[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security

In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.

Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

In this episode we discuss:

  • Certificates

  • Hiring

  • Interviewing

  • Where to get started

  • Soft skills

  • ShowMeCon and other conferences

  • Community and giving back

  • Imposter syndrome

  • Irongeeks impact on those in attendance

How to Perform Incident Response and Forensics on Drones with Wayne Burke

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Wayne Burke to discuss the crucial and rapidly evolving field of drone tactical forensics and incident response. Wayne sheds light on the increasing proliferation of drones, from law enforcement applications to criminal misuse, and the unique challenges involved in collecting forensic evidence from them. He reveals the dangers of booby-trapped drones and malware on flight controllers, emphasizing the need for caution and specialized techniques. Wayne also shares a fascinating incident involving electronic warfare against a surveillance drone, underscoring the sophisticated threats emerging today. Tune in to learn about essential forensic methods, from accessing flight logs with open-source tools to advanced chip-off forensics, and why collaboration in the cybersecurity community is vital for addressing these new challenges.

What You'll Learn:

  • What drone tactical forensics entails and its growing importance in today's world of automated robotics.

  • The diverse and increasing applications of drones, including surveillance and the potential for misuse like extortion.

  • Significant risks and dangers in drone forensics, such as booby traps and flight controller malware.

  • Initial steps and varied techniques for drone incident response and forensic evidence collection, depending on the drone type.

  • How flight logs and telemetry data are analyzed using open-source tools, and methods for advanced forensics like chip-off analysis.

  • The critical role of community and collaboration in addressing emerging drone security threats.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet

Summary:

In this episode of Exploring Information Security, host Timothy De Block speaks with Corey Overstreet, a seasoned pentester from Red Siege. Corey shares insights into the ongoing cat-and-mouse game between red teams and blue teams, revealing common vulnerabilities and unexpected successes in breaching defenses. He discusses his upcoming talk at Show Me Con, titled "That Shouldn't Have Worked," which aims to equip blue teams with practical knowledge on bolstering their defenses against persistent attackers. From the nuances of payload delivery to the surprising resilience of old tricks and the challenges of cloud security, Corey offers a candid look at the daily realities of offensive security and how defenders can truly make a red teamer's life difficult.

What You'll Learn:

  • The core focus of Corey Overstreet's "That Shouldn't Have Worked" talk at Show Me Con.

  • Common mistakes red teamers make and how to avoid them.

  • Effective defensive strategies for blue teams, including the power of application control and network segmentation.

  • The evolving landscape of EDR and how AI is starting to make red team operations more challenging.

  • Insights into the surprising ways macros and social engineering continue to be effective entry points, especially in cloud environments.

  • Advice for aspiring pentesters on learning and problem-solving, emphasizing hands-on practice and diligent note-taking.

  • Corey's favorite resources for staying up-to-date in cybersecurity, including various subreddits, Discord, and Slack communities.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


when machines take over the world with Jeff Man

Summary:

In this engaging episode of Exploring Information Security, host Timothy De Block sits down with cybersecurity expert Jeff Man. They dive into Jeff's recent experiences at the RSA Conference, his seasoned and sometimes "grumpy old man's perspective" on the pervasive topic of AI, and what he's looking forward to in upcoming speaking engagements. The conversation explores the ever-evolving landscape of cybersecurity, the challenges and hype surrounding new technologies, and the enduring principles of security that remain constant despite technological shifts.

What You'll Learn:

  • Key takeaways and observations from the RSA Conference, including attendance figures and vendor extravagances.

  • Jeff Man's unique perspective on Artificial Intelligence, separating hype from potential impact.

  • The recurring themes in cybersecurity, highlighting how fundamental problems persist across different technological eras.

  • Insights into the risks and limitations of AI, including its potential for misinformation and Jeff's personal skepticism.

  • A first-hand account of riding in a Waymo self-driving car and reflections on autonomous technology.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Disconnect From Cybersecurity

Summary:

In this heartfelt episode of Exploring Information Security, we sit down with Elizabeth Eggert-Guerrant to talk about the importance of disconnecting from the always-on world of cybersecurity. Elizabeth shares her personal journey, which began with a cruise to Antarctica and led to profound revelations about burnout, digital overload, and the power of being present.

Drawing from her experience in leadership and her passion for mental health, Elizabeth unpacks how the culture of constant connectivity in cybersecurity—and life in general—can affect our well-being. From sneaking work emails in the bathroom on vacation to re-learning the value of quiet moments and real human connection, this episode explores what it means to truly step away and reset.

Whether you're an industry veteran or just getting started, Elizabeth offers advice on setting boundaries, recognizing burnout in yourself and your team, and creating space for reflection in a high-pressure industry.

What You’ll Learn

  • Why disconnecting is critical for mental health in cybersecurity

  • How to identify burnout in yourself and others

  • The value of setting daily rituals and boundaries

  • The role of leadership in fostering mental well-being

  • The pressure of “doing more” on social media—and how to step back

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Implement a Content Security Policy (CSP)

Summary:

In this episode of the Exploring Information Security podcast, host Timothy De Block sits down with Jason Gillam, long-time developer turned penetration tester and partner at Secure Ideas. The two dive into the real-world value of Content Security Policy (CSP) and why it remains one of the most underutilized tools in web application defense.

Jason shares insights from his upcoming talk at ShowMeCon 2025, including surprising statistics from his analysis of over 750,000 domains, where he found that most CSPs are either missing or misconfigured. He breaks down how CSP works, its role in protecting against injection attacks, and strategies for implementing it properly using nonces, hashes, and report-only modes.

They also discuss:

  • The challenges of educating developers on CSP

  • CSP vs. WAF and where each fits in the security stack

  • How AI and CI/CD can support secure CSP deployment

  • The importance of building security into code rather than bolting it on later

Whether you're a developer, security professional, or somewhere in between, this episode offers practical and actionable advice on improving your web application security posture.

Mentioned Resources:

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


how to monitor the inner workings of a cybercriminal organization

Summary:

What does it take to monitor the inner workings of ransomware gangs? In this episode, Matthew Maynard shares his firsthand experience infiltrating cybercriminal communities to gather valuable threat intelligence. From learning the lingo to navigating criminal hierarchies, Matthew sheds light on the surprising structure and behavior of ransomware operators. We discuss the importance of operational security, the surprising transparency of cybercriminal forums, and how researchers can play a critical role in disrupting ransomware infrastructure.

Topics Discussed:

  • How Matthew got started monitoring cybercriminal groups

  • The business model and hierarchy of ransomware gangs

  • Use of AI, insider threats, and criminal marketing tactics

  • Tools and platforms used by cybercriminals (Tor, Tox, Telegram, etc.)

  • Lessons learned from forums, breach leaks, and failed infiltration attempts

  • The value of open-source intelligence in tracking threat actors

  • Why reputation matters—both for threat actors and researchers

  • Operational safety tips for researchers entering dark web spaces

Guest Bio:

Matthew Maynard is a cybersecurity professional and threat researcher who specializes in tracking the behavior of ransomware gangs and cybercriminal forums. He shares his insights through articles on Hacker Noon and speaks regularly at conferences like ShowMeCon.

Links & Resources:

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Gamifying Your Incident Response Playbook with Anushree Vaidya

Summary:

In this episode, Tim speaks with Anushree Vaidya about her upcoming presentation at ShowMeCon: Ransomware Rampage: Gamifying Your Incident Response Playbook. Anushree shares her passion for making cybersecurity training more interactive, emphasizing how gamifying the ransomware incident response process can transform traditional playbook exercises into dynamic, collaborative experiences.

Anushree explains how ransomware-specific playbooks differ from general incident response plans, the benefits of hands-on exercises for diverse teams, and how organizations of all sizes can adapt her training approach internally. She also discusses overlooked early indicators of ransomware attacks, communication challenges between technical teams and leadership, and how proactive preparation can significantly reduce the pain of an incident.

Topics Discussed

  • Why ransomware-specific playbooks matter

  • Turning incident response into a team-based, gamified learning experience

  • Building ransomware exercises that include IT, security, PR, HR, and leadership teams

  • Common gaps in ransomware detection and proactive preparation

  • Coaching technical teams on communication during incidents

  • Using AI to stay up to date with threat intelligence and reports

  • Tailoring incident response playbooks for different industries and organizational sizes

Key Takeaways

  • Participants will leave Anushree’s presentation with a customizable ransomware playbook and tools to take back to their organizations.

  • Gamified incident response exercises promote better communication, quicker learning, and stronger collaboration across teams.

  • Early detection and proactive measures like business impact analysis are critical to minimizing ransomware damage.

  • Communication planning—including legal, internal, and external messaging—is essential for effective response.

Connect with Anushree

  • LinkedIn: Anushree Vaidya

  • Women in CyberSecurity (WiCyS) Midwest Chapter Member

Anushree is passionate about connecting with others in cybersecurity, particularly in the Midwest region. Her DMs are always open for those who want to discuss ransomware, threat hunting, incident response, and cybersecurity strategy.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Hands-On Hacking with James Gillkey

Summary:

In this episode of Exploring Information Security, host Tim De Block sits down with James Gillkey to discuss hands-on hacking training at ShowMeCon. James is revamping a long-standing pentesting training course to bring modern techniques, updated tools, and a focus on efficiency to security professionals. He shares insights into building effective training labs, leveraging Python virtual environments, and incorporating real-world offensive security methodologies into a structured learning experience.

Topics Discussed

  • The evolution of hands-on hacking training and its history

  • Setting up virtualized pentesting environments with Python and GitHub tools

  • Common mistakes in pentesting and how to avoid them

  • The balance between red team engagements and SOC awareness

  • The importance of password cracking, enumeration, and network recon

  • How cloud security assessments differ from traditional network pentesting

  • The role of AI in pentesting and whether it’s a useful tool or a shortcut

  • ShowMeCon’s Fallout-themed hacking lab and what to expect in the training

Key Takeaways

  • Hands-on experience is crucial. The best way to learn pentesting is by doing it.

  • Virtualized environments simplify tool management and prevent conflicts.

  • AI is an emerging tool in pentesting, but it doesn’t replace fundamental knowledge.

  • Cloud security requires a different mindset due to its unique challenges and toolsets.

  • Communication with SOC teams is essential to avoid unnecessary panic during testing.

  • Efficiency matters. The goal of the training is to give students actionable skills they can use immediately.

Further Resources

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Breaking Bad Code with Kevin Johnson

Summary:

In this episode of Exploring Information Security, host Timothy De Block welcomes Kevin Johnson, founder of Secure Ideas, to discuss web application penetration testing, API security, and hands-on security training. Kevin shares insights on why pentesters need to understand business risk, how API security is often misunderstood, and what participants can expect from his Breaking Bad Code workshop at ShowMeCon. He also reflects on the state of security talks at conferences, the importance of interactive learning, and Secure Ideas’ 15-year journey in the industry.

Topics Discussed:

  • Web Application Security Challenges – Why automated tools alone aren’t enough, and how attackers think differently.

  • API Security & Misconceptions – How APIs change attack surfaces and why developers often overlook key security flaws.

  • Breaking Bad Code Training at ShowMeCon – What attendees will learn and why hands-on hacking beats passive lectures.

  • Security Talks vs. Vendor Pitches – The problem with sales-driven conference talks and why real education matters.

  • The Evolution of Secure Ideas – Celebrating 15 years in business, plus challenge coins and community growth.

  • Fun Side Tangents – Muppets, hacking culture, and why Wacka Hack is the talk you don’t want to miss at ShowMeCon.

Key Takeaways:

  • Effective pentesting goes beyond tools—it’s about understanding the purpose and risk of an application.

  • API security isn’t a separate discipline—it requires a shift in attacker mindset.

  • Hands-on training is the best way to learn—expect to actively hack at the Breaking Bad Code workshop.

  • Security conference talks should educate, not sell—vendor-heavy presentations fail to engage the audience.

  • ShowMeCon is an invaluable event for anyone interested in offensive security and application security.

Guest Info:

  • Kevin Johnson – Founder & CEO of Secure Ideas, security consultant, trainer, and conference speaker.

Links and Resources:

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


ShowMeCon and Security Perspectives with Amanda Berlin

Summary:

Use the promo code “ExploringSec” to get $50 off your registration

In this episode of Exploring Information Security, host Timothy De Block welcomes Amanda Berlin, CEO of Mental Health Hackers & Senior Product Manager at Blumira, to discuss her experiences in security product development, incident detection, and the challenges of balancing security with usability. They explore the limitations of pentest reports, the practicality of security automation, and the psychology behind effective security awareness training. Amanda also shares insights on how small businesses can implement security without breaking the bank and what to expect from ShowMeCon.

Topics Discussed:

  • Amanda’s Keynote at ShowMeCon – How she ended up speaking and why Dave’s method of picking speakers is unconventional.

  • Security Automation vs. Usability – Why some industries can implement auto-lockouts, while others (like hospitals) cannot.

  • The Problem with Pentest Reports – Why they often contain unrealistic security expectations that don’t translate to real-world environments.

  • Getting Buy-In for Security Solutions – How to understand what organizations actually need instead of pushing the latest security trend.

  • The Role of Nudge Theory in Awareness Training – Why small, repeated reinforcements can be more effective than long training videos.

  • Security for Small Businesses – Strategies for implementing security on a limited budget and making defenses practical.

  • Side Tangents & Fun Conversations – Crossword puzzles, Wordle streaks, and the absurdity of marketing budgets in cybersecurity.

Key Takeaways:

  • Security needs to be tailored to the environment—automation can improve security, but in some cases, it can create more risks.

  • Pentest reports often miss the mark by listing detected issues without considering operational feasibility.

  • Security awareness is most effective when it’s continuous and engaging, rather than a one-time annual training.

  • Listening to users is critical—security teams must balance technical controls with usability needs.

  • ShowMeCon continues to be a top-tier conference for hands-on security learning and industry networking.

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Real World Windows Forensics and Incident Response with JC at ShowMeCon 2025

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with JC, President at Snowfensive, to discuss Windows forensics, incident response, and the upcoming training session at ShowMeCon. JC shares insights on real-world forensic investigations, common challenges organizations face in responding to incidents, and how forensic methodology plays a critical role in cybersecurity operations. This episode is packed with valuable information for security professionals, IT admins, and anyone interested in digital forensics.

Showmecon Links and Resources:

Topics Discussed:

  • ShowMeCon Training Session: What attendees can expect from JC’s Windows forensics course.

  • The Reality of Incident Response: The distinction between forensic analysis and incident response and how they complement each other.

  • Ransomware Trends: The evolution from encryption-based ransomware to data extortion and the impact on organizations.

  • Real-World Forensic Cases: Examples of forensic investigations, including rapid containment strategies and detecting data exfiltration.

  • Critical Thinking in Forensics: How forensic methodology is akin to detective work, and why troubleshooting skills are essential.

  • Challenges in Reporting: Why documenting forensic findings properly is just as important as the investigation itself.

Key Takeaways:

  • Organizations are improving at responding to ransomware but still struggle with preventing data exfiltration.

  • Understanding Windows forensic artifacts is crucial for both security teams and IT administrators.

  • Effective forensic investigations require both technical expertise and strong reporting practices.

  • Training and tabletop exercises are essential for preparing organizations to handle real-world incidents.

Guest Info:

  • JC is a cybersecurity expert specializing in Windows forensics, incident response, and offensive security services. He is the President of Snowfensive and Co-Founder of the Social Engineering Community.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


ShowMeCon: A Must-Attend Conference for Cybersecurity Pros

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Dave Chronister and Brooke Deneen to discuss ShowMeCon, the Midwest’s premier security conferences. Dave shares the vision behind ShowMeCon, how it stands apart from other security events, and what attendees can expect from the 2025 edition. Brooke provides insights into the logistics of running the conference and the community-driven experience that makes it special. Whether you're a seasoned security professional or new to the space, this episode highlights why ShowMeCon is a must-attend event.

Use ExploringSec to get $50 off.

Showmecon Links and Resources:

Topics Discussed:

  • The Origin of ShowMeCon: How the conference came to be and its unique place in the cybersecurity event landscape.

  • Balancing Corporate and Hacker Culture: Creating a professional yet welcoming environment that bridges the gap between security research and IT professionals.

  • Venue and Experience: Why the Ameristar Casino in St. Louis is an ideal location and what makes the event an immersive experience.

  • Speaker and Attendee Engagement: The focus on quality content, hands-on learning, and ensuring speakers are passionate and approachable.

  • Expanding to New Cities: Plans to bring the ShowMeCon model to new locations like Nashville and beyond.

  • ShowMeCon 2025 Highlights: The return of pre-conference training, CTFs, lockpicking villages, and an exciting Fallout-themed experience.

  • Building a Security Community: Encouraging new speakers, creating a welcoming space, and fostering professional development.

Key Takeaways:

  • ShowMeCon is designed for practical security education, offering content relevant to both IT and security professionals.

  • The conference prides itself on being a well-run, high-quality event where speakers and attendees engage meaningfully.

  • Training opportunities and community events, such as CTFs and lockpicking villages, enhance the overall experience.

  • ShowMeCon’s future includes expansion to other cities and continued efforts to foster an inclusive and passionate security community.

Guest Info:

  • Dave Chronister is the founder of ShowMeCon and a cybersecurity professional with over 18 years of experience in the industry.

  • Brooke Deneen plays a key role in organizing ShowMeCon and ensuring the event runs smoothly.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and cybersecurity events.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


[RERELEASE] ShowMeCon: What does Jayson E. Street, Dave Chronister, Johnny Xmas, April Wright, and Ben Brown think about security?

In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.

Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

In this episode we discuss:

  • Certificates

  • Hiring

  • Interviewing

  • Where to get started

  • Soft skills

  • ShowMeCon and other conferences

  • Community and giving back

  • Imposter syndrome

  • Irongeeks impact on those in attendance

HallwayCon from the floor of ShowMeCon 2024

Summary:

In this off-the-cuff episode, Timothy De Block brings a mic to the floor of ShowMeCon for the first-ever HallwayCon podcast episode. He walks around with a mic and recorder, engaging in spontaneous conversations with random attendees. Timothy highlights the immense value of attending security conferences, emphasizing that these real, impromptu conversations with professionals are crucial for expanding knowledge and building relationships within the industry. This unique approach captures some just some of the many conversations going on at security conferences.

Key Topics Discussed:

  1. Importance of Networking:

    • Knowing your target employers and daily tasks.

    • Overcoming the fear of talking to strangers.

  2. Effective Techniques:

    • Asking engaging questions.

    • Volunteering and getting involved.

  3. Conference Culture:

    • Evolution of conference attire.

    • Balancing business and casual environments.

  4. Career Challenges:

    • Job market difficulties for younger and older professionals.

    • Role of networking in career advancement.

  5. Humorous Stories:

    • Conference experiences and unique attire.

    • Creative uses of business cards.

  6. Management Insights:

    • Effective management and hiring practices.

    • Importance of structured onboarding.

  7. Impact of AI:

    • AI’s role in security and deepfake technology.

    • Future relevance in cybersecurity.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


What's Happening at ShowMeCon 2024?

Summary:

In this dynamic episode, host Timothy De Block engages in a lively conversation with Joey Smith, Tim McLaren, and Ben Miller live from the floor of Show Me Con 2024. They discuss various topics including the importance of trust in vendor relationships, the evolution of security roles, and the innovative approaches being adopted in the food industry.

Episode Highlights:

Conversations with Industry Experts:

  • Spontaneous discussions about the importance of genuine interactions at conferences.

  • Joey's perspective on the value of treating vendors with respect and professionalism.

Insights from Tim McLaren:

  • Tim shares his experience transitioning from a vendor-specific role to a broader consultancy position.

  • Discussion on the importance of having diverse solutions and the role of trust in customer relationships.

Ben Miller's Take:

  • Ben emphasizes the need for critical thinking and continuous learning in security roles.

  • Reflections on how past experiences shape current practices in cybersecurity.

Vendor Relationships and Trust:

  • The group discusses the significance of building long-term, trust-based relationships with vendors.

  • Examples of how trust influences decision-making and security practices.

Innovations in Security:

  • Conversations on how emerging technologies and innovative solutions are reshaping the cybersecurity landscape.

  • Joey's insights on the latest advancements and their implications for the industry.

Key Quotes:

  • "Trust is between two people. I don't trust the business or a line of questioning; I trust the individuals behind it." - Joey Smith

  • "Critical thinking and adaptability are essential in the ever-evolving field of cybersecurity." - Ben Miller

Recommended Resources:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


Catching up with Mental Health Hackers Founder Amanda Berlin at ShowMeCon

Summary:

In this relaxed and engaging episode recorded from air loungers at Show Me Con, Timothy De Block catches up with Amanda Berlin from Mental Health Hackers during Mental Health Awareness Month. They discuss the importance of mental health in the IT security industry, which is often fraught with stress and high demands.

Episode Highlights:

  1. Personal Stories of Mental Health: Timothy and Amanda share their personal experiences with mental health challenges, emphasizing the common struggles many face in the IT security field.

  2. Impact of Alcohol: The discussion explores the impact of alcohol on mental health, particularly how it affects sleep and stress levels. They touch upon efforts to create event spaces that offer alternatives to alcohol-centric activities.

  3. Mental Health Hackers: Amanda talks about the work of Mental Health Hackers, a group that attends various conferences to provide spaces for people to relax and decompress.

  4. Fundraising and Awareness: Mention of Mental Health Hackers' new t-shirt campaign designed to promote mental wellness, with proceeds supporting their activities at conferences. You can get T-Shirts here: https://www.customink.com/fundraising/mental-health-awareness-for-mhh

Key Quotes:

  • "It’s really about awareness... paying attention to how habits like drinking can impact our mental state and sleep." - Timothy De Block

  • "We need to create environments at events where drinking isn’t the main focus, allowing people to enjoy without the pressure of alcohol." - Amanda Berlin

Additional Resources:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


ShowMeCon: How AI will impact Cybersecurity Enhancements and Threats with Jayson E. Street

Summary:

Jayson E. Street

In this engaging episode Jayson E. Street, a renowned cybersecurity expert, joins me to discuss the return of ShowMeCon, the impact of AI in cybersecurity, and innovative strategies for enhancing security and combating threats. Jayson shares his excitement for ShowMeCon, insights on utilizing AI for security enhancements rather than traditional attacks, and offers practical advice for users, executives, and information security professionals.

This podcast sponsored by ShowMeCon.

Episode Highlights:

  • ShowMeCons return

  • Utilizing AI in Cybersecurity

  • Creative Use of AI for Security

  • Practical Security Tips Across the Board

  • The Future of AI in Security

Guest Information:

Jayson E. Street referred to in the past as: A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series and described as a "paunchy hacker" by Rolling Stone Magazine.

He however prefers if people refer to him simply as a Hacker, Helper & Human.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


ShowMeCon: Azure Vulnerabilities with Scott Miller

Scott Miller

Summary:

Scott Miller, a fresh voice in the cybersecurity arena, joins me to discuss the intricacies of hacking Azure services. Scott shares his journey from a recent college graduate to becoming a speaker at cybersecurity conferences, along with valuable insights into Azure AD (Active Directory), vulnerabilities within cloud services, and the art of escalation.

This episode sponsored by ShowMeCon.

Episode Highlights:

  • Scott's Entry into Cybersecurity

  • Focus on Azure AD

  • Exploring Vulnerabilities

  • Methodology and Tools

  • Learning and Resources

  • The Importance of Entry-Level Accessibility

Scott Miller Penetration Tester at Accenture

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


ShowMeCon: Unraveling the Cybersecurity Fabric of Space and SCADA Networks with Paul Coggin

Paul Coggin

Summary:

In this captivating episode of the "Exploring Information Security" podcast, cybersecurity expert Paul Coggin discusses the intricate world of threat hunting in SCADA networks and the emerging frontier of space cybersecurity. From the inspiration drawn from Transformers movies to the sophisticated attacks like Stuxnet, Coggin delves deep into how monitoring physical indicators could revolutionize our approach to cybersecurity in both terrestrial and extraterrestrial domains.

This podcast is sponsored by ShowMeCon.

Episode Highlights:

  • The significance of ShowMeCon in filling the void left by other conferences.

  • Paul's historical involvement and contribution to the naming of ShowMeCon and DerbyCon.

  • The Internet of Military Things

  • Initiating Threat Hunting in New Domains

  • Case Studies and Practical Applications

  • Looking Ahead: Cybersecurity in Space

Guest Information:

Paul Coggin is a Cyber SME at nou Systems, Inc.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]