The OffSec Podcast returns this week with special guest Kai (Shad0wbits), the founder and Chief Security Architect at Black Cipher Security. Host TJ Null begins by asking Kai about what piqued his interest in the Infosec field and what resources he used to get himself started. He shares what made him decide to start his own pentesting firm and gives advice for those looking to start their own business. He then describes his definition of red teaming, his favorite environment to access, and the worst thing he’s done in a test. Lastly, Kai explains why it’s important for people in the infosec community to share their knowledge with others as well as community projects he’s been working on. Enjoy the episode!
Host FalconSpy returns this week joined by Rob Ragan, Principal Researcher at Bishop Fox! They begin by diving into tips for organizations beginning to build out their continuous security testing and why it’s so important. Regan also shares bugs he’s discovered deploying your tools to assist with continuous security testing. Next, he gives advice based on his own experience in the InfoSec field to those aspiring to break into the industry. Lastly, he discloses whether degrees or certifications are necessary for a career in InfoSec and how to become more specialized in continuous security testing and automation. Enjoy the episode! Make sure to check out Bishop Fox: https://bishopfox.com/blog/introducing-cloudfox https://github.com/BishopFox/smogcloud
In this week’s episode, host TJ Null welcomes Christopher Forte, an infrastructure engineer at Offensive Security. Forte has red-teamed the city of Los Angeles, spoken at Defcon, and hosted training events for multiple intelligence agencies. The episode begins with Christopher sharing resources he used to get his start in the infosec field. He then comments on why he believes information security is an important topic to care about in our technology-driven lives. Next, the most important security awareness topic, according to Forte, is discussed and he shares some recommendations for improving your information security–whether personally or professionally. Lastly, Chris shares what interests him about mentoring in the community and why it’s crucial for others in the infosec community to share their knowledge. Enjoy!
Host TJ Null returns this week with an episode featuring two special guests: Jim O’Gorman and Dave Kennedy! Jim O’Gorman is the Chief Content and Strategy Officer for OffSec and has been in the information security world for more than a decade. Dave Kennedy, CEO and Founder of TrustedSec, has presented at conferences such as Defcon and Blackhat. Together, Jim and Dave wrote Metasploit: The Penetration Tester's Guide and collaborated on ideas for the Mr. Robot TV Show. They begin the episode by sharing what got them into the information security field and how they met for the first time. Then, they disclose which resources they used to learn more about pentesting. Dave shares how attending events like DefCon and BlackHat gave him indispensable knowledge when he was laying the foundation for his career. Jim and Dave lastly share tips they have for students when they’re stuck on a challenge, as well as what they enoy doing outside of the infosec world. Enjoy!
In this week's episode, host Jeremy (harbinger) Miller chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into penetration testing, what pentesting is, application/code reviews, red teaming, and more. He also dives into internal vs external pentesting by discussing who the client is, perimeter access levels, and the mindset of each. While sharing his experience throughout his pentesting journey, he also gives tips on what every pentester should know. Enjoy!
In this week’s special episode, Dr. Heather Monthie sits down with Lester Godsey, CISO of Maricopa County, Arizona. Lester begins by explaining how he got into the cybersecurity field and shares a fun fact about himself. He then shares his role as a CISO, how security supports different departments, and the biggest risks he sees in critical infrastructure security. The integrity of the 2020 US Presidential Election is discussed along with Godsey’s take on the threats he saw in Maricopa County and lessons learned. Moreover, he highlights the spread of misinformation on social media as well as advice he has for CISOs looking to hire cybersecurity professionals and how to best attract them to roles. Enjoy!
In this episode, host TJ Null sits down with DarkStar7471 aka Dark, our recent community moderator for the OffSec Community. Dark is currently a lead pentester at State Farm Insurance and has produced content for TryHackMe. He starts by sharing his journey before working for OffSec as well as what piqued his interest in the information security field. Then, Dark highlights why he decided to obtain his OSCP and how the knowledge he gained from the course benefits him in his career trajectory. He also shares some exciting projects he works on relevant to pentesting. Lastly, Dark shares advice he has for anyone working to become a pentester and hobbies he enjoys outside of infosec. Enjoy the episode!
In this week’s episode, host Dr. Heather Monthie chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into cybersecurity, what attracted him to the field, and the biggest lesson he’s learned in his career so far. Sharing his experience throughout his OSCP journey, he shares tips for anyone looking to pass the exam who are trying to balance other responsibilities. Then, he offers advice for cybersecurity managers on how to locate the best talent. FalconSpy explains how to make these positions more attractive to cybersecurity professionals. Lastly, he shares a current project he’s working on that he’s excited about as well as what he envisions as the ‘next big thing’ in cybersecurity. Enjoy!
In this week’s special episode, hosts Dr. Heather Monthie and Jeremy (harbinger) Miller sit down with Dr. Timothy Summers, PhD and Executive Director of Product Development at Arizona State University. Summers is an ethical hacker, professor, TED speaker, and a leading expert in cybersecurity strategy, blockchain technology, and how hackers think. To begin, he explains how he first got into cybersecurity when he got hacked himself. From this experience, he generated a curiosity about why and how it happened. He then shares his hobbies outside of cybersec and dives into his work on hacking cognitive psychology and the hacker mindset. Our guest highlights how organizations can learn from how hackers think to increase innovation within their own company and teach them how to protect themselves better. Summers also emphasizes how recruiters can screen potential hackers. Lastly, he shares other tech projects he’s been working on. Enjoy!
In this episode, host TJ Nulls sits down with ShadowKhan, a lead pentester and a community moderator in the OffSec Discord server. ShadowKhan tells his non-traditional story as to how he got into infosec. He also tells what resources he used to get started and gives some tips for anyone interested in getting into the security world. There’s one book in particular, that he highly recommends. ShadowKhan recently obtained his OSCE³ certification and describes his favorite aspect of those courses. On the offensive side of security, our guest tells us his favorite environment to access as well as two of his biggest mistakes when on an assessment. Finally, they wrap by talking about current community projects and blog posts ShadowKhan is working on, as well as what he’s doing outside of infosec. Enjoy the episode!
In this special episode, Jeremy (harbinger) Miller chats with Chris Glanden on the BarCode podcast. From BarCode’s show notes: “The YinYang philosophy says that the universe is composed of competing and complementary forces governed by a cosmic duality, sets of two opposing and complementing principles or energies that can be observed in nature. Similarly, the nature of offensive security requires a balance of proper mindset and technical expertise. To truly master this security discipline, you must learn to balance and draw from different sides of experiences in life, including the psychological aspect as well as the ones and zeros. Jeremy (harbinger) Miller is an InfoSec professional primarily interested in how security skills are taught, learned, and applied by individuals and organizations. He is currently the Product Manager of Content Development at Offensive Security. We catch up at the bar to discuss his unorthodox path into Infosec, his background in teaching martial arts, the true meaning of OffSec’s mantra, ‘Try Harder,’ and the importance of counterbalancing of mind and technical skills.” Enjoy!
For this week’s episode, host Dr. Heather Monthie chats with Mike Manrod, CISO of Grand Canyon Education. As a cybersecurity leader, he shares his expertise on how he recruits, mentors, and guides aspiring cybersecurity professionals in their career paths. He first starts by sharing his mid-career switch into the cybersecurity world along with his interest in martial arts. Then, he discusses his experience as a CISO, plus the biggest challenge and most rewarding part of the role. He offers tips for security leaders and managers on how to hire top talent in the cybersecurity industry. Moreover, they chat about the best way to train an individual into a top cybersecurity professional, even if they don’t have the technical skills. Finally, Mike shares his thoughts on the state of cybersecurity education today and what he envisions for its future. Enjoy!
This week, hosts TJ Null and FalconSpy sit down with Mike Waxman, Security Engineer at LinkedIn. Mike was originally a TPM and is now a Security Engineer. He starts off by describing how he made the switch and shares some advice for those looking to change roles into security. And for those already in the field, he also gives tips on how to get that coveted promotion. Related to that, Mike discusses his mentoring experience and what kinds of knowledge he passes along to those new to the industry. Mike is currently working through his PEN-200 journey toward the OSCP and provides some key tips for those also pursuing the OSCP. He also shares a specific idea on how to best prepare for the exam. Finally, he shares some words of encouragement to those early in their career looking to make their mark. Enjoy!
On this week’s episode, host TJ Null is joined by Tim Medin. Tim is the creator of kerberoasting and the CEO of Red Siege Information Security. He begins by recounting how he joined the infosec field as well as some resources he used to get himself started. Next, he highlights his favorite tools that he enjoys using on an engagement. TJ and Tim also chat about the first moment Tim discovered kerberoasting and his research on new attack techniques. He gives advice to users who want to implement detection/protection against kerberoasting. Then, he details what it’s like to run his own consulting company, Red Siege, and shares tips for those looking to start their own. Tim also reveals the one thing he would like to see change in the infosec community. Lastly, he discusses his love for the Olympics and football and his interest in competing in triathlons. Enjoy the episode!
This week host TJ Null chats with Phillip Wylie, Tech Evangelist at cycognito. Phillip has been a pentester for several years and in the IT industry for even longer. He tells an interesting story of how he got into infosec and some of the resources he used to get started. TJ and Phillip also chat about the OSCP, the Try Harder mindset, and what they mean for Phillip. Our guest regularly shares knowledge, gives talks, blogs, and teaches, and, in this episode, dives into what drives him to pass on knowledge. He also gives some tips for those starting out in infosec on how to share their experience and possibly even get a job in the process. Besides this, Phillip shares one thing he’d like to see changed in the infosec community and how. Enjoy!
Host Dr. Heather Monthie sits down with Ken Pyle, a graduate professor of cybersecurity and a partner of CYBIR. He begins the episode by chatting about how he got into cybersecurity and teaching in higher education. Then, he shares what he considers the hardest part as well as the most rewarding part of teaching cybersecurity to students. Heather and Ken also discuss how technology will change how higher education approaches teaching and learning infosec. He reveals how he believes colleges and universities can meet the demand for skilled professionals in this field and advice he has for infosec professors. Additionally, Ken sheds light on how universities can meet employers' demand for cybersecurity talent and how employers can attract cybersecurity professionals. Lastly, he shares his favorite book for all things hacking. Enjoy the episode!
Join host, Jeremy Miller (harbinger), as he sits down with Matteo Malvica (uf0) to discuss the new PEN-200 (PWK) Topic Exercises. They start the chat with Matteo’s background and what it’s like to be a Content Developer at OffSec. His first project was SOC-200, though his background was largely offensive. They chat about taking on the creation of a defensive course, coming from the offensive side. Matteo also reveals more details about SOC-200, including its structure and forthcoming content. Then they move to PEN-200 (PWK)’s new Topic Exercises: what they are and why they help the student. They finish up with a few rapid-fire questions. Enjoy the episode!
Hosts FalconSpy and TJ Null sit down with J3rryBl4nks, a member and Community Moderator on the OffSec Discord server. J3rryBl4nks is a Director of InfoSec for a small business organization. In this episode, he talks about how he got interested in the infosec field. He discusses why he thinks gaining knowledge through a degree or certifications is imperative in the infosec industry, along with a growth mindset. Then, he details his experience with PEN-200, including his take on the OSCP exam and tips to future students embarking on their PEN-200 journey. Additionally, J3rryBl4nks outlines what he looks for in a new hire regardless of their experience in the field. He then highlights his passion for password cracking and good rules to use with hashcat to optimize these results. Lastly, he shares his interest in both card and board games, video games, and his love of hiking and spending time with his family.
Host Harbinger (Jeremy Miller) sits down with Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation at OffSec. In this episode, Heather highlights her diverse background in education, leadership, and technology and how this allows her to improve initiatives at OffSec. Then, she details the intersection of teaching and learning in the classroom and how this relates in OffSec courses. Harbinger and Monthie additionally dive into the importance of being a lifelong learner in the cybersecurity industry and the best way to create a safe learning environment. Finally, they wrap up by emphasizing the significance of continuing to do the work and why Try Harder allows students to get comfortable with the uncomfortable.
Host TJ Null sits down with Billy Trobbiani (c0ntra), Content Developer at OffSec. c0ntra starts by describing what got him interested in joining the Information Security field. Then, he details the role he specialized in when he was a blue teamer and the issues that blue teamers face during their day-to-day operations. c0ntra additionally reveals how he felt after his transition from defense to offense in cybersecurity. Next, they dive into how people on the defensive side of cybersec can learn techniques from those on the offensive side. We then learn how c0ntra got into the blue team side of cybersec. Lastly, they chat about c0ntra’s interest in cooking and escape rooms. Enjoy the episode!