Exploring Information Security - Timothy De Block
By Timothy De Block
About this podcast
The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.

Episodes (Total: 98)
July 17, 2017 · 00:17:53
In this inclusive episode of the Exploring Information Security podcast, Micah Hoffman, a certified SANS instructor, joins me to discuss how to join the infosec community.Micah (@WebBreacher) gave a talk at BSides DC last year on joining the infosec community. For Micah it took him a while to get involved. He jumped right into the deep end by going to DEFCON. Several years later he decided to get more involved in the community and quickly discovered several of the benefits from doing that. I had a similar experience, attending DEFCON in the early 2000s. I wouldn't attend another security conference until 10 years later.There are a lot of benefits to getting involved in the infosec community. You get to contribute and make the community a little better. You get to meet some awesome people. You will have more job opportunities open up. Community engagement shows initiative and allows you to meet people looking to fill roles.In this episode we discuss:How to meet peopleWhat are some of things to watch out for in the communityOther resources available for getting invovledMore resources:Mubix's Room 362 - Start in Infosectisiphone.net [RSS Feed] [iTunes]
July 10, 2017 · 00:27:18
In this inclusive episode of the Exploring Information Security podcast, Micah Hoffman, a certified SANS instructor, joins me to discuss how to join the infosec community.Micah (@WebBreacher) gave a talk at BSides DC last year on joining the infosec community. For Micah it took him a while to get involved. He jumped right into the deep end by going to DEFCON. Several years later he decided to get more involved in the community and quickly discovered several of the benefits from doing that. I had a similar experience, attending DEFCON in the early 2000s. I wouldn't attend another security conference until 10 years later.There are a lot of benefits to getting involved in the infosec community. You get to contribute and make the community a little better. You get to meet some awesome people. You will have more job opportunities open up. Community engagement shows initiative and allows you to meet people looking to fill roles.In this episode we discuss:How Micah got into the communityWhat is the infosec community?Why it's important to get involvedWhere can someone get involved?More resources:Mubix's Room 362 - Start in Infosectisiphone.net [RSS Feed] [iTunes]
July 3, 2017 · 01:32:47
In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.In this episode we discuss:CertificatesHiringInterviewingWhere to get startedSoft skillsShowMeCon and other conferencesCommunity and giving backImposter syndromeIrongeeks impact on those in attendance [RSS Feed] [iTunes]
June 26, 2017 · 00:30:27
In this analyzed episode of the Exploring Information Security podcast, Daniel Ebbutt joins me to discuss malware analysis.Daniel (@notdanielebbutt) is a malware analyst at a fortune 500 company. I recently caught up with Daniel at Converge and BSides Detroit. We had a great conversation about malware analysis. Talking about the topic with him you can tell he is very passionate and excited about the subject. Which is why I decided to have him on the podcast for a little chat.In this episode we discuss:What types of anti-malware Daniel has seenHow to perform malware analysisWhat skills are useful for malware analysisWhat resources are availableMore resources:Twitter@malwareunicord@Xylit0lmalwrhunterteamSwiftOnSecurityMalwareAnalysisForHedgehogs - YouTube channelGitHubDidierStevensSuiteofficeparserDetect-It-EasyPortExSysinternals SuiteOllyDbgBinaryNinjaRadare [RSS Feed] [iTunes]
June 19, 2017 · 00:24:44
In this analyzed episode of the Exploring Information Security podcast, Daniel Ebbutt joins me to discuss malware analysis.Daniel (@notdanielebbutt) is a malware analyst at a fortune 500 company. I recently caught up with Daniel at Converge and BSides Detroit. We had a great conversation about malware analysis. Talking about the topic with him you can tell he is very passionate and excited about the subject. Which is why I decided to have him on the podcast for a little chat.In this episode we discuss:What is malware analysisHow to get malwareHow to handle malwareWhat the different classes of malware areMore resources:Twitter@malwareunicord@Xylit0lmalwrhunterteamSwiftOnSecurityMalwareAnalysisForHedgehogs - YouTube channelGitHubDidierStevensSuiteofficeparserDetect-It-EasyPortExSysinternals SuiteOllyDbgBinaryNinjaRadare [RSS Feed] [iTunes]
June 12, 2017 · 00:21:19
In this final part of a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).In this episode we discuss:Why it's important to never eat aloneHow to improve your social skillsHow to start a conversationWhy it's important to practiceMore resources:How to win friends and influence people by Dale CarnegieNever Eat Alone by Keith FerrazziWhat Every BODY is Saying by Joe NavarroIntroducing NLP by Joseph O'Connor and John SeymourThe Game by Neil StraussJohnny Xmas YouTube channel [RSS Feed] [iTunes]
June 5, 2017 · 00:19:55
In this second part to a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).In this episode we discuss:Why it's important to never eat aloneHow to improve your social skillsHow to start a conversationWhy it's important to practiceMore resources:How to win friends and influence people by Dale CarnegieNever Eat Alone by Keith FerrazziWhat Every BODY is Saying by Joe NavarroIntroducing NLP by Joseph O'Connor and John SeymourThe Game by Neil StraussJohnny Xmas YouTube channel [RSS Feed] [iTunes]
May 29, 2017 · 00:25:31
In this start to a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).In this episode we discuss:What are social skillsWhy they're importantHow it relates to social engineeringHow to interact with someone in a conversationMore resources:How to win friends and influence people by Dale CarnegieNever Eat Alone by Keith FerrazziWhat Every BODY is Saying by Joe NavarroIntroducing NLP by Joseph O'Connor and John SeymourThe Game by Neil StraussJohnny Xmas YouTube channel [RSS Feed] [iTunes]
May 22, 2017 · 00:29:03
In this picky edition of the Exploring Information Security podcast, Adrian Crenshaw joins me to discuss lockpicking and how to pick a lock.Adrian (@Irongeek_adc) contributes a lot to the infosec community. He's at a lot of different conferences around the country. When he attends dinners at those conferences you can usually see him carrying around a big chain of locks and a monster wallet of lock picks. I've learned to pick locks with Adrian at a few of these dinners and thought it would make a good topic for the podcast.In this episode we discuss:How to lock pickWhat are Bogota picksHow video games are bad for lockpickingWhat is lock bumpingWhat happens when you bring lock picks on a planeResources:Toool.usPractical Lock Picking by Deviant OllamIrongeeks guides and resourcesMIT guide to lockpickingSparrow Lock picksTremendous Twelve lock picks [RSS Feed] [iTunes]
May 15, 2017 · 00:11:43
In this scavenger edition of the Exploring Information Security podcast, I provide tips on getting a ticket to DerbyCon.DerbyCon tickets went on sale May 6, 2017. Two minutes before the official release time, tickets were already sold out. This led to some controversy surrounding the release of tickets five minutes before. This was something that the conference has done for years. Last year the conference sold out in hours. This year it became a problem. There is still plenty of time to secure a ticket. Here are some ways to do that (h/t @PyroTek3).DerbyCon Twitter account: DerbyCon plans to release more tickets in smaller batches. Watch their Twitter account for more information.Watch Twitter: Plans change. People will be selling tickets leading up to the conference. Expect an increase in people looking to sell their tickets the month before the conference. I would also recommend paying attention for when speaker notifications go out. Usually around early August.Submit a talk: The year I began speaking, I got accepted to speak at DerbyCon. The conference prefers new talks and loves new speakers. If you have an idea go for it. You never know. Volunteer: It takes a lot of people to run a conference. Volunteers get a free ticket to the con. You will have to work the conference. Which also may result in making some new friends and connections.Sponsor the conference: DerbyCon is still looking for sponsors. Included in the sponsor package are tickets to the con.Contests: Keep a look out for contests involving tickets. For example the Brakeing Down Security podcast is putting on a CTF for DerbyCon tickets.  [RSS Feed] [iTunes]
May 8, 2017 · 00:22:38
In this bulb edition of the Exploring Information Security podcast, Price McDonald Director of Colafire Labs joins me to discuss hardware hacking.Price (@pricemcdonald) recently gave a hardware hacking talk at BSides Indy. Which I had the pleasure to attend. I was fascinated by the content he provided for the talk and decided to have him on. Hardware hacking is not something we see too much, but it is out there. It's used in physical penetration tests and for other learning opportunities. Listening to Price you can tell he has a strong interest in the topic.In this episode we discuss:What is hardware hacking?What hardware can be hacked?Where hardware hacking applies?How to get started in hardware hackingResources:EEV BlogJoe Grand [RSS Feed] [iTunes]
May 1, 2017 · 00:23:59
In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.In this episode we discuss:What is threat intelligenceHow threat intelligence is usefulWhat are the benefits of threat intelligenceWhat needs to be done before threat intelligenceResources:Awesome Threat IntelligencePyramid of PainBSides Augusta - This is not your Mommas Threat Intelligence [RSS Feed] [iTunes]
April 24, 2017 · 00:30:12
In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.In this episode we discuss:What is threat intelligenceHow threat intelligence is usefulWhat are the benefits of threat intelligenceWhat needs to be done before threat intelligenceResources:Awesome Threat IntelligencePyramid of PainBSides Augusta - This is not your Mommas Threat Intelligence [RSS Feed] [iTunes]
April 17, 2017 · 00:26:16
In this installed episode of the Exploring Information Security podcast, Wes Widner joins me to discuss how Macs get malware.Wes (@kai5263499) spoke about this topic at BSides Hunstville this year. I was fascinated by it and decided to invite Wes on. Mac malware is a bit of an interest for Wes. He's done a lot of research on it. His talk walks through the history of malware on Macs. For Apple fan boys, Macs are still one of the more safer options in the personal computer market. That is changing though. Macs because of their increased market share are getting targeted more and more. We discuss some pretty nifty tools that will help with fending off that nasty malware. Little Snitch is one of those tools. Some malware actively avoids the application. Tune in for some more useful information.In this episode we discuss:How Macs get malwareWhat got Wes into Mac malwareThe history of Mac malwareWhat people can do to protect against Mac MalwareMore resources:OSX Security Awesome - GitHubA Worm in the Apple - SlidesPeople to follow on Twitter:Patrick Wardleobjective_see0xAmitMorpheus______osxreverserliucojosxdaily [RSS Feed] [iTunes]
April 14, 2017 · 00:06:39
In this looking for more edition of the Exploring Information Security podcast, I've got two job postings and two people looking for an opportunity in infosec.Job postingsThe two postings I have are from my place of employment, Premise Health. We have a Jr. Pen Tester and Security Engineer role. Both positions will require you to relocate to Nashville, TN.People lookingBrian Hearn was on a previous episode of the Exploring Information Security podcast to discuss his home lab setup. He has eight years of networking and system administration. He's looking for an opportunity in the US. Preferably the western side of the US. He's looking for an opportunity in network monitoring, forensics, or auditing.You can reach out to Brian at bhearn99.sec[@]gmail[.]comZaid Qumei is looking for an entry level role as a security analyst or junior pen tester. He has IT support experience. He is involved in his local OWASP chapter. Last year he graduated with an Electrical and Computer Engineering degree (second major in Computer Science) from Rutgers University. He recently got his Network+ and Security+ certifications. He is willing to relocate.You can reach out to Zaid at zaid.qumei@gmail.comFeel free to reach out to me with any feedback, either on Twitter (@TimothyDeBlock) or email (timothy.deblock[@]gmail[.]com). [RSS Feed] [iTunes] 
April 10, 2017 · 00:23:09
In this show me episode of the Exploring Information Security podcast, Dave Chronister managing partner at Parameter Security (@ParameterHacker) and organizer discuss ShowMeCon.I can't say enough good things about Dave (@bagomojo). Last year was my first opportunity to attendee and speak at ShowMeCon (@ShowMeConSTL). He and the organizers did a tremendous job taking care of the speakers and attendees. There was great content, activities, food, parties, and the venue was top notch. This is one of the most well run and classiest conferences I've had the opportunity to attendee. I am excited to have the opportunity to speak again at the conference.The conference has a different feel than other security conferences. It has more of a business feel. Which is a nice change of pace. This gives businesses in St. Louis an opportunity to tap into the vast knowledge of infosec community. It gives speakers of the infosec community an opportunity to show businesses how deep the infosec rabbit hole goes. I highly recommend (and often do) this conference to everyone in IT security.ShowMeCon is June 8 and 9, 2017, at the Ameristar Casino and Resort. Tickets are available until May 15, 2017.Other Details:If you need to contact the organizers of ShowMeCon their phone number is 314-443-0472. If you would like to volunteer send an email to info[@]showmecon[.]comIn this episode we discussed:What is ShowMeConHow the conference got startedWho should attend ShowMeConWhat can attendees expectA Saturday morning cartoon party [RSS Feed] [iTunes]
April 3, 2017 · 00:20:02
In this knowledge filled episode of the Exploring Information Security podcast, Justin Nordine joins me to discuss the OSINT Framework.Justin (@jnordine) is the creator of the OSINT Framework. The page is a spider web of tools and other OSINT resources that you can get lost in for days. It's a fabulous tool for those just getting in or those who use OSINT on a daily basis. He created it as a way to keep up with all the OSINT resources out there.In this episode we discussHow he got started in OSINTWhat is the OSINT Framework?How should the framework be used?What he has in store for future iterations [RSS Feed] [iTunes]
March 27, 2017 · 00:31:32
In this excessive episode of the Exploring Information Security podcast, Ed Rojas joins me to discuss the Internet of Things (IoT).Ed (@EdgarR0jas) has recently switched roles. In that role he's researching the internet of things. The internet of things is everywhere and it's starting to become an issue for the security community. From baby monitors to IP cameras to fridges, everything in the home is becoming connected. The issue comes in with the security being embedded in these device. There isn't any and it's allowing malicious people to create massive bot armies for distributed denial of services (DDoS). It's a tough problem to solve. Luckily, Ed is on the case.In this episode we discuss:What is the internet of things?Why is an IoT an issue?What should organizations be worried about?What are the dangers of IoT?More resources:BlackBerry Security Summit: How Your Tea Kettle could be a Gateway for HackersInternet of Things ConsortiumIoTwatcher on TwitterIBM Watson [RSS Feed] [iTunes]
March 20, 2017 · 00:24:37
In this musical edition of the Exploring Information Podcast, organizers Jennifer Samardak and Finn Breland join me to discuss BSides Nashville.BSides Nashville (@bsidesnash) is the second BSides I attended and the only one I've attend each year since it's inception. It's a really well put together conference. They have three tracks. They have the usual side areas with lock picking, hardware hacking, and a kids area. The best part though is the lunch. They cater lunch from Martin's BBQ. One of Nashville's best BBQ places. I would put the food up against any conference. I join Jen (@jsmardak) and Finn (@FinnBreland) to talk about all that and much more.BSides Nashville is April 22, 2017, at Lipscomb University. Tickets are sold out. A waiting list is available for those hoping to attend.In this episode we discuss:What is BSides NashvilleWho should attend the conferenceWhat makes it's uniqueWhere are the places to visit in Nashville? [RSS Feed] [iTunes]
March 13, 2017 · 00:27:20
In this operational edition of the Exploring Information Security podcast, Jeff Lang from Virginia Tech joins me to discuss his day-to-day in a SOC.Jeff is a good friend of mine and one that I leaned on heavily when I was working in a SOC. He's been a IT Security Analyst for a while now and loves what he does. We've spent countless hours discuss SOC life. We've talked about nuances and some of the things he sees on a regular basis monitoring a college campus. I decided it would make for an interesting podcast episode.In this episode we discuss:What is a security operations center (SOC)?What are some of the roles in a SOC?What are some of the day-to-day things seen?What are the skills needed to work in a SOC?More resources:Security Operations Center: Building, Operating, and Maintaining your SOC by Joseph Muniz, Gary McIntyre, Nadhem AlFardanDesigning and building a security operations center by Nathans, David; Limbert, Matthew [RSS Feed] [iTunes]