Founder - Timothy De Block

As the Founder of Exploring Information Security, I am deeply engaged in creating diverse content, including blogs and podcasts, to explore varied aspects of information and cyber security. I am an accomplished Information Security professional with over a decade of experience across various domains in the field, including significant work in healthcare security. My background in Media Arts has been instrumental in developing engaging content that meets compliance standards like HIPAA and HITRUST, while also educating about emerging threats.

My career is marked by a proactive approach to cybersecurity. I have built a variety of security programs that include application security, vulnerability management, and security awareness that improved the security posture of the organization. These programs were built with buy-in from key stakeholders and were built with effectiveness and resiliency.

My contributions to the community extend beyond professional settings. I am the founder of ColaSec, a local user security group, and a speaker at numerous conferences, where I share my insights and learnings. Through these platforms, I aim to foster a culture of knowledge sharing and collective growth in the field of information security.

My career is a testament to a relentless pursuit of knowledge, innovation, and community engagement in the ever-evolving world of information security.

Appearances:

Blog posts

• Log4j a Year in Review - Guidepoint Security Blog

• How to Implement an Effective API Security Strategy - Guidepoint Security Blog

• Ransomware 101: What to Expect - Premise Health Blog

• Ransomware: How to Minimize your Organization’s Risk - Premise Health Blog

• Commentary on 2014 Astros Hack

• http://www.astroscounty.com/2016/01/friday-late-night-links-cardinals.html

• https://www.crawfishboxes.com/2014/7/1/5859052/analyzing-the-houston-astros-data-breach 

News articles quotes

• https://www.scmagazine.com/analysis/github-to-roll-out-2fa-for-all-contributors-starting-march-13 

• https://www.csoonline.com/article/553761/timothy-de-block-on-the-pathway-to-the-security-talent-we-crave.html

• https://www.houstonchronicle.com/sports/astros/article/Luhnow-acknowledges-Astros-security-system-far-5591686.php

Studies

Checkmarx Study on Premise Health’s use of the tool in the SDLC

Conference Speaker - YouTube

• IT-ology Trends 2015 

• DerbyCon 2015

• ShowMeCon 2016-2018

• CircleCityCon 2016

• BSides Huntsville 2017

• BSides Knoxville 2017

• Converge/BSides Detroit 2017-2020 

• Nodevember 2017

• Bsides Indy 2017-2018

• CodeMash 2018 

• GPSec Atlanta Security Forum 2021 

• Infosec Nashville 2023 

• Bsides Nashville 2018, 2021, 2023

• Bsides Augusta 2015 - 2019, 2022 - 2023

• misecCON 2023

About

The start

Exploring Information Security started in 2014 as a podcast. The idea of the podcast was to interview a variety of guests within information security across all fields in about a commutes worth of time (cyber security was still a buzz word in the industry at the time). Five years and 167 episodes later the podcast was shut down.

The Return

In July 2023 Exploring Information Security is being brought back with an expanded view. Not only will there be a podcast but there is also a website that explores a variety of topics across the information and cyber security fields. The idea is to help new and veteran people within the field explore topics. Come join the adventure.

Chatgpt

You’ll see “Created with the help of ChatGPT” throughout the site. This is meant to mark content that I’ve used AI to help me craft because it’s much better at explaining stuff than I am and I can build out content much faster than on my own. I still plan to edit and adjust anything produced by ChatGPT and not all content will be AI assisted. I still wanted to call out where it was used for transparency.

Career Highlights

• Implemented breaking builds on legacy applications after 3-4 months of reducing vulnerabilities to zero, as part of application security programs I built.

  • Improved the security center score of two cloud environments from 20% to 90%.

• Reduced two million organizational vulnerabilities by 86% in first year of vulnerability management program.

  • Continued to reduce vulnerabilities by 20-30% each following year to under 20 thousand total vulnerabilities.

• Conducted 63 threat modeling sessions on a variety of developer and IT projects that helped identify issues and potential risk to the initiatives.

• Reduced the click rate and improved the report rate of phishing email by 50% as part of a phishing program I built.

• Presented at 50+ internal training sessions on a variety of security awareness topics that affected the business.

• Identified an invoice spear phishing attack that would have lost the company several tens of thousands of dollars.

• Lead efforts to address Heartbleed, POODLE, and Log4j vulnerabilities.

• Implemented agile principles into application security, security engineering, and pentest teams that improved workload capacity by 22% and still retaining a 40 hour work week.

  • Managed the same team during an acquisition integration that saw a 100% increase in workload and still retained a 40 hour work week.