What is Tactical Edge?

In this exotic episode of the Exploring Information Security podcast, Ed Rojas joins me to answer the question, "What is Tactical Edge?"

Ed (@EdgarR0jas) is the creator of Tactical Edge (@Tactical3dge), which runs October 24 - 27, 2016, and PVC Security podcast co-host. For listeners of that podcast, I apologize. You've heard about about Tactical Edge extensively. However, I managed to get a little more out of him in this episode. We discuss origins and what makes this conference unique.

In this episode we discuss:

  • What is Tactical Edge
  • The origins of the conference
  • What makes it unique
  • Some of the fun activities to take part in while at the conference.

What is social engineering?

In this humanized episode of the Exploring Information Security podcast, Valerie Thomas joins me to answer the question, "What is social engineering?"

Valerie (@hacktress09) is an executive consultant for Securicon. She uses many techniques to pentest an organization via social engineering. One of the techniques she uses the most is phishing emails.

In this episode we discuss:

  • What is social engineering?
  • The different types of social engineering techniques
  • How social engineering test are conducted
  • Why social engineering is important.

More resources:

How to be a better mentor

In this guided episode of the Exploring Information Security podcast, Chris Spehn joins me to discuss, how to be a better mentor.

Chris (@_Lopi_) has some interesting thoughts on mentorship and how the infosec community can be better at it. Here is the tweet from Chris that caught my attention:

Upon further investigation I noted that Chris is creating a game for people trying to break into information security. How this applies? You will have to listen to the episode.

In this episode Chris and I discuss:

  • What is a mentor?
  • Why mentors are importnat
  • How to define a good mentor
  • Mentorship doesn't have to always be a one-on-one thing

What is a security framework?

In this framed episode of the Exploring Information Security podcast, Steven Legg joins me to answer the question, What is a security framework?

Steven (@ZenM0de) is a principal security strategist at eSentire. Part of his role is implementing, and even sometimes creating, security frameworks for organizations. We define what a security framework is and then discuss the process for choosing a framework.

In this episode we discuss:

  • What is a security framework
  • Why is it important
  • Who should be making the decision on a security framework
  • How to know the right ones has been chosen

More resources:

How to make time for a home lab

In this timely episode of the Exploring Information Security podcast, Chris Maddalena and I continue our home lab series by answering a listener's question on how to find time for a home lab.

Chris (@cmaddalena) and I were asked the question on Twitter, "How do you make time for a home lab?" We answered the question on Twitter, but also decided the question was a good topic for an EIS episode. Home labs are great for advancing a career or breaking into information security. To find the time for them requires making them a priority. It's also good to have a purpose. The time I spend with a home lab is often sporadic and coincides with research on a given area.

In this episode we discuss:

  • Making a home lab a priority
  • Use cases for a home lab
  • Ideas for fitting a home lab into a busy schedule

More resource:

What is red vs. blue? - Part 2

In this competitive episode of the Exploring Information Security podcast, I discuss red team vs. blue team with Mubix AKA Rob Fuller.

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. 

In this episode we discuss:

  • Maximizing the pentest window
  • CTFs and how they contribute to the problem

More Resources

What is Red vs. Blue - Part 1

In this competitive episode of the Exploring Information Security podcast, I discuss red team vs. blue team with Mubix AKA Rob Fuller.

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. 

In this episode we discuss:

  • Define red team vs. blue team
  • Working together

More Resources

How to start a successful CitySec meetup - Part 2

In this get together episode of the Exploring Information Security podcast, I discuss "How to start a successful CitySec meetup" with BurbSec organizer Johnny Xmas.

How to start a successful CitySec meetup - Part 1

Johnny, (@J0hnnyXm4s), helps organize four monthly meetups in the Chicago area called BurbSec. Starting a CitySec is a unique challenge but one that is easily doable. CitySec's provide an opportunity for security professionals and enthusiasts to get together to network, learn, and improve their security mindset. Johnny will be presenting this topic as a talk at BSides Nashville April 16, 2016.

In this episode we discuss:

  • Location of the meetup
  • Website viability

More Resources

How to start a successful CitySec meetup - Part 1

In this get together episode of the Exploring Information Security podcast, I discuss "How to start a successful CitySec meetup" with BurbSec organizer Johnny Xmas.

Johnny, (@J0hnnyXm4s), helps organize four monthly meetups in the Chicago area called BurbSec. Starting a CitySec is a unique challenge but one that is easily doable. CitySec's provide an opportunity for security professionals and enthusiasts to get together to network, learn, and improve their security mindset. Johnny will be presenting this topic as a talk at BSides Nashville April 16, 2016.

In this episode we discuss:

  • The origin story of BurbSec in Chicago
  • Marketing
  • The people who attend CitySec meetups

More Resources

How to attend a conference

In this driven episode of the Exploring Information Security podcast, I discuss how to attend a conference with Wolfgang Goerlich, the director of security strategy at CBI.

Wolf (@jwgoerlich), recently produced an interesting PVCSec episode at CodeMash on the challenges of getting into infosec. One of the interesting notes from that podcast was learning how to attend a conference. It was such a great point that I invited Wolf back on EIS to discuss how to get the most out of attending a conference.

In this episode we discuss:

  • We define what attending a conference is
  • The individual goals of attendees
  • Attending a conference: pre-game, attending, and post-conference
  • Experiences that should be taken away from attending a conference

More Resoruces

What is the Security Culture Conference? - Part 2

In this relationship building episode of the Exploring Information Security podcast, I explore what is the Security Culture Conference in Oslo, Norway, June 14 - 15, 2015 with the creator of the Security Culture Framework Kai Roer.

Kai (@kairoer), is a speaker, trainer, consultant, and the creator of the Security Culture Framework (SCF). The framework deals with embedding a security mindset into the entire organization. It takes security awareness training to the next level by not only performing the training, but then measuring it's effectiveness. The Security Culture Conference is a result of that idea. It brings the brightest minds in security and gives them a platform to share ideas on the security culture in an organization. The conferences is June 14 - 15 in Oslo, Norway.

EIS listeners can get a discount on an admission ticket by entering promo code: PVCSEC

In part two we focus on the Security Culture Framework:

  • Why you should attend the conference
  • What was the motivation for the conference?
  • The type of content people can expect
  • The activities attendees can expect while attending the conference

What is the Security Culture Conference? - Part 1

In this relationship building episode of the Exploring Information Security podcast, I explore what is the Security Culture Conference in Oslo, Norway, June 14 - 15, 2015 with the creator of the Security Culture Framework Kai Roer.

Kai (@kairoer), is a speaker, trainer, consultant, and the creator of the Security Culture Framework (SCF). The framework deals with embedding a security mindset into the entire organization. It takes security awareness training to the next level by not only performing the training, but then measuring it's effectiveness. The Security Culture Conference is a result of that idea. It brings the brightest minds in security and gives them a platform to share ideas on the security culture in an organization. The conferences is June 14 - 15 in Oslo, Norway.

EIS listeners can get a discount on an admission ticket by entering promo code: PVCSEC

In part one we focus on the Security Culture Framework:

  • What is the Security Culture Framework
  • How it's applied to an organization
  • The four items of success
  • Metrics used to measure security culture

More Resources

What is a CISSP?

In this certifiably awesome episode of the Exploring Information Security podcast, I explore what a Certified Information Systems Security Professional with Javvad Malik.

Javvad Malik (@J4vv4d) doesn't need much introduction. He's done a video on the benefits of being a CISSP. He's also done a music video with his Host Unknown crew on the CISSP. There's also The CISSP companion handbook he wrote. which has a collection of stories and experiences dealing with the 10 domains of the CISSP. Check out his website at j4vv4d.com and his YouTube channel.

In this episode we discuss:

  • What is a CISSP?
  • What is the value of having a CISSP?
  • Who should get the CISSP?
  • The nuances of the certification test (pay attention to the questions)

More resources:

What is the problem we're trying to solve?

In this catalyst episode of the Exploring Information Security podcast, I explore the question, "What is the problem we're trying to solve" with Michael Santarcangelo.

Michael Santarcangelo, AKA The @catalyst, joins me to explain why answering the question is key to better security. The question, "What is the problem we're trying to solve" is the first step in identifying whether or not the problem at hand is worth addressing at this time. Essentially, is this what we should be working on right now and what will this gain us. This is a question to be answered by leadership. Michael has two decades of experience in security and working at the executive level. He's a regular on the Security Weekly and Down the Security Rabbithole podcasts. He's also launching his new program Straight Talk on Security.

In this episode we discuss:

  • What does the question mean?
  • Risk catnip
  • Why is the question important?
  • How to answer the question
  • The three perspectives of the quesiton

What is OSINT - Part 2

In this don't give a beep episode of the Exploring Information Security Podcast, I find out what OSINT is from OSINT master Tazz.

My first interaction with Tazz (@GRC_Ninja), was at CircleCityCon. I quickly became aware that if I got out of line at the conference Tazz was very likely to be the one to put me in my place. I also ran into her at DerbyCon where she kept people in line while waiting for talks to start. She also happens to be a speaker and this past year presented, "ZOMG Its OSINT Heaven" at BSides Las Vegas. Which is how I became aware that Tazz knew her stuff when it came to OSINT. She also writes about OSINT on her blog osint.fail. All of these interactions prompted me to have her on for a discussion on what is OSINT.

In part 2 we discuss:

  • Why OSINT is important
  • The skills needed to perform OSINT
  • The tools used for OSINT

More Resources:

What is OSINT? - Part 1

In this don't give a beep episode of the Exploring Information Security Podcast, I find out what OSINT is from OSINT master Tazz.

My first interaction with Tazz (@GRC_Ninja), was at CircleCityCon. I quickly became aware that if I got out of line at the conference Tazz was very likely to be the one to put me in my place. I also ran into her at DerbyCon where she kept people in line while waiting for talks to start. She also happens to be a speaker and this past year presented, "ZOMG Its OSINT Heaven" at BSides Las Vegas. Which is how I became aware that Tazz knew her stuff when it came to OSINT. She also writes about OSINT on her blog osint.fail. All of these interactions prompted me to have her on for a discussion on what is OSINT.

In part 1 we discuss:

  • What is OSINT
  • The methodology for OSINT

How to build a SOC - Part 3

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 3 we discuss:

  • What's after step one
  • Resources for building a SOC

How to build a SOC - Part 2

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • How to quantify the value of a SOC
  • The first step in building a SOC

How to build a SOC - Part 1

In this SOC it to me edition of the Exploring Information Security Podcast, I talk with Paul Jorgensen of IBM to figure out how to build a SOC.

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got extensive knowledge of how to put one together and that showed in the recording. For the first time in EIS history, we have a three part series.

In part 1 we discuss:

  • We define what a SOC is
  • We discuss it's structure
  • What skills are needed for a SOC

What is a SIEM?

In this most excellent edition of the Exploring Information Security podcast, I talk with Derek Thomas a senior information security analyst specializing in log management and SIEM on the topic of: "What is a SIEM?"

Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview.

In this episode, we discuss:

  • How to pronounce SIEM
  • What is a SIEM
  • How to use a SIEM
  • The biggest challenge using a SIEM
  • How to tune the SIEM
  • Use cases, use cases, use cases.

More Resources: