In this certifiably awesome episode of the Exploring Information Security podcast, I explore what a Certified Information Systems Security Professional with Javvad Malik.

Javvad Malik (@J4vv4d) doesn't need much introduction. He's done a video on the benefits of being a CISSP. He's also done a music video with his Host Unknown crew on the CISSP. There's also The CISSP companion handbook he wrote. which has a collection of stories and experiences dealing with the 10 domains of the CISSP. Check out his website at j4vv4d.com and his YouTube channel.

In this episode we discuss:

• What is a CISSP?

• What is the value of having a CISSP?

• Who should get the CISSP?

• The nuances of the certification test (pay attention to the questions)

More resources:

• CCCure.org for practice questions

• Videos on YouTube

• The Official Guide to the CISSP

[RSS Feed] [iTunes]

In this epic episode of the Exploring Information Security podcast Jayson E. Street (@jaysonstreet), Dave Chronister (@bagomojo), Johnny Xmas (@J0hnnyXm4s), April Wright (@aprilwright), Ben Brown (@ajnachakra), and surprise guests Adrian Crenshaw (@irongeek_adc) and Kevin Johnson (@secureideas)all join me to discuss various security related topics.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference.

Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

In this episode we discuss:

• Certificates

• Hiring

• Interviewing

• Where to get started

• Soft skills

• ShowMeCon and other conferences

• Community and giving back

• Imposter syndrome

• Irongeeks impact on those in attendance

[RSS Feed] [iTunes]

In this episode of Exploring Information Security, host Timothy De Block sits down with Wayne Burke to discuss the crucial and rapidly evolving field of drone tactical forensics and incident response. Wayne sheds light on the increasing proliferation of drones, from law enforcement applications to criminal misuse, and the unique challenges involved in collecting forensic evidence from them. He reveals the dangers of booby-trapped drones and malware on flight controllers, emphasizing the need for caution and specialized techniques. Wayne also shares a fascinating incident involving electronic warfare against a surveillance drone, underscoring the sophisticated threats emerging today. Tune in to learn about essential forensic methods, from accessing flight logs with open-source tools to advanced chip-off forensics, and why collaboration in the cybersecurity community is vital for addressing these new challenges.

What You'll Learn:

• What drone tactical forensics entails and its growing importance in today's world of automated robotics.

• The diverse and increasing applications of drones, including surveillance and the potential for misuse like extortion.

• Significant risks and dangers in drone forensics, such as booby traps and flight controller malware.

• Initial steps and varied techniques for drone incident response and forensic evidence collection, depending on the drone type.

• How flight logs and telemetry data are analyzed using open-source tools, and methods for advanced forensics like chip-off analysis.

• The critical role of community and collaboration in addressing emerging drone security threats.

Use the promo code “ExploringSec” to get $50 off your registration

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.

In this episode of Exploring Information Security, host Timothy De Block speaks with Corey Overstreet, a seasoned pentester from Red Siege. Corey shares insights into the ongoing cat-and-mouse game between red teams and blue teams, revealing common vulnerabilities and unexpected successes in breaching defenses. He discusses his upcoming talk at Show Me Con, titled "That Shouldn't Have Worked," which aims to equip blue teams with practical knowledge on bolstering their defenses against persistent attackers. From the nuances of payload delivery to the surprising resilience of old tricks and the challenges of cloud security, Corey offers a candid look at the daily realities of offensive security and how defenders can truly make a red teamer's life difficult.

What You'll Learn:

• The core focus of Corey Overstreet's "That Shouldn't Have Worked" talk at Show Me Con.

• Common mistakes red teamers make and how to avoid them.

• Effective defensive strategies for blue teams, including the power of application control and network segmentation.

• The evolving landscape of EDR and how AI is starting to make red team operations more challenging.

• Insights into the surprising ways macros and social engineering continue to be effective entry points, especially in cloud environments.

• Advice for aspiring pentesters on learning and problem-solving, emphasizing hands-on practice and diligent note-taking.

• Corey's favorite resources for staying up-to-date in cybersecurity, including various subreddits, Discord, and Slack communities.

Use the promo code “ExploringSec” to get $50 off your registration

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.

In this engaging episode of Exploring Information Security, host Timothy De Block sits down with cybersecurity expert Jeff Man. They dive into Jeff's recent experiences at the RSA Conference, his seasoned and sometimes "grumpy old man's perspective" on the pervasive topic of AI, and what he's looking forward to in upcoming speaking engagements. The conversation explores the ever-evolving landscape of cybersecurity, the challenges and hype surrounding new technologies, and the enduring principles of security that remain constant despite technological shifts.

What You'll Learn:

• Key takeaways and observations from the RSA Conference, including attendance figures and vendor extravagances.

• Jeff Man's unique perspective on Artificial Intelligence, separating hype from potential impact.

• The recurring themes in cybersecurity, highlighting how fundamental problems persist across different technological eras.

• Insights into the risks and limitations of AI, including its potential for misinformation and Jeff's personal skepticism.

• A first-hand account of riding in a Waymo self-driving car and reflections on autonomous technology.

Use the promo code “ExploringSec” to get $50 off your registration

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.

In this heartfelt episode of Exploring Information Security, we sit down with Elizabeth Eggert-Guerrant to talk about the importance of disconnecting from the always-on world of cybersecurity. Elizabeth shares her personal journey, which began with a cruise to Antarctica and led to profound revelations about burnout, digital overload, and the power of being present.

Drawing from her experience in leadership and her passion for mental health, Elizabeth unpacks how the culture of constant connectivity in cybersecurity—and life in general—can affect our well-being. From sneaking work emails in the bathroom on vacation to re-learning the value of quiet moments and real human connection, this episode explores what it means to truly step away and reset.

Whether you're an industry veteran or just getting started, Elizabeth offers advice on setting boundaries, recognizing burnout in yourself and your team, and creating space for reflection in a high-pressure industry.

• Why disconnecting is critical for mental health in cybersecurity

• How to identify burnout in yourself and others

• The value of setting daily rituals and boundaries

• The role of leadership in fostering mental well-being

• The pressure of “doing more” on social media—and how to step back

Use the promo code “ExploringSec” to get $50 off your registration

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.

In this episode of the Exploring Information Security podcast, host Timothy De Block sits down with Jason Gillam, long-time developer turned penetration tester and partner at Secure Ideas. The two dive into the real-world value of Content Security Policy (CSP) and why it remains one of the most underutilized tools in web application defense.

Jason shares insights from his upcoming talk at ShowMeCon 2025, including surprising statistics from his analysis of over 750,000 domains, where he found that most CSPs are either missing or misconfigured. He breaks down how CSP works, its role in protecting against injection attacks, and strategies for implementing it properly using nonces, hashes, and report-only modes.

They also discuss:

• The challenges of educating developers on CSP

• CSP vs. WAF and where each fits in the security stack

• How AI and CI/CD can support secure CSP deployment

• The importance of building security into code rather than bolting it on later

Whether you're a developer, security professional, or somewhere in between, this episode offers practical and actionable advice on improving your web application security posture.

• OWASP CSP Cheat Sheet

• Google CSP Evaluator

Use the promo code “ExploringSec” to get $50 off your registration

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.

What does it take to monitor the inner workings of ransomware gangs? In this episode, Matthew Maynard shares his firsthand experience infiltrating cybercriminal communities to gather valuable threat intelligence. From learning the lingo to navigating criminal hierarchies, Matthew sheds light on the surprising structure and behavior of ransomware operators. We discuss the importance of operational security, the surprising transparency of cybercriminal forums, and how researchers can play a critical role in disrupting ransomware infrastructure.

• How Matthew got started monitoring cybercriminal groups

• The business model and hierarchy of ransomware gangs

• Use of AI, insider threats, and criminal marketing tactics

• Tools and platforms used by cybercriminals (Tor, Tox, Telegram, etc.)

• Lessons learned from forums, breach leaks, and failed infiltration attempts

• The value of open-source intelligence in tracking threat actors

• Why reputation matters—both for threat actors and researchers

• Operational safety tips for researchers entering dark web spaces

Matthew Maynard is a cybersecurity professional and threat researcher who specializes in tracking the behavior of ransomware gangs and cybercriminal forums. He shares his insights through articles on Hacker Noon and speaks regularly at conferences like ShowMeCon.

Links & Resources:

• Ransomware.live

Use the promo code “ExploringSec” to get $50 off your registration

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.

In this episode, Tim speaks with Anushree Vaidya about her upcoming presentation at ShowMeCon: Ransomware Rampage: Gamifying Your Incident Response Playbook. Anushree shares her passion for making cybersecurity training more interactive, emphasizing how gamifying the ransomware incident response process can transform traditional playbook exercises into dynamic, collaborative experiences.

Anushree explains how ransomware-specific playbooks differ from general incident response plans, the benefits of hands-on exercises for diverse teams, and how organizations of all sizes can adapt her training approach internally. She also discusses overlooked early indicators of ransomware attacks, communication challenges between technical teams and leadership, and how proactive preparation can significantly reduce the pain of an incident.

• Why ransomware-specific playbooks matter

• Turning incident response into a team-based, gamified learning experience

• Building ransomware exercises that include IT, security, PR, HR, and leadership teams

• Common gaps in ransomware detection and proactive preparation

• Coaching technical teams on communication during incidents

• Using AI to stay up to date with threat intelligence and reports

• Tailoring incident response playbooks for different industries and organizational sizes

• Participants will leave Anushree’s presentation with a customizable ransomware playbook and tools to take back to their organizations.

• Gamified incident response exercises promote better communication, quicker learning, and stronger collaboration across teams.

• Early detection and proactive measures like business impact analysis are critical to minimizing ransomware damage.

• Communication planning—including legal, internal, and external messaging—is essential for effective response.

• LinkedIn: Anushree Vaidya

• Women in CyberSecurity (WiCyS) Midwest Chapter Member

Anushree is passionate about connecting with others in cybersecurity, particularly in the Midwest region. Her DMs are always open for those who want to discuss ransomware, threat hunting, incident response, and cybersecurity strategy.

Use the promo code “ExploringSec” to get $50 off your registration

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.

Chris Hadnagy returns to the podcast to discuss the upcoming Human Behavior Conference (HUBE CON), a unique event blending psychology, neuroscience, and cybersecurity. Hosted in Orlando, FL, the 2025 conference focuses on the theme of "Influence and InfoSec"—with a diverse speaker lineup covering everything from nonverbal communication to neurodiversity in the cybersecurity field.

In this episode, Chris and Tim dive into how the conference is designed to foster deep learning and genuine human connection. They discuss how the sessions go beyond standard talks with hands-on trainings, interactive discussions, and practical takeaways for both cybersecurity professionals and those outside the industry. Chris also highlights how the conference has evolved over the years, the importance of accessibility for introverts, and what attendees can expect from this year's upgraded format.

Chris also shares updates on the Innocent Lives Foundation (ILF), a nonprofit focused on helping law enforcement identify and stop child predators, and touches on cutting-edge work at Social-Engineer, LLC—including new services involving deepfake social engineering simulations.

Discussion Points:

• How the Human Behavior Conference bridges behavioral science and cybersecurity

• Creating a conference you want to attend

• Balancing science and practicality in session content

• Building a community for introverts and extroverts alike

• Why audience interaction creates stronger learning moments

• The expanding role of AI in podcast production and social engineering

• A preview of topics and speakers at this year’s HUBE CON

• Updates from the Innocent Lives Foundation and Social-Engineer, LLC

Resources Mentioned:

• Human Behavior Conference (HUBE CON)

• Innocent Lives Foundation

• Social-Engineer, LLC

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Sign up with your email address to receive news and updates.

We respect your privacy.