Exploring Information Security - Exploring Information Security
Timothy De Block
The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. P...
Summary:
In this episode of Exploring Information Security, host Timothy De Block is joined by Christian Hyatt, CEO of risk3sixty, a company that specializes in helping businesses with security and compliance. Christian shares his thoughts on how organizations are dealing with the increasing complexity of compliance programs, third-party risks, and the role of offensive security in bridging the gap between compliance and risk management.
Key Topics Covered
What is risk3sixty and the Problem it Solves?Christian discusses how risk3sixty helps organizations streamline and harmonize complex security and compliance programs, providing significant cost savings and efficiency.
The Importance of GRC TransformationChristian explains the role of Governance, Risk, and Compliance (GRC) transformations in helping businesses manage multiple frameworks, such as ISO, SOC 2, and NIST.
Offensive Security and ComplianceHow risk3sixty integrates offensive security services like red team engagements and continuous pen testing with a focus on both compliance and true risk management.
The Evolution of Security and ComplianceThe challenges and opportunities in integrating security directly into the development lifecycle, and how risk3sixty is positioning itself to lead the way in managing third-party risks.
AI and the Future of ComplianceChristian’s perspective on how AI is impacting compliance roles and what it means for the future of security and risk management.
Highlights
risk3sixty’s Full Circle GRC platform streamlines compliance management, helping businesses save time and reduce costs.
The increasing need for businesses to manage third-party risks as part of their cybersecurity strategy.
How risk3sixty is adapting to the changing cybersecurity landscape, especially in highly regulated industries.
Guest Bio
Christian Hyatt is the CEO of risk3sixty, a leading provider of security and compliance services. With years of experience in helping businesses navigate complex GRC challenges, Christian is passionate about making security more efficient and accessible to organizations of all sizes.
Links and Resources
risk3sixty Website
Full Circle GRC Platform
risk3sixty Annual Grid Event
Free Educational Content on ISO 27001, SOC 2, and More
--------
51:18
Hacking Space Systems: Inside Tempest with Tim Fowler
Summary:
In this episode, host Timothy De Block sits down with Tim Fowler, the creator of Tempest, a hands-on educational project focused on space cybersecurity. Tim shares the story behind the development of Tempest, a 1U CubeSat designed for teaching and exploring cybersecurity in space systems. With insights from his background in space cyber, Tim explains how Tempest offers a unique, vulnerable, and modular platform for learning, hacking, and improving space security.
Key Topics Covered:
What is Tempest?Tim introduces Tempest, a one-unit CubeSat built for educational purposes, focusing on the cybersecurity aspects of space systems. He explains how CubeSats are small satellites with low cost and accessibility but often lack a focus on security.
Design and Development of TempestTim talks about his 18-month journey developing Tempest, a project that started as an educational tool for his class on space cybersecurity. The CubeSat is intentionally vulnerable, offering students a chance to explore hacking and security concepts in space systems.
Tempest as a Teaching AidTempest is designed to be hands-on, giving students real-world exposure to the challenges and opportunities in securing space systems. The first version of Tempest debuted at Wild West HackingFest, and Tim discusses how he plans to scale and release the hardware for public use.
Challenges and Learning Through FailureTim shares some humorous and insightful moments from teaching with Tempest, including a broadcast storm in the classroom caused by satellites "talking" to each other. He reflects on the importance of troubleshooting and learning through failure, both as a developer and instructor.
Upcoming Plans for TempestTim outlines his goals for 2025, including releasing Tempest hardware for public consumption and expanding the educational content around space cybersecurity. He also hints at adding AI capabilities to the CubeSat for future applications like missile detection or weather observation.
Guest Bio:
Tim Fowler is a space cybersecurity expert and creator of Tempest, a unique educational tool designed to teach security in space systems. With years of experience in both the defense and cybersecurity sectors, Tim is passionate about making space systems more secure and accessible for hands-on learning.
Links and Resources:
Ethos Labs - Tempest and other space cybersecurity resources
Anti-Cyphon Training - Training courses and workshops by Tim Fowler
Wild West HackingFest - Upcoming workshops featuring Tempest
LinkedIn - Connect with Tim Fowler for more updates
--------
54:19
2024 in Review and What's Next in 2025
Summary:
In this solo episode, Timothy De Block takes a step back to reflect on the journey of Exploring Information Security in 2024 and look ahead to what's coming in 2025. Timothy shares insights into the podcast's growth, highlights from the past year, and the direction for the future, including new initiatives and exciting changes.
Key Topics Covered:
Podcast Growth and FeedbackTimothy discusses the steady growth of the podcast, with the introduction of new platforms like Spotify and Amazon Podcasts, and a significant expansion into YouTube. He emphasizes the importance of feedback and encourages listeners to connect and rate the podcast.
The Podcast’s Focus and VisionReflecting on the podcast's evolution, Timothy talks about how the content has expanded beyond traditional technical topics to cover security awareness, human behavior, and broader cybersecurity challenges. He also mentions the plan to increase blog posts and share security awareness content for listeners to use within their own companies.
Live Podcasting and Future EngagementTimothy highlights the success of the live podcast with the ILF crew and shares plans for more live sessions, with opportunities for audience interaction and sponsor exposure. He expresses his excitement to continue experimenting with live recordings and expanding the podcast’s reach.
Vendor Insights and Sponsored ContentDiscussing the rise in vendor interest, Timothy talks about how the podcast will feature discussions with vendors about the problems they solve in the cybersecurity space. He shares his commitment to providing meaningful content and avoiding any “sales pitch” style conversations, ensuring that vendor content is both educational and valuable to listeners.
ShowMe Con and Networking OpportunitiesTimothy promotes ShowMe Con, a conference where he will be speaking and attending. He shares how it offers a unique mix of hacker and business vibes, and he encourages listeners to participate in the conference or attend as speakers for valuable exposure and networking.
Plans for 2025Looking to the future, Timothy discusses his goals for 2025, including more live podcasting, increased blog content, and deeper engagement with the audience. He also shares his excitement for upcoming content, including vendor conversations and security awareness-focused material.
Personal Reflections and MotivationsTimothy closes with a personal note, reflecting on his 23 years in IT and his growth in the security field. He talks about his passion for teaching and mentoring, particularly in the realm of security awareness. He also humorously discusses his New Year’s resolution to take January off from drinking, highlighting his commitment to personal growth.
Links and Resources:
ExploreSec Website
ShowMe Con Call for Papers
Exploring Information Security on YouTube
--------
19:45
[RERELEASE] How to get into information security
An interview with VioPoint consultant and roundhouse master Jimmy Vo. We covered how he got into information security and also talked about some of things people on the outside looking in can do to get into information security.
--------
21:24
David Mytton on Developer-Centric Security with ArcJet
Summary:
In this episode of Exploring Information Security, host Timothy De Block talks with David Mytton, founder of ArcJet, about enabling developers to build secure applications seamlessly. David shares his journey from running a cloud monitoring business to developing ArcJet, a security-as-code platform that integrates security measures directly into an application's codebase.
They discuss ArcJet's approach to empowering developers with tools for bot detection, rate limiting, and more, all without compromising the developer experience. David and Timothy explore the challenges of bridging the gap between development and security, the philosophy behind "DevSecOps," and how ArcJet addresses real-world issues like bot abuse and API misuse. Whether you're a developer, security professional, or tech enthusiast, this episode offers unique insights into making application security more accessible.
Key Topics Covered
What is ArcJet and the problem it’s solving?: A security-as-code platform designed for developers to integrate protections directly into their applications.
Developer-Centric Security: How ArcJet enhances security workflows by providing developers with intuitive SDKs and tools.
Real-World Use Cases: Stories of companies reducing infrastructure costs and mitigating bot-driven abuse with ArcJet.
The Evolution of DevSecOps: Challenges and opportunities in integrating security into the development lifecycle.
David's Philosophy: The importance of documentation, user experience, and building tools developers love.
Highlights
Developers can start using ArcJet with just a few lines of code.
ArcJet helps teams address spam, API abuse, and fraud while focusing on feature development.
David's perspective on the state of security tooling and how ArcJet stands out.
Guest Bio
David Mytton is the founder of ArcJet, a security-as-code platform. He previously founded a cloud monitoring business and has extensive experience with developer tools and application security. David is passionate about creating seamless developer experiences and advancing security tooling to meet modern demands.
Om Exploring Information Security - Exploring Information Security
The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.