How to find balance in information security

In this balanced edition of the Exploring Information Security podcast, Joey Maresca AKA l0stkn0wledge joins me to discuss finding balance in information security.

Joey (@l0stkn0wledge) has been i the infosec industry for over 10 years. He's had his highs and he has had his lows. He joins me to discuss some of those lows and what he did to get out of them. In the end it's all about setting goals and moving towards inner peace. This is another episode in our DerbyCon series.

Joey's DerbyCon talk is available here.

In this episode we discuss:

  • What the talk is about
  • The idea for this talk
  • Why finding balance is important
  • How to find that balance

What can an OSINT creeper learn?

In this creepy edition of the Exploring Information Security podcast, Josh Huff and I discuss what you can learn being an OSINT creeper.

Josh (@baywolf88) is one of the up and coming professionals in the Open Source Intelligence (OSINT) discipline. By day, he's a forensic analyst at an investigation firm. By night, he's an information gathering OSINT creeper. He's been studying OSINT heavily the last year and is here to share his experience and lessons learned.

Josh's talks is available here.

In this episode we discuss:

  • What is an OSINT creeper?
  • What is the methodology of an OSINT creeping?
  • What are the lessons learned?
  • How to get started OSINT creeping

How to automate security into the SDLC

In this automatic episode of the Exploring Information Security podcast, Jimmy Byrd joins the show to discuss his DerbyCon talk, "Security automation in your continuous integration pipeline."

Jimmy (@jimmy_byrd) is the lead developer at Binary Defense. Recently, he was accepted to speak at DerbyCon. He will be speaking Saturday September 24, 2016, in the stable talk track. His topic is on integrating security into the automation part of the software development life cycle (SDLC).

Jimmy's DerbyCon talk is available here.

In this episode we discuss:

  • What is the SDLC?
  • What is continuous integration?
  • Why getting security automated in the SDLC is important
  • How to get security automated in the SDLC

More resources:

What is DerbyCon?

In the return of the Exploring Information Security podcast, I explore DerbyCon with Adrian Crenshaw AKA Irongeek.

Adrian (@Irongeek_adc) is one of the founding members of DerbyCon. Last year I went to DerbyCon for the first time. I had an absolute blast and I happy that I am getting an opportunity to go again this year. The talks are all fantastic, but even better are the connections that can be made at the conference. DerbyCon is in Louisville, Kentucky, September 21 - 25, 2016. The conference is sold out, but tickets can be usually found by watching Twitter for people selling tickets.

DerbyCon videos are up.

In this episode we discuss:

  • The origins of DerbyCon
  • All the events and activities available
  • How to get involved in the conference
  • BONUS: How to get accepted at DerbyCon

Other resources:

EIS taking a break

First, thank you to everyone who listens to the show regularly. From time-to-time I hear from people who enjoy the show and I couldn't be happier that they enjoy the content I produce. With that said, the show is going into a temporary hiatus. I am in a big transition right now in life and maintaining the show has become a struggle.

I have decided to take a break because I don't want the quality of the shows to suffer. I'm hoping it's only a month long hiatus, but there is a chance it could be longer. A lot of it will depend on how quickly I can get out of the chaos and into a regular routine. I want to thank everyone in advance and I am looking forward to filling the feed with new episodes.

Thank you,

Tim

When not to use Burp Suite

In this gassy edition of the Exploring Information Security podcast, James Green joins me to discuss when not to use Burp Suite. 

James (@Greenjam94) is a member of the MISec community and recently gave a talk about why not to use Burp Suite. Being in application security this was a topic I had interest in. Unfortunately, the presentation was not recorded. I decided to take matters into my own hands and have James on the show to discuss this topic.

In this episode we discuss

  • What is Burp Suite?
  • How is Burp used
  • Why Burp shouldn't be use
  • When to use Burp

How to write an infosec resume

In this advice driven episode of the Exploring Information Security podcast, I talk about my experiences writing a resume.

I received some positive feedback from people on the, "How I got into information security" episode. I've decided to try another episode where I talk about writing a resume for an information security position. Writing a resume for infosec is not unlike writing a resume for any other field. Two resources I've leaned heavily on to improve my resume are the Career Tools podcast and What Color Is Your Parachute by Richard N. Bolles. I recommend both for those looking to improve their resume.

In this episode I discuss:

What is MS08-067?

In this artistic episode of the Exploring Information Security podcast, Mubix joins me to discuss MS08-067.

Mubix (@mubix), available at room362 and Hak5, joins me to discuss one of his favorite exploits: MS08-067. I invited Mubix on to talk about MS08-067 because of a tweet he retweeted. The tweet included a confession that a consultant used the MS08-067 vulnerability to break into a clients network. This vulnerability is really old and while not widespread it does pop-up from time-to-time. I was happy to discover that Mubix has a great appreciation for the exploit.

In this episode we discuss:

  • What is MS08-067?
  • How long has it been around?
  • Why is it still around?
  • What name it would be given in today

More resources:

What is another home lab use case?

In this alternate episode of the Exploring Information Security podcast, Brian Hearn joins me to discuss another home lab use case.

Brian (@drambuie_B) after listening to the How to build a home lab episode, gave me some feedback on the episode. he also shared his home lab setup. He uses an application called GNS3 which allows him to setup a more elaborate networking lab. I was intrigued and decided to have him on to discuss his lab further.

In this episode we discuss:

  • Brian's home lab setup
  • How he uses the lab
  • What he gains from this lab setup
  • GNS3

How I got into information security

In this journey episode of the Exploring Information Security podcast, I discuss how I got into information security.

I am in a bit of a transition right now. Getting guests for the show hasn't been as much of a priority for me the last month. This is something I've been wanting to try and so naturally now is a good time to experiment. In this episode I talk about my path to information security. Which includes military service and roles as system analyst, network and system administrator.

I would appreciate feedback on this episode. I may do more of these where I'm just solo talking about my personal experiences or covering certain topics. Email me at timothy[dot]deblock[at]gmail[dot]com or hit me up on Twitter @TimothyDeBlock.

What is Tactical Edge?

In this exotic episode of the Exploring Information Security podcast, Ed Rojas joins me to answer the question, "What is Tactical Edge?"

Ed (@EdgarR0jas) is the creator of Tactical Edge (@Tactical3dge), which runs October 24 - 27, 2016, and PVC Security podcast co-host. For listeners of that podcast, I apologize. You've heard about about Tactical Edge extensively. However, I managed to get a little more out of him in this episode. We discuss origins and what makes this conference unique.

In this episode we discuss:

  • What is Tactical Edge
  • The origins of the conference
  • What makes it unique
  • Some of the fun activities to take part in while at the conference.

What is social engineering?

In this humanized episode of the Exploring Information Security podcast, Valerie Thomas joins me to answer the question, "What is social engineering?"

Valerie (@hacktress09) is an executive consultant for Securicon. She uses many techniques to pentest an organization via social engineering. One of the techniques she uses the most is phishing emails.

In this episode we discuss:

  • What is social engineering?
  • The different types of social engineering techniques
  • How social engineering test are conducted
  • Why social engineering is important.

More resources:

How to be a better mentor

In this guided episode of the Exploring Information Security podcast, Chris Spehn joins me to discuss, how to be a better mentor.

Chris (@_Lopi_) has some interesting thoughts on mentorship and how the infosec community can be better at it. Here is the tweet from Chris that caught my attention:

Upon further investigation I noted that Chris is creating a game for people trying to break into information security. How this applies? You will have to listen to the episode.

In this episode Chris and I discuss:

  • What is a mentor?
  • Why mentors are importnat
  • How to define a good mentor
  • Mentorship doesn't have to always be a one-on-one thing

What is a security framework?

In this framed episode of the Exploring Information Security podcast, Steven Legg joins me to answer the question, What is a security framework?

Steven (@ZenM0de) is a principal security strategist at eSentire. Part of his role is implementing, and even sometimes creating, security frameworks for organizations. We define what a security framework is and then discuss the process for choosing a framework.

In this episode we discuss:

  • What is a security framework
  • Why is it important
  • Who should be making the decision on a security framework
  • How to know the right ones has been chosen

More resources:

How to make time for a home lab

In this timely episode of the Exploring Information Security podcast, Chris Maddalena and I continue our home lab series by answering a listener's question on how to find time for a home lab.

Chris (@cmaddalena) and I were asked the question on Twitter, "How do you make time for a home lab?" We answered the question on Twitter, but also decided the question was a good topic for an EIS episode. Home labs are great for advancing a career or breaking into information security. To find the time for them requires making them a priority. It's also good to have a purpose. The time I spend with a home lab is often sporadic and coincides with research on a given area.

In this episode we discuss:

  • Making a home lab a priority
  • Use cases for a home lab
  • Ideas for fitting a home lab into a busy schedule

More resource:

How to build a home lab

In this getting stared episode of the Exploring Information Security podcast, I discuss how to build a home lab with Chris Maddalena.

Chris (@cmaddalena) and I have submitted to a couple of calls for training at CircleCityCon and Converge and BSides Detroit this summer on the topic of building a home lab. I will also be speaking on this subject at ShowMeCon. Home labs are great for advancing a career or breaking into information security. The bar is really low on getting started with one. A gaming laptop with decent specifications works great. For those with a lack of hardware or funds there are plenty of online resources to take advantage of. 

In this episode we discuss:

  • What is a home lab?
  • Why would someone want to build a home lab?
  • What are the different kinds of home labs?
  • What are the requirements?
  • How to get started building a home lab

More resources:

What is red vs. blue? - Part 2

In this competitive episode of the Exploring Information Security podcast, I discuss red team vs. blue team with Mubix AKA Rob Fuller.

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. 

In this episode we discuss:

  • Maximizing the pentest window
  • CTFs and how they contribute to the problem

More Resources

What is Red vs. Blue - Part 1

In this competitive episode of the Exploring Information Security podcast, I discuss red team vs. blue team with Mubix AKA Rob Fuller.

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. 

In this episode we discuss:

  • Define red team vs. blue team
  • Working together

More Resources

How to start a successful CitySec meetup - Part 2

In this get together episode of the Exploring Information Security podcast, I discuss "How to start a successful CitySec meetup" with BurbSec organizer Johnny Xmas.

How to start a successful CitySec meetup - Part 1

Johnny, (@J0hnnyXm4s), helps organize four monthly meetups in the Chicago area called BurbSec. Starting a CitySec is a unique challenge but one that is easily doable. CitySec's provide an opportunity for security professionals and enthusiasts to get together to network, learn, and improve their security mindset. Johnny will be presenting this topic as a talk at BSides Nashville April 16, 2016.

In this episode we discuss:

  • Location of the meetup
  • Website viability

More Resources

How to start a successful CitySec meetup - Part 1

In this get together episode of the Exploring Information Security podcast, I discuss "How to start a successful CitySec meetup" with BurbSec organizer Johnny Xmas.

Johnny, (@J0hnnyXm4s), helps organize four monthly meetups in the Chicago area called BurbSec. Starting a CitySec is a unique challenge but one that is easily doable. CitySec's provide an opportunity for security professionals and enthusiasts to get together to network, learn, and improve their security mindset. Johnny will be presenting this topic as a talk at BSides Nashville April 16, 2016.

In this episode we discuss:

  • The origin story of BurbSec in Chicago
  • Marketing
  • The people who attend CitySec meetups

More Resources