[RERELEASE] ShowMeCon: What does Jayson E. Street, Dave Chronister, Johnny Xmas, April Wright, and Ben Brown think about security?

In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.

Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

In this episode we discuss:

  • Certificates

  • Hiring

  • Interviewing

  • Where to get started

  • Soft skills

  • ShowMeCon and other conferences

  • Community and giving back

  • Imposter syndrome

  • Irongeeks impact on those in attendance

How to get a penetration test (pentest)

Summary:

In this episode, Dave Chronister, founder of Parameter Security and ShowMeCon, shares valuable insights into the world of penetration testing (pentesting). Listeners will learn about the differences between vulnerability assessments and penetration tests, what red teaming is, and why organizations should lean towards white-box pentests. Dave and Tim discuss how to avoid common pitfalls when engaging with pentest companies, the importance of rules of engagement, and how to ensure you're getting a high-quality test. Dave also shares stories from his 17+ years in the field, illustrating the critical lessons organizations need to understand.

Key Topics Covered:

  • Difference between vulnerability assessments and penetration tests.

  • Red teaming vs. penetration testing: When and why to use each.

  • How to choose the right pentest company.

  • The importance of setting clear rules of engagement.

  • Real-world examples of pentesting gone wrong.

Resources Mentioned:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


ShowMeCon 2018 Live

In this panelist episode of the Exploring Information Security podcast, the first ever podcast panel at ShowMeCon 2018!

Amanda Berlin (@InfoSystir), Wik (@jaimefilson), David Cybuck (@dpcybuck), April Wright (@aprilwright), and Dave Chronister (@bagomojo) join me on the live EIS panel at ShowMeCon, June 7, 2018. This is the first panel I've ever done for the podcast. It went so well, I hope to do more in the future. We cover a variety of topics and have a few laughs.

YouTube version

In this episode we discuss:

  • What's coming back in vogue

  • What to do with master ID

  • What our thoughts are on new password policies from NIST

  • How to handle best practices

What's happening at DerbyCon?

In this legacy edition of the Exploring Information Security podcast, Ben Miller (@securithid) , Cliff Smith (@BismithSalamandr) , Paul "BubbaSec" Coggin (@PaulCoggin) , Dave Chronister (@bagomojo), Sean Peterson (@SeanThePeterson), and Jimmy Byrd (@Jimmy_Byrd) (and briefly @aprilwright ) join me to talk security.

 This is likely the last podcast conference special of the year. It's a good one. We had quite the crew to record this one and got very in-depth and deep on topics related to infosec. Big shout out and thanks again to Dave for bringing the mics and participating in the podcast.

I've been pleasantly surprised with how this and the other podcasts have turned out. I've gotten some great feedback and I plan to do more of these in the future. It was also floated to me that we record one of these as a panel at one of the conferences. We'll see.

In this episode we discuss:

  • The legacy of DerbyCon and what the future holds.
  • What it's like at a developer conference?
  • Is there security fatigue?
  • Patch your shit.

Resource we discussed:

What does Jayson E. Street, Dave Chronister, Johnny Xmas, April Wright, and Ben Brown think about security?

In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.

Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

In this episode we discuss:

  • Certificates
  • Hiring
  • Interviewing
  • Where to get started
  • Soft skills
  • ShowMeCon and other conferences
  • Community and giving back
  • Imposter syndrome
  • Irongeeks impact on those in attendance