What is OSINT - Part 2

In this don't give a beep episode of the Exploring Information Security Podcast, I find out what OSINT is from OSINT master Tazz.

My first interaction with Tazz (@GRC_Ninja), was at CircleCityCon. I quickly became aware that if I got out of line at the conference Tazz was very likely to be the one to put me in my place. I also ran into her at DerbyCon where she kept people in line while waiting for talks to start. She also happens to be a speaker and this past year presented, "ZOMG Its OSINT Heaven" at BSides Las Vegas. Which is how I became aware that Tazz knew her stuff when it came to OSINT. She also writes about OSINT on her blog osint.fail. All of these interactions prompted me to have her on for a discussion on what is OSINT.

In part 2 we discuss:

  • Why OSINT is important
  • The skills needed to perform OSINT
  • The tools used for OSINT

More Resources:

What is OSINT? - Part 1

In this don't give a beep episode of the Exploring Information Security Podcast, I find out what OSINT is from OSINT master Tazz.

My first interaction with Tazz (@GRC_Ninja), was at CircleCityCon. I quickly became aware that if I got out of line at the conference Tazz was very likely to be the one to put me in my place. I also ran into her at DerbyCon where she kept people in line while waiting for talks to start. She also happens to be a speaker and this past year presented, "ZOMG Its OSINT Heaven" at BSides Las Vegas. Which is how I became aware that Tazz knew her stuff when it came to OSINT. She also writes about OSINT on her blog osint.fail. All of these interactions prompted me to have her on for a discussion on what is OSINT.

In part 1 we discuss:

  • What is OSINT
  • The methodology for OSINT

How to build a SOC - Part 3

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 3 we discuss:

  • What's after step one
  • Resources for building a SOC

How to build a SOC - Part 2

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • How to quantify the value of a SOC
  • The first step in building a SOC

How to build a SOC - Part 1

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • We define what a SOC is
  • We discuss it's structure
  • What skills are needed for a SOC

What is a SIEM?

In this most excellent edition of the Exploring Information Security podcast, I talk with Derek Thomas a senior information security analyst specializing in log management and SIEM on the topic of: "What is a SIEM?"

Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview.

In this episode, we discuss:

  • How to pronounce SIEM
  • What is a SIEM
  • How to use a SIEM
  • The biggest challenge using a SIEM
  • How to tune the SIEM
  • Use cases, use cases, use cases.

More Resources:

How to apply network security monitoring

In this most excellent edition of the Exploring Information Security, I talk with author Chris Sanders about how to apply network security monitoring to an organization.

Chris (@chrissanders88) is the co-author, along with Jason Smith, of Applied Network Security Monitoring: Collection, Detection, and Analysis. I recently finished the book and found it a valuable book for those operating within a SOC or those looking to start network security monitoring. Chris and Jason walk through the basics of network security monitoring including low-cost tools, snort, and how to investigate incidents. I highly recommend the book for those wanting to learn more about network security monitoring.

Before I get to what was discussed in the podcast, I want to make special mention of a cause Chris is very passionate about. The Rural Technology Fund, which strives to, "reduce the digital divide between rural and non-rural communities." The organization tries to get funding for kids in rural areas who might not have the resources available to explore technology fields. I love this idea and think it's a great idea, especially with all the talent shortage talk lately.

In this episode, we discuss:

  • What is network security monitoring (NSM)
  • What is needed for implementing NSM
  • Steps on how it should be applied.
  • How to tune after everything is up and running.

More Resources:

What is data driven security?

In this statistically-inclined edition for the Exploring Information Security podcast, I talk with Bob Rudis co-author of Data Driven Security to answer the questions: "What is data driven security?"

I recently read Data Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs (@jayjacobs) and Bob Rudis (@hrbrmstr). The book is easy to read and a very good introduction into the world of data and security. Both Jay and Bob were kind with their time when I had questions about exercises in the books. After reading the book I decided to have Bob on to talk more about data driven security. 

Bob Rudis is also a contributor to the Verizon DBIR and these projects below:

In this episode we discuss:

  • What is data driven security?
  • The benefits of data driven security
  • How it should be implemented
  • Where it can be applied

Bob also gave me a long list of resources for those looking to get into data-driven security:

What is application security?

In this tenacious edition of the Exploring Information Security podcast, I talk with Frank Catucci of Qualys as we answer the questions: "What is application security?"

Frank (@en0fmc) has a lot of experience with application security. His current role is the director for web application security and product management at Qualys.  He's also the chapter leader for OWASP Columbia, SC. He lives and breathes application security.

In this episode we discuss:

  • What is applications security?
  • Why is application security important?
  • Where application security should be integrated
  • Resources for getting into application security

How information security professionals should interact with the media - part two

In this exciting edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss how information security professionals should interact with the media.

Steve (@SteveD3) prior to becoming an InfoSec Journalism Wizard for CSO he spent 15 years as an IT contractor. Last year Steve gave talks on how to interact with the media at conferences such as CircleCityCon and DerbyCon. With information security getting more play in the media recently it's important that we all have a basic understanding of how to interact with the media.

In this episode we discuss:

  • Interacting with different types of media
  • Contacting media to make a correction
  • The difference between on-the-record and off-the-record
  • Don't be afraid to talk to the media
  • Steve tells a story about getting his Skype hacked.

How information security professionals should interact with the media - part 1

In this exciting edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss how information security professionals should interact with the media.

Steve (@SteveD3) prior to becoming an InfoSec Journalism Wizard for CSO he spent 15 years as an IT contractor. Last year Steve gave talks on how to interact with the media at conferences such as CircleCityCon and DerbyCon. With information security getting more play in the media recently it's important that we all have a basic understanding of how to interact with the media.

In this episode we discuss:

  • Who is the media?
  • Where would someone interact with the media?
  • Reaching out to the media
  • What does a bad interaction look like?

How to network in information security - part 2

In this edition of the Exploring Information Security podcast, I discuss with Johnny Xmas how to network in information security.

Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.

In part two we discuss:

  • Resources for getting better at networking
  • Some of the challenges of learning to network

How to network in information security - part 1

In this edition of the Exploring Information Security podcast, I discuss with Johnny Xmas how to network in information security.

Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.

In part one we discuss:

  • What is networking?
  • How can Twitter be leverage to strengthen and improve your network?

How to play a CTF

In this thrilling edition of the Exploring Information Security Podcast, I talk with David Coursey about how to play capture the flag (infosec-style).

David (@dacoursey) is one of the organizers of the Charleston ISSA chapter. At DerbyCon 2014 he experienced his first CTF. He had such a good time that he decided to put together the CTF for BSides Charleston two months later. Through those experiences he has learned a lot and has participated in many more CTFs this past year.

In this episode we discuss:

  • What is a CTF event?
  • What is needed to get starter?
  • How to play a CTF?
  • How to win a CTF?
  • What makes for an excellent CTF

How to deal with the "experience required" paradox

In this exciting edition of the Exploring Information Security (EIS) podcast, I talk with Jerry Bell about overcoming the "experience required" requirement on infosec job postings.

Jerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.

In this episode we talk about:

  • Activities that can be done to overcome "experience required"
  • Who is does this requirement apply
  • Our own personal experiences and suggestions for overcoming the paradox

What certifications are available for infosec professionals?

In this episode of the Exploring Information security (EIS) podcast, I talk with Ralph Collum of Training Concepts about the certifications available for information security professionals or those looking to get into information security.

Ralph (@Optimus__Prime) holds many infosec related certifications and is also an instructor of courses meant to help people get certified. Certifications are not a finish line for professionals. They are, instead, more of starting point for professionals. Getting certified means that a certain level of knowledge has been achieved.

In this episode Ralph and I discuss:

  • Why someone should get certified?
  • What certifications are available?
  • How to get certified
  • When should someone get certified?
  • Which certifications are the best?

My DerbyCon talk - The Blue Team Starter Kit

In this special episode of the Exploring Information Security (EIS) podcast, my Blue Team Starter Kit talk from DerbyCon.

I had the wonderful opportunity to speak at DerbyCon this year. The overall experience was amazing and I am thankful and honored to speak at such a great event. I was placed in the stables track with a 20-25 minute talk, which makes the recording perfect for this podcast. A huge shoutout and thanks to Adrian Crenshaw for all his work in recording talks for conferences. The information security community would be lesser without him.

In my talk I discuss several challenges and tools to meet those challenges, including:

What is the perception of information security - part 2

In the second episode of the refreshed edition of the Exploring Information Security (EIS) podcast (wow, that's a mouthful), I talk with Chris Maddalena about the perception of information security.

Chris recently gave a talk on FUD at BSides Detroit and CircleCityCon this past Summer, prompting me to explore the topic of information security perception with him. I think perception is something very important to the infosec community, especially, now that it is becoming more relevant in the public eye.

In part two of this two part series we talk about perception:

  • Security can be a friendly face.
  • The word hacker.
  • Developers vs. security.

What is the perception of information security - part 1

In the second episode of the refreshed edition of the Exploring Information Security (EIS) podcast (wow, that's a mouthful), I talk with Chris Maddalena about the perception of information security.

Chris recently gave a talk on FUD at BSides Detroit and CircleCityCon this past Summer, prompting me to explore the topic of information security perception with him. I think perception is something very important to the infosec community, especially, now that it is becoming more relevant in the public eye.

In part one of this two part series we talk about perception

  • What is the perception of infosec in business?
  • How do we change the perception of security?
  • We start getting into where security fits in an organization

What is CircleCityCon?

In the ninth edition of the Exploring Information security (EIS) podcast, I talk with Grap3 Ap3 and Dr. BearSec about the security conference CircleCityCon.

Both Grap3 Ap3 and Dr. BearSec are organizers for the wonderful event. In this episode they talk about the origins of the conference, some of the challenges of putting the conference together, the atmosphere of the conference, and what attendees can expect for next year. Follow Grap3 Ap3 (@grap3_ap3) and DrBearSec (@drbearsec) and of course the conference (@CircleCityCon) on Twitter.

In this interview we cover:

  • What is CircleCityCon?
  • How did it get started?
  • The challenges of putting the conference together
  • What to look forward to in 2016