Kate Johnson's Winding Path to a Director Role in Cybersecurity

Summary:

Timothy De Block interviews Kate Johnson about her cybersecurity career. Kate shares insights from her journey, emphasizing the importance of foundational knowledge and effective leadership in a constantly evolving technical field.

Key Takeaways:

  • From Guides to Director: Kate's career began with writing guides for technology users, teaching her empathy and a people-focused approach crucial for her later management roles. She progressed from an analyst to a director, leveraging early management experience at Central Michigan University.

  • Evolving Director Role: At Draos (founded in 2017), Kate's director role has expanded significantly as the company grew from 100 to over 500 employees. She now manages intelligence reverse engineers and oversees operations for the entire intelligence services department.

  • Leadership in Cybersecurity: Kate's management style is advisory, focusing on guiding her team and connecting their efforts. She maintains an analytical mindset, making data-driven decisions and supporting her highly technical team. A key challenge is letting people fail to learn, even if it's difficult to watch.

  • Cybersecurity Fundamentals: Kate stresses the need for a fundamental understanding of how systems work to effectively secure them. She recommends resources like Network+ and specific SANS courses for building this base.

  • The "Auditor" Aspect of Security: Kate views pen testing and security work as similar to auditing, emphasizing the need for evidence, identifying flaws, and providing actionable recommendations to add value.

  • Advice: Kate encourages aspiring cybersecurity professionals to "don't give up" as there are numerous opportunities and roles available for all types of people.

  • Resource Plug: Kate recommends OT-CERT (Secure OT CERT), a free, community-driven resource for sharing information and discussing threats in the Industrial Control Systems (ICS) field.

Resources Mentioned:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


LIVE: Unraveling the SharePoint Zero-Day Exploit (CVE-2025-53770)

Summary:

Link to the live recording: https://www.youtube.com/live/DHbGpRtDvIw?si=h6tHumVLrl3HOgq0

Join Timothy De Block and special guest Ben Miller for a deep dive into the SharePoint zero-day exploit, CVE-2025-53770. This episode breaks down the technical details of the "goofy authentication bypass" and its serious implications for on-premise systems. The discussion also expands into broader topics, including the critical role of human intelligence in security, the shift to Managed Security Service Providers (MSSPs), and the importance of addressing business processes and mental health in the industry.

Key Takeaways

  • The SharePoint Exploit (CVE-2025-53770): Ben Miller describes this vulnerability as an unauthenticated "zero-click" exploit that requires no user interaction. It's a "goofy authentication bypass" that allows an attacker to gain full control of an on-premise SharePoint server by simply sending a web request. Once an attacker gains access, they can steal keys and maintain persistent control.

  • On-Premise vs. Cloud: The vulnerability primarily affects on-premise SharePoint servers, which are managed directly by businesses. Ben explains that even organizations that have moved their systems to a cloud like Azure might still be vulnerable if they've retained old, vulnerable configurations.

  • Challenges with Detection and Remediation: Many businesses lack adequate logging and internal threat hunters, making it nearly impossible to detect if a breach occurred. The widespread use of SharePoint makes its vulnerabilities particularly dangerous, and entrenched intruders can be so difficult to remove that they may require a complete system overhaul.

  • The Human Element in Security: The speakers discuss how humans are the "trust link" and "determiner" in a security program, not just the weakest link. If one person's single action can compromise a system, it points to a process problem, not a human one. The episode also highlights the powerful role of social engineering, even with something as simple as using food to gain access to a network.

  • MSSPs and Career Advice: The conversation touches on the growing trend of organizations using Managed Security Service Providers (MSSPs) for their security operations. Ben suggests that MSSPs are a great entry point for aspiring security professionals, as they provide broad exposure to a variety of incidents. For long-term career success, Ben advises being able to translate security needs into business sense and becoming an expert in your field.

  • Community and Mental Health: Ben and Timothy encourage listeners to attend the BSides St. Louis conference on September 27th. Timothy even offered to pay for a ticket for anyone who can't afford it. The episode concludes with a discussion on mental health, with Ben encouraging people to view therapy as "a form of hygiene" and to seek help when needed.

Connect with Ben Miller & BSides St. Louis:

  • Website: bsidesstl.org

  • Event Date: September 27th

  • Event Location: Washington University's McKelvey School of Engineering

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Launch Your Own Cybersecurity Podcast

Summary:

In a special episode recorded live from ShowMeCon, Anushree Vaidya interviews Timothy De Block about the art and science of creating and growing a podcast. This episode is a must-listen for anyone interested in starting their own show, offering a practical walkthrough of the entire process from concept to promotion.

Key Takeaways:

  • Finding Your Motivation: The conversation explores the core reasons for starting a podcast, emphasizing the importance of finding a format and message that resonates with both the host and the audience.

  • The Technical Foundation: An overview of the essential equipment and software needed to get started, offering advice on how to produce quality audio without breaking the bank.

  • Content and Guest Strategy: Tips on how to structure episodes, find compelling topics, and effectively interview guests to create engaging and informative content.

  • The Power of Podcasting: The episode highlights the unexpected professional benefits of hosting a podcast, including opportunities for networking, personal growth, and becoming a recognized voice in your field.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How BSides St Louis Can Help Take The Next Step in Cybersecurity

Summary:

Timothy De Block and Ben Miller discuss the upcoming BSides St. Louis conference. Ben shares the mission behind the event: to provide a low-cost, high-value conference for beginners and those new to the security community. They cover the importance of community-building, the value of professional skills alongside technical ones, and the power of networking at local events.

Key Takeaways:

  • BSides St. Louis Mission: Ben and his co-founders created BSides St. Louis in 2015 as a "passion project" with the motto, "bringing the interested to the connected". The goal is to offer a free or low-cost conference to make cybersecurity knowledge accessible to beginners and career-changers who can't afford larger, more expensive events.

  • Cost and Accessibility: This year's conference operates on a donation basis, with a recommended $25 charge to help estimate food and t-shirt orders. Ben clarifies that no one will be turned away for an inability to pay, and the organization is a 501(c)(3) charity.

  • Networking and Career Growth: Both Ben and Timothy stress that attending local conferences like BSides on a Saturday demonstrates a commitment to learning that employers value. Networking at these events can lead to job opportunities and valuable professional connections.

  • Professional Skills Over Hard Skills: Ben argues that professional skills—such as public speaking, running effective meetings, and communicating politely—are more crucial for career longevity than hard technical skills. He shares a personal story about how a poorly chosen phrase accidentally hurt a colleague and taught him the importance of careful communication.

  • Encouraging New Speakers: BSides St. Louis actively seeks out first-time speakers. Ben looks for people who have never given a talk before because the audience is forgiving and it helps them develop skills vital for interviewing and running meetings.

  • Family-Friendly Environment: The conference is explicitly family-friendly, encouraging attendees to bring children and high school students to explore the campus and participate in activities like lockpicking and soldering. Ben views "hackers" as anyone who does "something in a way that wasn't intended to be done".

  • Personal Philosophy: Ben shares his personal mission to help people "feel secure so they can sleep at night" and his belief that giving back through events like BSides is a way to help others who were not as fortunate as he was growing up.

Notable Quotes:

  • "Bringing the interested to the connected".

  • "One con talk isn't going to make you an expert, but learning just enough to know what to Google, so that you can become an expert when you need to later... Huge. So helpful".

  • "I can train somebody really easy to run NMAP... but telling somebody how to shut up in a meeting and listen way harder".

  • "Don't self-select yourself out of opportunities".

  • "My personal life goal is to help people feel secure so they can sleep at night".

Connect with Ben Miller & BSides St. Louis:

  • Website: bsidesstl.org

  • Event Date: September 27th

  • Event Location: Washington University's McKelvey School of Engineering

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


[RERELEASE] What it's like in the SECTF sound booth

In this on a whim episode of the Exploring Information Security podcast, Michelle joins me to discuss here time participating in the SECTF.

Michelle (@MlleLicious) was one of the contestants who competed on Friday in the Social Engineering Capture The Flag (SECTF). This year the SECTF focused on video game companies and Michelle (happily) pulled Disney. Getting up on stage in front of hundreds of people is already a nerve racking proposition. Now add in that you have to interact with another human being to try and get them to divulge information for points. As you'll hear this was Michelle's first year at DEFCON. She dove right in to the event and walked away from the even with an amazing experience.

In this episode we discuss:

  • What is the SECTF

  • Why apply to the competition

  • What was her preparation for the contest

  • Where could she have improved

[RERELEASE] How to network in information security - part 2

In this edition of the Exploring Information Security podcast, I discuss with Johnny Xmas how to network in information security.

Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.

In part two we discuss:

  • Resources for getting better at networking

  • Some of the challenges of learning to network

[RERELEASE] How to network in information security - part 1

In this edition of the Exploring Information Security podcast, I discuss with Johnny Xmas how to network in information security.

Johnny (@J0hnnyXm4s) is a penetration tester for Redlegg and an accomplished speaker at security conferences around the United States and Iceland. One of Johnny's more recent talks is titled "That's not my RJ45 Jack" which covers, among other topics, how to interact with people. I saw this talk in April when I went to BSides Nashville and it has a lot of good information that can be applied to networking with people in general.

In part one we discuss:

  • What is networking?

  • How can Twitter be leverage to strengthen and improve your network?

[RERELEASE] What are BEC attacks?

In this phishy edition of the Exploring Information Security podcast, Steve Ragan of CSO joins me to discuss business email compromise (BEC) attacks.

Steve (@SteveD3) has been covering BEC types of attacks for the past year at CSO. These types of attacks are increasing. It may get worse with GDPR requirements next month. This ended up being one of the more difficult podcasts to get scheduled. Steve and I had to cancel on each other a few times because of phishing related stuff.

In this episode we discuss:

  • What are BEC types of attacks?

  • Who is performing BEC attacks?

  • How are people falling for them?

  • What can people do protect against this type of attack?

[RERELEASE] How to crack passwords

In this crackerjack edition of the Exploring Information Security podcast, Sean Peterson of Parameter Security joins me to discuss password cracking.

Sean (@SeanThePeterson), is one of the most passionate infosec people you don't know. He recently did a talk at ShowMeCon on how to crack passwords. It was his first ever talk and pretty damn good. Sean joined me to give me his insights into password cracking.

In this episode we discuss:

  • What type of hardware is needed for password cracking

  • What type of attacks are used for password cracking

  • How to crack passwords

  • What's ahead for password cracking

[RERELEASE] How to find vulnerabilites

In this susceptible edition of the Exploring Information Security podcast, Samy Kamkar joins me to discuss how to find vulnerabilities.

Samy (@samykamkar) shouldn't need too much of an introduction to most people. He's been in the news for hacking garage doors, credit cards, cars, and much much more. Samy likes to hack things and has a knack for finding vulnerabilities in everything from locked machines to wireless doorbells. His site has the full list of vulnerabilities as well as videos and press appearances. Which made him the perfect guess for talking about how to find vulnerabilities.

In this episode we discuss:

  • What got him started in looking for vulnerabilities

  • What is a vulnerability

  • What skills are necessary for finding vulnerabilities

  • How he decides his next project

  • The steps to finding vulnerabilities

  • What he does when he discovers a vulnerability

  • How long the process takes

[RERELEASE] What is data driven security?

In this statistically-inclined edition for the Exploring Information Security podcast, I talk with Bob Rudis co-author of Data Driven Security to answer the questions: "What is data driven security?"

I recently read Data Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs (@jayjacobs) and Bob Rudis (@hrbrmstr). The book is easy to read and a very good introduction into the world of data and security. Both Jay and Bob were kind with their time when I had questions about exercises in the books. After reading the book I decided to have Bob on to talk more about data driven security. 

Bob Rudis is also a contributor to the Verizon DBIR and these projects below:

In this episode we discuss:

  • What is data driven security?

  • The benefits of data driven security

  • How it should be implemented

  • Where it can be applied

Bob also gave me a long list of resources for those looking to get into data-driven security:

[RERELEASE] What is a CISSP?

In this certifiably awesome episode of the Exploring Information Security podcast, I explore what a Certified Information Systems Security Professional with Javvad Malik.

Javvad Malik (@J4vv4d) doesn't need much introduction. He's done a video on the benefits of being a CISSP. He's also done a music video with his Host Unknown crew on the CISSP. There's also The CISSP companion handbook he wrote. which has a collection of stories and experiences dealing with the 10 domains of the CISSP. Check out his website at j4vv4d.com and his YouTube channel.

In this episode we discuss:

  • What is a CISSP?

  • What is the value of having a CISSP?

  • Who should get the CISSP?

  • The nuances of the certification test (pay attention to the questions)

More resources:

[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security

In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.

Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

In this episode we discuss:

  • Certificates

  • Hiring

  • Interviewing

  • Where to get started

  • Soft skills

  • ShowMeCon and other conferences

  • Community and giving back

  • Imposter syndrome

  • Irongeeks impact on those in attendance

How to Perform Incident Response and Forensics on Drones with Wayne Burke

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Wayne Burke to discuss the crucial and rapidly evolving field of drone tactical forensics and incident response. Wayne sheds light on the increasing proliferation of drones, from law enforcement applications to criminal misuse, and the unique challenges involved in collecting forensic evidence from them. He reveals the dangers of booby-trapped drones and malware on flight controllers, emphasizing the need for caution and specialized techniques. Wayne also shares a fascinating incident involving electronic warfare against a surveillance drone, underscoring the sophisticated threats emerging today. Tune in to learn about essential forensic methods, from accessing flight logs with open-source tools to advanced chip-off forensics, and why collaboration in the cybersecurity community is vital for addressing these new challenges.

What You'll Learn:

  • What drone tactical forensics entails and its growing importance in today's world of automated robotics.

  • The diverse and increasing applications of drones, including surveillance and the potential for misuse like extortion.

  • Significant risks and dangers in drone forensics, such as booby traps and flight controller malware.

  • Initial steps and varied techniques for drone incident response and forensic evidence collection, depending on the drone type.

  • How flight logs and telemetry data are analyzed using open-source tools, and methods for advanced forensics like chip-off analysis.

  • The critical role of community and collaboration in addressing emerging drone security threats.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet

Summary:

In this episode of Exploring Information Security, host Timothy De Block speaks with Corey Overstreet, a seasoned pentester from Red Siege. Corey shares insights into the ongoing cat-and-mouse game between red teams and blue teams, revealing common vulnerabilities and unexpected successes in breaching defenses. He discusses his upcoming talk at Show Me Con, titled "That Shouldn't Have Worked," which aims to equip blue teams with practical knowledge on bolstering their defenses against persistent attackers. From the nuances of payload delivery to the surprising resilience of old tricks and the challenges of cloud security, Corey offers a candid look at the daily realities of offensive security and how defenders can truly make a red teamer's life difficult.

What You'll Learn:

  • The core focus of Corey Overstreet's "That Shouldn't Have Worked" talk at Show Me Con.

  • Common mistakes red teamers make and how to avoid them.

  • Effective defensive strategies for blue teams, including the power of application control and network segmentation.

  • The evolving landscape of EDR and how AI is starting to make red team operations more challenging.

  • Insights into the surprising ways macros and social engineering continue to be effective entry points, especially in cloud environments.

  • Advice for aspiring pentesters on learning and problem-solving, emphasizing hands-on practice and diligent note-taking.

  • Corey's favorite resources for staying up-to-date in cybersecurity, including various subreddits, Discord, and Slack communities.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


when machines take over the world with Jeff Man

Summary:

In this engaging episode of Exploring Information Security, host Timothy De Block sits down with cybersecurity expert Jeff Man. They dive into Jeff's recent experiences at the RSA Conference, his seasoned and sometimes "grumpy old man's perspective" on the pervasive topic of AI, and what he's looking forward to in upcoming speaking engagements. The conversation explores the ever-evolving landscape of cybersecurity, the challenges and hype surrounding new technologies, and the enduring principles of security that remain constant despite technological shifts.

What You'll Learn:

  • Key takeaways and observations from the RSA Conference, including attendance figures and vendor extravagances.

  • Jeff Man's unique perspective on Artificial Intelligence, separating hype from potential impact.

  • The recurring themes in cybersecurity, highlighting how fundamental problems persist across different technological eras.

  • Insights into the risks and limitations of AI, including its potential for misinformation and Jeff's personal skepticism.

  • A first-hand account of riding in a Waymo self-driving car and reflections on autonomous technology.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Disconnect From Cybersecurity

Summary:

In this heartfelt episode of Exploring Information Security, we sit down with Elizabeth Eggert-Guerrant to talk about the importance of disconnecting from the always-on world of cybersecurity. Elizabeth shares her personal journey, which began with a cruise to Antarctica and led to profound revelations about burnout, digital overload, and the power of being present.

Drawing from her experience in leadership and her passion for mental health, Elizabeth unpacks how the culture of constant connectivity in cybersecurity—and life in general—can affect our well-being. From sneaking work emails in the bathroom on vacation to re-learning the value of quiet moments and real human connection, this episode explores what it means to truly step away and reset.

Whether you're an industry veteran or just getting started, Elizabeth offers advice on setting boundaries, recognizing burnout in yourself and your team, and creating space for reflection in a high-pressure industry.

What You’ll Learn

  • Why disconnecting is critical for mental health in cybersecurity

  • How to identify burnout in yourself and others

  • The value of setting daily rituals and boundaries

  • The role of leadership in fostering mental well-being

  • The pressure of “doing more” on social media—and how to step back

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Implement a Content Security Policy (CSP)

Summary:

In this episode of the Exploring Information Security podcast, host Timothy De Block sits down with Jason Gillam, long-time developer turned penetration tester and partner at Secure Ideas. The two dive into the real-world value of Content Security Policy (CSP) and why it remains one of the most underutilized tools in web application defense.

Jason shares insights from his upcoming talk at ShowMeCon 2025, including surprising statistics from his analysis of over 750,000 domains, where he found that most CSPs are either missing or misconfigured. He breaks down how CSP works, its role in protecting against injection attacks, and strategies for implementing it properly using nonces, hashes, and report-only modes.

They also discuss:

  • The challenges of educating developers on CSP

  • CSP vs. WAF and where each fits in the security stack

  • How AI and CI/CD can support secure CSP deployment

  • The importance of building security into code rather than bolting it on later

Whether you're a developer, security professional, or somewhere in between, this episode offers practical and actionable advice on improving your web application security posture.

Mentioned Resources:

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


how to monitor the inner workings of a cybercriminal organization

Summary:

What does it take to monitor the inner workings of ransomware gangs? In this episode, Matthew Maynard shares his firsthand experience infiltrating cybercriminal communities to gather valuable threat intelligence. From learning the lingo to navigating criminal hierarchies, Matthew sheds light on the surprising structure and behavior of ransomware operators. We discuss the importance of operational security, the surprising transparency of cybercriminal forums, and how researchers can play a critical role in disrupting ransomware infrastructure.

Topics Discussed:

  • How Matthew got started monitoring cybercriminal groups

  • The business model and hierarchy of ransomware gangs

  • Use of AI, insider threats, and criminal marketing tactics

  • Tools and platforms used by cybercriminals (Tor, Tox, Telegram, etc.)

  • Lessons learned from forums, breach leaks, and failed infiltration attempts

  • The value of open-source intelligence in tracking threat actors

  • Why reputation matters—both for threat actors and researchers

  • Operational safety tips for researchers entering dark web spaces

Guest Bio:

Matthew Maynard is a cybersecurity professional and threat researcher who specializes in tracking the behavior of ransomware gangs and cybercriminal forums. He shares his insights through articles on Hacker Noon and speaks regularly at conferences like ShowMeCon.

Links & Resources:

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


Gamifying Your Incident Response Playbook with Anushree Vaidya

Summary:

In this episode, Tim speaks with Anushree Vaidya about her upcoming presentation at ShowMeCon: Ransomware Rampage: Gamifying Your Incident Response Playbook. Anushree shares her passion for making cybersecurity training more interactive, emphasizing how gamifying the ransomware incident response process can transform traditional playbook exercises into dynamic, collaborative experiences.

Anushree explains how ransomware-specific playbooks differ from general incident response plans, the benefits of hands-on exercises for diverse teams, and how organizations of all sizes can adapt her training approach internally. She also discusses overlooked early indicators of ransomware attacks, communication challenges between technical teams and leadership, and how proactive preparation can significantly reduce the pain of an incident.

Topics Discussed

  • Why ransomware-specific playbooks matter

  • Turning incident response into a team-based, gamified learning experience

  • Building ransomware exercises that include IT, security, PR, HR, and leadership teams

  • Common gaps in ransomware detection and proactive preparation

  • Coaching technical teams on communication during incidents

  • Using AI to stay up to date with threat intelligence and reports

  • Tailoring incident response playbooks for different industries and organizational sizes

Key Takeaways

  • Participants will leave Anushree’s presentation with a customizable ransomware playbook and tools to take back to their organizations.

  • Gamified incident response exercises promote better communication, quicker learning, and stronger collaboration across teams.

  • Early detection and proactive measures like business impact analysis are critical to minimizing ransomware damage.

  • Communication planning—including legal, internal, and external messaging—is essential for effective response.

Connect with Anushree

  • LinkedIn: Anushree Vaidya

  • Women in CyberSecurity (WiCyS) Midwest Chapter Member

Anushree is passionate about connecting with others in cybersecurity, particularly in the Midwest region. Her DMs are always open for those who want to discuss ransomware, threat hunting, incident response, and cybersecurity strategy.

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]