Episode 43 – Not all vulnerabilities are created equal with Tanya Janca
Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you’re on. For some, it’s a thing of pride, and hopefully a monetary reward! ...
Episode 42 – CyberZoology with Patrick Kelley
Defending is hard. The adage of “an attacker only has to be right once” is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task. Defenders are...
Episode 41 – Cyber Security Awareness Month with Tracy Maleeff
October is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa! Tracy Maleeff joins me to talk about Cyber Security Awareness Month,...
Episode 40 – Tabletop D&D With Rally Security
It’s that time again! With milestone episode 40, we have another Tabletop D&D episode for you to enjoy! This time around we are joined by a few members of the Rally Security podcast to face some scenarios and see...
Episode 39 – John’s OSCP Journey
Over the past few months, John has been working on obtaining his OSCP certification. Recently he attempted and successfully passed the exam! In this episode he goes over his journey, what he learned as well as a...
Episode 38 – Discussing the Cyber Kill Chain with Amanda Berlin
The cyber kill chain. For some, it’s a nice framework to help build your defenses and help during an incident. For others, it is an over hyped and rigid list that no real attacker follows anymore. However you view the cyber...
Episode 37 – Bring Your Own Land with Nathan Kirk
“Living off the land” is a term well understood by both offensive and defensive teams. For offensive teams, it’s meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like...
Episode 36 – The Joy of CTFs with Derek Rook
Capture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills. From VulnHub to HackTheBox, there are a few different ways to quote “get your hack on”! Derek Rook (@_r00k_) joins...
Episode 35 – Container Security with Jay Beale
From jails to virtual machines, process isolation is the “holy grail” of security. Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices. Jay Beale of InGuardians fame joins me to...
Episode 34 – Exploring Powershell with Mick Douglas
Living off the land is pretty standard fare for pen testers. On Linux systems, the go-to is usually Python, but on Windows it’s all about Powershell. This week I’m fortunate enough to sit down with Mick Douglas to talk...
Episode 33 – 3 Pillars for Starting a Security Program
In this episode John goes at it alone and discusses his own experiences with starting up a security program at different organizations by focusing in on what he views are the 3 key pillars for a new security program.
Some...
Episode 32 – Fireside Chat with Deviant Ollam
Continuing on with my fireside chat series, where I bring on a guest to just have a casual chat and see where the conversation takes us, my guest this time is Deviant Ollam. Well known for his work with...
Episode 31 – Killing the Pen Test with Adrian Sanabria
The penetration test, or pen test as it’s commonly referred to, is one of the great necessary evils in Infosec today. My guest for this episode is Adrian Sanabria, who has an interesting thought – let’s kill the pen...
Episode 30 – Infosec D&D Tabletop with Jerry Bell and Andrew Kalat from Defensive Security
It’s that time again! We’re doing another Infosec tabletop in a D&D style, this time with the fine gentlemen from the Defensive Security podcast! Jerry and Andrew join me for another infosec tabletop with all new scenarios, pitfalls, and...
Episode 29 – The Importance of Community in Infosec w/ Cheryl “3ncr1pt3d” Biswas
The idea of “community” is an important one, especially if you talk about a group of people who want to help improve their skills by sharing their ideas, experiences, etc, with like minded individuals. The Infosec community is no...
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week
Safer browsing, more bitcoin scams, and the rest of the week's top security news.
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
Machine Learning Can Create Fake ‘Master Key’ Fingerprints
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
