What certifications are available for infosec professionals?

In this episode of the Exploring Information security (EIS) podcast, I talk with Ralph Collum of Training Concepts about the certifications available for information security professionals or those looking to get into information security.

Ralph (@Optimus__Prime) holds many infosec related certifications and is also an instructor of courses meant to help people get certified. Certifications are not a finish line for professionals. They are, instead, more of starting point for professionals. Getting certified means that a certain level of knowledge has been achieved.

In this episode Ralph and I discuss:

  • Why someone should get certified?
  • What certifications are available?
  • How to get certified
  • When should someone get certified?
  • Which certifications are the best?

My DerbyCon talk - The Blue Team Starter Kit

In this special episode of the Exploring Information Security (EIS) podcast, my Blue Team Starter Kit talk from DerbyCon.

I had the wonderful opportunity to speak at DerbyCon this year. The overall experience was amazing and I am thankful and honored to speak at such a great event. I was placed in the stables track with a 20-25 minute talk, which makes the recording perfect for this podcast. A huge shoutout and thanks to Adrian Crenshaw for all his work in recording talks for conferences. The information security community would be lesser without him.

In my talk I discuss several challenges and tools to meet those challenges, including:

What is the perception of information security - part 2

In the second episode of the refreshed edition of the Exploring Information Security (EIS) podcast (wow, that's a mouthful), I talk with Chris Maddalena about the perception of information security.

Chris recently gave a talk on FUD at BSides Detroit and CircleCityCon this past Summer, prompting me to explore the topic of information security perception with him. I think perception is something very important to the infosec community, especially, now that it is becoming more relevant in the public eye.

In part two of this two part series we talk about perception:

  • Security can be a friendly face.
  • The word hacker.
  • Developers vs. security.

What is the perception of information security - part 1

In the second episode of the refreshed edition of the Exploring Information Security (EIS) podcast (wow, that's a mouthful), I talk with Chris Maddalena about the perception of information security.

Chris recently gave a talk on FUD at BSides Detroit and CircleCityCon this past Summer, prompting me to explore the topic of information security perception with him. I think perception is something very important to the infosec community, especially, now that it is becoming more relevant in the public eye.

In part one of this two part series we talk about perception

  • What is the perception of infosec in business?
  • How do we change the perception of security?
  • We start getting into where security fits in an organization

What is CircleCityCon?

In the ninth edition of the Exploring Information security (EIS) podcast, I talk with Grap3 Ap3 and Dr. BearSec about the security conference CircleCityCon.

Both Grap3 Ap3 and Dr. BearSec are organizers for the wonderful event. In this episode they talk about the origins of the conference, some of the challenges of putting the conference together, the atmosphere of the conference, and what attendees can expect for next year. Follow Grap3 Ap3 (@grap3_ap3) and DrBearSec (@drbearsec) and of course the conference (@CircleCityCon) on Twitter.

In this interview we cover:

  • What is CircleCityCon?
  • How did it get started?
  • The challenges of putting the conference together
  • What to look forward to in 2016

What is security awareness?

In the refreshed edition of the Exploring Information Security (EIS) podcast, I talk to Amanda Berlin AKA @Infosystir about security awareness. 

Amanda was charged with setting up a security awareness program for her company from scratch. Setting up a security awareness program is hard work, making it effective is even harder, but Amanda rose to the challenge and came up with some creative ways to help fellow employees get a better handle on security.

In this interview we cover:

  • What is security awareness?
  • How a security awareness program should be implemented.
  • What does an effective security program look like?
  • How do you measure the effectiveness of a security awareness program

How to ZAP your websites

Originally posted on September 11, 2014.

In the seventh edition of the Exploring Information Security (EIS) podcast, I talk with Zed Attack Proxy (ZAP) creator and project lead Simon Bennetts.

Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

In this interview we cover:

  • What is ZAP and how did the project get started?

  • Who should utilize ZAP?

  • What skill level is need to start using ZAP?

  • Where should ZAP be used?

  • How you can get involved in the project.

How to use PowerShell for security

Originally posted on August 27, 2014.

In the sixth edition of the Exploring Information Security (EIS) podcast, I talk with PowerShell guru Matt Johnson a founder of PoshSec.

Matt Johnson has spoken at conference's like GrrCon and DerbyCon on using PowerShell for security. He also has his own podcast titled, Leveled up Infosec Podcast and he's the founder of PoshSec. You can catch Matt tweeting about security on Twitter @mwjcomputing.

In this interview we cover:

  • What is PowerShell
  • How to get started using PowerShell
  • How to best utilize PowerShell for security
  • Available resource
  • What mistakes can be made using PowerShell for security

What is BSides Augusta?

In this episode of the Exploring Information Security (EIS) podcast, I talk with one of the organizers of BSides Augusta, Doug Burks.

2015 will be the third year for the security conference and it looks to be even bigger and better than last year. This year the conference features a two blue team tracks, a red team track, CTF challenge, a lock pick village, and much more.  Doug also talked about his own conference that leads into BSides Augusta, the Security Onion conference. BSides Augusta is sold out, but the Security Onion conference still has tickets available.

Security Onion Conference - September 11, 2015 - Tickets available

BSides Augusta - September 12, 2015 - SOLD OUT with waiting list

In this interview Doug discusses:

  • What is BSides Augusta
  • How the security conference got started
  • The blue team atmosphere
  • The Security Onion conference

What is threat modeling?

Originally posted August 13, 2014.

In the fifth edition of the Exploring Information Security (EIS) podcast, I talk with J Wolfgang Goerlich, Vice President of Vio Point, about threat modeling.

Wolfgang has presented at many conference on the topic of threat modeling. He suggests using a much similar method of threat modeling that involves threat paths, instead of other methods such as a threat tree or kill chain. You can find him taking long walks and naps on Twitter (@jwgoerlich) and participating in several MiSec (@MiSec) projects and events. 

In this interview Wolfgang covers:

  • What is threat modeling?
  • What needs to be done to threat model
  • Who should perform the threat modeling
  • Resources that can be used to build an effective threat model
  • The life cycle of a threat model

What is cryptography?

Originally posted July 30, 2014.

In the fourth edition of the Exploring Information Security (EIS) podcast, I talk to the smooth sounding Justin Troutman a cryptographer from North Carolina about what cryptography is.

Justin is a security and privacy research currently working on a project titled, "Mackerel: A Progressive School of Cryptographic Thought." You can find him on Twitter (@JustinTroutman) discussing ways in which crypto can be made easier for the masses. Be sure to check out his website for more information.

In the interview Justin talks about

  • What cryptography is
  • Why everyone should care about cryptography
  • What some of it's applications are
  • How someone would get started in cryptography and what are some of the skills needed

What is a Chief Information Security Officer (CISO)

Originally July 9, 2015.

In the third edition of the Exploring Information Security (EIS) podcast my infosec cohort Adam Twitty and I talk to the Wh1t3 Rabbit, Rafal Los, about what exactly a Chief Information Security Officer, otherwise known as CISO, is.

Rafal Los (@Wh1t3Rabbit) is the Director of Solutions Research at Accuvant. He produces the Down The Security Rabbithole podcast and writes the Following the Wh1t3 Rabbit security blog. On several occasions he's tackled the CISO role within an organization on both his podcast and blog.  I would highly recommend both if you're in the infosec field or looking to get into it.

In the interview Rafal talks about:

  • What a CISO is
  • What role does a CISO fill in an organization
  • Who skills are needed to be an effective CISO
  • The different types of CISOs

How to organize an information security conference

Originally posted on July 2, 2015.

In the second edition of the Exploring Information Podcast (EIS) my infosec cohort Adam Twitty and I talk to Ed Rojas about how to put together an information security conference.

Ed Rojas (@EdgarR0jas) is a Master Consultant for HP Enterprise Security and the creator of Security Zone information security conference in Columbia and the organizer of the BSides Nashville security conference. I had the pleasure of attending BSides Nashville this year and got the opportunity to snap a few pictures. Ed was a very accommodating and passionate host for the event. 

In this interview Ed talks about:

  • The first step to organizing a security conference
  • The time and effort it requires
  • How to pick the right date
  • The biggest challenges putting together an event
  • Some of the mistakes that were made
  • Where to host the event

How to get into information security

Originally posted June 25, 2014

I've been wanting to do a podcast, for a while now, on information security. I wasn't sure what I wanted the objective of the podcast to be. Most of the information security podcasts out there, or at least the ones I listen to, usually do a guest interview and cover some of the latest news and happenings within the information security. I didn't want to spin up, yet, another one of those.

Instead I've decided to spin up a podcast that explores the world of information security. One of the things I've been hearing the infosec community needs are people to teach security to those inside and outside the community. I am still very much in the early stages of my career as an information security professional and trying to learn as much as I can. I thought a podcast that allowed me to share what I've learned and explored would make for a great podcast. So here we are and my first podcast is about how to get into information security.

To explore that topic I decided to do an interview with VioPoint consultant and roundhouse master Jimmy Vo (@JimmyVo). We covered how he got into information security and also talked about some of things people on the outside looking in can do to get into information security.

Feedback is very much appreciated and wanted. Leave them in the comment section or contact me via email.

 

The Final Episode

In this final edition of the Exploring Information Security podcast, I talk about my reasons for stopping production on episodes.

This isn’t the easiest thing to do. Now that I’m writing the podcast post after recording and editing the podcast, I have a sense of relief. For the last month plus, I’ve tried to decide whether or not to shut down the podcast. The fact that it took this long to record a final episode tells me that it was time. I wrote about my reasoning in a blog post on the main page. This may or may not be the end. That largely depends on if someone would like to pick up the podcast and produce it themselves. I’d love to guide and mentor someone on the journey.

The podcast has been beneficial to me and the many people who have reached out providing appreciative feedback. I’d love to see it continue. I’m also content that this is the end of the podcast. I will be at BSides Nashville shooting pictures and very likely be at DEFCON manning the Social Engineering door. Come see high or reach out to me on social media (@TimothyDeBlock) or email (timothy[.]deblock[@]gmail[.]com).