Breaking Bad Code with Kevin Johnson

March 11, 2025

Summary:

In this episode of Exploring Information Security, host Timothy De Block welcomes Kevin Johnson, founder of Secure Ideas, to discuss web application penetration testing, API security, and hands-on security training. Kevin shares insights on why pentesters need to understand business risk, how API security is often misunderstood, and what participants can expect from his Breaking Bad Code workshop at ShowMeCon. He also reflects on the state of security talks at conferences, the importance of interactive learning, and Secure Ideas’ 15-year journey in the industry.

Topics Discussed:

Web Application Security Challenges – Why automated tools alone aren’t enough, and how attackers think differently.
API Security & Misconceptions – How APIs change attack surfaces and why developers often overlook key security flaws.
Breaking Bad Code Training at ShowMeCon – What attendees will learn and why hands-on hacking beats passive lectures.
Security Talks vs. Vendor Pitches – The problem with sales-driven conference talks and why real education matters.
The Evolution of Secure Ideas – Celebrating 15 years in business, plus challenge coins and community growth.
Fun Side Tangents – Muppets, hacking culture, and why Wacka Hack is the talk you don’t want to miss at ShowMeCon.

Key Takeaways:

Effective pentesting goes beyond tools—it’s about understanding the purpose and risk of an application.
API security isn’t a separate discipline—it requires a shift in attacker mindset.
Hands-on training is the best way to learn—expect to actively hack at the Breaking Bad Code workshop.
Security conference talks should educate, not sell—vendor-heavy presentations fail to engage the audience.
ShowMeCon is an invaluable event for anyone interested in offensive security and application security.

Guest Info:

Kevin Johnson – Founder & CEO of Secure Ideas, security consultant, trainer, and conference speaker.

Links and Resources:

Follow Kevin on Twitter: @SecureIdeas
Secure Ideas: secureideas.com
Samurai WTF – Web Testing Framework: samuraiwtf.org
Penetration Testing Execution Standard (PTES): pentest-standard.org

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Learn more about ShowMeCon: showmecon.com
Register for Training or the Conference: Registration Link
Event Venue and Room Block Information: Ameristar Casino & Resort
Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile
Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]

[RERELEASE] ShowMeCon: What does Jayson E. Street, Dave Chronister, Johnny Xmas, April Wright, and Ben Brown think about security?

October 29, 2024

In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.

Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

In this episode we discuss:

Certificates
Hiring
Interviewing
Where to get started
Soft skills
ShowMeCon and other conferences
Community and giving back
Imposter syndrome
Irongeeks impact on those in attendance

[RSS Feed] [iTunes]

ShowMeCon: Kevin Johnson and whatever he wants to talk about

February 15, 2024

This is a sponsored podcast by ShowMeCon which is May 13th & 14th. Tickets are still available! They’re also still looking for sponsors. Don't miss out on this opportunity to be part of the cybersecurity event of the year! Whether you're looking to learn, network, or elevate your brand, ShowMeCon is the place to be.

Summary:

Kevin Johnson the Chief Executive Officer of Secure Ideas joined me to discuss ShowMeCon and his keynote presentation on the infosec community rising from the ashes like a phoenix. It’s been a while since I’ve had the opportunity to catch up with Kevin but we got right into it and had a lot of great laughs. It’s a little all over the place with talk about ShowMeCon, reincarnation, and John Wick as a romantic comedy. Also, there is an EXPLICIT tag on this podcast.

Check the episode highlights below for a jingle on the topic.

Episode Highlights:

(Verse 1)
🎶 In the world of cyber, there's a place to be,
ShowMeCon's the event, in the tech sea.
Kevin Johnson's leading, with a tech-savvy crew,
Bringing folks together, showing what they can do. 🎶

(Chorus)
🎵 ShowMeCon, ShowMeCon, where the tech minds meet,
Diving deep in cyber streets, where challenges and passions greet.
From the ashes, we will rise, like a phoenix, bold and wise,
ShowMeCon, the stage is set, for a tech adventure you won't forget. 🎵

(Verse 2)
🎶 Imagine John Wick, with a softer side,
In a rom-com twist, where love and action collide.
He's hacking through the heart, with a smile so wide,
At ShowMeCon, where worlds of tech and romance abide. 🎶

(Bridge)
🎵 Rising from the ashes, with the phoenix's flight,
We'll conquer cyber battles, in the neon light.
Kevin Johnson guides us, through the digital night,
At ShowMeCon, we'll learn, we'll grow, and take our dreams to height. 🎵

(Chorus)
🎵 ShowMeCon, ShowMeCon, where the future's bright,
Join us in the journey, in the quest for cyber might.
From the ashes, we will rise, with our hearts and minds entwined,
ShowMeCon, where dreams take flight, and every moment's a delight. 🎵

Guest Information:

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

Resources and Mentions:

Secure Ideas

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]