The return of the Exploring Information Security podcast

A year ago, I started an information security podcast that explores different topics and disciplines within the field. I stopped producing the podcast because I had too many things going on at the time and my final year of school was about to start. I was overwhelmed and that was an easy project to stop doing. A year later and I've found myself with more time and a desire to continue the project I started a year ago.

This week I have two interviews lined up with more expected in the coming weeks. My plan is to launch in early August. I will be putting the first three episodes I did last year up on iTunes and then begin releasing the episodes weekly. All seven episodes I did last year can be found at http://www.timothydeblock.com/eis/. I will continue to release episodes there, as well as on your favorite podcast directory.

This post first appeared on Exploring Information Security.

Exploring Information Security: How to ZAP your websites

In the seventh edition of the Exploring Information Security (EIS) podcast, I talk with Zed Attack Proxy (ZAP) creator and project lead Simon Bennetts.

Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

In this interview we cover:

  • What is ZAP and how did the project get started?

  • Who should utilize ZAP?

  • What skill level is need to start using ZAP?

  • Where should ZAP be used?

  • How you can get involved in the project.

Music by Alan Read

Leave feedback and topic suggestions in the comment section below.

This post first appeared on Exploring Information Security.

Exploring Information Security: What is threat modeling?

In the fifth edition of the Exploring Information Security (EIS) podcast, I talk with J Wolfgang Goerlich, Vice President of Vio Point, about threat modeling.

Wolfgang has presented at many conference on the topic of threat modeling. He suggests using a much similar method of threat modeling that involves threat paths, instead of other methods such as a threat tree or kill chain. You can find him taking long walks and naps on Twitter (@jwgoerlich) and participating in several MiSec (@MiSec) projects and events. 

In this interview Wolfgang covers:

  • What is threat modeling?

  • What needs to be done to threat model

  • Who should perform the threat modeling

  • Resources that can be used to build an effective threat model

  • The life cycle of a threat model

Leave feedback and topic suggestions in the comment section below.

This post first appeared on Exploring Information Security.

Exploring Information Security: What is cryptography

JustinTroutman

In the fourth edition of the Exploring Information Security (EIS) podcast, I talk to the smooth sounding Justin Troutman a cryptographer from North Carolina about what cryptography is.

Justin is a security and privacy research currently working on a project titled, "Mackerel: A Progressive School of Cryptographic Thought." You can find him on Twitter (@JustinTroutman) discussing ways in which crypto can be made easier for the masses. Be sure to check out his website for more information.

In the interview Justin talks about

  • What cryptography is

  • Why everyone should care about cryptography

  • What some of it's applications are

  • How someone would get started in cryptography and what are some of the skills needed

Leave feedback and topic suggestions in the comment section below.

This post first appeared on Exploring Information Security.

Exploring Information Security Podcast: How to get into information security

I've been wanting to do a podcast, for a while now, on information security. I wasn't sure what I wanted the objective of the podcast to be. Most of the information security podcasts out there, or at least the ones I listen to, usually do a guest interview and cover some of the latest news and happenings within the information security. I didn't want to spin up, yet, another one of those.

Instead I've decided to spin up a podcast that explores the world of information security. One of the things I've been hearing the infosec community needs are people to teach security to those inside and outside the community. I am still very much in the early stages of my career as an information security professional and trying to learn as much as I can. I thought a podcast that allowed me to share what I've learned and explored would make for a great podcast. So here we are and my first podcast is about how to get into information security.

Jimmy Vo presenting at BSides Asheville - How To Win Friends and Influence Hackers

Jimmy Vo presenting at BSides Asheville - How To Win Friends and Influence Hackers

To explore that topic I decided to do an interview with VioPoint consultant and roundhouse master Jimmy Vo (@JimmyVo). We covered how he got into information security and also talked about some of things people on the outside looking in can do to get into information security.

Feedback is very much appreciated and wanted. Leave them in the comment section or contact me via email.

This post first appeared on Exploring Information Security.