This isn’t the easiest thing to do. Now that I’m writing the podcast post after recording and editing the podcast, I have a sense of relief. For the last month plus, I’ve tried to decide whether or not to shut down the podcast. The fact that it

Who is looking for more in infosec - Feb 27, 2017

Feb 28th, 2017

In this job posting edition of the Exploring Information Security podcast, who is looking for more in infosec?This is a bonus episode of the podcast. This is a solo podcast where I discuss open positions and people looking for opportunities. I

What is Tactical Edge?

May 16th, 2016 29m 20s

Ed (@EdgarR0jas) is the creator of Tactical Edge (@Tactical3dge), which runs October 24 - 27, 2016, and PVC Security podcast co-host. For listeners of that podcast, I apologize. You've heard about about Tactical Edge extensively. However, I man

What is social engineering?

May 9th, 2016 21m 40s

Valerie (@hacktress09) is an executive consultant for Securicon. She uses many techniques to pentest an organization via social engineering. One of the techniques she uses the most is phishing emails. In this episode we discuss what is social e

How to be a better mentor

May 2nd, 2016 22m 54s

Chris (@_Lopi_) has some interesting thoughts on mentorship and how the infosec community can be better at it. Here is the tweet from Chris that caught my attention, "What do I want? To get more folks interested in infosec and help them break i

What is a security framework?

Apr 25th, 2016 23m 29s

Steven (@ZenM0de) is a principal security strategist at eSentire. Part of his role is implementing, and even sometimes creating, security frameworks for organizations. We define what a security framework is and then discuss the process for choo

How to make time for a home lab

Apr 18th, 2016 22m 42s

Chris (@cmaddalena) and I were asked the question on Twitter, "How do you make time for a home lab?" We answered the question on Twitter, but also decided the question was a good topic for an EIS episode. Home labs are great for advancing a car

How to build a home lab

Apr 11th, 2016 30m 7s

Chris (@cmaddy) and I have submitted to a couple of calls for training at CircleCityCon and Converge and BSides Detroit this summer on the topic of building a home lab. I will also be speaking on this subject at ShowMeCon. Home labs are great f

What is red vs. blue? - Part 2

Apr 4th, 2016 22m

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security in

What is Red vs. Blue - Part 1

Mar 28th, 2016 20m 43s

How to start a successful CitySec meetup - Part 2

Mar 21st, 2016 22m 51s

Johnny, (@J0hnnyXm4s), helps organize four monthly meetups in the Chicago area called BurbSec. Starting a CitySec is a unique challenge but one that is easily doable. CitySec's provide an opportunity for security professionals and enthusiasts t

How to start a successful CitySec meetup - Part 1

Mar 14th, 2016 24m 48s

How to attend a conference

Mar 7th, 2016 30m 57s

Wolf (@jwgoerlich), recently produced an interesting PVCSec episode at CodeMash on the challenges of getting into infosec. One of the interesting notes from that podcast was learning how to attend a conference. It was such a great point that I

What is the Security Culture Conference? - Part 2

Feb 29th, 2016 21m 7s

Kai (@kairoer), is a speaker, trainer, consultant, and the creator of the Security Culture Framework (SCF). The framework deals with embedding a security mindset into the entire organization. It takes security awareness training to the next lev

What is the Security Culture Conference? - Part 1

Feb 22nd, 2016 25m 9s

What is a CISSP?

Feb 15th, 2016 24m 47s

Javvad Malik (@J4vv4d) doesn't need much introduction. He's done a video on the benefits of being a CISSP. He's also done a music video with his Host Unknown crew on the CISSP. There's also The CISSP companion handbook he wrote. which has a col

What is the problem we're trying to solve?

Feb 8th, 2016 32m 53s

Michael Santarcangelo, AKA The @catalyst, joins me to explain why answering the question is key to better security. The question, "What is the problem we're trying to solve" is the first step in identifying whether or not the problem at hand is

What is OSINT - Part 2

Feb 1st, 2016 19m 46s

I continue my conversation with Tazz on OSINT: why it's importnat; skills needed to perform OSINT; and the tools used.

What is OSINT? - Part 1

Jan 25th, 2016 22m 59s

My first interaction with Tazz (@GRC_Ninja), was at CircleCityCon. I quickly became aware that if I got out of line at the conference Tazz was very likely to be the one to put me in my place. I also ran into her at DerbyCon where she kept peopl

How to build a SOC - Part 3

Jan 18th, 2016 20m 57s

Paul Jorgensen of IBM joins me to discuss how to build a SOC. In part 3 we move into the next step and discuss resources for building an effective SOC.

How to build a SOC - Part 2

Jan 11th, 2016 25m 8s

Fellow co-host of the PVC Security podcast, Paul (@prjorgensen) spends most of his day thinking about socks. Once he's decided on a pair, he goes out into the world to help organizations build a SOC or security operations center. He's got exten

How to build a SOC - Part 1

Jan 4th, 2016 20m 37s

What is a SIEM?

Dec 28th, 2015 23m 27s

Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM.

How to apply network security monitoring

Dec 21st, 2015 30m 17s

Chris (@chrissanders88) is the co-author, along with Jason Smith, of Applied Network Security Monitoring: Collection, Detection, and Analysis. I recently finished the book and found it a valuable book for those operating within a SOC or those l

What is data driven security?

Dec 14th, 2015 32m 32s

I recently read Data Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs (@jayjacobs) and Bob Rudis (@hrbrmstr). The book is easy to read and a very good introduction into the world of data and security. Both Jay and Bob were