Exploring Information Security Archive 1
46 episodes - English - Latest episode: over 5 years ago -The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
The Final Episode
March 07, 2019 01:10 - 17 minutes - 28.7 MBThis isn’t the easiest thing to do. Now that I’m writing the podcast post after recording and editing the podcast, I have a sense of relief. For the last month plus, I’ve tried to decide whether or not to shut down the podcast. The fact that it took this long to record a final episode tells me that it was time. I wrote about my reasoning in a blog post on the main page. This may or may not be the end. That largely depends on if someone would like to pick up the podcast and produce it themselv...
Who is looking for more in infosec - Feb 27, 2017
February 28, 2017 13:00 - 12.4 MBIn this job posting edition of the Exploring Information Security podcast, who is looking for more in infosec? This is a bonus episode of the podcast. This is a solo podcast where I discuss open positions and people looking for opportunities. I plan to do these based on demand. If you would like to submit a position you are looking to fill or looking for an opportunity send me an email timothy.deblock[at]gmail[dot]com or hit me up on Twitter @TimothyDeBlock. Employers looking to fill a rol...
What is Tactical Edge?
May 16, 2016 00:00 - 29 minutes - 33.6 MBEd (@EdgarR0jas) is the creator of Tactical Edge (@Tactical3dge), which runs October 24 - 27, 2016, and PVC Security podcast co-host. For listeners of that podcast, I apologize. You've heard about about Tactical Edge extensively. However, I managed to get a little more out of him in this episode. We discuss origins and what makes this conference unique.
What is social engineering?
May 09, 2016 00:00 - 21 minutes - 24.8 MBValerie (@hacktress09) is an executive consultant for Securicon. She uses many techniques to pentest an organization via social engineering. One of the techniques she uses the most is phishing emails. In this episode we discuss what is social engineering and why it's important.
How to be a better mentor
May 02, 2016 00:00 - 22 minutes - 26.2 MBChris (@_Lopi_) has some interesting thoughts on mentorship and how the infosec community can be better at it. Here is the tweet from Chris that caught my attention, "What do I want? To get more folks interested in infosec and help them break into the industry. We need better mentors." Upon further investigation I noted that Chris is creating a game for people trying to break into information security. How this applies? You will have to listen to the episode.
What is a security framework?
April 25, 2016 00:00 - 23 minutes - 26.9 MBSteven (@ZenM0de) is a principal security strategist at eSentire. Part of his role is implementing, and even sometimes creating, security frameworks for organizations. We define what a security framework is and then discuss the process for choosing a framework.
How to make time for a home lab
April 18, 2016 01:58 - 22 minutes - 26 MBChris (@cmaddalena) and I were asked the question on Twitter, "How do you make time for a home lab?" We answered the question on Twitter, but also decided the question was a good topic for an EIS episode. Home labs are great for advancing a career or breaking into information security. To find the time for them requires making them a priority. It's also good to have a purpose. The time I spend with a home lab is often sporadic and coincides with research on a given area.
How to build a home lab
April 11, 2016 00:00 - 30 minutes - 34.5 MBChris (@cmaddy) and I have submitted to a couple of calls for training at CircleCityCon and Converge and BSides Detroit this summer on the topic of building a home lab. I will also be speaking on this subject at ShowMeCon. Home labs are great for advancing a career or breaking into information security. The bar is really low on getting started with one. A gaming laptop with decent specifications works great. For those with a lack of hardware or funds there are plenty of online resources to ta...
What is red vs. blue? - Part 2
April 04, 2016 00:00 - 22 minutes - 25.2 MBRob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. We discuss maximizing a pentest and CTFs.
What is Red vs. Blue - Part 1
March 28, 2016 00:00 - 20 minutes - 23.7 MBRob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. We define red team vs. blue team and then talk about working together.
How to start a successful CitySec meetup - Part 2
March 21, 2016 00:21 - 22 minutes - 26.2 MBJohnny, (@J0hnnyXm4s), helps organize four monthly meetups in the Chicago area called BurbSec. Starting a CitySec is a unique challenge but one that is easily doable. CitySec's provide an opportunity for security professionals and enthusiasts to get together to network, learn, and improve their security mindset. Johnny will be presenting this topic as a talk at BSides Nashville April 16, 2016. In this episode we discuss location and websites.
How to start a successful CitySec meetup - Part 1
March 14, 2016 00:00 - 24 minutes - 28.4 MBJohnny, (@J0hnnyXm4s), helps organize four monthly meetups in the Chicago area called BurbSec. Starting a CitySec is a unique challenge but one that is easily doable. CitySec's provide an opportunity for security professionals and enthusiasts to get together to network, learn, and improve their security mindset. Johnny will be presenting this topic as a talk at BSides Nashville April 16, 2016. In part one we discuss the origin story of BurbSec, marketing, and the people who attend.
How to attend a conference
March 07, 2016 01:01 - 30 minutes - 35.4 MBWolf (@jwgoerlich), recently produced an interesting PVCSec episode at CodeMash on the challenges of getting into infosec. One of the interesting notes from that podcast was learning how to attend a conference. It was such a great point that I invited Wolf back on EIS to discuss how to get the most out of attending a conference.
What is the Security Culture Conference? - Part 2
February 29, 2016 01:38 - 21 minutes - 24.2 MBKai (@kairoer), is a speaker, trainer, consultant, and the creator of the Security Culture Framework (SCF). The framework deals with embedding a security mindset into the entire organization. It takes security awareness training to the next level by not only performing the training, but then measuring it's effectiveness. The Security Culture Conference is a result of that idea. It brings the brightest minds in security and gives them a platform to share ideas on the security culture in an org...
What is the Security Culture Conference? - Part 1
February 22, 2016 01:16 - 25 minutes - 28.8 MBKai (@kairoer), is a speaker, trainer, consultant, and the creator of the Security Culture Framework (SCF). The framework deals with embedding a security mindset into the entire organization. It takes security awareness training to the next level by not only performing the training, but then measuring it's effectiveness. The Security Culture Conference is a result of that idea. It brings the brightest minds in security and gives them a platform to share ideas on the security culture in an org...
What is a CISSP?
February 15, 2016 01:00 - 24 minutes - 28.4 MBJavvad Malik (@J4vv4d) doesn't need much introduction. He's done a video on the benefits of being a CISSP. He's also done a music video with his Host Unknown crew on the CISSP. There's also The CISSP companion handbook he wrote. which has a collection of stories and experiences dealing with the 10 domains of the CISSP. Check out his website at j4vv4d.com and his YouTube channel.
What is the problem we're trying to solve?
February 08, 2016 01:06 - 32 minutes - 37.6 MBMichael Santarcangelo, AKA The @catalyst, joins me to explain why answering the question is key to better security. The question, "What is the problem we're trying to solve" is the first step in identifying whether or not the problem at hand is worth addressing at this time. Essentially, is this what we should be working on right now and what will this gain us. This is a question to be answered by leadership. Michael has two decades of experience in security and working at the executive level...
What is OSINT - Part 2
February 01, 2016 01:05 - 19 minutes - 22.6 MBI continue my conversation with Tazz on OSINT: why it's importnat; skills needed to perform OSINT; and the tools used.
What is OSINT? - Part 1
January 25, 2016 01:36 - 22 minutes - 26.3 MBMy first interaction with Tazz (@GRC_Ninja), was at CircleCityCon. I quickly became aware that if I got out of line at the conference Tazz was very likely to be the one to put me in my place. I also ran into her at DerbyCon where she kept people in line while waiting for talks to start. She also happens to be a speaker and this past year presented, "ZOMG Its OSINT Heaven" at BSides Las Vegas. Which is how I became aware that Tazz knew her stuff when it came to OSINT. She also writes about OSI...
How to build a SOC - Part 3
January 18, 2016 01:47 - 20 minutes - 24 MBPaul Jorgensen of IBM joins me to discuss how to build a SOC. In part 3 we move into the next step and discuss resources for building an effective SOC.
How to build a SOC - Part 2
January 11, 2016 01:42 - 25 minutes - 28.8 MBFellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.
How to build a SOC - Part 1
January 04, 2016 01:06 - 20 minutes - 23.6 MBFellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.
What is a SIEM?
December 28, 2015 01:45 - 23 minutes - 26.8 MBDerek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview. We discuss: How to pronounce SIEM; what it is; how to use it; the biggest challenge; how to tune; and more.
How to apply network security monitoring
December 21, 2015 01:39 - 30 minutes - 34.7 MBChris (@chrissanders88) is the co-author, along with Jason Smith, of Applied Network Security Monitoring: Collection, Detection, and Analysis. I recently finished the book and found it a valuable book for those operating within a SOC or those looking to start network security monitoring. Chris and Jason walk through the basics of network security monitoring including low-cost tools, snort, and how to investigate incidents. I highly recommend the book for those wanting to learn more about netw...
What is data driven security?
December 14, 2015 01:53 - 32 minutes - 37.2 MBI recently read Data Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs (@jayjacobs) and Bob Rudis (@hrbrmstr). The book is easy to read and a very good introduction into the world of data and security. Both Jay and Bob were kind with their time when I had questions about exercises in the books. After reading the book I decided to have Bob on to talk more about data driven security.
What is application security?
December 07, 2015 01:00 - 24 minutes - 28.2 MBFrank (@en0fmc) has a lot of experience with application security. His current role is the director for web application security and product management at Qualys. He's also the chapter leader for OWASP Columbia, SC. He lives and breathes application security. In this episode we discuss: what application security is; why it's important; where it should be integrated; and resources.
How information security professionals should interact with the media - part two
November 30, 2015 01:00 - 19 minutes - 22.4 MBIn this exciting edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss how information security professionals should interact with the media. Steve (@SteveD3) prior to becoming an InfoSec Journalism Wizard for CSO he spent 15 years as an IT contractor. Last year Steve gave talks on how to interact with the media at conferences such as CircleCityCon and DerbyCon. With information security getting more play in the media recently it's important that we al...
How information security professionals should interact with the media - part 1
November 23, 2015 01:00 - 24 minutes - 28.3 MBSteve (@SteveD3) prior to becoming an InfoSec Journalism Wizard for CSO he spent 15 years as an IT contractor. Last year Steve gave talks on how to interact with the media at conferences such as CircleCityCon and DerbyCon. With information security getting more play in the media recently it's important that we all have a basic understanding of how to interact with the media. In part one we discuss: Who is the media? Where someone will interact with the media; reaching out to the media; and wh...
How to network in information security - part 2
November 16, 2015 15:00 - 14 minutes - 17 MBJohnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general. In part two we discuss resources for getting better at networking.
How to network in information security - part 1
November 09, 2015 15:00 - 17 minutes - 19.7 MBJohnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.
How to play a CTF
November 01, 2015 15:00 - 22 minutes - 25.3 MBDavid (@dacoursey) is one of the organizers of the Charleston ISSA chapter. At DerbyCon 2014 he experienced his first CTF. He had such a good time that he decided to put together the CTF for BSides Charleston two months later. Through those experiences he has learned a lot and has participated in many more CTFs this past year.
How to deal with the "experience required" paradox
October 27, 2015 02:00 - 30 minutes - 34.9 MBJerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.
What certifications are available for infosec professionals?
October 19, 2015 14:00 - 26 minutes - 29.8 MBRalph (@Optimus__Prime) holds many infosec related certifications and is also an instructor of courses meant to help people get certified. Certifications are not a finish line for professionals. They are, instead, more of starting point for professionals. Getting certified means that a certain level of knowledge has been achieved.
My DerbyCon talk - The Blue Team Starter Kit
October 12, 2015 14:00 - 20 minutes - 23.5 MBI had the wonderful opportunity to speak at DerbyCon this year. The overall experience was amazing and I am thankful and honored to speak at such a great event. I was placed in the stables track with a 20-25 minute talk, which makes the recording perfect for this podcast. A huge shoutout and thanks to Adrian Crenshaw for all his work in recording talks for conferences. The information security community would be lesser without him.
What is the perception of information security - part 2
October 05, 2015 14:00 - 29 minutes - 33.6 MBIn part two of this part two series Chris and I talk about security being a friendly face, the word hacker, and developers vs. security.
What is the perception of information security - part 1
September 28, 2015 14:16 - 23 minutes - 26.5 MBIn part one of a two part series we talk about the perception of infosec in business, how we change it, and where security first in an organization.
What is CircleCityCon?
September 21, 2015 13:52 - 27 minutes - 31.9 MBBoth Grap3 Ap3 and Dr. BearSec are organizers for the wonderful event. In this episode they talk about the origins of the conference, some of the challenges of putting the conference together, the atmosphere of the conference, and what attendees can expect for next year. Follow Grap3 Ap3 (@grap3_ap3) and DrBearSec (@drbearsec) and of course the conference (@CircleCityCon) on Twitter.
What is security awareness?
September 14, 2015 14:01 - 24 minutes - 28.6 MBAmanda was charged with setting up a security awareness program for her company from scratch. Setting up a security awareness program is hard work, making it effective is even harder, but Amanda rose to the challenge and came up with some creative ways to help fellow employees get a better handle on security.
How to ZAP your websites
September 07, 2015 13:00 - 17 minutes - 10.1 MBSimon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.
How to use PowerShell for security
August 31, 2015 13:00 - 22 minutes - 13 MBMatt Johnson has spoken at conference's like GrrCon and DerbyCon on using PowerShell for security. He also has his own podcast titled, Leveled up Infosec Podcast and he's the founder of PoshSec. You can catch Matt tweeting about security on Twitter @mwjcomputing. In this interview we cover: what is PowerShell; how to get started; how to best utilize it for security; resources; and what mistakes made using it.
What is BSides Augusta?
August 24, 2015 14:00 - 33 minutes - 38.2 MB2015 will be the third year for the security conference and it looks to be even bigger and better than last year. This year the conference features a two blue team tracks, a red team track, CTF challenge, a lock pick village, and much more. Doug also talked about his own conference that leads into BSides Augusta, the Security Onion conference. BSides Augusta is sold out, but the Security Onion conference still has tickets available.
What is threat modeling?
August 17, 2015 13:00 - 22 minutes - 13.1 MBWolfgang has presented at many conference on the topic of threat modeling. He suggests using a much similar method of threat modeling that involves threat paths, instead of other methods such as a threat tree or kill chain. You can find him taking long walks and naps on Twitter (@jwgoerlich) and participating in several MiSec projects and events. In this interview Wolfgang covers: what threat modeling is; what needs to be done to get started; who should perform it; resources; and the lifecycl...
What is cryptography?
August 10, 2015 13:00 - 24 minutes - 14.3 MBJustin is a security and privacy research currently working on a project titled, "Mackerel: A Progressive School of Cryptographic Thought." You can find him on Twitter (@JustinTroutman) discussing ways in which crypto can be made easier for the masses. In the interview Justin talks about: what cryptography is; why everyone should care; some of its applications; and how to get started with cryptography.
What is a Chief Information Security Officer (CISO)
August 04, 2015 02:06 - 19 minutes - 11.4 MBRafal Los is the Director of Solutions Research at Accuvant. He produces the Down The Security Rabbithole podcast and writes the Following the Wh1t3 Rabbit security blog. On several occasions he's tackled the CISO role within an organization on both his podcast and blog. I would highly recommend both if you're in the infosec field or looking to get into it. In the interview Rafal talks about: what a CISO is; the role of a CISO; the skills; and different types of CISOs.
How to organize an information security conference
August 04, 2015 02:00 - 32 minutes - 18.5 MBEd Rojas is a Master Consultant for HP Enterprise Security and the creator of Security Zone information security conference in Columbia and the organizer of the BSides Nashville security conference. I had the pleasure of attending BSides Nashville this year and got the opportunity to snap a few pictures. Ed was a very accommodating and passionate host for the event. In this interview Ed talks about: the first step to organizing a security conference; time and effort it requires; picking the r...
How to get into information security
August 04, 2015 01:53 - 21 minutes - 12.3 MBAn interview with VioPoint consultant and roundhouse master Jimmy Vo. We covered how he got into information security and also talked about some of things people on the outside looking in can do to get into information security.