Exploring Information Security is now on Spotify.
If you have other preferred platforms you listen to podcasts on let me know and I’ll submit the RSS feed there.
Exploring Information Security now available on Spotify!
The Exploring Information Security podcast is now available on YouTube
Exploring Information Security Podcast Now on YouTube
The Exploring Information Security podcast is now available on YouTube! This is something I’ve been working on for a month due to Google’s verification process which rejected me multiple times. YouTube is something I’ve wanted to get more involved with and submitting the podcast RSS feed was the first step. I have some other content planned for live sessions on YouTube.
You can also check out ColaSec’s YouTube channel where I contribute to that local meetup virtually. Also, the latest edition of the EIS podcast is up where I talk to Mubix about Mimikatz.
Created by ChatGPT
Exploring Information Security podcast format
First, I’d love to hear feedback from listeners on the podcast. This post is going to deal specifically with length of the podcast. In the past I’ve tried to keep episodes to around 30 minutes. The idea being that people can listen to an episode during a commute and that they have other podcasts the listen to on a regular basis. It also allowed me to split up longer conversations so i could more easily release content on a regular basis. One conversation could be three weeks of work with some extra editing.
I think I’m going to ditch that and just let the conversations run for as long as they do. A couple reasons for that: people pick and choose episodes and reduce the extra editing. Towards the end of the podcast I started getting more insights into how people listened to the podcast. I found that I had a regular listener base but also a lot of people who would pick and choose the episode to download. For example, one of the more popular episodes was on studying for the OSCP. It was downloaded a lot. Searching the internet I found it on a lot of reddit threads as a suggestion for people studying to get their OSCP. I think breaking up the podcast makes it harder for people to listen to the content they want. They have to go through multiple podcasts with an intro and an outro.
On the backend there’s a lot of work that goes into a podcast episode. One episode of 30-60 minutes is usually about three to four hours of production time not including the recording. I have to schedule guests, research the topic to make the questions, and then do post editing to clean up and put together the audio. While breaking up the podcasts gets me more episodes it adds a little complexity to the editing process and I want to simplify that. It does mean I’ll have to book more guests but I think that adds more content naturally to the podcast and site.
Thoughts are appreciated. Hit the comment section below or reach out to me via the site contact form or LinkedIn.
This blog post first appeared on Exploring Information Security.
BSides Nashville 2018
Information Security resources for beginners
I wrote a recommended resources post back in early 2017. I’d like to update that, as the resources I recommend have changed. I try not to think of my podcast as something for new people to the infosec field. However, the people reaching out to me the most are people who are new to the field. So, I’ve given in and I want to start creating a series of posts directed at new people or those trying to get into the industry. These posts are meant as a gateway, not an exhaustive list.
These are the resources I find the most useful. With out further ado.
Websites:
Krebs is considered the public Intrusion Detection System (IDS) for companies. If you’re getting a call from him, it’s probably not good. He covers various topic primarily around breaches, skimmers, and unmasking malicious actors. I’m friends with Steve. He reports on a variety of infosec related topics. When something breaks on Twitter he’s one of the first people I check to get accurate information.
Podcasts:
Risky Business is the best security podcast out there. It’s the podcast with the best content and quality. The podcast allows me to stay up with the latest infosec news. He’s got sponsored (gotta pay dem bills) podcasts that are just as useful. Security Weekly was the first podcast I listened to. It’s great for getting information and gaining an understanding of the hacker culture. After a while, for me, it turned into a bit of a boys club where they go off on tangents and genital jokes. Episodes are usually two hours long which sucks up a lot of podcast listening times. Finally, there’s the Peerlyst list of podcasts. It has an exhaustive list of infosec related podcasts.
Conferences and local user groups:
Conferences and local user groups are a great place to learn, while also meeting people in the field. The security community is inclusive and welcoming if you put yourself out there. That means doing that awkward social thing. There is very likely a BSides near you. Most local user groups can be found on meetup.
Training:
Information security is an ever changing field. To stay relevant in the field requires curiosity and a willingness to learn new things. Before getting to that point, we need to learn the basics. Irongeek and Pluralsight help with the basics and staying up-to-date. SANS SEC401 is a general course that will provide a good foundation for any security professional. I thought I was above the course, as I was taking it three years into my infosec career (and several more in IT). I was so wrong. The course helped fill in a lot of gaps for me from a security and IT perspective. I highly recommend the course for beginners and those already in the field.
This blog post first appear on Exploring Information Security
Exploring Information Security Newsletter
Sign up for the Exploring Information Security Newsletter!
Squarespace has made a new feature available, email campaigns. I'm intrigued because it this could be a good opportunity to start up a newsletter for the podcast. I'm thinking I'll use the newsletter as a forum to announce things like new podcasts, conferences, and other things. I'd also like to provide something special for people who sign-up. I'm thinking behind the scenes type of stuff, maybe even some extra recorded audio. I sometimes have audio that doesn't quite fit the show but has something insightful or funny.
I'm going to start including a newsletter signup form on all the show notes and blog posts. If there are things you'd like to see hit me up on Twitter (@TimothyDeBlock) or email (timothy.deblock[@]gmail[.]com).
This blog post first appear on Exploring Information Security
ShowMeCon wrap-up and what's ahead
I know. I know. It's been two weeks since ShowMeCon. I've been busy! Within hours the neighbors wanted to hang out (I brought the St. Louis beer). The next day, I had a big case of the don't give a shits. I didn't get a podcast ready for that night's release.
I went to work Monday expecting to head home and work on some stuff (like get a podcast out). Instead I was informed the development team I work with was heading to Nashville Sounds game, because some people were in from out of town and I was invited. I went. Tuesday, I played soccer for two and half hours, because I like pain (I didn't regain full functionality of my legs until Saturday). Wednesday was a social night, because those same people were in town (yay!). I got home and got the podcast out, three days late. Thursday, I wrote about suicide. Friday, I wrote about password policy. Both very serious topics.
Things sort of got normal after that. I took the weekend to kind of dink around on stuff I wanted to do. Monday I got two of the four podcasts edited I needed to. I was invited over the neighbors Tuesday for beer and baseball. Finally, last night I got four podcasts scheduled. I'm heading to Asheville tomorrow for BSides Asheville (still looking for a ticket). Much beer (and maybe a podcast) will be involved. Tonight is the night for me to write something and hopefully get a little Overwatch in. Damn I've been busy. Didn't really realize that until writing it down.
Back to ShowMeCon. This was my third year and fantastic as always. It's the ideal security conference. The hackers think it's too businessy. The business people think it's two hackery. There are more women at this conference than any other security conference, I've been to combined. I love it!
I did my first ever podcast panel, which went really well for being the first time. They had a personal trainer there to talk about health and fitness. There were a lot of questions at the end. This might be something I need to write about. I do work at a wellness company after all!
During the conference I managed to get two interviews for the podcast recorded. I really like the idea of recording interviews at conferences. It's a much better vibe when the two people are in person. It flows better. There's the low rumble of the crowd. The low thud of doors smacking closed. It's fantastic. Those will be releasing over the next two weeks.
Now that ShowMeCon is over, I've been re-evaluating my desire and need for submitting to conferences. I've been speaking since 2015. It's a great challenge and a good career booster. Now that I'm at a company that I adore and in a role that continues to expand, I'm starting to wonder the value I'm getting out of submitting to conferences. I love sharing ideas and challenging myself to become a better speaker. The downside to speaking is that it takes time away from my family.
I have two kids still in the single digits. I'd like to spend more time with them. At one point I was slated to be at 12 conferences this year. With other obligations, conflicts, and one conference not happening this year, I'm down to eight. That's still quite a bit. I've presented at all five I've gone to this year. It's not just going to the conference that takes time. It's also the preparation leading up to the conference. I spend several hours putting the talk together. Then I spend the week leading up to the conference practicing the talk. This is on top of the weekly podcast I produce.
I spend a lot of time in the field. Because of my expanding role I'm spending more time at work now too. I'm trying to find that balance. I'd like to spend more time with my kids. I think that will be at the cost of the conferences I attend. If I do submit a talk, it'll be for a podcast panel. The preparation for that is much easier than a full blown talk. I'd like to say I'm cutting back on conferences, but I don't think it'll take much for me to go to a conference (someone asks). We'll see.
This blog post first appear on Exploring Information Security
Speaking and workshop update
BSides Nashville
I got picked up to do my Social Engineering for the Blue Team topic as a 25 minute talk. It's the last talk in the green room. Maybe I'll take that opportunity to see how long I talk before everyone leaves. Because it's in the green room, I'm going to try and give the talk a new twist.
I'll be at the conference as the photographer again. I've also been asked to help out with the resume and interview workshop. If you need help with your resume or interviewing stop by the workshop. I'm going to start preparing interview questions next week, which might make a good blog post.
Converge and BSides Detroit
The signup for my Social Engineering for the Blue Team workshop is up. It will be a four-hour workshop. Be sure to check out the other workshops. They're all fantastic and I wish I could go to all of them.
I've also been picked up as a speaker for the conference and we're in negotiations to do an Exploring Information Security panel. A year after I said I'd never speak twice at the same conference, I am now speaking three times. It's going to be awesome!
ShowMeCon
I'm back at ShowMeCon for my third year. This year I'll be doing a panel for the conference. Converge and ShowMeCon will be my first time hosting panels. I want to get it right while also making it something worth attending. The basic idea is to allow the audience to ask questions of the panel. Similar to what I do with guests on the podcast. It'll be an interesting experience and something I can pitch to other conferences.
This blog post first appear on Exploring Information Security
Podcasting and blogging update: New archive feed and other thoughts
New archive feed!
A few weeks ago, I discovered that I had a problem with the Exploring Information podcast feed on iTunes. It was only holding the last 100 episodes. The first several had rolled off. The iTunes limit for podcasts is 300. I found out this was a limitation by Squarespace. I like having all my episodes available, because I try to make them as timeless as possible.
After a bit of research and work, I've managed to setup an archive feed for the podcast. This is an entirely separate feed that I will transfer older episodes over to as I need space on the original feed. You won't need do any changes to your current subscriptions. New episodes will continue to show up there. I will have to do this every 100 episodes I put out, which is just under two years.
Podcast ideas
I've run into an issue recently where I can't seem to get ahead on scheduling episodes. Part of this was the holidays, followed by going to CodeMash. I also run into the issue of infosec professionals (particularly ones with interesting things to say) are super busy. Some won't respond, others will respond with interest, then radio silence. #PodcasterProblems
I think I'm good now after my two most recently recorded sessions (I'm getting four episodes out of two recordings). However, I also think I want to sprinkle in some more solo episodes. I've got a long list of ideas for solo episodes that I think will help with putting out more content. I also think I'm going to create a list of people who I can go to on a more regular basis to discuss topics in a particular area. I still plan to have on new guests, but I think this will help with scheduling guests (and make my life a little easier).
Twitch.tv. I am thinking of doing a Twitch.tv or Google Hangouts stream for when I record episodes. I think it'd be cool to show you how I recording. It would also allow people to ask questions of the guest. A couple reasons why I don't like the idea is that it could end up being distracting. Having to manage a chat channel while talking to a guest isn't always ideal. I also try to loosen up the guests before the show and sometimes we talk about things that they or I don't want recorded. Maybe not a big deal if I go live when we start recording. Then there's also the fact that it could eat resources and cause things to crash (I need a new machine soon).
Thoughts and feedback in comments below, please.
Blogging more
I am planning on blogging on a more regular basis. There's something relaxing and soothing to get thoughts and ideas typed out. I've been trying the link posts. Those are nice but don't fill in the act of typing out a blog posts with coherent thoughts. I've also felt the pressure to put something useful out to the community. That can often lead to writers block and make the writing feel more robotic.
What I am going to try is blogging about the podcast, talk ideas, gaming, and maybe some personal journal type of stuff (my alcohol posts seem to resonate with people and I have an update!). That's it. See you soon!
This blog post first appear on Exploring Information Security.
Podcast updates: EIS now available on Google Play and a new Astros podcast soon
The Exploring Information Security podcast is now available on Google Play Music. I decided to add it to Google Play Music, because a listener requested it. In the past I've put podcasts on multiple podcasting platforms. That is a bit of a pain to manage. With EIS I decided to just put it on iTunes and add it to other podcasting directories when requested. If you have another directory you prefer over iTunes or Google Play Music reach out and I'll get it added to that directory.
For those who enjoyed the Crawfish Boxes podcast (an Astros related podcast) I'll be starting a new Astros podcast soon. I've been toying with the idea for a month or two. I think I've figured out the format, the co-host, the recording time and place. I have some ideas for a name (I might do a Twitter poll). It will be much more casual. Name suggestions are welcome.
I expect to start the new podcast right around the playoffs.
This blog post first appeared on Exploring Information Security.
How to start a podcast
I can remember the exact moment I decided I would start a podcast. I was mowing my lawn. It was several months after recording a podcast at the Crawfish Boxes. It was our first podcast where we ranked the players in the Houston Astros' minor league system. I didn't produce that episode but I was excited to take part in more. When more didn't happen I decided to take initiative. I decided to produce the podcast my self.
Five years later I've produced over 200 hours of baseball podcast content. I'm well on my way to replicating that in the information security space. Consistency has been the biggest thing for me. I've managed to produce content on a regular basis. I've done that by getting my process down to a few hours. I prepare, produce, edit, and then release episodes in just a few hours. Getting started took quite a bit more time.
If your week is slammed with different obligations and hobbies reconsider starting a podcast. Starting a podcast is easy. Have an idea and then record it. The challenge starts with distributing and maintaining a podcast. With an emphasis on maintaining the podcast. If there are several obligations that take up time then it will be hard to make a podcast a priority. And that's the key to a successful podcast. The willingness to make it a priority. If you're there, (or at least think you're there) read on.
Have an idea
It took me a couple years before I had my own idea for an infosec related podcast. I didn't want to be like the other security podcasts out there. Talking about the latest news and ideas in infosec. I wanted something different. That's not to say you can't do what others are doing. Your voice is unique enough to do the same thing as others. For me I wanted something that was timeless and would provide value to others.
Once an idea has presented itself, I would recommend writing down the idea and format for the podcast. What is the duration of the podcast? What sections will it have? Is there a co-host? What do you want to cover? Is it focused on a specific topic or more general? What is the description of the podcast? What is the tagline? Who is this podcast for? Answering these questions will help get a clearer picture of what's needed.
Record it
My podcast setup is low-cast. I record using a soundcard that has a "What U Hear" function. With this input I record every sound made on the computer. The one sound that doesn't get recorded is my microphone, because it's a separate input. Which is why I use two Skype accounts and hook my microphone up to my laptop when recording guests. An alternative to this is getting a mixer. I've never used one so I can't provide any tips on using that instead.
A solo podcast is much easier to produce. A microphone and audacity is all that is needed. I use the ATR-2100 microphone and Audacity to record audio. The ATR-2100 is a $35-75 microphone that will provide 7 out of 10 quality. The more expensive professional microphones will provide a 9 out of 10 quality. The ATR-2100 provides a 7 out of 10 quality. The ATR-2100 is well worth the money.
Audacity is free and gets the job done. Software is available with a price tag for editing. That decision usually involves improving workflow.
Edit it
Audacity is where most of my editing occurs. While recording I will use the marker hot key to mark any points I need to review after recording. The default key mapping is CTRL + M. It took me a little time to get used to using it. Once I got used to it, I was able to edit without having to re-listen to the entire recording again. I could just go to the marker and make my edits. When working with markers you have to edit from the end of the episode to the front. Editing from the front will move all the markers.
Of course there is value in listening to the entire episode again. When I first started I would pick-up on things that needed improving on. Some examples include, improving the transition from topic to topic. Do things like reducing "uh" and "um" in our speech.
After editing, export the audio into a .wav file. Then run it through Levelator2. This tool will normalize levels and clean up the audio a bit. This makes listening to the podcast a little more enjoyable for the listener.
Once that's done the convert the .wav file to a .mp3 file for storage reasons. Wav files are big. MP3 files not so much. This will help with storage and improve download times for the listener. I use iTunes to convert my .wav files to .mp3 files. After that's done upload it to storage for distribution.
Store and distribute it
Storage is a cost. There are free options, but those are trickier and add complexity. I've used Libsyn and would recommend them. For me I discovered that I could host and create the RSS feed for my podcast on my own personal site. This made things much easier for me.
The last thing to do is get the podcast setup in a distribution platform. There are a lot of them. The most popular one is iTunes. This will be where you'll see most of your download traffic. Other podcast distributors include Stitcher, BluBrry, and many others. My current podcast is only on iTunes. That is the biggest distributor. I gain a much smaller amount of listeners submitting to other podcast directories. If a listener were to request another podcast directory then I'd submit there.
Submitting to a podcast directory is well documented by each site. You will need an RSS feed. There are many ways to setup one. Most storage providers like Libsyn will create an RSS feed for you. You can also do it yourself. Which is what I did for the four years of the Crawfish Boxes podcast. Currently, I'm using the EIS Podcast page on this site as the RSS feed.
Once submitted it usually takes a few days for the podcast to show up. I recommend having three episodes in the RSS feed before submitting.
Numbers to care about
If a podcaster got past 7 episode he is more likely to stick with podcasting and produce it on a regular basis. I'm not sure how true that is, but I feel like it there is some truth to it. In my experience podcasts stop because they're complicated to produce. Which leads me to my last bit of advice. If you want to keep at it, make the process as simple and as efficient as possible.
Resources:
This post first appeared on Exploring Information Security.
CircleCityCon after party
Exploring Information Security podcast launches
A year ago I started a small podcast project called, Exploring Information Security. The idea of the podcast is to explore different topics, ideas, and disciplines within information security. I started the podcast at a horrible time and was thus unable to keep the project going. I've since found myself with more time to pick this neat little podcast idea back up.
iTunes feed: https://itunes.apple.com/us/podcast/eis-podcast-timothy-de-block/id1026428940
Some iTunes ratings would be fantastic and any topic suggestions. I've got a running list of topics I want to cover and guests to interview for those topics, but I'll always take more suggestions. For now, new episodes will release every Monday, starting tomorrow August 10, 2015. I have four podcasts scheduled for the rest of August, with four more ready to be edited.
This post first appeared on Exploring Information Security.
The return of the Exploring Information Security podcast
A year ago, I started an information security podcast that explores different topics and disciplines within the field. I stopped producing the podcast because I had too many things going on at the time and my final year of school was about to start. I was overwhelmed and that was an easy project to stop doing. A year later and I've found myself with more time and a desire to continue the project I started a year ago.
This week I have two interviews lined up with more expected in the coming weeks. My plan is to launch in early August. I will be putting the first three episodes I did last year up on iTunes and then begin releasing the episodes weekly. All seven episodes I did last year can be found at http://www.timothydeblock.com/eis/. I will continue to release episodes there, as well as on your favorite podcast directory.
This post first appeared on Exploring Information Security.
Information security podcast review
There are a lot of good information security related podcasts out there. Here are the ones I listen to and my impressions of the show. In no particular order.
PVC Security Podcast - FULL DISCLOSURE: I produce this show, would appreciate any feedback you have for the show positive or negative.
I love the passion and fun Paul and Ed bring to the show. They speak their mind and have some fun doing it. I take the quality of a show very seriously both from a technical and non-technical standpoint and I was happy to find that Paul and I share a lot of those same philosophies in the production of an audio show. We’re only 10 episodes in, so we’re still figuring some things out. When we created the podcast we decided that it wouldn’t cover news topics (though I did make them cover Sony) like several of the other podcast. Instead we wanted to focus on how to become a better information security professional and how to facilitate an improved security culture within an organization.
Security Weekly - This was one of the first podcast I was able to find on information security and it’s easily one of the top podcasts in the infosec community. It can get a little vulgar and can get a little off track, but the co-hosts are very knowledgeable and entertaining. It can get a little long, usually running 60-90 minutes, but that includes an interview, a demo and a news segment. Of the three segments the interviews are the best. I have gotten more information and ideas and tools out of this podcast than any other podcast I’ve listened to.
Down the Security Rabbithole - If you’re into enterprise security and want a more top level view of information security this is the podcast for you. They cover topics from an executive level as well as dive into the legal aspects of information security. They do cover news topics but do it from a much broader viewpoint. My only gripe with the show is that the audio quality can be lacking at times. The main issue being co-hosts being at different volume levels throughout the show. The audio quality seems to be getting better though
Risky Business - The best information security podcast out there. Patrick Gray is the Australian based podcast host and producer for the show. The production value of the podcast is high and well structured. He always has good interesting interviews and covers the news in an entertaining light-hearted way. If you’re only looking for only one security podcast to listen to, this has to be it.
Crypto-Gram Security - This is Bruce Schneier’s monthly podcast that basically has Dan Henage reading the articles Schneier posted on his website. Depending on how ofter Schneier writes, this podcast can be anywhere from 15 - 45 minutes long. Dan does a great job reading and producing the podcast. It’s a nice way to listen to Schneier articles. I usually pick up new things in the podcast that I missed reading his articles.
Defensive Security - This is another well produced show that takes a blue team approach to discussing topic and news items. From a technical aspect everything is sound. From a presentation standpoint it could use more energy. It is a good podcast that takes a slightly different angle on information security.
Data Driven Security - This is the latest show I’ve picked up and I’ve loved the two episodes I’ve listened to so far. The topic, as the title suggests, is about data within information security, which might not appeal to everyone. Still it covers metrics within security, which is very much needed in every organization. I’m looking forward to seeing what I can learn from this show.
This post first appeared on Exploring Information Security.
Longform links September 18, 2014
I can't remember if I've already shared this video before, but it's worth sharing again.
This is a documentary on DEFCON, a security conference hackers and security professionals so loving refer to as, "Hacker Summer Camp." It's almost two hours long, but well worth it.
Fun With Funny Money - Brian Krebs - Krebs on Security
Krebs takes a deep dive into counterfeit money: where it's sold and how to identify it.
Finally, we have a three page article on podcasting
10 years of podcasting: Code, comedy, and patent lawsuits - Cyrus Farivar - ars technica
This dives into the history of podcast, where it started, what it's become and some of the challenges podcasters are facing through the legal and patent systems.
This post first appeared on Exploring Information Security.
Need Exploring Information Security Podcast Feedback
I'm at a bit of a crossroads with the Exploring Information Security podcast. I am trying to decide if it's a project I want to continue doing. I currently have seven episodes on the books and I have ideas for other episodes, but something just doesn't feel right with the episodes.
I'm not sure what it is about the podcast, but I am struggling with getting excited about the podcast. I absolutely love all the interviews I've done and even the preparation I put into each episode leading up to the recording, but after that interview it feels more like a chore to produce the episode. I also feel like I'm not asking the right questions to really dig into a topic. I've thought about tweaking it, but I'm not really sure what to tweak. I haven't put the podcast on iTunes yet because of that reason. I don't want to put something up for a handful of episodes and then have it die off.
So what I am looking for with this post is to garner some feedback of the podcast: Do you like it? do you hate it? Would it be better with some tweaks? or any other nice/awful thing you can say about it. I want to hear it. If you have no idea what I'm talking about click the link below:
Exploring Information Security Podcast
Listen to a few episodes and let me know what you think. You can leave feedback in the comment section below, contact me on Twitter (@TimothyDeBlock) or contact me via email (timothy.deblock[at]gmail[dot]com).
This post first appeared on Exploring Information Security.
Exploring Information Security: How to ZAP your websites
In the seventh edition of the Exploring Information Security (EIS) podcast, I talk with Zed Attack Proxy (ZAP) creator and project lead Simon Bennetts.
Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.
In this interview we cover:
What is ZAP and how did the project get started?
Who should utilize ZAP?
What skill level is need to start using ZAP?
Where should ZAP be used?
How you can get involved in the project.
Music by Alan Read
Leave feedback and topic suggestions in the comment section below.
This post first appeared on Exploring Information Security.
Exploring Information Security: how to use PowerShell for security
In the sixth edition of the Exploring Information Security (EIS) podcast, I talk with PowerShell guru Matt Johnson a founder of PoshSec.
Matt Johnson has spoken at conference's like GrrCon and DerbyCon on using PowerShell for security. He also has his own podcast titled, Leveled up Infosec Podcast and he's the founder of PoshSec. You can catch Matt tweeting about security on Twitter @mwjcomputing.
In this interview we cover:
What is PowerShell
How to get started using PowerShell
How to best utilize PowerShell for security
Available resource
What mistakes can be made using PowerShell for security
Music by Alan Read
Leave feedback and topic suggestions in the comment section below.
This post first appeared on Exploring Information Security.
Exploring Information Security: What is threat modeling?
In the fifth edition of the Exploring Information Security (EIS) podcast, I talk with J Wolfgang Goerlich, Vice President of Vio Point, about threat modeling.
Wolfgang has presented at many conference on the topic of threat modeling. He suggests using a much similar method of threat modeling that involves threat paths, instead of other methods such as a threat tree or kill chain. You can find him taking long walks and naps on Twitter (@jwgoerlich) and participating in several MiSec (@MiSec) projects and events.
In this interview Wolfgang covers:
What is threat modeling?
What needs to be done to threat model
Who should perform the threat modeling
Resources that can be used to build an effective threat model
The life cycle of a threat model
Leave feedback and topic suggestions in the comment section below.
This post first appeared on Exploring Information Security.
Exploring Information Security: What is cryptography
In the fourth edition of the Exploring Information Security (EIS) podcast, I talk to the smooth sounding Justin Troutman a cryptographer from North Carolina about what cryptography is.
Justin is a security and privacy research currently working on a project titled, "Mackerel: A Progressive School of Cryptographic Thought." You can find him on Twitter (@JustinTroutman) discussing ways in which crypto can be made easier for the masses. Be sure to check out his website for more information.
In the interview Justin talks about
What cryptography is
Why everyone should care about cryptography
What some of it's applications are
How someone would get started in cryptography and what are some of the skills needed
Leave feedback and topic suggestions in the comment section below.
This post first appeared on Exploring Information Security.
Exploring information security: new podcast art
I completely whiffed on a link post this morning. I had a good, but dumb weekend (if that makes sense). One of the things I managed to accomplish this weekend was putting together some podcast art, with the help of some friends (Ryan, Adam, Win and Hope, thank you!).
Now I just need to get the RSS feed together and the podcast will be ready to be submitted to a podcast directory near you.
Feedback is certainly welcome.
This post first appeared on Exploring Information Security.