Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Brian Dye from Corelight to discuss the evolution of cybersecurity, the importance of Network Detection and Response (NDR), and the challenges modern organizations face with securing their networks. Brian shares valuable insights into how Corelight leverages open-source technologies and data to provide advanced threat detection and forensics.

Key Topics Covered:

• The Evolution of Corelight
  Brian discusses the history of Corelight, the transition from the open-source project Zeek (formerly Bro) to the Corelight company, and the importance of supporting the open-source community. He also touches on how the company has grown as cybersecurity needs have evolved.

• Network Detection and Response (NDR)
  Corelight's NDR solutions help organizations detect advanced threats that bypass traditional security controls like firewalls and EDR. Brian explains the differences between EDR and NDR, and why both are essential for a comprehensive cybersecurity strategy.

• AI and Machine Learning in Security
  Brian dives into how Corelight has embraced AI and machine learning, particularly with generative AI (GenAI), to improve threat detection and response capabilities. He shares examples of how organizations are using GenAI to automate security workflows and accelerate alert investigations.

• The Changing Threat Landscape
  Brian talks about how attackers are evolving their tactics, moving away from malware-based attacks to techniques like "living off the land" (LoL) to avoid detection. He discusses the importance of understanding these advanced attack methods and how NDR tools help provide the data needed to investigate and respond.

• Real-World Success Stories
  Brian shares examples of how Corelight has helped organizations respond to cyber threats, including a ransomware attack scenario where Corelight's tools provided the necessary data to help the victim organization make informed decisions about whether to pay a ransom.

• The Future of Network Security
  Looking ahead, Brian outlines the future of Corelight and its focus on expanding its data capabilities to enable more advanced detections. He highlights the importance of data as a foundational element for security and how Corelight plans to continue innovating in the NDR space.

Guest Bio:

Brian Dye is the Chief Product Officer at Corelight, a leading provider of Network Detection and Response (NDR) solutions. With years of experience in cybersecurity, Brian is dedicated to helping organizations defend against advanced threats using open-source tools and innovative technology.

Links and Resources:

• Corelight Website

• Zeek Project

• Corelight's Open-Source Threat Hunting Guides

• Corelight Blog

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

Summary:

In this episode of Exploring Information Security, host Timothy De Block is joined by Christian Hyatt, CEO of risk3sixty, a company that specializes in helping businesses with security and compliance. Christian shares his thoughts on how organizations are dealing with the increasing complexity of compliance programs, third-party risks, and the role of offensive security in bridging the gap between compliance and risk management.

Key Topics Covered

• What is risk3sixty and the Problem it Solves?
  Christian discusses how risk3sixty helps organizations streamline and harmonize complex security and compliance programs, providing significant cost savings and efficiency.

• The Importance of GRC Transformation
  Christian explains the role of Governance, Risk, and Compliance (GRC) transformations in helping businesses manage multiple frameworks, such as ISO, SOC 2, and NIST.

• Offensive Security and Compliance
  How risk3sixty integrates offensive security services like red team engagements and continuous pen testing with a focus on both compliance and true risk management.

• The Evolution of Security and Compliance
  The challenges and opportunities in integrating security directly into the development lifecycle, and how risk3sixty is positioning itself to lead the way in managing third-party risks.

• AI and the Future of Compliance
  Christian’s perspective on how AI is impacting compliance roles and what it means for the future of security and risk management.

Highlights

• risk3sixty’s Full Circle GRC platform streamlines compliance management, helping businesses save time and reduce costs.

• The increasing need for businesses to manage third-party risks as part of their cybersecurity strategy.

• How risk3sixty is adapting to the changing cybersecurity landscape, especially in highly regulated industries.

Guest Bio

Christian Hyatt is the CEO of risk3sixty, a leading provider of security and compliance services. With years of experience in helping businesses navigate complex GRC challenges, Christian is passionate about making security more efficient and accessible to organizations of all sizes.

Links and Resources

• risk3sixty Website

• Full Circle GRC Platform

• risk3sixty Annual Grid Event

• Free Educational Content on ISO 27001, SOC 2, and More

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

Summary:

In this episode, host Timothy De Block sits down with Tim Fowler, the creator of Tempest, a hands-on educational project focused on space cybersecurity. Tim shares the story behind the development of Tempest, a 1U CubeSat designed for teaching and exploring cybersecurity in space systems. With insights from his background in space cyber, Tim explains how Tempest offers a unique, vulnerable, and modular platform for learning, hacking, and improving space security.

Key Topics Covered:

• What is Tempest?
  Tim introduces Tempest, a one-unit CubeSat built for educational purposes, focusing on the cybersecurity aspects of space systems. He explains how CubeSats are small satellites with low cost and accessibility but often lack a focus on security.

• Design and Development of Tempest
  Tim talks about his 18-month journey developing Tempest, a project that started as an educational tool for his class on space cybersecurity. The CubeSat is intentionally vulnerable, offering students a chance to explore hacking and security concepts in space systems.

• Tempest as a Teaching Aid
  Tempest is designed to be hands-on, giving students real-world exposure to the challenges and opportunities in securing space systems. The first version of Tempest debuted at Wild West HackingFest, and Tim discusses how he plans to scale and release the hardware for public use.

• Challenges and Learning Through Failure
  Tim shares some humorous and insightful moments from teaching with Tempest, including a broadcast storm in the classroom caused by satellites "talking" to each other. He reflects on the importance of troubleshooting and learning through failure, both as a developer and instructor.

• Upcoming Plans for Tempest
  Tim outlines his goals for 2025, including releasing Tempest hardware for public consumption and expanding the educational content around space cybersecurity. He also hints at adding AI capabilities to the CubeSat for future applications like missile detection or weather observation.

Guest Bio:

Tim Fowler is a space cybersecurity expert and creator of Tempest, a unique educational tool designed to teach security in space systems. With years of experience in both the defense and cybersecurity sectors, Tim is passionate about making space systems more secure and accessible for hands-on learning.

Links and Resources:

• Ethos Labs - Tempest and other space cybersecurity resources

• Anti-Cyphon Training - Training courses and workshops by Tim Fowler

• Wild West HackingFest - Upcoming workshops featuring Tempest

• LinkedIn - Connect with Tim Fowler for more updates

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

Summary:

In this solo episode, Timothy De Block takes a step back to reflect on the journey of Exploring Information Security in 2024 and look ahead to what's coming in 2025. Timothy shares insights into the podcast's growth, highlights from the past year, and the direction for the future, including new initiatives and exciting changes.

Key Topics Covered:

• Podcast Growth and Feedback
  Timothy discusses the steady growth of the podcast, with the introduction of new platforms like Spotify and Amazon Podcasts, and a significant expansion into YouTube. He emphasizes the importance of feedback and encourages listeners to connect and rate the podcast.

• The Podcast’s Focus and Vision
  Reflecting on the podcast's evolution, Timothy talks about how the content has expanded beyond traditional technical topics to cover security awareness, human behavior, and broader cybersecurity challenges. He also mentions the plan to increase blog posts and share security awareness content for listeners to use within their own companies.

• Live Podcasting and Future Engagement
  Timothy highlights the success of the live podcast with the ILF crew and shares plans for more live sessions, with opportunities for audience interaction and sponsor exposure. He expresses his excitement to continue experimenting with live recordings and expanding the podcast’s reach.

• Vendor Insights and Sponsored Content
  Discussing the rise in vendor interest, Timothy talks about how the podcast will feature discussions with vendors about the problems they solve in the cybersecurity space. He shares his commitment to providing meaningful content and avoiding any “sales pitch” style conversations, ensuring that vendor content is both educational and valuable to listeners.

• ShowMe Con and Networking Opportunities
  Timothy promotes ShowMe Con, a conference where he will be speaking and attending. He shares how it offers a unique mix of hacker and business vibes, and he encourages listeners to participate in the conference or attend as speakers for valuable exposure and networking.

• Plans for 2025
  Looking to the future, Timothy discusses his goals for 2025, including more live podcasting, increased blog content, and deeper engagement with the audience. He also shares his excitement for upcoming content, including vendor conversations and security awareness-focused material.

• Personal Reflections and Motivations
  Timothy closes with a personal note, reflecting on his 23 years in IT and his growth in the security field. He talks about his passion for teaching and mentoring, particularly in the realm of security awareness. He also humorously discusses his New Year’s resolution to take January off from drinking, highlighting his commitment to personal growth.

Links and Resources:

• ExploreSec Website

• ShowMe Con Call for Papers

• Exploring Information Security on YouTube

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

Originally posted June 25, 2014

I've been wanting to do a podcast, for a while now, on information security. I wasn't sure what I wanted the objective of the podcast to be. Most of the information security podcasts out there, or at least the ones I listen to, usually do a guest interview and cover some of the latest news and happenings within the information security. I didn't want to spin up, yet, another one of those.

Instead I've decided to spin up a podcast that explores the world of information security. One of the things I've been hearing the infosec community needs are people to teach security to those inside and outside the community. I am still very much in the early stages of my career as an information security professional and trying to learn as much as I can. I thought a podcast that allowed me to share what I've learned and explored would make for a great podcast. So here we are and my first podcast is about how to get into information security.

To explore that topic I decided to do an interview with VioPoint consultant and roundhouse master Jimmy Vo (@JimmyVo). We covered how he got into information security and also talked about some of things people on the outside looking in can do to get into information security.

Feedback is very much appreciated and wanted. Leave them in the comment section or contact me via email.

 

[RSS Feed] [iTunes]

Summary:

In this episode of Exploring Information Security, host Timothy De Block talks with David Mytton, founder of ArcJet, about enabling developers to build secure applications seamlessly. David shares his journey from running a cloud monitoring business to developing ArcJet, a security-as-code platform that integrates security measures directly into an application's codebase.

They discuss ArcJet's approach to empowering developers with tools for bot detection, rate limiting, and more, all without compromising the developer experience. David and Timothy explore the challenges of bridging the gap between development and security, the philosophy behind "DevSecOps," and how ArcJet addresses real-world issues like bot abuse and API misuse. Whether you're a developer, security professional, or tech enthusiast, this episode offers unique insights into making application security more accessible.

Key Topics Covered

• What is ArcJet and the problem it’s solving?: A security-as-code platform designed for developers to integrate protections directly into their applications.

• Developer-Centric Security: How ArcJet enhances security workflows by providing developers with intuitive SDKs and tools.

• Real-World Use Cases: Stories of companies reducing infrastructure costs and mitigating bot-driven abuse with ArcJet.

• The Evolution of DevSecOps: Challenges and opportunities in integrating security into the development lifecycle.

• David's Philosophy: The importance of documentation, user experience, and building tools developers love.

Highlights

• Developers can start using ArcJet with just a few lines of code.

• ArcJet helps teams address spam, API abuse, and fraud while focusing on feature development.

• David's perspective on the state of security tooling and how ArcJet stands out.

Guest Bio

David Mytton is the founder of ArcJet, a security-as-code platform. He previously founded a cloud monitoring business and has extensive experience with developer tools and application security. David is passionate about creating seamless developer experiences and advancing security tooling to meet modern demands.

Links and Resources

• ArcJet: arcjet.com

• Follow David Mytton: LinkedIn | Twitter

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

In this artistic episode of the Exploring Information Security podcast, Mubix joins me to discuss MS08-067.

Mubix (@mubix), available at room362 and Hak5, joins me to discuss one of his favorite exploits: MS08-067. I invited Mubix on to talk about MS08-067 because of a tweet he retweeted. The tweet included a confession that a consultant used the MS08-067 vulnerability to break into a clients network. This vulnerability is really old and while not widespread it does pop-up from time-to-time. I was happy to discover that Mubix has a great appreciation for the exploit.

In this episode we discuss:

• What is MS08-067?

• How long has it been around?

• Why is it still around?

• What name it would be given in today

More resources:

• Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter

• The Inside Story Behind MS08-067 by John Lambert - Microsoft TechNet

[RSS Feed] [iTunes]

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Amanda Berlin, co-author of the Defensive Security Handbook, to discuss the evolution of the book, the challenges of writing for the blue team, and how it’s helping cybersecurity practitioners today. Amanda shares insights on creating accessible resources for security professionals and the importance of designing security that works for everyone, from SMBs to enterprise teams.

Key Takeaways:

• Origins of the Handbook: Amanda reveals how the Defensive Security Handbook was born from her own challenges as a security professional and the lack of accessible, practical blue team resources.

• Writing Process and Updates: The journey of creating the first edition and the significant updates in the second edition, including expanded cloud coverage and reorganized database content.

• Designing Security for SMBs: Amanda highlights the unique challenges small and medium businesses face, from budget constraints to vendor complexities, and how the book aims to provide practical, scalable advice.

• Balancing Technical and Practical: The handbook’s goal is to simplify complex concepts, making them digestible for newcomers while still useful for seasoned professionals seeking quick references.

• The Importance of Empathy in Security: Amanda emphasizes the need for empathy in designing security tools and processes, especially for SMBs that lack dedicated resources or expertise.

• Feedback and Impact: How the book has resonated with unexpected audiences, including developers and detection engineers, as a guide to understanding security concepts.

Resources Mentioned:

• Books:

  • Defensive Security Handbook (2nd Edition) by Amanda Berlin and Lee Brotherston

  • Blue Team Handbook by Don Murdoch

  • Security Engineering by Ross Anderson

• Episode Links

  • Mental Health Hackers, founded by Amanda to address mental health challenges in the security industry.

  • Get the Book: Defensive Security Handbook on O'Reilly

  • Connect with Amanda: @InfoSystir on Twitter

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

Summary:

In this episode of Exploring Information Security, host Timothy De Block and guest Javvad Malik, security awareness advocate and writer for KnowBe4, delve into the concept of user-centric design in security. Javvad shares insights on building security controls that enhance user experience rather than hinder it, and explores how organizations can foster a security culture by making processes more intuitive and less obstructive.

Key Takeaways:

• Empathy in Security Controls: Javvad discusses the importance of understanding users’ needs and challenges. He emphasizes that security should focus on helping users rather than enforcing rigid policies. Using familiar examples, like Tetris vs. Minecraft, he illustrates the shift from a rigid, top-down approach to a more adaptable, user-driven model.

• Learning from Shadow IT: Rather than forbidding unauthorized tools, Javvad suggests engaging with employees to understand why they choose certain applications. By integrating tools that users find convenient, security teams can balance security with user needs.

• Behavioral Science Meets Security: Javvad highlights the value of metrics in understanding user behavior and assessing risks. He proposes using a combination of security metrics—like phishing susceptibility and device usage—to gauge an individual’s or department’s security behavior, thereby creating a more effective, user-centric security program.

• The Power of Nudge Theory: Drawing from behavioral science, Javvad explores how gentle prompts, like password managers and risk reminders, can steer users toward safer behaviors. He likens this to everyday nudges we see, such as speed-limit reminders on roads, which encourage compliance without confrontation.

Resources Mentioned:

• KnowBe4 Blog: Javvad’s blog on KnowBe4 about user-centric design.

• Behavioral Science Books: Recommended readings include Nudge: Improving Decisions About Health, Wealth, and Happiness by Richard H. Thaler and Cass R. Sunsteinand and Tiny Habits by BJ Fogg for insights into influencing behavior.

• Invisible Gorilla Test: A classic experiment demonstrating how easily we miss the obvious, relevant to security’s focus on user awareness.

About Our Guest:

Javvad Malik is a security awareness advocate and writer at KnowBe4. He uses storytelling and humor to make security concepts relatable and user-friendly. Follow his latest articles on the KnowBe4 blog, where he offers practical insights into security awareness and user-focused security design.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

Summary:

Timothy De Block is joined by Shane McCombs and John McCombs of the Innocent Lives Foundation (ILF), Josh Huff and Rev3Dood who volunteer their time with ILF, as they delve into an adventurous and charitable whiskey barrel pick trip from April 2024. This live episode gives an insider’s look into the process of selecting exclusive bourbon barrels and the exciting world of whiskey enthusiasts. From Four Roses to Starlight Distillery, Tim and the team explore unique blends, share laughs, and reflect on how each sip supports a meaningful cause.

Check out Unicorn Auction to place a bid on one of the bottles we’re discussing

Check out the ExploreSec YouTube channel for the live video recording.

In this Episode, You’ll Learn:

• The Origins of ILF's Barrel Pick Club: Learn about how the passion for whiskey and charity combined to form this unique fundraising avenue for the ILF.

• The Complexity of Barrel Picking: Discover why selecting a barrel involves more than just a good taste – it requires considering the community’s preferences, uniqueness, and the impact on the ILF mission.

• Inside Four Roses & Starlight Distilleries: Hear about the in-depth tours, the science of barrel aging, and the behind-the-scenes processes that make these distilleries so iconic.

• Unique Barrels and Bottles: Highlights include details on Four Roses’ single-tier rickhouses, rare yeast strains, and the exceptional Starlight Mizunara cask, a rarity in the whiskey world.

• The Auction and Community Impact: John McCombs from ILF explains how the auction supports ILF and offers tips for placing bids on exclusive bottles.

Memorable Moments:

• Whiskey Tasting: A breakdown of tasting notes for Four Roses and Starlight bottles, featuring everything from minty finishes to complex layers of caramel, chocolate, and spices.

• Funny Stories: From almost puking in a 15-passenger van to accidental whiskey spills, Tim and the team share some hilarious moments from their trip.

• Chris Hadnagy’s Unique Taste: Chris’s love for scotch sets him apart as he humorously describes notes like “pine sol” that others struggle to find.

Auction Information: The auction, hosted by Unicorn Auctions, is open for two weeks, and all proceeds go to supporting ILF’s mission. Bids can be placed on unique bottles hand-picked by the ILF team, with Unicorn waiving all fees to maximize impact. Check out the auction site for updates and be ready to place your bids!

Connect with ILF:

• Innocent Lives Foundation: Innocent Lives Foundation Website

• Follow on Instagram: @innocentlivesfoundation

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Thomas Ritter, a seasoned attorney specializing in cybersecurity and privacy law, to discuss the often-overlooked legal complexities surrounding incident response (IR). From breach terminology to ransomware negotiations, Ritter shares insights from his years of experience navigating legal pitfalls that can arise when responding to security incidents.

Key Takeaways:

• Understanding "Incident" vs. "Breach": Ritter emphasizes the importance of careful communication within an organization during a security incident. Misusing legally significant terms, like "breach," can lead to premature obligations, such as breach notifications, which may have serious consequences for an organization.

• Attorney-Client Privilege in IR: External counsel's role can extend attorney-client privilege over critical aspects of IR, including the involvement of forensic specialists. This protection can prove essential if an incident escalates into litigation.

• Ransomware Negotiation Nuances: With ransomware incidents on the rise, Ritter provides a detailed look at the negotiation process, advising organizations to work with professional negotiators. He recounts instances where attackers leveraged knowledge of clients' cyber insurance coverage to increase ransom demands.

• Tabletop Exercises for IR Preparedness: Ritter highlights the value of tabletop exercises, especially involving executive leadership. He notes that regular, comprehensive drills help organizations refine incident response policies and minimize legal exposure during actual incidents.

• Navigating Class Action Exposure: As data breaches often trigger class action lawsuits, organizations must take steps to prepare, including consulting legal professionals to reduce risk through privilege-protected documentation.

Resources Mentioned:

• International Association of Privacy Professionals (IAPP): A valuable source for privacy and security trends.

• Cybersecurity Law Report: An in-depth publication on current legal issues in cybersecurity.

• Ritter Gallagher Blog: Thomas Ritter’s firm provides regular insights on emerging legal topics in cybersecurity.

About Our Guest:

Thomas Ritter is a cybersecurity and privacy attorney at Ritter Gallagher, where he focuses on helping organizations navigate the legal landscape of security incidents and data breaches. For more information, or to get in touch, visit RitterGallagher.com or email Thomas directly at [email protected].

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Subscribe

Sign up with your email address to receive news and updates.

Email Address Sign Up

We respect your privacy.

Thank you!