Summary:

In this episode of Exploring Information Security, host Timothy De Block welcomes Kevin Johnson, founder of Secure Ideas, to discuss web application penetration testing, API security, and hands-on security training. Kevin shares insights on why pentesters need to understand business risk, how API security is often misunderstood, and what participants can expect from his Breaking Bad Code workshop at ShowMeCon. He also reflects on the state of security talks at conferences, the importance of interactive learning, and Secure Ideas’ 15-year journey in the industry.

Topics Discussed:

• Web Application Security Challenges – Why automated tools alone aren’t enough, and how attackers think differently.

• API Security & Misconceptions – How APIs change attack surfaces and why developers often overlook key security flaws.

• Breaking Bad Code Training at ShowMeCon – What attendees will learn and why hands-on hacking beats passive lectures.

• Security Talks vs. Vendor Pitches – The problem with sales-driven conference talks and why real education matters.

• The Evolution of Secure Ideas – Celebrating 15 years in business, plus challenge coins and community growth.

• Fun Side Tangents – Muppets, hacking culture, and why Wacka Hack is the talk you don’t want to miss at ShowMeCon.

Key Takeaways:

• Effective pentesting goes beyond tools—it’s about understanding the purpose and risk of an application.

• API security isn’t a separate discipline—it requires a shift in attacker mindset.

• Hands-on training is the best way to learn—expect to actively hack at the Breaking Bad Code workshop.

• Security conference talks should educate, not sell—vendor-heavy presentations fail to engage the audience.

• ShowMeCon is an invaluable event for anyone interested in offensive security and application security.

Guest Info:

• Kevin Johnson – Founder & CEO of Secure Ideas, security consultant, trainer, and conference speaker.

Links and Resources:

• Follow Kevin on Twitter: @SecureIdeas

• Secure Ideas: secureideas.com

• Samurai WTF – Web Testing Framework: samuraiwtf.org

• Penetration Testing Execution Standard (PTES): pentest-standard.org

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]