on when I go live. I’ll be trying my first EIS episode Monday, January 7, 2019, at 8:30 p.m. CT. I’ve also turned what was my attempt at a GamerSec Discord channel into the Exploring Information Security channel. Here you can interact with us while record (or on Twitch). Join other people interesting in the podcast. Game with other infosec professionals.

Thank you for being a listener of the podcast. I am refreshed from my month off and energized for what’s ahead in 2019.

[RSS Feed] [iTunes]

Jan 04 2019

20mins

Play

What's happening at DerbyCon 2018 - Part 2

Podcast cover
Read more

In this Hyatt recorded edition of the Exploring Information Security podcast, Micah Hoffman, Josh Huff, and Justin Nordine.

Micah (@WebBreacher), Josh (@baywolf88), and Justin (@jnordine) join me to go over a variety of topics at DerbyCon 2018. The Hyatt was kind enough to provide space near the bar (shout to the amazing Lauren).

In this episode we discuss:

  • Why other industries don’t use OSINT

  • Where to find your niche

  • What are some frustrations of mentorship

  • How apps are impacting our lives

[RSS Feed] [iTunes]

Nov 26 2018

54mins

Play

What's happening at DerbyCon 2018 - Part 1

Podcast cover
Read more

In this Hyatt recorded edition of the Exploring Information Security podcast, Micah Hoffman, Josh Huff, and Justin Nordine join me at DerbyCon 2018.

Micah (@WebBreacher), Josh (@baywolf88), and Justin (@jnordine) join me to go over a variety of topics at DerbyCon 2018. The Hyatt was kind enough to provide space near the bar (shout to the amazing Lauren).

In this episode we discuss:

  • What OSINT classes and projects everyone is working on

  • Why contributing is important

  • What value conferences like DerbyCon provide

  • Why hotels hate accountant conferences

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Nov 19 2018

51mins

Play

What is advanced OSINT?

Podcast cover
Read more

In this whiskey fueled edition of the Exploring Information Security podcast, Ryan MacDougall and Colin Hadnagy of Social Engineer join me to discuss advanced OSINT.

This past DerbyCon, I had the opportunity to take the Advanced OSINT with Ryan (@joemontmania) and Colin (@UnmaskedSE). The course was great! It was different from some of the other OSINT courses I’ve taken. They covered very specific techniques and tools. After presenting on those techniques and tools we were given the opportunity to dive in from a free-form standpoint.

If you’d like to take the training, signup for their April 23-24, 2019, training in Denver Colorado.

Also, you can catch Ryan at the First Pacific Hackers Conference, November 9-11, 2018.

In this episode we discuss:

  • What is advanced OSINT

  • What is the mindset needed for OSINT

  • What are some of the tools used for OSINT

  • How to phish an organizationa

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Nov 08 2018

1hr 5mins

Play

When will passwords go away?

Podcast cover
Read more

In this authenticated edition of the Exploring Information Security podcast, I talk about when passwords will finally die!

This is a solo episode. I had the idea after sitting in a vendor pitch today (and because I’m slacking on my editing) where one of the sales guy mentioned that passwords WILL die. I disagree. I think passwords have been around for a long time and will continue to be around. They’re easily replaceable and is stored in the most secure location. Unless there are mind readers, then we’re all just screwed anyway.

I would love some thoughts and feedback on this one.

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Oct 31 2018

9mins

Play

What we can learn from unusual journeys into infosec - Part 2

Podcast cover
Read more

Stu (@cybersecstu) is a Co-Founder of The Many Hats Club, which is a massive Discord community and podcast. Earlier this year, Stu started sharing Unusual Journeys. I love this series because it highlights that there is no true path into infosec. He’s had 18 series so far and each story is fascinating.

In this episode we discuss:

Why failure is good

What sticks out from theses stories

What are some of the backgrounds people come from

Oct 22 2018

22mins

Play

What we can learn from unusual journeys into infosec - Part 1

Podcast cover
Read more

Stu (@cybersecstu) is a Co-Founder of The Many Hats Club, which is a massive Discord community and podcast. Earlier this year, Stu started sharing Unusual Journeys. I love this series because it highlights that there is no true path into infosec. He’s had 18 series so far and each story is fascinating.

In this episode we discuss:

What started Unusual Journeys

How Stu got into infosec

What we can learn from these stories

Oct 15 2018

28mins

Play

Why communication in infosec is important - Part 2

Podcast cover
Read more

Claire (@ClaireTills) doesn’t have your typical roll in infosec. She sits between the security teams and marketing team. It’s a fascinating roll and something that gives her a lot of insight into multiple parts of the business. What works and what doesn’t work in communicating security to the different areas. Check her blog out.

In this episode we discuss:

How important is it for the company to take security seriously

How would someone get started improving communication?

Why we have a communication problem in infosec

Where should people start

More resources:

Networking with Humans to Create a Culture of Security by Tracy Maleeff - BSides NoVa 2017

Courtney K BsidesLV 2018, Implementing the Three Cs of Courtesy, Clarity, and Comprehension to Optimize End User Engagement (video not available yet)

BSidesWLG 2017 - Katie Ledoux - Communication: An underrated tool in the infosec revolution

Jeff Man, The Art of the Jedi Mind Trick

The Thing Explainer: Complicated Stuff in Simple Words

Chris Roberts, Communication Across Ranges

Oct 08 2018

26mins

Play

Why communication in infosec is important - Part 1

Podcast cover
Read more

Claire (@ClaireTills) doesn’t have your typical roll in infosec. She sits between the security teams and marketing team at Tenable. It’s a fascinating roll and something that gives her a lot of insight into multiple parts of the business. What works and what doesn’t work in communicating security to the different areas. Check her blog out.

In this episode we discuss:

What Claire’s experience is with communication and infosec

What’s ahead for communication in infosec

Why do people do what they do?

What questions to ask

More resources:

Networking with Humans to Create a Culture of Security by Tracy Maleeff - BSides NoVa 2017

Courtney K BsidesLV 2018, Implementing the Three Cs of Courtesy, Clarity, and Comprehension to Optimize End User Engagement (video not available yet)

BSidesWLG 2017 - Katie Ledoux - Communication: An underrated tool in the infosec revolution

Jeff Man, The Art of the Jedi Mind Trick

The Thing Explainer: Complicated Stuff in Simple Words

Chris Roberts, Communication Across Ranges

Oct 01 2018

28mins

Play

A conversation with Justin Seitz

Podcast cover
Read more

In this brand new edition of the Exploring Information Security podcast, I have a conversation with Justin Seitz (@jms_dot_py).

When I have guests hop on the podcast, I usually try to break the ice a little and get them warmed up for the episode. Often times these can turn into some really good conversation about the infosec field. I'd like to start capturing those conversation and release them (with the person's permission), because there are some really great insights.

I've released this episode early to the people on my newsletter (check below to get in on the fun). I wanted to get feedback and also give people who sign-up some bonus content, which is something I hope to do more.

In this episode we discuss:

  • My unique role working with other departments
  • Report writing and dealing with awful reports
  • Similarities between the developer boom and the security boom

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Sep 24 2018

24mins

Play

Why container security is important - Part 2

Podcast cover
Read more

In this shipped edition of the Exploring Information Security podcast, Wes Widner joins me to discuss container security.

Wes (@kai5263499) is not a security person. He is a developer. A developer that understands security and why it's important. He deals a lot with automation and working with container technology.

In this episode we discuss:

  • What are some of the other security considerations?7
  • Who should secure containers?

More Resources:

[RSS Feed] [iTunes]

Sep 17 2018

19mins

Play

Why container security is important - Part 1

Podcast cover
Read more

In this shipped edition of the Exploring Information Security podcast, Wes Widner joins me to discuss container security.

Wes (@kai5263499) is not a security person. He is a developer. A developer that understands security and why it's important. He deals a lot with automation and working with container technology.

In this episode we discuss:

  • What are containers?
  • What are the different kind of containers?
  • What is Wes' experience with containers?
  • What are the big security concerns?

More Resources:

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Sep 10 2018

25mins

Play

What is Hunchly?

Podcast cover
Read more

In this screenshot edition of the Exploring Information Security podcast, Justin Seitz joins me to discuss Hunchly.

Justin (@jms_dot_py) is the creator of Hunchly. I got to know Hunchly at SANS SEC487 OSINT training earlier this year. It's a fantastic tool that takes screenshot as the web is browsed. This is very useful for investigations involving OSINT. I'm also finding it useful for incident response, particularly for clicking on phishing pages. I sometimes forget to take screenshots as I'm investigating a phishing page. Having Hunchly means, I don't have to worry about taking screenshots. I then use the screenshots for reports and training. It's a really useful tool.

In this episode we discuss:

  • What is Hunchly?
  • How did Hunchly come about?
  • Who should use Hunchly?
  • What is the cost of Hunchly?

More resources:

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Sep 05 2018

22mins

Play

How to make a Burp extension

Podcast cover
Read more

In this crafting episode of the Exploring Information Security podcast, Paul Johnston Customer Champion at Portswigger joins me to discuss how to make a Burp extension.

Paul (@paulpaj) wrote a blog post on how to make a successful burp extension and get it published in the Burp Store. A lot of the recommendations in the article are from Paul's experience handling extension submissions for the Burp Store.

In this episode we discuss:

  • What is the process for extension approval?
  • What is Burp Suite?
  • How does someone make an extension?

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Aug 27 2018

28mins

Play

How to handle CFP rejection(s)

Podcast cover
Read more

In this refused episode of the Exploring Information Security podcast, Michael Kavka joins me to discuss how to handle call for presentation rejections.

Michael (@SiliconShecky) wrote a blog post on his site at the beginning of the year titled, It is CFP season... So what. In the article he hit on rejections and I thought it'd make for a great podcast topic. More recently, he wrote a blog post on the, Anatomy of a Rejected CFP. The article walks through his rejected CFP for DerbyCon.

In this episode we discuss:

  • What is Michael's experience in submitting CFPs
  • Why a CFP is rejected
  • What are the different types of cons?
  • How to handle a CFP rejection letter

More resources:

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Aug 20 2018

28mins

Play

How to create a phishing email - Part 2

Podcast cover
Read more

In this expedition edition of the Exploring Information Security podcast, Chris Maddalena a senior security consultant joins me to discuss how to create a phishing email.

Chris (@cmaddalena) joins me to discuss crafting a phishing email. This is something I've recently explored at work. Having little to no experience actually crafting a phish, I decided I'd go to someone who does this on a regular basis. Check out Chris' ODIN tool for automating intelligence gathering, asset discovery, and reporting.

In this episode we discuss:

  • What are the technical steps to creating a phish
  • What needs to be consider from a technical standpoint
  • What is GoPhish and GoReporter
  • How important is timing

Other resources:

[RSS Feed] [iTunes]

Aug 13 2018

24mins

Play

How to create a phishing email - Part 1

Podcast cover
Read more

In this expedition edition of the Exploring Information Security podcast, Chris Maddalena a senior security consultant joins me to discuss how to create a phishing email.

Chris (@cmaddalena) joins me to discuss crafting a phishing email. This is something I've recently explored at work. Having little to no experience actually crafting a phish, I decided I'd go to someone who does this on a regular basis. Check out Chris' ODIN tool for automating intelligence gathering, asset discovery, and reporting.

In this episode we discuss:

  • What you need to consider before creating a phish.
  • Where to get phishing ideas.
  • Where to get phishing templates.
  • What happened when accounting sent out an email.

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Aug 06 2018

29mins

Play

What is OSINT ORCS YOGA?

Podcast cover
Read more

In this battlefield edition of the Exploring Information Security podcast, Micah Hoffman joins me to discuss OSINT ORCS YOGA.

Micah (@WebBreacher), is a SANS Instructor and author of the SEC487 OSINT course. He recently had his second class in Denver, Colorado (more dates here). During that class he found people asking about how to navigate the waters of OSINT resources. His solution was to start the OSINT Resource Classification System (ORCS). It's a call for the OSINT community to standardize on how resources are categorized. YOGA or Your OSINT Graphical Analyzer is meant to be a visual aid for people looking to navigate the streets of OSINT resources.

In this episode we discuss:

  • How SANS SEC487 is coming along
  • What is YOGA?
  • What is ORCS?
  • Why is ORCS YOGA important?

[RSS Feed] [iTunes]

Subscribe

Sign up with your email address to receive news and updates.


Email Address
Sign Up

We respect your privacy.

Thank you!

Jul 31 2018

31mins

Play

iTunes Ratings

42 Ratings
Average Ratings
35
3
3
0
1

I just found this and it’s great!

By MsLaulei - Apr 02 2019
Read more
I am saddened and yet thrilled to finish listening to the other podcasts. I just founds this and it’s great!!!! It says FIN but you never know I can always hope! Ms Laulei De La ROsa on FB

Finally...

By teh_Plague - Jan 28 2016
Read more
This is the podcast I have been looking for. Keep up the great work!