Cybersecurity Career Panel: Transitioning from Technical to Leadership

Summary:

In this episode, Timothy De Block sits down with a panel of cybersecurity leaders—Chris Anderson, Roger Brotz, and Mike Vetri—to discuss the realities of moving from "boots on the ground" technical roles to senior leadership. The conversation explores the challenges of letting go of the keyboard, the critical importance of emotional intelligence, and why "empathy" is a high-performance tool in a high-stress industry.

Meet the Panel

  • Chris Anderson: Security Consultant and Architect known for his "pot-stirring" approach to solving complex organizational security problems.

  • Roger Brotz: CISO at Arcadia Healthcare with over four decades of experience, starting his journey in 1977.

  • Mike Vetri: Senior Director of Security Operations at Veeva and former Air Force cyber operations officer.

Main Topics & Key Takeaways

The "Passion" to Lead

The panel dives into the true meaning of leadership, noting that the word "passion" stems from the Latin word for "suffering". Leading a cyber team means being willing to suffer through mistakes and high-pressure incidents alongside your team.

Empathy as a Business Metric

Mike shares a pivotal study indicating that leaders who embrace emotional intelligence and empathy often exceed their annual revenue goals by 20%. Conversely, a lack of empathy directly correlates to high burnout and employee turnover.

Learning to Fail Fast

The leaders recount personal failures, from failing to recognize team burnout during 16-hour-a-day incident responses to the "pride" of holding onto technical tasks for too long. They emphasize that failure is not a roadblock but a necessary inflection point for growth.

Bridging the Gap: Technical vs. Business

A major challenge for new leaders is translating "this is bad" into actionable business risk. Leaders must learn to speak the language of the boardroom, focusing on profit protection and risk management rather than just technical vulnerabilities.

Actionable Advice for Aspiring Leaders

  • Set Boundaries Early: Don't let your job intrude on your personal life until it's too late; once you establish a habit of always being available, it’s hard to pull back.

  • Find Your Barometer: Use a spouse or a trusted peer as a "barometer" to tell you when your stress levels are negatively impacting your leadership style.

  • Work-Life Harmony: Move away from the idea of a perfect "50/50 balance" and strive for harmony where your professional and personal lives can coexist.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


What is React2Shell (CVE-2025-55182)?

Summary:

Frank M. Catucci and Timothy De Block dive into a critical, high-impact remote code execution (RCE) vulnerability affecting React Server Components and popular frameworks like Next.js, a flaw widely being referred to as React2Shell.

They discuss the severity, the rapid weaponization by botnets and state actors, and the long-term struggle organizations face in patching this class of vulnerability.

The Next Log4j? React2Shell (CVE-2025-55182)

  • Critical Severity: The vulnerability, tracked as CVE-2025-55182 (and sometimes including the Next.js version, CVE-2025-66478, which was merged into it), carries a maximum CVSS score of 10.0.

  • The Flaw: The issue is an unauthenticated remote code execution (RCE) vulnerability stemming from insecure deserialization in the React Server Components (RSC) "Flight" protocol. This allows an attacker to execute arbitrary, privileged JavaScript code on the server simply by sending a specially crafted HTTP request.

  • Widespread Impact: The vulnerability affects React 19.x and other popular frameworks that bundle the react-server implementation, most notably Next.js (versions 15.x and 16.x using the App Router). It is exploitable in default configurations.

  • Rapid Weaponization: The speed of weaponization is "off the chain". Within a day of public disclosure, malicious payloads were observed, with activities including:

    • Deployment of Marai botnets.

    • Installation of cryptomining malware (XMRig).

    • Deployment of various backdoors and reverse shells (e.g., SNOWLIGHT, COMPOOD, PeerBlight).

    • Attacks by China-nexus threat groups (Earth Lamia and Jackpot Panda).

The Long-Term Problem and Defense

  • Vulnerability Management Challenge: The core problem is identifying where these vulnerable components are running in a "ridiculous ecosystem". This is not just a problem for proprietary web apps, but for any IoT devices or camera systems that may be running React.

  • The Shadow of Log4j: Frank notes that the fallout from this vulnerability is expected to be similar to Log4j, requiring multiple iterative patches over time (Log4j required around five versions).

    • Many organizations have not learned their lesson from Log4j.

    • Because the issue can be three or four layers deep in open-source packages, getting a full fix requires a cascade of patches from dependent projects.

  • Mitigation is Complex: Patches should be applied immediately, but organizations must also consider third-party vendors and internal systems.

    • Post-Exploitation: Assume breach. If the vulnerability was exposed, it is a best practice to rotate all secrets, API keys, and credentials that the affected server had access to.

    • WAF as a Band-Aid: A Web Application Firewall (WAF) can be a mitigating control, but blindly installing one over a critical application is ill-advised as it can break essential functionality.

  • The Business Battle: Security teams often face the "age-old kind of battle" of whether to fix a critical vulnerability with a potential break/fix risk or stay open for business. Highly regulated industries, even with a CISA KEV listing, may still slow patching due to mandatory change control and liability for monetary loss if systems go down.

The Supply Chain and DDoS Threat

  • Nation-State & Persistence: State actors like those from China will sit on compromised access for long periods, establishing multiple layers of backdoors and obfuscated persistence mechanisms before an active strike.

  • Botnet Proliferation: The vulnerability is being used to rapidly create new botnets for massive Denial of Service (DoS) attacks.

    • DoS attack sizes are reaching terabits per second.

    • DDoS attacks are so large that some security vendors have had to drop clients to protect their remaining customers.

  • Supply Chain Security: The vulnerability highlights the urgent need for investment in Software Bill of Materials (SBOMs) and Application Security Posture Management (ASPM)/Application Security Risk Management (ASRM) solutions.

    • This includes looking beyond web servers to embedded systems, medical devices, and auto software.

    • Legislation is in progress to mandate that vendors cannot ship vulnerable software and to track these components.

Actionable Recommendations

  • Immediate Patching: This is the only definitive mitigation. Upgrade to the patched versions immediately, prioritizing internet-facing services.

  • Visibility Tools: Use tools for SBOMs, ASPM, or ASRM to accurately query your entire ecosystem for affected versions of React and related frameworks.

  • Testing: Run benign proof-of-concept code to test for the vulnerability on your network. Examples include simple commands like whoami. (Note: Always use trusted, non-malicious payloads for internal testing.)

  • Monitor CISA KEV: The vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.

  • Research: Look for IoCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures) associated with post-exploitation to hunt for pervasive access and backdoors.

Resources

China-nexus cyber threat groups rapidly exploit React2Shell ... - AWS, accessed December 12, 2025, https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


The Final Frontier of Security: The State of Space Security with Tim Fowler

Summary:

Timothy De Block and Tim Fowler, CEO and founder of Ethos Labs LLC, strap in to discuss the critical, rapidly escalating threats in space security. Tim explains that space is now an extension of the internet, where security has historically been ignored due to "organizational inertia" and a perceived "veil of obscurity". The discussion covers the real-world impact of GPS timing disruption on terrestrial infrastructure (like power grids and financial systems) , the danger of unencrypted space communications , and the urgent need for a holistic security approach that integrates security testers directly with development teams. They conclude with a debate on the role of AI in anomaly detection versus critical human decision-making in space.

The State of Space Security and Major Threats

  • Security is a Low Priority: Historically, security was not a priority for systems in space, often operating under a "veil of obscurity". This is slowly changing, with an uptick in security engineering roles this year, moving beyond just GRC/cyber assurance.

  • Unencrypted Communications: A core challenge is the widespread use of unencrypted signals between bases and satellites, which can be easily intercepted and read. Tim estimates that less than 50% of signals are encrypted due to operational challenges.

  • Encryption is Not Enough: Encryption only addresses confidentiality. An encrypted signal can still be captured and replayed, and the satellite may process it if integrity is not addressed.

  • The Ground Segment Threat: Even encrypted space communications can be nullified if the ground network is compromised (e.g., stealing a FIPS-compliant encryption module), necessitating a holistic security approach.

  • Repeating History: Space security is currently experiencing a situation analogous to the internet's early days (ARPANet) or the ICS/OT SCADA world 12-15 years ago, focusing on getting things operational before securing them.

Real-World Impact on Terrestrial Life

  • GPS Timing is Critical: Critical infrastructure—including pipelines, power grids, and financial systems—all rely on GPS timing for synchronization.

  • Disruption Affects Everyone: Disrupting GPS timing can cause widespread outages. Examples include:

    • The London Stock Exchange going down in 2012 due to a localized GPS jamming attack that wasn't even targeting them.

    • A US Navy testing incident that caused widespread outages in San Diego, affecting ATMs and pharmacies for days.

  • Space is the New Internet: Partnerships like T-Mobile's direct-to-cell with Starlink demonstrate that space is becoming an extension of the internet, increasing connectivity but also the attack surface.

Strategy and Getting Involved

  • Integrating Security: The best model for moving decisions closer to security on the operations-to-security spectrum is to physically place security testers (like penetration testers) directly within development teams (DevSecOps).

  • Train Developers to Attack: A highly effective proactive security measure is to teach developers how to attack their own software; they magically stop writing vulnerable code.

  • Space is a Culmination of Niches: Space security is the culmination of all security specializations (cloud, network, web application, ICS/OT, physical security). There is a place and a need for experts from every niche.

  • Resources for Getting Started:

    • Check local security conferences for the Aerospace Village (a non-profit that hosts hands-on labs).

    • Read books like Space Cyber Security by Dr. Jacob Oakley.

    • Attend specialized conferences like Hackspace Con.

    • "Just Google it": Use your existing security expertise (e.g., "cloud security") and research how it applies to the space industry.

AI in Space: Augmentation vs. Autonomy

  • Anomaly Detection is Ideal: AI (machine learning) is tailor-made for high-speed computation and sensor analysis, making it excellent for anomaly detection in early warning systems.

  • The Human Decision-Maker: Tim Fowler insists that human involvement is essential for critical decision-making and validating AI output (to determine if an alert is a false positive). He argues that an autonomous AI decision in space could quickly escalate into a hostile international incident.

  • Scalability Debate: Timothy De Block questioned the scalability of relying on humans for every decision, using traffic light management as an example of where AI could safely and efficiently augment processes. Both agreed AI should handle "busy work" and augment human capabilities, not perform autonomous functions in sensitive situations.

ETHOS LAbs Links and Resources:

ETHOS LABS Website

Connect with Tim Folwer on Linkedin

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Manage Cybersecurity Awareness Month

Summary:

Timothy De Block hosts a lively discussion with Maeve Mueller on the perennial challenge of Cyber Security Awareness Month (CSAM). They dive into the logistics, triumphs, and frustrations of planning events that actually engage employees. The conversation covers everything from the effectiveness of different activities (like "watch and win" contests and "pitch a fish" competitions), the delicate balance of fear vs. education in phishing campaigns, and the logistical nightmares of organizing in-person events. They also explore the emerging concept of Human Risk Management and why good security awareness is ultimately just good marketing and relationship building.

Key Takeaways

Logistics

  • The Struggle is Real: Timothy was "so far behind" on CSAM planning, scrambling to get materials out after October 1st, highlighting the significant time commitment required for impactful programs. Maeve, despite starting planning in June, still feels like she's "running around with like my head cut off" in October.

  • The Power of Swag and Food: Free food, particularly good quality food (like the Costco lunch spread Timothy plans), is a reliable way to drive attendance to in-person events. Maeve noted the success of handing out donuts to draw people to their booth.

  • Creative Engagement: Rote training doesn't work. Successful events involve engaging formats:

    • Watch and Win Contests: Offering prizes for completing training modules, though people often just let videos play in the background.

    • Cybersecurity Mythbusters: Demonstration-based presentations that disprove common security myths, like showing how a password cracker works.

    • Pitch a Phish Competition: Encouraging teammates to create their own phishing emails to target a fake persona, which turns the tables and increases participation.

    • The Booth Approach: Setting up a booth in the office lobby with swag, info cards, and food (like donuts) is effective for broad outreach.

  • Logistical Challenges: The planning process is fraught with administrative issues, such as setting up registration forms (with Microsoft Forms being preferred over glitchy Microsoft Teams registration) and the time sink of cleaning up after in-person events (like the popcorn machine that takes 30 minutes to clean).

The Human Element and Future of the Field

  • Marketing Secure Behavior: Security awareness is fundamentally about marketing secure behaviors. Timothy and Maeve agree that the ultimate goal is to figure out how to make people care about security in their personal lives, which will then bleed over into their work habits.

  • "Department of K.N.O.W.": Maeve highlights the need for the security team to be the "department of KNOW" rather than the "department of NO," as constant negativity leads users to circumvent controls and create Shadow IT.

  • The Cybercriminal's Target: Cybercriminals have learned it's cheaper and easier to target the individual than to hack an organization's technology. Maeve stresses the need to tell stories about cybercrime compounds and the human element of the attack to shock employees into awareness.

  • Human Risk Management (HRM): The movement toward HRM involves leveraging AI to look at the "full person"—analyzing phishing results, training completion, and telemetry from other security tools. This data-driven approach positions security awareness to collect overall human risk data.

  • Building Community: Both hosts emphasize the value of relationships—both with internal business partners and with the external security awareness community. Timothy is launching a Security Advocates Program to pull in non-security employees and champion secure messages.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Exploring the Next Frontier of IAM: Shared Signals and Data Analytics

Summary:

Timothy De Block sits down with Matt Topper of Uber Ether to discuss the critical intersection of Identity and Access Management (IAM) and the current cyber threat landscape. They explore how adversaries have shifted their focus to compromising user accounts and non-human identities, making identity the "last threat of security". Matt Topper argues that most enterprise Zero Trust implementations are merely "VPN 2.0" and fail to integrate the holistic signals needed for true protection. The conversation dives into the rise of cybercrime as a full-fledged business, the challenges of social engineering, and the promising future of frameworks like Shared Signals to fight back.

Key Takeaways

The Identity Crisis in Cybersecurity

  • The Easiest Way In: With security tooling improving, attackers focus on compromising user accounts or stealing OAuth tokens and API keys to gain legitimate access and exfiltrate data.

  • Cybercrime as a Business: Cybercriminal groups now operate like legitimate businesses, with HR, marketing, and executives, selling initial access and internal recon capabilities to other groups for a cut of the final ransom.

  • The Insider Threat: Cybercriminals are increasingly paying disgruntled employees for their corporate credentials, sometimes offering a percentage of the final ransom (which can be millions of dollars) or just a few thousand dollars.

  • Social Engineering the Help Desk: Attackers easily bypass knowledge-based authentication (KBA) questions because personal data has been leaked and they exploit the help desk's desire to be helpful under pressure to gain access.

Zero Trust, Non-Human Identity, and the Path Forward

  • Zero Trust is Underwhelming: Matt Topper views most enterprise implementations of Zero Trust as overly network-centric "VPN 2.0" that fail to solve problems for multi-cloud or SaaS-based organizations. True Zero Trust is a holistic strategy that requires linking user, device, and machine-to-machine signals.

  • The Non-Human Identity Problem: Organizations must focus on mapping and securing non-human identities, which include API keys, service accounts, servers, mobile devices, and runners in CI/CD pipelines. These keys often have broad access and are running unchecked.

  • Shared Signals Framework (SSF): A promising solution developed by the OpenID Foundation, SSF allows large vendors (like Microsoft, Google, and Salesforce) to share risk and identity signals. This allows a company to automatically revoke a user's session in a third-party application if a compromise is detected by the identity provider.

  • User Behavior Analytics (UBA): Effective security requires UBA, such as tracking users' browsing habits and using data analytics to establish a baseline of normal behavior, moving toward the "Moneyball" approach seen in sports.

Data Quality and the IAM Challenge

  • Data Quality is Broken: Many problems in IAM stem from poor data quality in source systems like HR and Active Directory, where there is no standardization, legacy data remains, and roles are misaligned.

  • Selling Security to Marketing: To gain funding and traction for UBA and data analytics, security teams should pitch the problem to the marketing team by showing how it can track user behavior, prevent fraud (like "pizza hacks" from rewards program abuse), and save the company money in chargebacks.

Resources & Contact

  • UberEther: Matt Topper's company, which focuses on integrating identity access management tools to build secure systems right from day one.

  • Shared Signals Framework (SSF): A framework from the OpenID Foundation for sharing security and identity signals across vendors.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Close the Cybersecurity Skills Gap with a Student Powered SOC

Summary:

Timothy De Block speaks with Bruce Johnson of TekStream about a truly innovative solution to the cybersecurity skills shortage: the Student-Powered Security Operations Center (SOC). Bruce outlines how this three-way public-private partnership not only provides 24-hour threat detection and remediation serves as a robust workforce development program for university students. The conversation dives into the program's unique structure, its 100% placement rate for students, the challenges of AI "hallucinations", and how the program teaches crucial life skills like accountability and critical thinking.

The Student-Powered SOC Model

  • Workforce Development: The program tackles the cybersecurity skills shortage by providing students with practical, real-world experience and helps bridge the gap where new graduates struggle to find jobs due to minimum experience requirements.

  • Funding Structure: The program is built on a three-way private-public partnership involving the state, educational institutions, and Techstream. The funding for the SOC platform is often separate from the academic funding for student talent building.

  • "Investment Solution": The model is positioned as an investment rather than an outsourced expense. Institutions own the licenses for their SIM environments and retain built assets, fostering collaborative value building.

  • Reputational Value: The program provides significant reputational value to schools, boasting a 100% placement rate for students and differentiating them from institutions that only offer academic backgrounds.

  • Cost Savings: It serves as a cost-saving measure for CISOs, as students are paid an hourly rate to perform security analyst work.

Student Training and Impact

  • Onboarding and Assessment: The formal onboarding process, which includes training on tools, runbooks, and hands-on labs, has been shortened to six weeks. The biggest indicator of a student's success is their critical thinking test, which assesses logical reasoning rather than rote knowledge.

  • Progression and Mentorship: Students are incrementally matured by starting with low-complexity threats (like IP reputation) and gradually advancing to higher-difficulty topics, including TTPs (Tactics, Techniques, and Procedures), utilizing a complexity scoring system. Integrated career counseling meets regularly with students to review their metrics and guide their career planning.

  • Metrics and Productivity: The program has proven successful, with students handling 50% of incident volume within a quarter of onboarding, including medium to high complexity threats.

  • Beyond Cybersecurity: Students gain valuable, transferable life skills, such as collaboration, accountability, professionalism, and "adulting", which helps isolated students become more engaged.

AI and the "Expert in the Loop"

  • Techstream’s Overkill AI: Techstream uses its product, Overkill, for 24-hour threat detection and remediation, automating analysis, prioritization, and the creation of new detections to go "from zero to hero in 24 hours".

  • Expert Supervision: Their approach is "expert in the loop" , meaning humans (students and analysts) are involved in supervising the AI, with automation being adopted incrementally as trust is built.

  • The Hallucination Challenge: Timothy De Block raised concern about students lacking the experience to discern incorrect information or "hallucinations" from AI output. Bruce Johnson affirmed that the program trains students in three areas: using AI, supervising AI, and understanding AI broadly.

  • Training Necessity: Students must learn how to do the traditional level one work before they can effectively supervise an AI, as experience is needed to detect when the AI makes a bad assumption.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


What is the 2025 State of the API Report From Postman?

Summary:

Timothy De Block is joined by Sam Chehab to unpack the key findings of the 2025 Postman State of the API Report. Sam emphasizes that APIs are the connective tissue of the modern world and that the biggest security challenges are rooted in fundamentals. The conversation dives deep into how AI agents are transforming API development and consumption, introducing new threats like "rug pulls" , and demanding higher quality documentation and error messages. Sam also shares actionable advice for engineers, including a "cheat code" for getting organizational buy-in for AI tools and a detailed breakdown of the new Model Context Protocol (MCP).

Key Insights from the State of the API Report

  • API Fundamentals are Still the Problem: The start of every security journey is an inventory problem (the first two CIS controls). Security success is a byproduct of solving collaboration problems for developers first.

  • The Collaboration Crisis: 93% of teams are struggling with API collaboration, leading to duplicated work and an ever-widening attack surface due to decentralized documentation (Slack, Confluence, etc.).

  • API Documentation is Up: A positive sign of progress is that 58% of teams surveyed are actively documenting their APIs to improve collaboration.

  • Unauthorized Access Risk: 51% of developers cite unauthorized agent access as a top security risk. Sam suspects this is predominantly due to the industry-wide "hot mess" of secrets management and leaked API keys.

  • Credential Amplification: This term is used to describe how risk is exponential, not linear, when one credential gains access to a service that, in turn, has access to multiple other services (i.e., lateral movement).

AI, MCP, and New Security Challenges

  • Model Context Protocol (MCP): MCP is a protocol layer that sits on top of existing RESTful services, allowing users to generically interact with APIs using natural language. It acts as an abstraction layer, translating natural language requests into the proper API calls.

  • The AI API Readiness Checklist: For APIs to be effective for AI agents:

    • Rich Documentation: AI thrives on documentation, which developers generally hate writing. Using AI to write documentation is key.

    • Rich Errors: APIs need contextual error messages (e.g., "invalid parameter, expected X, received Y") instead of generic messages like "something broke".

  • AI Introduces Supply Chain Threats: The "rug pull" threat involves blindly trusting an MCP server that is then swapped out for a malicious one. This is a classic supply chain problem (similar to NPM issues) that can happen much faster in the AI world.

  • MCP Supply Chain Risk: Because you can use other people's MCP servers, developers must validate which MCP servers they're using to avoid running untrusted code. The first reported MCP hack involved a server that silently BCC'd an email to the attacker every time an action was performed.

Actionable Advice and Engineer "Cheat Codes"

  • Security Shift-Left with Postman: Security teams should support engineering's use of tools like Postman because it allows developers to run security tests (load testing, denial of service simulation, black box testing) themselves within their normal workflow, accelerating development velocity.

  • API Key Management is Critical: Organizations need policies around API key generation, expiration, and revocation. Postman actively scans public repos (like GitHub) for leaked Postman keys, auto-revokes them, and notifies the administrator.

  • Getting AI Buy-in (The Cheat Code): To get an AI tool (like a Postman agent or a code generator) approved within your organization, use this tactic:

    1. Generate a DPA (Data Processing Agreement) using an AI tool.

    2. Present the DPA and a request for an Enterprise License to Legal, Security, and your manager.

    3. This demonstrates due diligence and opens the door for safe, approved AI use, making you an engineering "hero".

About Postman and the Report

  • Postman's Reach: Postman is considered the de facto standard for API development and is used in 98% of the Fortune 500.

  • Report Origins: The annual report, now in its seventh year, was started because no one else was effectively collecting and synthesizing data across executives, managers, developers, and consultants regarding API production and consumption.

Resources

The Developer’s Guide to AI-Ready APIs - Postman

Agent Mode - Postman

First Malicious MCP Server Found Stealing Email in Rogue Postmark-MCP Package - The Hacker News

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How AI Will Transform Society and Affect the Cybersecurity Field

Summary:

Timothy De Block sits down with Ed Gaudet, CEO of Censinet and a fellow podcaster, for a wide-ranging conversation on the rapid, transformative impact of Artificial Intelligence (AI). Ed Gaudet characterizes AI as a fast-moving "hammer" that will drastically increase productivity and reshape the job market, potentially eliminating junior software development roles. The discussion also covers the societal risks of AI, the dangerous draw of "digital cocaine" (social media), and Censinet's essential role in managing complex cyber and supply chain risks for healthcare organizations.

Key Takeaways

AI's Transformative & Disruptive Force

  • A Rapid Wave: Ed Gaudet describes the adoption of AI, particularly chat functionalities, as a rapid, transformative wave, surpassing the speed of the internet and cloud adoption due to its instant accessibility.

  • Productivity Gains: AI promises immense productivity, with the potential for tasks requiring 100 people and a year to be completed by just three people in a month.

  • The Job Market Shift: AI is expected to eliminate junior software development roles by abstracting complexity. This raises concerns about a future developer shortage as senior architects retire without an adequate pipeline of talent.

  • Adaptation, Not Doom: While acknowledging significant risks, Ed Gaudet maintains that humanity will adapt to AI as a tool—a "hammer"—that will enhance cognitive capacity and productivity, rather than making people "dumber".

  • The Double-Edged Sword: Concerns exist over the nefarious uses of AI, such as deepfakes being used for fraudulent job applications, underscoring the ongoing struggle between good and evil in technology.

Cyber Risk in Healthcare and Patient Safety

  • Cyber Safety is Patient Safety: Due to technology's deep integration into healthcare processes, cyber safety is now directly linked to patient safety.

  • Real-World Consequences: Examples of cyber attacks resulting in canceled procedures and diverted ambulances illustrate the tangible threat to human life.

  • Censinet's Role: Censinet helps healthcare systems manage third-party, enterprise cyber, and supply chain risks at scale, focusing on proactively addressing future threats rather than past ones.

  • Patient Advocacy: AI concierge services have the potential to boost patient engagement, enabling individuals to become stronger advocates for their own health through accessible second opinions.

Technology's Impact on Mental Health & Life

  • "Digital Cocaine": Ed Gaudet likened excessive phone and social media use, particularly among younger generations, to "digital cocaine"—offering short-term highs but lacking nutritional value and promoting technological dependence.

  • Life-Changing Tools: Ed Gaudet shared a powerful personal story of overcoming alcoholism with the help of the Reframe app, emphasizing that the right technology, used responsibly, can have a profound, life-changing impact on solving mental health issues.

Resources & Links Mentioned

  • Censinet: Ed Gaudet's company, specializing in third-party and enterprise risk management for healthcare.

  • Reframe App: An application Ed Gaudet used for his personal journey of recovery from alcoholism, highlighting the power of technology for mental health.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Exploring AI, APIs, and the Social Engineering of LLMs

Summary:

Timothy De Block is joined by Keith Hoodlet, Engineering Director at Trail of Bits, for a fascinating, in-depth look at AI red teaming and the security challenges posed by Large Language Models (LLMs). They discuss how prompt injection is effectively a new form of social engineering against machines, exploiting the training data's inherent human biases and logical flaws. Keith breaks down the mechanics of LLM inference, the rise of middleware for AI security, and cutting-edge attacks using everything from emojis and bad grammar to weaponized image scaling. The episode stresses that the fundamental solutions—logging, monitoring, and robust security design—are simply timeless principles being applied to a terrifyingly fast-moving frontier.

Key Takeaways

The Prompt Injection Threat

  • Social Engineering the AI: Prompt injection works by exploiting the LLM's vast training data, which includes all of human history in digital format, including movies and fiction. Attackers use techniques that mirror social engineering to trick the model into doing something it's not supposed to, such as a customer service chatbot issuing an unauthorized refund.

  • Business Logic Flaws: Successful prompt injections are often tied to business logic flaws or a lack of proper checks and guardrails, similar to vulnerabilities seen in traditional applications and APIs.

  • Novel Attack Vectors: Attackers are finding creative ways to bypass guardrails:

    • Image Scaling: Trail of Bits discovered how to weaponize image scaling to hide prompt injections within images that appear benign to the user, but which pop out as visible text to the model when downscaled for inference.

    • Invisible Text: Attacks can use white text, zero-width characters (which don't show up when displayed or highlighted), or Unicode character smuggling in emails or prompts to covertly inject instructions.

    • Syntax & Emojis: Research has shown that bad grammar, run-on sentences, or even a simple sequence of emojis can successfully trigger prompt injections or jailbreaks.

Defense and Design

  • LLM Security is API Security: Since LLMs rely on APIs for their "tool access" and to perform actions (like sending an email or issuing a refund), security comes down to the same principles used for APIs: proper authorization, access control, and eliminating misconfiguration.

  • The Middleware Layer: Some companies are using middleware that sits between their application and the Frontier LLMs (like GPT or Claude) to handle system prompting, guard-railing, and filtering prompts, effectively acting as a Web Application Firewall (WAF) for LLM API calls.

  • Security Design Patterns: To defend against prompt injection, security design patterns are key:

    • Action-Selector Pattern: Instead of a text field, users click on pre-defined buttons that limit the model to a very specific set of safe actions.

    • Code-Then-Execute Pattern (CaMeL): The first LLM is used to write code (e.g., Pythonic code) based on the natural language prompt, and a second, quarantined LLM executes that safer code.

    • Map-Reduce Pattern: The prompt is broken into smaller chunks, processed, and then passed to another model, making it harder for a prompt injection to be maintained across the process.

  • Timeless Hygiene: The most critical defenses are logging, monitoring, and alerting. You must log prompts and outputs and monitor for abnormal behavior, such as a user suddenly querying a database thousands of times a minute or asking a chatbot to write Python code.

Resources & Links Mentioned

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Prepare a Presentation for a Cybersecurity Conference

Summary:

Join Timothy De Block for a special, behind-the-scenes episode where he rehearses his presentation, "The Hitchhiker's Guide to Threat Modeling." This episode serves as a unique guide for aspiring and experienced speakers, offering a candid look at the entire preparation process—from timing and slide design to audience engagement and controlled chaos. In addition to public speaking tips, Timothy provides a concise and practical overview of threat modeling, using real-world examples to illustrate its value.

Key Presentation Tips & Tricks

  • Practice for Time: Practice the presentation multiple times to ensure the pacing is right. Timothy suggests aiming to be a little longer than the allotted time during practice, as adrenaline and nerves on the day of the talk will often cause a person to speak more quickly.

  • Use Visuals Strategically: Pacing and hand gestures can improve the flow of a talk. Be careful with distracting visuals, such as GIFs, by not leaving them up for too long while you are speaking.

  • Stand Out as a Speaker: Be willing to do shorter talks, such as 30-minute sessions, as many speakers prefer hour-long slots. He notes that having a clever or intriguing title for your presentation is important, and using humor or pop-culture references can help.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Exploring the Rogue AI Agent Threat with Sam Chehab

Summary:

In a unique live recording, Timothy De Block is joined by Sam Chehab from Postman to tackle the intersection of AI and API security. The conversation goes beyond the hype of AI-created malware to focus on a more subtle, yet pervasive threat: "rogue AI agents." The speakers define these as sanctioned AI tools that, when misconfigured or given improper permissions, can cause significant havoc by misbehaving and exposing sensitive data. The episode emphasizes that this risk is not new, but an exacerbation of classic hygiene problems.

Key Takeaways

  • Defining "Rogue AI Agents": Sam Chehab defines a "rogue AI agent" as a sanctioned AI tool that misbehaves due to misconfiguration, often exposing data it shouldn't have access to. He likens it to an enterprise search tool in the early 2000s that crawled an intranet and surfaced things it wasn't supposed to.

  • The AI-API Connection: An AI agent is comprised of six components, and the "tool" component is where it interacts with APIs. The speakers note that the AI's APIs are its "arms and legs" and are often where it gets into trouble.

  • The Importance of Security Hygiene: The core of the solution is to "go back to basics" with good hygiene. This includes building APIs with an open API spec, enforcing schemas, and ensuring single-purpose logins for integrations to improve traceability.

  • The Rise of the "Citizen Developer": The conversation highlights a new security vector: non-developers, or "citizen developers," in departments like HR and finance building their own agents using enterprise tools. These individuals often lack security fundamentals, and their workflows are a "ripe area for risk".

  • AI's Role in Development: Sam and Timothy discuss how AI can augment a developer's capabilities, but a human is still needed in the process. The report from Veracode notes that AI-generated code is only secure about 45% of the time, which is about on par with human-written code. The best approach is to use AI to fix specific lines of code in pre-commit, rather than having it write entire applications.

Resources & Links Mentioned

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


A conversation with Kyle Andrus on Info Stealers and Supply Chain Attacks

Summary:

In this episode, Timothy De Block sits down with guest Kyle Andrus to dissect the ever-evolving landscape of cyber threats, with a specific focus on info stealers. The conversation covers everything from personal work-life balance and career burnout to the increasing role of AI in security. They explore how info stealers operate as a "commodity" in the cybercriminal world, the continuous "cat and mouse game" with attackers, and the challenges businesses face in implementing effective cybersecurity measures.

Key Takeaways

  • The AI Revolution in Security: The guests discuss how AI is improving job efficiency and security, particularly in data analytics, behavioral tracking, and automating low-level tasks like SOC operations and penetration testing. This automation allows security professionals to focus on more complex work. They also highlight the potential for AI misuse, such as for insider threat detection, and the "surveillance state" implications of tracking employee behavior.

  • The InfoStealer Threat: Info stealers are a prevalent threat, often appearing as "click fix" or fake update campaigns that trick users into granting initial access or providing credentials. The data they collect, including credentials and session tokens, is sold on the dark web for as little as two to ten dollars. This fuels further attacks by cybercriminals who buy access rather than performing initial reconnaissance themselves.

  • The Human and Business Challenge: As security controls improve, attackers are increasingly relying on human interaction to compromise systems. The speakers emphasize that cybercriminals, "like water, follow the path of least resistance." The episode also highlights the significant challenge for small to medium-sized businesses in balancing risk mitigation with operational costs.

  • Software Supply Chain Attacks: The discussion touches on supply chain attacks, like the npm package breach and the Salesforce Drift breach, which targeted third parties and smaller companies with less mature security controls. They note the challenges of using Software Bill of Materials (SBOMs) to assess the trustworthiness of open-source components.

  • Practical Cybersecurity Advice: The hosts discuss the need to rethink cybersecurity advice for non-tech-savvy individuals, as much of the current guidance is impractical and burdensome. While Timothy De Block sees the benefit of browser-based password managers when MFA is enabled, Kyle Sundra generally advises against storing passwords in browsers and recommends more secure password managers.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


The Winding Path to CISO: Rob Fuller's Leadership Journey

Summary:

In this episode, Timothy De Block sits down with Rob Fuller, Vice President of Cybersecurity, for a candid discussion about Rob's journey into cybersecurity leadership. Rob shares his unique path from the Marine Corps to a Fortune 10 company, revealing the struggles and lessons learned along the way. The conversation delves into the critical role of visibility, the importance of continuous learning, and invaluable advice for those aspiring to leadership roles in the security industry.

Key Takeaways

  • From "Noob" to VP: Rob shares the humorous origin of his online handle, "Mubix," which came from a mistyped name in an MMORPG. He recounts his initial struggle to transition into leadership, including turning down a director position at General Electric due to perceived lack of experience, until his wife reminded him of his past leadership roles in the Marine Corps and community groups.

  • Leadership is a Different Career Path: Rob emphasizes that moving into a leadership role requires a complete mindset shift and is a distinct career path from a technical one. He learned a crucial lesson about career advancement: while diligence and relationships are important,

    visibility is paramount. He also notes the importance of a manager understanding they are part of two teams: their direct reports and their peer group of fellow leaders.

  • The Value of Continuous Learning: Rob recommends the book Surrounded by Idiots by Thomas Erikson to understand different communication styles and the importance of adapting in management. He is also actively pursuing advanced degrees and certifications like CISSP and NACD to meet the requirements for director and CISO roles in large companies.

  • Aspiring to CISO: Rob's ultimate goal is to become a CISO, as he believes it's the only role that allows for the implementation of comprehensive, widespread cybersecurity solutions.

  • Advice for Career Starters: For those looking to enter cybersecurity, Rob and Timothy advise being open to any IT job, including the help desk, as an entry point. They also stress the importance of actively participating in local groups and conferences like hacker meetups and B-Sides, as this networking and volunteering can significantly increase your chances of getting hired.

  • Blue Team Experience is Gold: Both agree that blue team (security operations) experience is highly valuable for aspiring pentesters, as it teaches crucial skills like scripting, queries, networking, and evasion techniques that make them more effective in red team roles.

Resources & Links Mentioned

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Kate Johnson's Winding Path to a Director Role in Cybersecurity

Summary:

Timothy De Block interviews Kate Johnson about her cybersecurity career. Kate shares insights from her journey, emphasizing the importance of foundational knowledge and effective leadership in a constantly evolving technical field.

Key Takeaways:

  • From Guides to Director: Kate's career began with writing guides for technology users, teaching her empathy and a people-focused approach crucial for her later management roles. She progressed from an analyst to a director, leveraging early management experience at Central Michigan University.

  • Evolving Director Role: At Draos (founded in 2017), Kate's director role has expanded significantly as the company grew from 100 to over 500 employees. She now manages intelligence reverse engineers and oversees operations for the entire intelligence services department.

  • Leadership in Cybersecurity: Kate's management style is advisory, focusing on guiding her team and connecting their efforts. She maintains an analytical mindset, making data-driven decisions and supporting her highly technical team. A key challenge is letting people fail to learn, even if it's difficult to watch.

  • Cybersecurity Fundamentals: Kate stresses the need for a fundamental understanding of how systems work to effectively secure them. She recommends resources like Network+ and specific SANS courses for building this base.

  • The "Auditor" Aspect of Security: Kate views pen testing and security work as similar to auditing, emphasizing the need for evidence, identifying flaws, and providing actionable recommendations to add value.

  • Advice: Kate encourages aspiring cybersecurity professionals to "don't give up" as there are numerous opportunities and roles available for all types of people.

  • Resource Plug: Kate recommends OT-CERT (Secure OT CERT), a free, community-driven resource for sharing information and discussing threats in the Industrial Control Systems (ICS) field.

Resources Mentioned:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


LIVE: Unraveling the SharePoint Zero-Day Exploit (CVE-2025-53770)

Summary:

Link to the live recording: https://www.youtube.com/live/DHbGpRtDvIw?si=h6tHumVLrl3HOgq0

Join Timothy De Block and special guest Ben Miller for a deep dive into the SharePoint zero-day exploit, CVE-2025-53770. This episode breaks down the technical details of the "goofy authentication bypass" and its serious implications for on-premise systems. The discussion also expands into broader topics, including the critical role of human intelligence in security, the shift to Managed Security Service Providers (MSSPs), and the importance of addressing business processes and mental health in the industry.

Key Takeaways

  • The SharePoint Exploit (CVE-2025-53770): Ben Miller describes this vulnerability as an unauthenticated "zero-click" exploit that requires no user interaction. It's a "goofy authentication bypass" that allows an attacker to gain full control of an on-premise SharePoint server by simply sending a web request. Once an attacker gains access, they can steal keys and maintain persistent control.

  • On-Premise vs. Cloud: The vulnerability primarily affects on-premise SharePoint servers, which are managed directly by businesses. Ben explains that even organizations that have moved their systems to a cloud like Azure might still be vulnerable if they've retained old, vulnerable configurations.

  • Challenges with Detection and Remediation: Many businesses lack adequate logging and internal threat hunters, making it nearly impossible to detect if a breach occurred. The widespread use of SharePoint makes its vulnerabilities particularly dangerous, and entrenched intruders can be so difficult to remove that they may require a complete system overhaul.

  • The Human Element in Security: The speakers discuss how humans are the "trust link" and "determiner" in a security program, not just the weakest link. If one person's single action can compromise a system, it points to a process problem, not a human one. The episode also highlights the powerful role of social engineering, even with something as simple as using food to gain access to a network.

  • MSSPs and Career Advice: The conversation touches on the growing trend of organizations using Managed Security Service Providers (MSSPs) for their security operations. Ben suggests that MSSPs are a great entry point for aspiring security professionals, as they provide broad exposure to a variety of incidents. For long-term career success, Ben advises being able to translate security needs into business sense and becoming an expert in your field.

  • Community and Mental Health: Ben and Timothy encourage listeners to attend the BSides St. Louis conference on September 27th. Timothy even offered to pay for a ticket for anyone who can't afford it. The episode concludes with a discussion on mental health, with Ben encouraging people to view therapy as "a form of hygiene" and to seek help when needed.

Connect with Ben Miller & BSides St. Louis:

  • Website: bsidesstl.org

  • Event Date: September 27th

  • Event Location: Washington University's McKelvey School of Engineering

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Launch Your Own Cybersecurity Podcast

Summary:

In a special episode recorded live from ShowMeCon, Anushree Vaidya interviews Timothy De Block about the art and science of creating and growing a podcast. This episode is a must-listen for anyone interested in starting their own show, offering a practical walkthrough of the entire process from concept to promotion.

Key Takeaways:

  • Finding Your Motivation: The conversation explores the core reasons for starting a podcast, emphasizing the importance of finding a format and message that resonates with both the host and the audience.

  • The Technical Foundation: An overview of the essential equipment and software needed to get started, offering advice on how to produce quality audio without breaking the bank.

  • Content and Guest Strategy: Tips on how to structure episodes, find compelling topics, and effectively interview guests to create engaging and informative content.

  • The Power of Podcasting: The episode highlights the unexpected professional benefits of hosting a podcast, including opportunities for networking, personal growth, and becoming a recognized voice in your field.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How BSides St Louis Can Help Take The Next Step in Cybersecurity

Summary:

Timothy De Block and Ben Miller discuss the upcoming BSides St. Louis conference. Ben shares the mission behind the event: to provide a low-cost, high-value conference for beginners and those new to the security community. They cover the importance of community-building, the value of professional skills alongside technical ones, and the power of networking at local events.

Key Takeaways:

  • BSides St. Louis Mission: Ben and his co-founders created BSides St. Louis in 2015 as a "passion project" with the motto, "bringing the interested to the connected". The goal is to offer a free or low-cost conference to make cybersecurity knowledge accessible to beginners and career-changers who can't afford larger, more expensive events.

  • Cost and Accessibility: This year's conference operates on a donation basis, with a recommended $25 charge to help estimate food and t-shirt orders. Ben clarifies that no one will be turned away for an inability to pay, and the organization is a 501(c)(3) charity.

  • Networking and Career Growth: Both Ben and Timothy stress that attending local conferences like BSides on a Saturday demonstrates a commitment to learning that employers value. Networking at these events can lead to job opportunities and valuable professional connections.

  • Professional Skills Over Hard Skills: Ben argues that professional skills—such as public speaking, running effective meetings, and communicating politely—are more crucial for career longevity than hard technical skills. He shares a personal story about how a poorly chosen phrase accidentally hurt a colleague and taught him the importance of careful communication.

  • Encouraging New Speakers: BSides St. Louis actively seeks out first-time speakers. Ben looks for people who have never given a talk before because the audience is forgiving and it helps them develop skills vital for interviewing and running meetings.

  • Family-Friendly Environment: The conference is explicitly family-friendly, encouraging attendees to bring children and high school students to explore the campus and participate in activities like lockpicking and soldering. Ben views "hackers" as anyone who does "something in a way that wasn't intended to be done".

  • Personal Philosophy: Ben shares his personal mission to help people "feel secure so they can sleep at night" and his belief that giving back through events like BSides is a way to help others who were not as fortunate as he was growing up.

Notable Quotes:

  • "Bringing the interested to the connected".

  • "One con talk isn't going to make you an expert, but learning just enough to know what to Google, so that you can become an expert when you need to later... Huge. So helpful".

  • "I can train somebody really easy to run NMAP... but telling somebody how to shut up in a meeting and listen way harder".

  • "Don't self-select yourself out of opportunities".

  • "My personal life goal is to help people feel secure so they can sleep at night".

Connect with Ben Miller & BSides St. Louis:

  • Website: bsidesstl.org

  • Event Date: September 27th

  • Event Location: Washington University's McKelvey School of Engineering

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Perform Incident Response and Forensics on Drones with Wayne Burke

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Wayne Burke to discuss the crucial and rapidly evolving field of drone tactical forensics and incident response. Wayne sheds light on the increasing proliferation of drones, from law enforcement applications to criminal misuse, and the unique challenges involved in collecting forensic evidence from them. He reveals the dangers of booby-trapped drones and malware on flight controllers, emphasizing the need for caution and specialized techniques. Wayne also shares a fascinating incident involving electronic warfare against a surveillance drone, underscoring the sophisticated threats emerging today. Tune in to learn about essential forensic methods, from accessing flight logs with open-source tools to advanced chip-off forensics, and why collaboration in the cybersecurity community is vital for addressing these new challenges.

What You'll Learn:

  • What drone tactical forensics entails and its growing importance in today's world of automated robotics.

  • The diverse and increasing applications of drones, including surveillance and the potential for misuse like extortion.

  • Significant risks and dangers in drone forensics, such as booby traps and flight controller malware.

  • Initial steps and varied techniques for drone incident response and forensic evidence collection, depending on the drone type.

  • How flight logs and telemetry data are analyzed using open-source tools, and methods for advanced forensics like chip-off analysis.

  • The critical role of community and collaboration in addressing emerging drone security threats.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet

Summary:

In this episode of Exploring Information Security, host Timothy De Block speaks with Corey Overstreet, a seasoned pentester from Red Siege. Corey shares insights into the ongoing cat-and-mouse game between red teams and blue teams, revealing common vulnerabilities and unexpected successes in breaching defenses. He discusses his upcoming talk at Show Me Con, titled "That Shouldn't Have Worked," which aims to equip blue teams with practical knowledge on bolstering their defenses against persistent attackers. From the nuances of payload delivery to the surprising resilience of old tricks and the challenges of cloud security, Corey offers a candid look at the daily realities of offensive security and how defenders can truly make a red teamer's life difficult.

What You'll Learn:

  • The core focus of Corey Overstreet's "That Shouldn't Have Worked" talk at Show Me Con.

  • Common mistakes red teamers make and how to avoid them.

  • Effective defensive strategies for blue teams, including the power of application control and network segmentation.

  • The evolving landscape of EDR and how AI is starting to make red team operations more challenging.

  • Insights into the surprising ways macros and social engineering continue to be effective entry points, especially in cloud environments.

  • Advice for aspiring pentesters on learning and problem-solving, emphasizing hands-on practice and diligent note-taking.

  • Corey's favorite resources for staying up-to-date in cybersecurity, including various subreddits, Discord, and Slack communities.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


when machines take over the world with Jeff Man

Summary:

In this engaging episode of Exploring Information Security, host Timothy De Block sits down with cybersecurity expert Jeff Man. They dive into Jeff's recent experiences at the RSA Conference, his seasoned and sometimes "grumpy old man's perspective" on the pervasive topic of AI, and what he's looking forward to in upcoming speaking engagements. The conversation explores the ever-evolving landscape of cybersecurity, the challenges and hype surrounding new technologies, and the enduring principles of security that remain constant despite technological shifts.

What You'll Learn:

  • Key takeaways and observations from the RSA Conference, including attendance figures and vendor extravagances.

  • Jeff Man's unique perspective on Artificial Intelligence, separating hype from potential impact.

  • The recurring themes in cybersecurity, highlighting how fundamental problems persist across different technological eras.

  • Insights into the risks and limitations of AI, including its potential for misinformation and Jeff's personal skepticism.

  • A first-hand account of riding in a Waymo self-driving car and reflections on autonomous technology.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]