Exploring Information Security - Exploring Information Security

Timothy De Block

The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.

  1. 3D AGO

    How to Launch Your Own Cybersecurity Podcast

    Summary: In a special episode recorded live from ShowMeCon, Anushree Vaidya interviews Timothy De Block about the art and science of creating and growing a podcast. This episode is a must-listen for anyone interested in starting their own show, offering a practical walkthrough of the entire process from concept to promotion. Key Takeaways: Finding Your Motivation: The conversation explores the core reasons for starting a podcast, emphasizing the importance of finding a format and message that resonates with both the host and the audience. The Technical Foundation: An overview of the essential equipment and software needed to get started, offering advice on how to produce quality audio without breaking the bank. Content and Guest Strategy: Tips on how to structure episodes, find compelling topics, and effectively interview guests to create engaging and informative content. The Power of Podcasting: The episode highlights the unexpected professional benefits of hosting a podcast, including opportunities for networking, personal growth, and becoming a recognized voice in your field.

  2. AUG 12

    How BSides St Louis Can Help Take The Next Step in Cybersecurity

    Summary: Timothy De Block and Ben Miller discuss the upcoming BSides St. Louis conference. Ben shares the mission behind the event: to provide a low-cost, high-value conference for beginners and those new to the security community. They cover the importance of community-building, the value of professional skills alongside technical ones, and the power of networking at local events. Key Takeaways: BSides St. Louis Mission: Ben and his co-founders created BSides St. Louis in 2015 as a "passion project" with the motto, "bringing the interested to the connected". The goal is to offer a free or low-cost conference to make cybersecurity knowledge accessible to beginners and career-changers who can't afford larger, more expensive events. Cost and Accessibility: This year's conference operates on a donation basis, with a recommended $25 charge to help estimate food and t-shirt orders. Ben clarifies that no one will be turned away for an inability to pay, and the organization is a 501(c)(3) charity. Networking and Career Growth: Both Ben and Timothy stress that attending local conferences like BSides on a Saturday demonstrates a commitment to learning that employers value. Networking at these events can lead to job opportunities and valuable professional connections. Professional Skills Over Hard Skills: Ben argues that professional skills—such as public speaking, running effective meetings, and communicating politely—are more crucial for career longevity than hard technical skills. He shares a personal story about how a poorly chosen phrase accidentally hurt a colleague and taught him the importance of careful communication. Encouraging New Speakers: BSides St. Louis actively seeks out first-time speakers. Ben looks for people who have never given a talk before because the audience is forgiving and it helps them develop skills vital for interviewing and running meetings. Family-Friendly Environment: The conference is explicitly family-friendly, encouraging attendees to bring children and high school students to explore the campus and participate in activities like lockpicking and soldering. Ben views "hackers" as anyone who does "something in a way that wasn't intended to be done". Personal Philosophy: Ben shares his personal mission to help people "feel secure so they can sleep at night" and his belief that giving back through events like BSides is a way to help others who were not as fortunate as he was growing up. Notable Quotes: "Bringing the interested to the connected". "One con talk isn't going to make you an expert, but learning just enough to know what to Google, so that you can become an expert when you need to later... Huge. So helpful". "I can train somebody really easy to run NMAP... but telling somebody how to shut up in a meeting and listen way harder". "Don't self-select yourself out of opportunities". "My personal life goal is to help people feel secure so they can sleep at night".

    38 min

  3. AUG 5

    [RERELEASE] What it's like in the SECTF sound booth

    Michelle (@MlleLicious) was one of the contestants who competed on Friday in the Social Engineering Capture The Flag (SECTF). This year the SECTF focused on video game companies and Michelle (happily) pulled Disney. Getting up on stage in front of hundreds of people is already a nerve racking proposition. Now add in that you have to interact with another human being to try and get them to divulge information for points. As you'll hear this was Michelle's first year at DEFCON. She dove right in to the event and walked away from the even with an amazing experience.

    27 min

  4. JUL 29

    [RERELEASE] How to network in information security - part 2

    Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general. In part two we discuss resources for getting better at networking.

    15 min

  5. 4D AGO

    Kate Johnson's Winding Path to a Director Role in Cybersecurity

    Summary: Timothy De Block interviews Kate Johnson about her cybersecurity career. Kate shares insights from her journey, emphasizing the importance of foundational knowledge and effective leadership in a constantly evolving technical field. Key Takeaways: From Guides to Director: Kate's career began with writing guides for technology users, teaching her empathy and a people-focused approach crucial for her later management roles. She progressed from an analyst to a director, leveraging early management experience at Central Michigan University. Evolving Director Role: At Draos (founded in 2017), Kate's director role has expanded significantly as the company grew from 100 to over 500 employees. She now manages intelligence reverse engineers and oversees operations for the entire intelligence services department. Leadership in Cybersecurity: Kate's management style is advisory, focusing on guiding her team and connecting their efforts. She maintains an analytical mindset, making data-driven decisions and supporting her highly technical team. A key challenge is letting people fail to learn, even if it's difficult to watch. Cybersecurity Fundamentals: Kate stresses the need for a fundamental understanding of how systems work to effectively secure them. She recommends resources like Network+ and specific SANS courses for building this base. The "Auditor" Aspect of Security: Kate views pen testing and security work as similar to auditing, emphasizing the need for evidence, identifying flaws, and providing actionable recommendations to add value. Advice: Kate encourages aspiring cybersecurity professionals to "don't give up" as there are numerous opportunities and roles available for all types of people. Resource Plug: Kate recommends OT-CERT (Secure OT CERT), a free, community-driven resource for sharing information and discussing threats in the Industrial Control Systems (ICS) field. Resources Mentioned: OT-CERT (Secure OT CERT) CompTIA Network+ certification SANS ICS 310 course Rob Lee's blog Mike Holcomb's YouTube channel

    56 min

  6. JUL 22

    [RERELEASE] How to network in information security - part 1

    Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.

    17 min

  7. JUL 15

    What are BEC attacks?

    Steve (@SteveD3) has been covering BEC types of attacks for the past year at CSO. These types of attacks are increasing. It may get worse with GDPR requirements next month. This ended up being one of the more difficult podcasts to get scheduled. Steve and I had to cancel on each other a few times because of phishing related stuff.

    28 min

  8. JUL 8

    How to crack passwords

    Sean (@SeanThePeterson), is one of the most passionate infosec people you don't know. He recently did a talk at ShowMeCon on how to crack passwords. It was his first ever talk and pretty damn good. Sean joined me to give me his insights into password cracking.

    30 min
See All (100)

4.7
out of 5
43 Ratings

About

The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.

Information

You Might Also Like