Exploring Information Security - Exploring Information Security

• What is the Human Behavior Conference (HUBE)?

  Summary: Chris Hadnagy returns to the podcast to discuss the upcoming Human Behavior Conference (HUBE CON), a unique event blending psychology, neuroscience, and cybersecurity. Hosted in Orlando, FL, the 2025 conference focuses on the theme of "Influence and InfoSec"—with a diverse speaker lineup covering everything from nonverbal communication to neurodiversity in the cybersecurity field. In this episode, Chris and Tim dive into how the conference is designed to foster deep learning and genuine human connection. They discuss how the sessions go beyond standard talks with hands-on trainings, interactive discussions, and practical takeaways for both cybersecurity professionals and those outside the industry. Chris also highlights how the conference has evolved over the years, the importance of accessibility for introverts, and what attendees can expect from this year's upgraded format. Chris also shares updates on the Innocent Lives Foundation (ILF), a nonprofit focused on helping law enforcement identify and stop child predators, and touches on cutting-edge work at Social-Engineer, LLC—including new services involving deepfake social engineering simulations. Discussion Points: How the Human Behavior Conference bridges behavioral science and cybersecurity Creating a conference you want to attend Balancing science and practicality in session content Building a community for introverts and extroverts alike Why audience interaction creates stronger learning moments The expanding role of AI in podcast production and social engineering A preview of topics and speakers at this year’s HUBE CON Updates from the Innocent Lives Foundation and Social-Engineer, LLC Resources Mentioned: Human Behavior Conference (HUBE CON) Innocent Lives Foundation Social-Engineer, LLC

  --------  

  32:49
• [RERELEASE] How to deal with the "experience required" paradox

  Jerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.

  --------  

  30:28
• [RERELEASE] How to ZAP your websites

  Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

  --------  

  17:34
• How Do Ransomware Gangs Work?

  Summary: In this episode of Exploring Information Security, we dive deep into the dark, complex world of ransomware gangs with returning guest Kyle Andrus. Drawing on leaked chat logs, real-world cases, and extensive incident response experience, Kyle helps us understand the internal operations, motivations, and evolution of these cybercriminal organizations. We explore how ransomware gangs are structured like modern corporations—with developers, access brokers, negotiators, HR, and even customer support. Kyle also shares insights into how these gangs are adapting to legal pressure, sanctions, and the cybersecurity community’s defensive advancements. Topics covered: The organizational structure of ransomware gangs Ransomware-as-a-Service (RaaS) models and profit sharing Affiliate programs, access brokers, and laundering tactics The impact of geopolitics on ransomware operations Creative pressure tactics, including triple extortion and SEC complaints The role of insider threats and chat log leaks (e.g., Conti) Use of AI by defenders and attackers The evolving response of law enforcement and regulation

  --------  

  59:28
• Offensive Tools for Pentesters with Chris Traynor

  Summary: In this episode of Exploring Information Security, Tim chats with Chris Traynor of Black Hills Information Security (BHIS) and Ridgeback InfoSec. Chris is a seasoned penetration tester and educator who’s been developing hands-on training that’s grounded in real-world experience. He shares the origins of his “Offensive Tooling” classes, what makes a great pentest report, and how he balances teaching with travel, work, and family life. Chris breaks down the tooling that matters, how he approaches infrastructure setup for operators, and why he emphasizes actionable reporting. He also talks about the importance of open-source tooling, customizing workflows, and automating the tedious parts of testing. Whether you're just getting into offensive security or are a veteran red teamer, this episode offers insights and practical takeaways. Topics discussed: The importance of hands-on offensive tooling training How to write reports that are actually useful to dev and ops teams Why pentesters need infrastructure knowledge Open-source tools, custom scripts, and automation The challenges and wins of presenting at BSides and beyond Avoiding burnout while building community and sharing knowledge Learn more about Chris’ upcoming training opportunities: Social Twitter LinkedIn Upcoming Events March 28 security live on https://www.twitch.tv/womaninredpresents KernelCon April 1-2 teaching my Offensive Tooling for Operators 2-day class The Illustrated Pentester - Short Stories of Security Vol. 4 April 10  - Past ones...    The Illustrated Pentester - Short Stories of Security The Illustrated Pentester - Short Stories of Security Vol. 2 The Illustrated Pentester - Short Stories of Security Vol. 3  BSidesHBG April 25  BSidesKC April 26  Possibly BSides Flood City (May 8) and BSides Ft Wayne (June 7) too ETHOS LAbs Links and Resources: ETHOS LABS Website Connect with Tim Folwer on Linkedin

  --------  

  46:51

Fler podcasts i Teknologi

Trendiga poddar i Teknologi

Om Exploring Information Security - Exploring Information Security