The Official OffSec Podcast

#37: Persistence in Information Security with Shad0wbits

The OffSec Podcast returns this week with special guest Kai (Shad0wbits), the founder and Chief Security Architect at Black Cipher Security. Host TJ Null begins by asking Kai about what piqued his interest in the Infosec field and what resources he used to get himself started. He shares what made him decide to start his own pentesting firm and gives advice for those looking to start their own business. He then describes his definition of red teaming, his favorite environment to access, and the worst thing he’s done in a test. Lastly, Kai explains why it’s important for people in the infosec community to share their knowledge with others as well as community projects he’s been working on. Enjoy the episode!

#36: Continuous Security Testing with Rob Ragan, Principal Researcher at Bishop Fox

Host FalconSpy returns this week joined by Rob Ragan, Principal Researcher at Bishop Fox! They begin by diving into tips for organizations beginning to build out their continuous security testing and why it’s so important. Regan also shares bugs he’s discovered deploying your tools to assist with continuous security testing. Next, he gives advice based on his own experience in the InfoSec field to those aspiring to break into the industry. Lastly, he discloses whether degrees or certifications are necessary for a career in InfoSec and how to become more specialized in continuous security testing and automation. Enjoy the episode! Make sure to check out Bishop Fox:  https://bishopfox.com/blog/introducing-cloudfox [https://bishopfox.com/blog/introducing-cloudfox] https://github.com/BishopFox/smogcloud [https://github.com/BishopFox/smogcloud]

#35: Cybersecurity Awareness with Christopher Forte

In this week’s episode, host TJ Null welcomes Christopher Forte, an infrastructure engineer at Offensive Security. Forte has red-teamed the city of Los Angeles, spoken at Defcon, and hosted training events for multiple intelligence agencies. The episode begins with Christopher sharing resources he used to get his start in the infosec field.  He then comments on why he believes information security is an important topic to care about in our technology-driven lives. Next, the most important security awareness topic, according to Forte, is discussed and he shares some recommendations for improving your information security–whether personally or professionally. Lastly, Chris shares what interests him about mentoring in the community and why it’s crucial for others in the infosec community to share their knowledge. Enjoy!

#34: How to Succeed in InfoSec with Jim O’Gorman and Dave Kennedy

Host TJ Null returns this week with an episode featuring two special guests: Jim O’Gorman and Dave Kennedy! Jim O’Gorman is the Chief Content and Strategy Officer for OffSec and has been in the information security world for more than a decade. Dave Kennedy, CEO and Founder of TrustedSec, has presented at conferences such as Defcon and Blackhat. Together, Jim and Dave wrote Metasploit: The Penetration Tester's Guide and collaborated on ideas for the Mr. Robot TV Show. They begin the episode by sharing what got them into the information security field and how they met for the first time. Then, they disclose which resources they used to learn more about pentesting. Dave shares how attending events like DefCon and BlackHat gave him indispensable knowledge when he was laying the foundation for his career. Jim and Dave lastly share tips they have for students when they’re stuck on a challenge, as well as what they enoy doing outside of the infosec world. Enjoy!

#33: FalconSpy Dives into His Day Job, Internal Penetration Testing

In this week's episode, host Jeremy (harbinger) Miller chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into penetration testing, what pentesting is, application/code reviews, red teaming, and more. He also dives into internal vs external pentesting by discussing who the client is, perimeter access levels, and the mindset of each. While sharing his experience throughout his pentesting journey, he also gives tips on what every pentester should know. Enjoy!