Podcasts about secure ideas

The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely. Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with. Interview Resources: https://trusted.ai https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program. This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them! Threat actors don't think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs' newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it's important to “shift up,” and what Mike is most excited about in his new role. This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them! Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry. As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale. This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them! In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security. In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!  

The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely. Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with. Interview Resources: https://trusted.ai https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program. This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them! Threat actors don't think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs' newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it's important to “shift up,” and what Mike is most excited about in his new role. This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them! Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry. As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale. This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them! In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security. In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!  

As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale. This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them! In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security. In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors. Show Notes: https://securityweekly.com/esw-335

As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale. This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them! In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security. In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors. Show Notes: https://securityweekly.com/esw-335

Kevin Johnson is the CEO of Secure Ideas. He began his career as a developer but turned toward security when he discovered that the interface for an intrusion detection system, Snort, was out of date. This led him to create BASE (Basic Analysis and Security Engine), a testament to Kevin's proactive approach.Kevin has a deep-rooted passion for open-source projects. He highlights the challenges and joys of initiating and sustaining such ventures, emphasizing the pivotal role of community contributions. Kevin also details how to install and start with SamuraiWTF, a tool tailored for those keen on mastering application security. He outlines two paths for developers: one focused on learning application security intricacies and another on actively contributing to the project's growth.Kevin also discusses the notable departure of ZAP from OWASP. Kevin expresses his concerns and reflects on the broader implications of this decision on the cybersecurity community. The episode wraps up with a touch of nostalgia, as Kevin and Chris reminisce about their early tech adventures, showcasing Kevin's unwavering commitment to knowledge-sharing and community collaboration.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Today on The Professionally Evil Perspective, Kevin and Nathan discuss the collapse of Silicon Valley Bank, the poor communication and decision-making that led to it, and Secure Ideas recent brush with banking mishaps.. Twitter Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: @sweaney@darth_kevin @secureideas or find us on Mastadon: @secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

The McKee Financial Resources Studio was ecstatic to bring on professional hacker, Kevin Johnson, for an eccentric episode. After growing up in Boca Raton, Kevin graduated from high school and began working in tech, quickly rising the ranks, and eventually starting his company Secure Ideas, based in Jacksonville, Florida. His experience writing code, managing networks, and running computer bulletin board systems that are still used by power companies today has made him an expert in the field. Kevin gives out advice to those who want to get into cybersecurity and explains why the field is so important for business owners.   Aside from tech, Kevin shares stories linked to his upbringing in nerd culture that takes the conversation down so many hilarious roads. From “sweaty slogging” a 5K in a Darth Vader costume to taking five years to build a seven-foot-five Chewbacca costume to being on-stage with Weird Al, Kevin is a proud nerd.   Did Andrew win the $50 beer money for introducing this episode's guest Kevin Johnson as a penetration specialist? Find out on this second episode of season six of Mind Yo' Business. https://www.secureideas.com/ Vader's Fist Podcast Studio Sponsor Podcast Sponsor Episode 1-6 Sponsor  

Today on The Professionally Evil Perspective, join Kevin and Nathan for discussion and questions surrounding identity and it's validation. Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: @sweaney@darth_kevin @secureideas or find us on Mastadon: @secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!

Kevin Johnson, security analyst and CEO of Secure Ideas, joins Lisa Dent on Chicago’s Afternoon News to explain why you might receive tons of spam texts and whether you can avoid getting those annoying messages for good. Follow Your Favorite Chicago’s Afternoon News Personalities on Twitter:Follow @LisaDentSpeaksFollow @SteveBertrand Follow @kpowell720 Follow @maryvandeveldeFollow @LaurenLapka

Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter:        @sweaney       @84d93r Our June guest @HackerHurricane @secureideas   Join our Professionally Evil Slack Team at www.professionallyevil.com   Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!   Links: iOS 16 and macOS Ventura will let users bypass CAPTCHAs on supported apps and websites Cops Will Be Able to Scan Your Fingerprints With a Phone Hot Tub Crime Machine: Jacuzzi Smart Tubs Left Personal Info Exposed After hacking millions of devices, DoJ operation shuts down RSocks botnet This Hacker Group Forces People to Do Good to Get Their Data Back Canadian internet outage attributed to beaver Leaked Audio From 80 Internal TikTok Meetings Shows Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China Keeping PowerShell: Security Measures to Use and Embrace https://cybersquirrel1.com/                  

"I code; I teach; I hack" Ochaun goes into detail as to what that truly means. He also talks about being a technologist. Ochaun explains how quantitative and qualitative analysis leads to being a better integrated person. He stresses and goes into detail about the importance of having the relationships within a company (security, development, operations) all be aligned with the company vision. Ochaun's main takeaway is that application security is not just port 80 and port 443, there is vast complexity to understand it. Do not crack down on the Devs, work to mentor them into stronger security professionals.   Connect with Ochaun: https://www.linkedin.com/in/ochaunmarshall/  Visit Secure Ideas: https://www.secureideas.com/    Visit Short Arms website: https://www.shortarmsolutions.com/    You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions  YouTube: https://www.youtube.com/channel/UCjUNoFuy6d1rouj_SBg3Qkw/featured  Twitter: https://twitter.com/ShortArmSAS

"I code; I teach; I hack" Ochaun goes into detail as to what that truly means. He also talks about being a technologist. Ochaun explains how quantitative and qualitative analysis leads to being a better integrated person. He stresses and goes into detail about the importance of having the relationships within a company (security, development, operations) all be aligned with the company vision. Ochaun's main takeaway is that application security is not just port 80 and port 443, there is vast complexity to understand it. Do not crack down on the Devs, work to mentor them into stronger security professionals.   Connect with Ochaun: https://www.linkedin.com/in/ochaunmarshall/  Visit Secure Ideas: https://www.secureideas.com/    Visit Short Arms website: https://www.shortarmsolutions.com/    You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions  YouTube: https://www.youtube.com/channel/UCjUNoFuy6d1rouj_SBg3Qkw/featured  Twitter: https://twitter.com/ShortArmSAS

This week we have Nathan Sweaney sharing some of his war stories as a pen tester!   Nathan also talks about how pen testers work with auditors, what being a pen tester actually means, and what auditors who don't have security resources should do. Check out the Secure Ideas website for even more security info.   Nathan also shares some of his favorite tools to stay secure including LastPass and Authy.   For more from Nathan be sure to follow him on LinkedIn, Twitter, and Facebook.   Be sure to also sign up for The Audit Podcast newsletter and to check out my favorite part of the interview on The Audit Podcast YouTube channel.   If you enjoy the podcast, would you please consider leaving a rating on Apple Podcasts/iTunes? It really makes a difference in helping to convince hard-to-get guests. It only took 16 seconds to give myself a five-star rating (beat that!). * This episode is brought to you by Greenskies Analytics. Greenskies is a service provider of expert data analysis, continuous monitoring, and RPA for forward-thinking internal audit teams. Schedule time today to leapfrog up the analytics maturity model!

Kevin Johnson is the CEO and security consultant at Secure Ideas, a cybersecurity company composed of security professionals with a deep specialization in data security for small companies. In additio

Kevin Johnson is the CEO and security consultant at Secure Ideas, a cybersecurity company composed of security professionals with a deep specialization in data security for small companies. In additio

Nathan Sweaney Nathan's a security consultant for Secure Ideas where he specializes in shattering assumptions and bypassing controls. He recently won the prestigious Smartest Dad award at his kids' school. You can find him easily online because privacy is an illusion. Julio Tirado Julio is the Director of Internal Audit at SpiritBank in which he evaluates the processes for managing risks and legal/regulatory compliance in areas such as cybersecurity, financial reporting/accounting, branch operations and other components of banking. Julio enjoys spending time with his son gaming and jamming on the guitar, and is passionate about Brazilian Jiu-Jitsu as a way to stay healthy and continue one's personal growth. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app

In our September monthly episode we continue our three part series on targeted attacks. In this episode we discuss the pretext and how attackers develop and launch their attacks with special guests Nathan Sweaney, Senior Security Consultant at Secure Ideas and Kevin Johnson, CEO of Secure Ideas. ** Links mentioned on the show ** GoPhish […] The post Targeted Attacks Part 2 – Pretexting and Attack Development appeared first on The Shared Security Show.

Ochaun Marshall is a developer and security consultant. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people's web applications. Ochaun joins us to talk about the changing tide of serverless and frustrations with AWS security. Before we got to the actual topic, we talked [...] The post Ochaun Marshall — Securing Web applications in AWS appeared first on Security Journey Podcasts.

In addition to posting today's curated news on our website at C-19 Daily, we're bringing you an interview with Kevin Johnson, CEO of Secure Ideas. Shelter-at-home orders mean many employees are working from home. Kevin shares security best practices that companies and employees can apply while working from home.

Kevin Johnson of Secure Idea joins Seth and Ken in a discussion on his path into security, Star Wars (yes, really), and giving back to the community. This includes passing on teaching, sharing knowledge, and mentoring those that ask for it.

Kevin Johnson of Secure Idea joins Seth and Ken in a discussion on his path into security, Star Wars (yes, really), and giving back to the community. This includes passing on teaching, sharing knowledge, and mentoring those that ask for it.

Announcements: https://www.workshopcon.com/     SpecterOps (red Team operations) and Tim Tomes (PWAPT)   Bsides Nashville   https://blog.secureideas.com/2019/04/we-take-security-seriously-and-other-trite-statements.html   “We take security seriously and other trite statements“   Wordpress infrastructure (supply chain failure)     WordPress plugin called Woocommerce was at fault.     Vuln late last year: https://www.bleepingcomputer.com/news/security/wordpress-design-flaw-woocommerce-vulnerability-leads-to-site-takeover/     “According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, when WooCommerce is installed it will create a Shop Manager role that has the "edit_users" WordPress capability/permission. This capability allows users to edit ANY WordPress user, including the Administrator account.”   “https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/”   You (Kevin) discovered the admin accounts, but could not remove them. Was that when you considered this an ‘incident’?   Timeline:“[2019-03-22 09:03 EST] Kevin assigns members of the Secure Ideas team with reconnaissance and mapping of the AoM system. Kevin reminds these members that Secure Ideas doesn’t have permission to test AoM. They are advised not to do anything that could harm the AoM’s production environment.”     What is the line they should not cross in this case?   You did not have access to logs, you asked that an audit plugin be installed to be able to view logs. Is that permanent, and why did they not allow access to logs prior to?   [2019-03-22 13:11 EST] AoM Support fixes the audit log plugin access. AoM Support has found that a purchase of a course through a Woocommerce plugin resulted in users being granted admin access. AoM Support provides specific order numbers. They have also done an analysis of the database backups from the last 60 days and believe that the attackers did not do anything after they got access. AoM Support announces that the Secure Ideas training site will be set up on a separate server and Secure Ideas will be granted a new level of access.   Seems like working with AoM wasn’t difficult. Was giving you access to your own instance, and allowing you to administer it a big deal for them?   Lessons Learned? Anything you’d do differently next time?     Update IR plan?     Did they reach out for additional testing?     Did the people who got admin get removed?     Consult with AoM on better security implementation? Your env wasn’t damaged, but did they suffer issues with other customers? *answered*   https://www.wordfence.com/   https://en.wikipedia.org/wiki/Gremlins   Gas Station skimmer video - https://www.facebook.com/michellepedraza.journalist/videos/2135141863465247/   https://www.helpnetsecurity.com/2019/04/12/cybersecurity-incident-response-plan/ https://www.guardicore.com/2018/11/security-incident-response-plan/   https://www.zdnet.com/article/security-risks-of-multi-tenancy/   Upcoming SI events IANS forum (Wash DC) ShowmeCon Webcasts ISC2 security Congress (Wash DC)   Patreon Slack Twitter handles iTunes Google   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

*Special for SMB Merchants! Nathan Sweaney, a senior security consultant with Secure Ideas discusses security and password management best practices.

*Special for SMB Merchants! Nathan Sweaney, a senior security consultant with Secure Ideas discusses security and password management best practices.

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses secure remote access relating to payments security.  

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses payments security and password management best practices.

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses payments security and password management best practices.

*Special for IP Partners Vantiv Senior Leader of Channel Marketing, Mark Heisten, joins Nathan Sweaney, a senior security consultant with Secure Ideas to discuss testing and validation relating to payments security.

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses QIR certification relating to payments security.

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses secure remote access relating to payments security.  

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses firewall security relating to payments security.

*Special for IP Partners Vantiv Senior Leader of Channel Marketing, Mark Heisten, joins Nathan Sweaney, a senior security consultant with Secure Ideas to discuss testing and validation relating to payments security.

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses QIR certification relating to payments security.

*Special for IP Partners Nathan Sweaney, a senior security consultant with Secure Ideas discusses firewall security relating to payments security.

Kate (@vajkat) is a senior security consultant at Secure Ideas. She recently wrote an article on setting up a targeted pineapple. In the article she walks through setting up a pineapple. What I really enjoy about the article is that she walks through some of the issues she runs into setting up the pineapple. It's a really good example of how to work through problems using troubleshooting techniques.

Jason Wood is the Founder and and primary consultant of Paladin Security. Prior to starting Paladin Security, Jason was a Principal Security Consultant at Secure Ideas, and taught classes on vulnerability management, event monitoring, and configuration auditing for Tenable. Paul and Jason discuss the Attorney General's stance on encryption in this week’s episode of Hack Naked News! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_108_January_24_2017 Visit http://hacknaked.tv to get all the latest episodes!

Jason Wood is the Founder and and primary consultant of Paladin Security. Prior to starting Paladin Security, Jason was a Principal Security Consultant at Secure Ideas, and taught classes on vulnerability management, event monitoring, and configuration auditing for Tenable. Paul and Jason discuss the Attorney General's stance on encryption in this week’s episode of Hack Naked News! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_108_January_24_2017 Visit http://hacknaked.tv to get all the latest episodes!

Here are some of my fav' stories and links for this week! * Burn it all...The New Security Fundamentals **(Wednesday, January 20 @ 1 p.m. CST)**: a free Webinar on setting up the "*core technical things you need to do for your security program*." I've attended many Webinars from the BHIS group and they're always informative and humorous. * Real World Web Penetration Testing **(Thursday, January 28 @ 1 p.m. CST)**: a $25 Webinar on going through "*a real world penetration test. We will explore the methodology and procedures Secure Ideas follows as we test web applications. The course will also walk through some tricks and tips on how to focus your testing on likely flaws*." I have seen four of their recorded courses before and found them to be *absolutely* worth the money I spent, so I'm confident this upcoming session will be no exception. * Fortinet SSH backdoor not much to say except if you use any of the affected products, update immediately as they contain an SSH backdoor: * FortiOS v4.3.17 or any later version of FortiOS v4.3 (available as of July 9, 2014) * FortiOS v5.0.8 or any later version of FortiOS v5.0 (available as of July 28, 2014) * Any version of FortiOS v5.2 or v5.4 * Hacker sentenced to 334 years in prison for operating a phishing Web site similar to that of a legit banking Web site. Moral of the story? Don't do that. * Don't use IE 8, 9 or 10 anymore! unless you like to live dangerously.

In this episode Chris attempts to explain the consternation with 'security research' right now Kevin gives his perspective and why he doesn't quite understand why people don't see they're "breakin' the law" Shawn discusses what parts of the CFAA he would like to see reformed James drops the question - "What is a security researcher?" ..and rants a little Kevin talks about why the security industry needs to self-regulate w/example Chris and Kevin debate intent, and "stepping over the line" Chris brings up the issue of bug intake at a large company Spirited discussion about intent, regulation, actions and separating emotion from facts Guests Chris John Riley - ( @ChrisJohnRiley ) - Chris John Riley is a senior penetration tester and part-time security researcher working in the Austrian financial sector. With over 15 years of experience in various aspects of Information Technology, Chris now focuses full time on Information Security with an eye for the often overlooked edge-case scenario. Chris is one of the founding members of the PTES (Penetration Testing Execution Standard), regular conference attendee, avid blogger/podcaster (blog.c22.cc / eurotrashsecurity.eu), as well as being a frequent contributor to the open-source Metasploit project and generally getting in trouble in some way or another. When not working to break one technology or another, Chris enjoys long walks in the woods, candle light dinners and talking far too much on the Eurotrash Security podcast. Shawn Tuma - ( @ShawnETuma ) - Shawn is an attorney with expertise in computer fraud, social media law, data security, intellectual property, privacy, and litigation. He's a Texan, Christian, family man, author & speaker - and an all-around awesome guy. Kevin Johnson - ( @SecureIdeas ) - Kevin is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is an instructor and author for the SANS Institute and a faculty member at IANS. He is also a contributing blogger at TheMobilityHub.

Deb Evans and Jack Monson will wrap up the sneak peak into FranTech this week. Their guest Tom Epstein, CEO Franchise Payment Network will share key highlights he and his panel member Bob Russo, General Manager PCI Security Standard Council will present during FranTech. FranTech is also honored to have Kevin Johnson, CEO, Secure Ideas return this year to discuss how loyalty programs, feedback, point-of-sale and data collection tools within the franchise space can be a boon to our businesses, yet also a liability if we do not secure them correctly.  Registration is closing soon! 

In this episode... Kevin, James and I discuss why penetration testing reports are often so worthless Kevin and I disagree. Then we agree, sort of. We discuss the major differences between the 'builder' and 'breaker' mindset, and whether they're actually different people Kevin gives some fantastic examples of how context and experience is critical in penetration testing We provide guidance no how someone can 'break into' (no pun intended) penetration testing and be effective Kevin gives an example of how someone can be a great penetration tester, but be of little value beyond that We wrap by disussing how enterprises can gain value from penetration testing- and Kevin provides an interesting strategy Guest Kevin Johnson ( @SecureIdeas ) - Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is an instructor and author for the SANS Institute and a faculty member at IANS. He is also a contributing blogger at TheMobilityHub.  Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.

Welcome to the Down the Rabbithole NewsCast! Join me in welcoming James Jardine ( @JardineSoftware) of Secure Ideas to the show as a permanent co-host! The NewsCast is a bi-weekly (2nd and 4th Monday of the month) release where we'll discuss the news and events of the past 2 weeks, and attempt to analyze, break down, and generally make sense of the madness of the Security industry and real world at large. Also a big thanks to Todd Haverkos, the voice behind the hilarious intro you'll hear on this podcast, and all the others ... Topics We Covered Apple's new 2-Factor Authentication went live Cisco made passwords weaker (whoops!) in their IOS The US Government struck out twice (SAM security issue, and a contractor "buys" warez) Celebrities get their credit info jacked S. Korea gets whacked with a nasty bug, wipes out 32,000 machines in one swoop