Thanks for having me on Mack and Dwayne! Here's a topics breakdown with timestamps, hopefully that is useful to the audience! 😁 -Erik 00:00 - 04:28 Intro and what is offensive security? 04:29 - 05:00 Acronyms born at RSA conf 05:00 - 08:15 What are the most common findings these days? 08:15 - 12:50 Discussing the decline of utility of pentesting, why the current industry status quo is failing us. 12:51 - 14:28 Checking the box vs. actually improving security; Economic theory and motivations for reaching security assurance 14:28 - 17:45 How do we improve the industry to make pentesting great again? (MPGA?) 17:45 - 18:44 Musings about Log4J, could an EO have stopped it? 18:45 - 21:44 What are memory safe applications? 21:45 - 25:55 Defcon & other CTFs 25:55 - 28:09 Do you still check out Defcon? 28:10 - 29:05 Enjoyment of watching colleagues come up with cool hacks at IncludeSec 29:05 - 31:15 How to even start practicing for offensive security and getting into CTFs? 31:15 - 32:06 Git guardian 32:07 - 34:35 Are technical challenges good for interviews at US gov orgs like CISA? 34:35 - 38:12 Best advice to new people getting into security positions? 38:12 - 39:27 What's the worst advice you hear in security? Compliance oriented mindset providing security advice! 39:28 - 41:41 Closing thoughts from Erik, Mack, and Dwayne
Thanks for having me on Mack and Dwayne! Here's a topics breakdown with timestamps, hopefully that is useful to the audience! 😁
-Erik
00:00 - 04:28 Intro and what is offensive security?
04:29 - 05:00 Acronyms born at RSA conf
05:00 - 08:15 What are the most common findings these days?
08:15 - 12:50 Discussing the decline of utility of pentesting, why the current industry status quo is failing us.
12:51 - 14:28 Checking the box vs. actually improving security; Economic theory and motivations for reaching security assurance
14:28 - 17:45 How do we improve the industry to make pentesting great again? (MPGA?)
17:45 - 18:44 Musings about Log4J, could an EO have stopped it?
18:45 - 21:44 What are memory safe applications?
21:45 - 25:55 Defcon & other CTFs
25:55 - 28:09 Do you still check out Defcon?
28:10 - 29:05 Enjoyment of watching colleagues come up with cool hacks at IncludeSec
29:05 - 31:15 How to even start practicing for offensive security and getting into CTFs?
31:15 - 32:06 Git guardian
32:07 - 34:35 Are technical challenges good for interviews at US gov orgs like CISA?
34:35 - 38:12 Best advice to new people getting into security positions?
38:12 - 39:27 What's the worst advice you hear in security? Compliance oriented mindset providing security advice!
39:28 - 41:41 Closing thoughts from Erik, Mack, and Dwayne