Why getting into infosec is hard

In this Han Solo edition of the Exploring Information Security podcast, I discuss my experience on why getting into infosec is hard.

This is a solo episode where I share my thoughts on why it's hard to get into infosec. I've been on both sides of the interview process. In this episode I share my own personal experience (where I failed), as well as what I've seen on why people didn't get the role they wanted. This topic deals with the skills shortage topic often discussed on Twitter and other media. It's a very nuanced topic. I wanted to focus on what those applying could do better to apply and interview for an opportunity.

In this episode:

  • Why people don't apply?
  • Why requirements can limit job opportunities
  • Why your resume sucks
  • How are you preparing for the interview?
  • What are you doing to improve your chances of getting an offer?

What is threat intelligence? - Part 1

In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.

Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.

In this episode we discuss:

  • What is threat intelligence
  • How threat intelligence is useful
  • What are the benefits of threat intelligence
  • What needs to be done before threat intelligence

Resources:

Who is looking for more in infosec - Feb 27, 2017

In this job posting edition of the Exploring Information Security podcast, who is looking for more in infosec?

This is a bonus episode of the podcast. This is a solo podcast where I discuss open positions and people looking for opportunities. I plan to do these based on demand. If you would like to submit a position you are looking to fill or looking for an opportunity send me an email timothy.deblock[at]gmail[dot]com or hit me up on Twitter @TimothyDeBlock.

Employers looking to fill a role

Sr. Splunk Admin - Premise Health

  • Splunk experience a plus

  • SIEM experience and management is required

  • Must live in Nashville, TN, or be willing to relocate

Jr. Pen Tester - Premise Health

  • Testing experience a plus

  • Familiarity with testing tools

  • Must live in Nashville, TN, or be willing to relocate

Sr. Endpoint Security Consultant - Optiv

  • Focus on Carbon Black

  • Optiv's Architecture & Implementation Services

  • Location anywhere

  • 50% travel time

  • Fill out position or contact Brad Pace (brad.pace[at]gmail[dot]com)

Quicken Loans

Multiple positions open at Quicken Loans as we continue to mature our information security team. All positions would require relocation to the metro Detroit area, no remote opportunities unfortunately. Great team of people, great company culture and atmosphere. At the end of the day the positions are what you make them. - Robert Knapp @power_napz or robertknapp[at]quickenloans[dot]com

 

People looking for an opportunity

Joshua Ovalle - Resume

Type of work: Entry level

Interested Areas:
I have been interested in the idea of breaking down and building up security networks and things of that sort. I had always pictured hacking as something fun and challenging. Challenging things are what really get me involved more deeply in my work.

Experience:
Navy Aviation Electronics Technician. My experiences are with mostly physical maintenance (wire running, electronic testing, circuit card installation/testing and software instillation. I am also familiar with Microsoft computers and Apple products.

Community Contribution:
I have recently started dedicating time to a prison ministry at my church spending time with the children of men and women who are incarcerated by teaching and playing sports with them.

Education:
I graduated high school in 2009 and went to college for 2 semesters until I decided to join the military.

Willing to Relocate:
I am currently in San Diego, and with a new born i don't know if i could relocate any time soon.

Coding Experience:
I don't have any experience with coding, but I am willing to learn it.

How to contact:
email: jgovalle[at]gmail[dot]com

Again if you are looking to fill a role or looking for an opportunity email me timothy.deblock[at]gmail[dot]com

How to become a penetration tester - Part 2

In this reddish edition of the Exploring Information Security podcast, Andrew Morris of Endgame joins me to discuss how to become a penetration tester.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

In this episode we discuss:

  • What tools a penetration tester uses
  • What skills are needed to be a penetration tester
  • Andrew discusses how he became a penetration tester

More resources:

How to become a penetration tester - Part 1

In this reddish edition of the Exploring Information Security podcast, Andrew Morris of Endgame joins me to discuss how to become a penetration tester.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

In this episode we discuss:

  • What is a penetration tester?
  • Why become a penetration tester?
  • What writing a report is like
  • What is the day-to-day life of a pen tester

More resources:

What is data driven security?

In this statistically-inclined edition for the Exploring Information Security podcast, I talk with Bob Rudis co-author of Data Driven Security to answer the questions: "What is data driven security?"

I recently read Data Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs (@jayjacobs) and Bob Rudis (@hrbrmstr). The book is easy to read and a very good introduction into the world of data and security. Both Jay and Bob were kind with their time when I had questions about exercises in the books. After reading the book I decided to have Bob on to talk more about data driven security. 

Bob Rudis is also a contributor to the Verizon DBIR and these projects below:

In this episode we discuss:

  • What is data driven security?
  • The benefits of data driven security
  • How it should be implemented
  • Where it can be applied

Bob also gave me a long list of resources for those looking to get into data-driven security:

How information security professionals should interact with the media - part 1

In this exciting edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss how information security professionals should interact with the media.

Steve (@SteveD3) prior to becoming an InfoSec Journalism Wizard for CSO he spent 15 years as an IT contractor. Last year Steve gave talks on how to interact with the media at conferences such as CircleCityCon and DerbyCon. With information security getting more play in the media recently it's important that we all have a basic understanding of how to interact with the media.

In this episode we discuss:

  • Who is the media?
  • Where would someone interact with the media?
  • Reaching out to the media
  • What does a bad interaction look like?