The Official OffSec Podcast

The OffSec Podcast returns this week with special guest Kai (Shad0wbits), the founder and Chief Security Architect at Black Cipher Security. Host TJ Null begins by asking Kai about what piqued his interest in the Infosec field and what resources he used to get himself started. He shares what made him decide to start his own pentesting firm and gives advice for those looking to start their own business. He then describes his definition of red teaming, his favorite environment to access, and the worst thing he’s done in a test. Lastly, Kai explains why it’s important for people in the infosec community to share their knowledge with others as well as community projects he’s been working on. Enjoy the episode!

In this week’s episode, host TJ Null welcomes Christopher Forte, an infrastructure engineer at Offensive Security. Forte has red-teamed the city of Los Angeles, spoken at Defcon, and hosted training events for multiple intelligence agencies. The episode begins with Christopher sharing resources he used to get his start in the infosec field.  He then comments on why he believes information security is an important topic to care about in our technology-driven lives. Next, the most important security awareness topic, according to Forte, is discussed and he shares some recommendations for improving your information security–whether personally or professionally. Lastly, Chris shares what interests him about mentoring in the community and why it’s crucial for others in the infosec community to share their knowledge. Enjoy!

Host TJ Null returns this week with an episode featuring two special guests: Jim O’Gorman and Dave Kennedy! Jim O’Gorman is the Chief Content and Strategy Officer for OffSec and has been in the information security world for more than a decade. Dave Kennedy, CEO and Founder of TrustedSec, has presented at conferences such as Defcon and Blackhat. Together, Jim and Dave wrote Metasploit: The Penetration Tester's Guide and collaborated on ideas for the Mr. Robot TV Show. They begin the episode by sharing what got them into the information security field and how they met for the first time. Then, they disclose which resources they used to learn more about pentesting. Dave shares how attending events like DefCon and BlackHat gave him indispensable knowledge when he was laying the foundation for his career. Jim and Dave lastly share tips they have for students when they’re stuck on a challenge, as well as what they enoy doing outside of the infosec world. Enjoy!

In this week's episode, host Jeremy (harbinger) Miller chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into penetration testing, what pentesting is, application/code reviews, red teaming, and more. He also dives into internal vs external pentesting by discussing who the client is, perimeter access levels, and the mindset of each. While sharing his experience throughout his pentesting journey, he also gives tips on what every pentester should know. Enjoy!

In this week’s special episode, Dr. Heather Monthie sits down with Lester Godsey, CISO of Maricopa County, Arizona. Lester begins by explaining how he got into the cybersecurity field and shares a fun fact about himself. He then shares his role as a CISO, how security supports different departments, and the biggest risks he sees in critical infrastructure security. The integrity of the 2020 US Presidential Election is discussed along with Godsey’s take on the threats he saw in Maricopa County and lessons learned. Moreover, he highlights the spread of misinformation on social media as well as advice he has for CISOs looking to hire cybersecurity professionals and how to best attract them to roles. Enjoy!

In this episode, host TJ Null sits down with DarkStar7471 aka Dark, our recent community moderator for the OffSec Community. Dark is currently a lead pentester at State Farm Insurance and has produced content for TryHackMe. He starts by sharing his journey before working for OffSec as well as what piqued his interest in the information security field. Then, Dark highlights why he decided to obtain his OSCP and how the knowledge he gained from the course benefits him in his career trajectory. He also shares some exciting projects he works on relevant to pentesting. Lastly, Dark shares advice he has for anyone working to become a pentester and hobbies he enjoys outside of infosec. Enjoy the episode!

In this week’s episode, host Dr. Heather Monthie chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into cybersecurity, what attracted him to the field, and the biggest lesson he’s learned in his career so far. Sharing his experience throughout his OSCP journey, he shares tips for anyone looking to pass the exam who are trying to balance other responsibilities. Then, he offers advice for cybersecurity managers on how to locate the best talent. FalconSpy explains how to make these positions more attractive to cybersecurity professionals. Lastly, he shares a current project he’s working on that he’s excited about as well as what he envisions as the ‘next big thing’ in cybersecurity. Enjoy!

In this week’s special episode, hosts Dr. Heather Monthie and Jeremy (harbinger) Miller sit down with Dr. Timothy Summers, PhD and Executive Director of Product Development at Arizona State University. Summers is an ethical hacker, professor, TED speaker, and a leading expert in cybersecurity strategy, blockchain technology, and how hackers think. To begin, he explains how he first got into cybersecurity when he got hacked himself. From this experience, he generated a curiosity about why and how it happened. He then shares his hobbies outside of cybersec and dives into his work on hacking cognitive psychology and the hacker mindset. Our guest highlights how organizations can learn from how hackers think to increase innovation within their own company and teach them how to protect themselves better. Summers also emphasizes how recruiters can screen potential hackers. Lastly, he shares other tech projects he’s been working on. Enjoy!

In this episode, host TJ Nulls sits down with ShadowKhan, a lead pentester and a community moderator in the OffSec Discord server. ShadowKhan tells his non-traditional story as to how he got into infosec. He also tells what resources he used to get started and gives some tips for anyone interested in getting into the security world. There’s one book in particular, that he highly recommends. ShadowKhan recently obtained his OSCE³ certification and describes his favorite aspect of those courses. On the offensive side of security, our guest tells us his favorite environment to access as well as two of his biggest mistakes when on an assessment. Finally, they wrap by talking about current community projects and blog posts ShadowKhan is working on, as well as what he’s doing outside of infosec. Enjoy the episode!

For this week’s episode, host Dr. Heather Monthie chats with Mike Manrod, CISO of Grand Canyon Education. As a cybersecurity leader, he shares his expertise on how he recruits, mentors, and guides aspiring cybersecurity professionals in their career paths. He first starts by sharing his mid-career switch into the cybersecurity world along with his interest in martial arts. Then, he discusses his experience as a CISO, plus the biggest challenge and most rewarding part of the role. He offers tips for security leaders and managers on how to hire top talent in the cybersecurity industry. Moreover, they chat about the best way to train an individual into a top cybersecurity professional, even if they don’t have the technical skills. Finally, Mike shares his thoughts on the state of cybersecurity education today and what he envisions for its future. Enjoy!

This week, hosts TJ Null and FalconSpy sit down with Mike Waxman, Security Engineer at LinkedIn. Mike was originally a TPM and is now a Security Engineer. He starts off by describing how he made the switch and shares some advice for those looking to change roles into security. And for those already in the field, he also gives tips on how to get that coveted promotion. Related to that, Mike discusses his mentoring experience and what kinds of knowledge he passes along to those new to the industry. Mike is currently working through his PEN-200 journey toward the OSCP and provides some key tips for those also pursuing the OSCP. He also shares a specific idea on how to best prepare for the exam. Finally, he shares some words of encouragement to those early in their career looking to make their mark. Enjoy!

On this week’s episode, host TJ Null is joined by Tim Medin. Tim is the creator of kerberoasting and the CEO of Red Siege Information Security. He begins by recounting how he joined the infosec field as well as some resources he used to get himself started. Next, he highlights his favorite tools that he enjoys using on an engagement. TJ and Tim also chat about the first moment Tim discovered kerberoasting and his research on new attack techniques. He gives advice to users who want to implement detection/protection against kerberoasting. Then, he details what it’s like to run his own consulting company, Red Siege, and shares tips for those looking to start their own. Tim also reveals the one thing he would like to see change in the infosec community. Lastly, he discusses his love for the Olympics and football and his interest in competing in triathlons. Enjoy the episode!

Host Dr. Heather Monthie sits down with Ken Pyle, a graduate professor of cybersecurity and a partner of CYBIR. He begins the episode by chatting about how he got into cybersecurity and teaching in higher education. Then, he shares what he considers the hardest part as well as the most rewarding part of teaching cybersecurity to students. Heather and Ken also discuss how technology will change how higher education approaches teaching and learning infosec. He reveals how he believes colleges and universities can meet the demand for skilled professionals in this field and advice he has for infosec professors. Additionally, Ken sheds light on how universities can meet employers' demand for cybersecurity talent and how employers can attract cybersecurity professionals. Lastly, he shares his favorite book for all things hacking. Enjoy the episode!

Hosts FalconSpy and TJ Null sit down with J3rryBl4nks, a member and Community Moderator on the OffSec Discord server. J3rryBl4nks is a Director of InfoSec for a small business organization. In this episode, he talks about how he got interested in the infosec field. He discusses why he thinks gaining knowledge through a degree or certifications is imperative in the infosec industry, along with a growth mindset. Then, he details his experience with PEN-200, including his take on the OSCP exam and tips to future students embarking on their PEN-200 journey. Additionally, J3rryBl4nks outlines what he looks for in a new hire regardless of their experience in the field. He then highlights his passion for password cracking and good rules to use with hashcat to optimize these results. Lastly, he shares his interest in both card and board games, video games, and his love of hiking and spending time with his family.

Host Harbinger (Jeremy Miller) sits down with Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation at OffSec. In this episode, Heather highlights her diverse background in education, leadership, and technology and how this allows her to improve initiatives at OffSec. Then, she details the intersection of teaching and learning in the classroom and how this relates in OffSec courses. Harbinger and Monthie additionally dive into the importance of being a lifelong learner in the cybersecurity industry and the best way to create a safe learning environment. Finally, they wrap up by emphasizing the significance of continuing to do the work and why Try Harder allows students to get comfortable with the uncomfortable.

Host TJ Null sits down with Billy Trobbiani (c0ntra), Content Developer at OffSec. c0ntra starts by describing what got him interested in joining the Information Security field. Then, he details the role he specialized in when he was a blue teamer and the issues that blue teamers face during their day-to-day operations. c0ntra additionally reveals how he felt after his transition from defense to offense in cybersecurity. Next, they dive into how people on the defensive side of cybersec can learn techniques from those on the offensive side. We then learn how c0ntra got into the blue team side of cybersec. Lastly, they chat about c0ntra’s interest in cooking and escape rooms. Enjoy the episode!

Hosts FalconSpy and Harbinger (Jeremy Miller) catch up with Omeganeth, a member and Community companion on our Discord server. In the episode, Omeganeth reveals what got him into the Information Security field. He then mentions the resources he leveraged that got him started on his journey with InfoSec. They dive into the struggles and challenges he faced on his PEN-200 journey and how that changed through the Learn One subscription. Omeganeth gives a description of his experience on Discord when interacting with the community and offers advice to fellow students in regards to it. Finally, Omeganeth ends with a description of Math modeling, one of his interests apart from the world of InfoSec.

In this action-packed episode, our host TJ Null sits down with Alethe Denis, to talk social engineering, red team, blue team, raising chickens, and everything in between! Learn why Alethe was honored by DEF CON with a Black Badge following her win of the Social Engineering Capture the Flag (CTF) contest at DEF CON 27. She shares her favorite tools for social engineering campaigns as well as the best way to gain trust and get the answers you need in a phishing campaign. Alethe breaks down what it takes to be a world-class social engineer. She also touches on her work with the Innocent Lives Foundation (ILF) and what you can do to help.

In this episode, hosts TJ Null and Harbinger talk infosec with S1REN, a very accomplished member of the community and a moderator of OffSec's Discord. Among other things, they discuss how S1REN got into infosec and why, some advice for women looking to get into infosec, and why BASH, Python, and TCP/IP are so essential for people to get into before getting into security. They also touch on good ways to break into infosec and some things S1REN would like to see changed in the infosec field.

In this second episode of the Official Offensive Security Podcast, hosts TJ Null and Harbinger sit down with the very talented and respected Joe (BlindHacker), where they discuss the challenges and opportunities around improving accessibility for the disabled community in Infosec. BlindHacker provides insights and perspective on how we can all help to provide more accessibility options, considerations and accommodations to people across a range of disabilities -- and why it's critical for filling the skills gap in cybersecurity going forward. 

The best ways to prepare for PWK/OSCP -- learn how from the experts! In this first episode of the all-new, official Offensive Security Podcast, hear first hand from experts TJ Null, FalconSpy and Jeremy (Harbinger) share some of the latest, greatest and even lesser-known ways to prepare for the Penetration Testing with Kali (PWK, PEN-200) course in preparation for getting your OSCP certification. Real, frank talk from OffSec experts and OffSec community leaders!