The Official Offensive Security Podcast
By Offensive Security, Inc.
The one and only official podcast from Offensive Security, Inc. -- creators of the Kali OS, the OSCP certification, and the world's leading cybersecurity training
#34: How to Succeed in InfoSec with Jim O’Gorman and Dave Kennedy
Host TJ Null returns this week with an episode featuring two special guests: Jim O’Gorman and Dave Kennedy! Jim O’Gorman is the Chief Content and Strategy Officer for OffSec and has been in the information security world for more than a decade. Dave Kennedy, CEO and Founder of TrustedSec, has presented at conferences such as Defcon and Blackhat. Together, Jim and Dave wrote Metasploit: The Penetration Tester's Guide and collaborated on ideas for the Mr. Robot TV Show. They begin the episode by sharing what got them into the information security field and how they met for the first time. Then, they disclose which resources they used to learn more about pentesting. Dave shares how attending events like DefCon and BlackHat gave him indispensable knowledge when he was laying the foundation for his career. Jim and Dave lastly share tips they have for students when they’re stuck on a challenge, as well as what they enoy doing outside of the infosec world. Enjoy!
September 08, 2022
#33: FalconSpy Dives into His Day Job, Internal Penetration Testing
In this week's episode, host Jeremy (harbinger) Miller chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into penetration testing, what pentesting is, application/code reviews, red teaming, and more. He also dives into internal vs external pentesting by discussing who the client is, perimeter access levels, and the mindset of each. While sharing his experience throughout his pentesting journey, he also gives tips on what every pentester should know. Enjoy!
July 14, 2022
#32: Election Integrity & Critical Infrastructure with Lester Godsey
In this week’s special episode, Dr. Heather Monthie sits down with Lester Godsey, CISO of Maricopa County, Arizona. Lester begins by explaining how he got into the cybersecurity field and shares a fun fact about himself. He then shares his role as a CISO, how security supports different departments, and the biggest risks he sees in critical infrastructure security. The integrity of the 2020 US Presidential Election is discussed along with Godsey’s take on the threats he saw in Maricopa County and lessons learned. Moreover, he highlights the spread of misinformation on social media as well as advice he has for CISOs looking to hire cybersecurity professionals and how to best attract them to roles. Enjoy!
June 21, 2022
#31: How the OSCP Certification Supports Career Growth
In this episode, host TJ Null sits down with DarkStar7471 aka Dark, our recent community moderator for the OffSec Community. Dark is currently a lead pentester at State Farm Insurance and has produced content for TryHackMe. He starts by sharing his journey before working for OffSec as well as what piqued his interest in the information security field. Then, Dark highlights why he decided to obtain his OSCP and how the knowledge he gained from the course benefits him in his career trajectory. He also shares some exciting projects he works on relevant to pentesting. Lastly, Dark shares advice he has for anyone working to become a pentester and hobbies he enjoys outside of infosec. Enjoy the episode!
June 08, 2022
#30: How to Hire the Best Cybersecurity Talent with FalconSpy
In this week’s episode, host Dr. Heather Monthie chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into cybersecurity, what attracted him to the field, and the biggest lesson he’s learned in his career so far. Sharing his experience throughout his OSCP journey, he shares tips for anyone looking to pass the exam who are trying to balance other responsibilities. Then, he offers advice for cybersecurity managers on how to locate the best talent. FalconSpy explains how to make these positions more attractive to cybersecurity professionals. Lastly, he shares a current project he’s working on that he’s excited about as well as what he envisions as the ‘next big thing’ in cybersecurity. Enjoy!
May 25, 2022
#29: How Hackers Think with Dr. Timothy Summers
In this week’s special episode, hosts Dr. Heather Monthie and Jeremy (harbinger) Miller sit down with Dr. Timothy Summers, PhD and Executive Director of Product Development at Arizona State University. Summers is an ethical hacker, professor, TED speaker, and a leading expert in cybersecurity strategy, blockchain technology, and how hackers think. To begin, he explains how he first got into cybersecurity when he got hacked himself. From this experience, he generated a curiosity about why and how it happened. He then shares his hobbies outside of cybersec and dives into his work on hacking cognitive psychology and the hacker mindset. Our guest highlights how organizations can learn from how hackers think to increase innovation within their own company and teach them how to protect themselves better. Summers also emphasizes how recruiters can screen potential hackers. Lastly, he shares other tech projects he’s been working on. Enjoy!
April 20, 2022
#28: ShadowKhan, Lead Pentester and OffSec Community Moderator
In this episode, host TJ Nulls sits down with ShadowKhan, a lead pentester and a community moderator in the OffSec Discord server. ShadowKhan tells his non-traditional story as to how he got into infosec. He also tells what resources he used to get started and gives some tips for anyone interested in getting into the security world. There’s one book in particular, that he highly recommends. ShadowKhan recently obtained his OSCE³ certification and describes his favorite aspect of those courses. On the offensive side of security, our guest tells us his favorite environment to access as well as two of his biggest mistakes when on an assessment. Finally, they wrap by talking about current community projects and blog posts ShadowKhan is working on, as well as what he’s doing outside of infosec. Enjoy the episode!
April 13, 2022
#27: YinYang in Infosec with Jeremy (harbinger) Miller
In this special episode, Jeremy (harbinger) Miller chats with Chris Glanden on the BarCode podcast. From BarCode’s show notes: “The YinYang philosophy says that the universe is composed of competing and complementary forces governed by a cosmic duality, sets of two opposing and complementing principles or energies that can be observed in nature. Similarly, the nature of offensive security requires a balance of proper mindset and technical expertise. To truly master this security discipline, you must learn to balance and draw from different sides of experiences in life, including the psychological aspect as well as the ones and zeros. Jeremy (harbinger) Miller is an InfoSec professional primarily interested in how security skills are taught, learned, and applied by individuals and organizations. He is currently the Product Manager of Content Development at Offensive Security. We catch up at the bar to discuss his unorthodox path into Infosec, his background in teaching martial arts, the true meaning of OffSec’s mantra, ‘Try Harder,’ and the importance of counterbalancing of mind and technical skills.” Enjoy!
April 06, 2022
#26: Cybersecurity hiring with CISO, Mike Manrod
For this week’s episode, host Dr. Heather Monthie chats with Mike Manrod, CISO of Grand Canyon Education. As a cybersecurity leader, he shares his expertise on how he recruits, mentors, and guides aspiring cybersecurity professionals in their career paths. He first starts by sharing his mid-career switch into the cybersecurity world along with his interest in martial arts. Then, he discusses his experience as a CISO, plus the biggest challenge and most rewarding part of the role. He offers tips for security leaders and managers on how to hire top talent in the cybersecurity industry. Moreover, they chat about the best way to train an individual into a top cybersecurity professional, even if they don’t have the technical skills. Finally, Mike shares his thoughts on the state of cybersecurity education today and what he envisions for its future. Enjoy!
March 23, 2022
#25: Mentoring and OSCP Tips with Mike Waxman (Security Engineer, LinkedIn)
This week, hosts TJ Null and FalconSpy sit down with Mike Waxman, Security Engineer at LinkedIn. Mike was originally a TPM and is now a Security Engineer. He starts off by describing how he made the switch and shares some advice for those looking to change roles into security. And for those already in the field, he also gives tips on how to get that coveted promotion. Related to that, Mike discusses his mentoring experience and what kinds of knowledge he passes along to those new to the industry. Mike is currently working through his PEN-200 journey toward the OSCP and provides some key tips for those also pursuing the OSCP. He also shares a specific idea on how to best prepare for the exam. Finally, he shares some words of encouragement to those early in their career looking to make their mark. Enjoy!
March 16, 2022
#24: Kerberoasting & Security Consulting with Tim Medin (@timmedin)
On this week’s episode, host TJ Null is joined by Tim Medin. Tim is the creator of kerberoasting and the CEO of Red Siege Information Security. He begins by recounting how he joined the infosec field as well as some resources he used to get himself started. Next, he highlights his favorite tools that he enjoys using on an engagement. TJ and Tim also chat about the first moment Tim discovered kerberoasting and his research on new attack techniques. He gives advice to users who want to implement detection/protection against kerberoasting. Then, he details what it’s like to run his own consulting company, Red Siege, and shares tips for those looking to start their own. Tim also reveals the one thing he would like to see change in the infosec community. Lastly, he discusses his love for the Olympics and football and his interest in competing in triathlons. Enjoy the episode!
March 02, 2022
#23: Sharing Knowledge in Infosec with Phillip Wylie
This week host TJ Null chats with Phillip Wylie, Tech Evangelist at cycognito. Phillip has been a pentester for several years and in the IT industry for even longer. He tells an interesting story of how he got into infosec and some of the resources he used to get started. TJ and Phillip also chat about the OSCP, the Try Harder mindset, and what they mean for Phillip. Our guest regularly shares knowledge, gives talks, blogs, and teaches, and, in this episode, dives into what drives him to pass on knowledge. He also gives some tips for those starting out in infosec on how to share their experience and possibly even get a job in the process. Besides this, Phillip shares one thing he’d like to see changed in the infosec community and how. Enjoy!
February 23, 2022
#22: Cybersecurity in Higher Ed with Ken Pyle
Host Dr. Heather Monthie sits down with Ken Pyle, a graduate professor of cybersecurity and a partner of CYBIR. He begins the episode by chatting about how he got into cybersecurity and teaching in higher education. Then, he shares what he considers the hardest part as well as the most rewarding part of teaching cybersecurity to students. Heather and Ken also discuss how technology will change how higher education approaches teaching and learning infosec. He reveals how he believes colleges and universities can meet the demand for skilled professionals in this field and advice he has for infosec professors. Additionally, Ken sheds light on how universities can meet employers' demand for cybersecurity talent and how employers can attract cybersecurity professionals. Lastly, he shares his favorite book for all things hacking. Enjoy the episode!
February 16, 2022
#21: PEN-200 (PWK) Topic Exercises with Matteo Malvica (uf0)
Join host, Jeremy Miller (harbinger), as he sits down with Matteo Malvica (uf0) to discuss the new PEN-200 (PWK) Topic Exercises. They start the chat with Matteo’s background and what it’s like to be a Content Developer at OffSec. His first project was SOC-200, though his background was largely offensive. They chat about taking on the creation of a defensive course, coming from the offensive side. Matteo also reveals more details about SOC-200, including its structure and forthcoming content. Then they move to PEN-200 (PWK)’s new Topic Exercises: what they are and why they help the student. They finish up with a few rapid-fire questions. Enjoy the episode!
February 09, 2022
#20: The importance of a growth mindset in infosec with J3rryBl4nks
Hosts FalconSpy and TJ Null sit down with J3rryBl4nks, a member and Community Moderator on the OffSec Discord server. J3rryBl4nks is a Director of InfoSec for a small business organization. In this episode, he talks about how he got interested in the infosec field. He discusses why he thinks gaining knowledge through a degree or certifications is imperative in the infosec industry, along with a growth mindset. Then, he details his experience with PEN-200, including his take on the OSCP exam and tips to future students embarking on their PEN-200 journey. Additionally, J3rryBl4nks outlines what he looks for in a new hire regardless of their experience in the field. He then highlights his passion for password cracking and good rules to use with hashcat to optimize these results. Lastly, he shares his interest in both card and board games, video games, and his love of hiking and spending time with his family.
February 02, 2022
#19: Getting comfortable with the uncomfortable in infosec with Heather Monthie
Host Harbinger (Jeremy Miller) sits down with Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation at OffSec. In this episode, Heather highlights her diverse background in education, leadership, and technology and how this allows her to improve initiatives at OffSec. Then, she details the intersection of teaching and learning in the classroom and how this relates in OffSec courses. Harbinger and Monthie additionally dive into the importance of being a lifelong learner in the cybersecurity industry and the best way to create a safe learning environment. Finally, they wrap up by emphasizing the significance of continuing to do the work and why Try Harder allows students to get comfortable with the uncomfortable.
January 26, 2022
#18. From Defensive to Offensive with Billy Trobbiani (c0ntra)
Host TJ Null sits down with Billy Trobbiani (c0ntra), Content Developer at OffSec. c0ntra starts by describing what got him interested in joining the Information Security field. Then, he details the role he specialized in when he was a blue teamer and the issues that blue teamers face during their day-to-day operations. c0ntra additionally reveals how he felt after his transition from defense to offense in cybersecurity. Next, they dive into how people on the defensive side of cybersec can learn techniques from those on the offensive side. We then learn how c0ntra got into the blue team side of cybersec. Lastly, they chat about c0ntra’s interest in cooking and escape rooms. Enjoy the episode!
December 20, 2021
#17. Web Developer turned InfoSec Pro with Omeganeth
Hosts FalconSpy and Harbinger (Jeremy Miller) catch up with Omeganeth, a member and Community companion on our Discord server. In the episode, Omeganeth reveals what got him into the Information Security field. He then mentions the resources he leveraged that got him started on his journey with InfoSec. They dive into the struggles and challenges he faced on his PEN-200 journey and how that changed through the Learn One subscription. Omeganeth gives a description of his experience on Discord when interacting with the community and offers advice to fellow students in regards to it. Finally, Omeganeth ends with a description of Math modeling, one of his interests apart from the world of InfoSec.
December 07, 2021
#16. Nation-State Level Defense with Max Kelly, Founder and CEO of [redacted]
Hosts Harbinger (Jeremy Miller) and TJNull catch up with Max Kelly, Founder and CEO of [redacted], a threat intelligence and response platform. Max starts by describing his interesting professional story with nation-state level defense from the highest levels of the private and public sectors at organizations including Facebook and U.S. CyberCom. With the level of sophistication used in cyber-attacks increasing, they discuss how this has changed how organizations need to defend themselves. Specifically, they dig into whether purely defensive playbooks apply anymore. They also get into how this changes the skill set that infosec professionals need to be successful. Finally, they chat about Max’s recent feature in the Wall Street Journal on how it’s possible for companies to work within the confines of the law to take action against attackers, stopping short of hacking back. Enjoy the episode!
November 05, 2021
#15. Cloud Security with Seth Art, Sr. Security Consultant at Bishop Fox
Hosts TJNull and FalconSpy catch up with Seth Art, Sr. Security Consultant at Bishop Fox, who also holds his OSCP. They discuss how Seth got into security and his varied background. He also reveals his favorite aspects of working for Bishop Fox, as well as what a junior pentester should know in order to join an offensive security-focused firm like Bishop Fox. They talk about Seth’s OSCP journey and the challenges he overcame to earn his OSCP, including juggling parenting and studying. They then turn to cloud pentesting and Kubernetes security and Seth spills the details on interesting findings from his recent research. Specifically, they discuss potential vulnerabilities in Kubernetes and AWS. Finally, they chat about the crucial skills Seth recommends budding penetration testers develop. Enjoy the episode!
October 26, 2021
#14. macOS Control Bypasses (EXP-312) with Csaba Fitzl (@theevilbit)
In this episode, Jeremy Miller (Harbinger) catches up with Csaba Fitzl (@theevilbit), Lead Content Developer for macOS Control Bypasses (EXP-312) at OffSec. They start with how Csaba got into InfoSec, particularly macOS security. Csaba explains why he focuses on macOS and why OffSec decided to offer a course on this topic. They dive into the syllabus and Csaba walks us through what EXP-312 covers. He gives a brief description of many of the vulnerabilities and exploits covered and the different techniques employed. They also discuss what to expect in terms of labs as well as prerequisites for the course. Finally, Csaba reveals what surprising things he learned about macOS while preparing this course. For more information on macOS Control Bypasses (EXP-312), visit https://www.offensive-security.com/exp312-osmr/.
October 14, 2021
#13. Developer Turned InfoSec Pro, Rey Bango (@reybango)
In this episode, our host TJNull chats with Rey Bango (@reybango), Sr. Director, Developer and Security Relations at Veracode. They cover many topics, starting with Rey’s story of how he got into InfoSec, transitioning from being a full-time developer. Rey talks about his favorite programming languages and why he likes each one. They also talk about helping those getting into the field, what languages they should learn, and other skills to develop. Since Rey’s been a developer for a long time, they discuss common coding practices that Rey believes developers should be doing. Additionally, they cover the one change in the InfoSec community that Rey would like to see, plus much more. Enjoy!
September 29, 2021
#12. Harbinger spills the details on the OffSec Training Library!
Host TJNull talks with Harbinger (Jeremy Miller), Product Manager and Content Contributor at OffSec, who tells about Learn One and Learn Unlimited subscriptions from the OffSec Training Library. They go into why OffSec decided to launch this model as well as the new features and benefits of the Training Library. One area that’s particularly exciting is the brand-new PEN-100 fundamentals content. Harbinger goes into detail on what this fundamentals content is all about and how it differs from anything else OffSec has released to date. They also touch on the new EXP-312 course (macOS Control Bypasses)—which is exclusive to subscription holders—as well as the new PEN-103 content (Kali Linux Revealed) and PEN-210 (the updated WiFu course). To access the exclusive content in this new flexible way to learn, there are two subscription options: Learn One and Learn Unlimited. Harbinger delves into how these packages work and why OffSec decided to go in this direction. For more information on the OffSec Training Library, visit https://www.offensive-security.com/learn/.
September 21, 2021
#11. Second-career pentester, Drew Kirkpatrick (@hoodoer)
Join our host TJNull as he stills down with Drew Kirkpatrick (@hoodoer), Senior Security Consultant at TrustedSec and former Senior Computer Scientist for the U.S. Navy. They discuss his second-career pentesting pursuits and how he made the transition to infosec from a different career. Find out which three skills are the most important to have in pentesting—and how they differ for internal pentesters vs. consultants. They also discuss hoodoer’s favorite tools for web app pentesting as well as some interesting stories from recent engagements he’s been on. Finally, hear some helpful advice for those who are working to become a pentester or enter the infosec field. Enjoy this week’s episode!
August 30, 2021
#10. Team Hashcat Contributor, Dustin Heywood (@EvilMog)
Listen in as our host TJNull chats with Dustin Heywood (@EvilMog), a contributor to Team Hashcat who has an extreme addiction to cracking hashes. In addition, he is a Black Badge Holder at DEF CON, DerbyCon, SkyDogCon, and THOTCON. After covering how EvilMog got into infosec, they discuss the most important quality for a pentester or red teamer: writing. Find out why EvilMog considers writing skills to be more important than technical skills when pentesting. Learn more about Team Hashcat as well and the Crack Me If You Can contest they competed in. TJNull and EvilMog get into some detail on how to crack a hash and EvilMog comments on custom wordlists and tools used. Join us for this exciting conversation. Enjoy!
August 23, 2021
#9. Red Teamers from Oracle: @ttimzen and @r00tkillah
In this episode, our host, FalconSpy, sits down with Topher Timzen (@ttimzen) and Michael Leibowitz (@r00tkillah), two red teamers from Oracle. They discuss a number of topics, including Topher’s and Michael’s DEF CON 27 Endpoint Detection & Response presentation. They dive into how they got into the infosec field and what makes them so passionate about it. Find out their answer to the age-old question: what's the difference between red teaming and pentesting? Plus, get their take on certifications and what you really need these days to be successful. Finally, as BSides Portland organizers, Topher and Michael give you a rundown on the process of developing a security conference. Enjoy!
August 06, 2021
#8. DEF CON Goon, Andy Gill (ZephrFish)
Our host, TJ Null, sat down with Andy Gill (ZephrFish) to hear lots of interesting stories from his 15+ years in infosec, including his experience as a Goon at DEF CON (he even met Elon Musk!). They discuss how he got started, his book on learning the ropes, important qualities every pentester and red teamer should have, and more. Hear what ZephrFish advises aspiring pentesters learn and get into before they embark on this path. They also discuss what ZephrFish would like to see changed in the infosec community and how to get there. Enjoy this week’s episode! Andy Gill on Twitter Breaking into Information Security: Learning the Ropes 101 (Andy’s book)
July 23, 2021
#7. Popular YouTuber talks offense/defense, imposter syndrome, gatekeeping, and more
Hear from Cybersecurity Meg, X-Force Cybersecurity Incident Responder for IBM and popular cybersecurity YouTuber, as she sits down with Harbinger and FalconSpy! They discuss a number of interesting topics, ranging from defense vs. offense and her CISSP journey to what inspired Meg to become a YouTube creator. They also discuss overcoming imposter syndrome and how to handle it as well as naysayers and gatekeepers. Hear about how to maintain mental health, specifically within the information security field, as well as ensuring work-life balance. Finally, learn what Meg has planned next, including earning her OSCP. Enjoy the episode! Meg on Twitter Meg on YouTube Meg's Discord community
June 25, 2021
#6. Chief OffSec content developers pull back the curtain on course development and what’s coming next
In this exciting episode, hear from OffSec’s chief content developers, Morten Schenk and Alex Uifalvi (Sickness). They discuss with hosts TJ Null and Jeremy Miller (Harbinger) a range of topics including course design, pedagogy, their own backgrounds, and exploit development. Learn about the philosophy behind OffSec’s courseware and their most important lesson learned to teach well. They also spill the details on upcoming projects they are working on as well as how to best prepare for an OffSec course. Finally, get tips on how many lab days are best for you, directly from OffSec. Enjoy the episode!
June 11, 2021
#5. Hear from DEF CON Black Badge, Social Engineering CTF winner: Alethe Denis!
In this action-packed episode, our host TJ Null sits down with Alethe Denis, to talk social engineering, red team, blue team, raising chickens, and everything in between! Learn why Alethe was honored by DEF CON with a Black Badge following her win of the Social Engineering Capture the Flag (CTF) contest at DEF CON 27. She shares her favorite tools for social engineering campaigns as well as the best way to gain trust and get the answers you need in a phishing campaign. Alethe breaks down what it takes to be a world-class social engineer. She also touches on her work with the Innocent Lives Foundation (ILF) and what you can do to help.
May 28, 2021
#4. S1REN on advice for women in Infosec, essential technical skills and more!
In this episode, hosts TJ Null and Harbinger talk infosec with S1REN, a very accomplished member of the community and a moderator of OffSec's Discord. Among other things, they discuss how S1REN got into infosec and why, some advice for women looking to get into infosec, and why BASH, Python, and TCP/IP are so essential for people to get into before getting into security. They also touch on good ways to break into infosec and some things S1REN would like to see changed in the infosec field.
May 14, 2021
#3. 0xdade on hacking and making music about the Infosec world
In this action-packed episode, hosts TJ Null and FalconSpy sit down with 0xdade. Here are some of topics they discuss: How 0xdade broke into InfoSec 0xdade’s OSCP advice The importance of note taking and communication skills in InfoSec The most important quality of a pentester or red teamer 0xdade’s project, Natlas - what it is and what it does Advice for those who want to develop and release their own tools for the community How 0xdade wound up writing and recording the hip-hop/rap song, “Red Team”
May 01, 2021
#2. BlindHacker on the importance supporting people with disabilities in cybersecurity
In this second episode of the Official Offensive Security Podcast, hosts TJ Null and Harbinger sit down with the very talented and respected Joe (BlindHacker), where they discuss the challenges and opportunities around improving accessibility for the disabled community in Infosec. BlindHacker provides insights and perspective on how we can all help to provide more accessibility options, considerations and accommodations to people across a range of disabilities -- and why it's critical for filling the skills gap in cybersecurity going forward.
April 13, 2021
#1. The best ways to prepare for PWK/OSCP -- learn how from the experts!
The best ways to prepare for PWK/OSCP -- learn how from the experts! In this first episode of the all-new, official Offensive Security Podcast, hear first hand from experts TJ Null, FalconSpy and Jeremy (Harbinger) share some of the latest, greatest and even lesser-known ways to prepare for the Penetration Testing with Kali (PWK, PEN-200) course in preparation for getting your OSCP certification. Real, frank talk from OffSec experts and OffSec community leaders!
March 22, 2021