This is a log of changes to the site over the last week.

Podcast posts:

Navigating the Currents of Open Source Intelligence: Insights From the Field - Micah Hoffman and Griffin Glynn join me to discuss OSINT.

ShowMeCon: Bypassing MFA with Shameer Amir - A ShowMeCon sponsored episode on bypassing MFA

Blog posts:
Charting a New Course Into Security Awareness at Acadia Healthcare - Thoughts on my new role

Other:

The podcast is now available on Spotify

This is a log of changes to the site over the last week.

New pages:

Resources for Threat Modeling - A page I put together for my talk on threat modeling

Content From Threat Modeling Conference Talks - A place where I will drop videos and slides of my talks from my threat modeling talk

Podcast posts:

What is a Canary? - My conversation with Tyron Kemp of Thinkst Canary on canaries

ShowMeCon: Bypassing MFA with Brandon Potter - A sponsored podcast episode by ShowMeCon on bypassing MFA

Blog posts:
Tools and Resources for Effective Threat Modeling - I share tools and resources for threat modeling

Threat Modeling at BSides Nashville 2024 - I will be at BSides Nashville May 11, 2024, to give my threat modeling talk

How to Become a Cybersecurity Kevin Bacon - I talk about my tips and experiences networking in the infosec community

This is a log of changes to the site over the last week.

New pages:

Attack Tree Example - This is for my upcoming threat modeling talk.

Podcast posts:

How to Implement DAST - My conversation with Frank Catucci about implementing DAST

ShowMeCon: Kevin Johnson and whatever he wants to talk about - A sponsored episode by ShowMeCon with Kevin Johnson

Blog posts:
Basics of Threat Modeling - A blog post on threat modeling

Methodologies and Approaches for threat modeling - A blog post on threat modeling

Threat Modeling Risk Management - A blog post on threat modeling

This is a log of changes to the site over the last week.

Podcast posts:

What is Mimikatz? - Rob Fuller aka Mubix joins me to discuss Mimikatz.

Blog posts:
Why Threat Modeling is Important - blog post on threat modeling as I prepare my talk for this year.

What is threat modeling? - blog post on threat modeling as I prepare my talk for this year.

This is a log of changes to the site over the last week.

New pages:

OSINT - Deep Dive - A page diving deeper into OSINT.

The History of Passwords - a page looking at the history of passwords.

Phishing - Deep Dive - A page for diving deeper into phishing.

Container Security - Deep Dive - A page for diving deeper into container security.

Podcast posts:

How responding to phishing has changed int eh last five years - Kyle Andrus joins me to discuss the current state of phishing.

Blog posts:
Microsoft on the Midnight Blizzard Incident - A blog post going over new information from Microsoft on their security incident.

Maximizing Your Conference Experience: Preparing For The 2024 Palmetto Cyber Summit - A blog post on how I prepare for a conference.

This is a log of changes to the site over the last week.

New pages:

Security Certifications - Deep Dive - A page covering security certifications.

Red Team Tools - Deep Dive - A page covering tools a red team or penetration tester would use.

GDPR - Deep Dive - A page covering the EU’s GDPR regulation.

Podcast posts:

How to Hack a Satellite with Tim Folwer - Tim and I get into the nuances of space security.

Blog posts:

How to build a phishing program - Blog post on building a phishing program within a company.

This is a log of changes to the site over the last week.

Updated pages:
Cloud Security - Deep Dive - Added a section for Azure Security Tools.

Podcast posts:

What are the Hiring Trends in Cybersecurity for 2024? - Erin Barry Head of Permanent Talent at Code Red Partners joins me to discuss hiring trends

Blog posts:
2024 Security Presentation Topic: Threat Modeling - My speaking topic for 2024.

This post first appeared on Exploring Information Security.

This is a log of changes to the site over the last week.

New pages:

Cybersecurity Communication - New page on why communication in an organization is important for security.

Typosquatting Attacks - A page talking about Typosquatting attacks

Podcast posts:

What is ShowMeCon2024? - I sit down with Dave Chronister to discuss the upcoming ShowMeCon conference in St Louis, Missouri.

Blog posts:

Favorite Moments from ShowMeCon - I blog about some of my favorite moments from ShowMeCon

DevSecOps and other security buzzwords that will make the endangered list in 2024 - Thoughts on DevSecOps and other buzzwords in the industry that are seeing a downward trend.

This post first appeared on Exploring Information Security.

This is a log of changes to the site over the last week.

Page upates:

Podcast and Website Sponsorships - I added lists and mentions of the podcast on the internet.

Blog posts:

Cybersecurity Predictions for 2024 - My predictions for 2024 because every blog has got to have them.

Launching Exploring Information Security - I talk about my reasons for launching the company and what services I offer.

New Years Resolutions: Taking Small Steps Past January 31st - Just a random post about habits and making small progress to your goals.

Exploring Information Security Podcast Format - I talk about what I’m thinking for the new format of the podcast.

Podcast posts:

The Exploring Information Security Relaunch - It’s back!

This post first appeared on Exploring Information Security.

This is a log of changes to the site over the last week.

New pages:

Services page updated

• Added Podcast and Website Sponsorship page added - details sponsorship opportunities for the podcast and website

• Security Awareness Training page added - details security awareness training the company offers

• Cybersecurity Consulting page added - details consulting services for the cybersecurity space

• Cybersecurity Coaching page added - details on services for cybersecurity coaching

• Management and Hiring Consulting page added - details what services are available for management and hiring consulting.

• Speaking Engagements page added - details services for speaking at events.

Blog posts:

Web Application Testing: Portswigger Burp Suite vs OWASP ZAP - I talk about my experiences and view on the two testing tools.

This post first appeared on Exploring Information Security.

This is a log of changes to the site over the last week.

New pages:

MGM and Casears Hack - Page giving a summary of the attack and impact.

23andMe Hack - Page giving a summary of the attack and impact.

Okta Hack - Page giving a summary of the Okta hack from October 2023

Blog posts:

Log4Shell, is it really an issue at this point? - Blog post on my experience with Log4Shell and it’s actual severity.

Okta and 23andMe a new public relations tactic in disclosure? - Blog post asking if PR firms are trying a new tactic to take the heat off a brach.

Tips to Help Build Strong Relationships Inside and Outside of Work - Blog post on techniques for building better relationships.

Other:

Services page - updated and added more of a description overview.

This post first appeared on Exploring Information Security.

This is a log of changes to the site over the last week.

New pages:

Management Resources - This is a page for management resources.

Security Policies - A page with security policy templates that can be download and used within your organization

Podcast posts:

ColaSec News - November 2023 - This is an experiment I’m toying around with as a regular segment and a return to podcasting.

Other:

Added a new open source section and tool to the API Security Resources page

Open Source:

• Swagger Jack: sj is a command line tool designed to assist with auditing of exposed Swagger/OpenAPI definition files by checking the associated API endpoints for weak authentication. It also provides command templates for manual vulnerability testing.

I am going to start up a newsletter for the site. Fill out the form below if you’re interested.

This blog post first appear on Exploring Information Security.