Exploring Information Security - Exploring Information Security

• how to monitor the inner workings of a cybercriminal organization

  Summary: What does it take to monitor the inner workings of ransomware gangs? In this episode, Matthew Maynard shares his firsthand experience infiltrating cybercriminal communities to gather valuable threat intelligence. From learning the lingo to navigating criminal hierarchies, Matthew sheds light on the surprising structure and behavior of ransomware operators. We discuss the importance of operational security, the surprising transparency of cybercriminal forums, and how researchers can play a critical role in disrupting ransomware infrastructure. Topics Discussed: How Matthew got started monitoring cybercriminal groups The business model and hierarchy of ransomware gangs Use of AI, insider threats, and criminal marketing tactics Tools and platforms used by cybercriminals (Tor, Tox, Telegram, etc.) Lessons learned from forums, breach leaks, and failed infiltration attempts The value of open-source intelligence in tracking threat actors Why reputation matters—both for threat actors and researchers Operational safety tips for researchers entering dark web spaces Guest Bio: Matthew Maynard is a cybersecurity professional and threat researcher who specializes in tracking the behavior of ransomware gangs and cybercriminal forums. He shares his insights through articles on Hacker Noon and speaks regularly at conferences like ShowMeCon. Links & Resources: Ransomware.live

  --------  

  47:18
• Gamifying Your Incident Response Playbook with Anushree Vaidya

  Summary: In this episode, Tim speaks with Anushree Vaidya about her upcoming presentation at ShowMeCon: Ransomware Rampage: Gamifying Your Incident Response Playbook. Anushree shares her passion for making cybersecurity training more interactive, emphasizing how gamifying the ransomware incident response process can transform traditional playbook exercises into dynamic, collaborative experiences. Anushree explains how ransomware-specific playbooks differ from general incident response plans, the benefits of hands-on exercises for diverse teams, and how organizations of all sizes can adapt her training approach internally. She also discusses overlooked early indicators of ransomware attacks, communication challenges between technical teams and leadership, and how proactive preparation can significantly reduce the pain of an incident. Topics Discussed Why ransomware-specific playbooks matter Turning incident response into a team-based, gamified learning experience Building ransomware exercises that include IT, security, PR, HR, and leadership teams Common gaps in ransomware detection and proactive preparation Coaching technical teams on communication during incidents Using AI to stay up to date with threat intelligence and reports Tailoring incident response playbooks for different industries and organizational sizes Key Takeaways Participants will leave Anushree’s presentation with a customizable ransomware playbook and tools to take back to their organizations. Gamified incident response exercises promote better communication, quicker learning, and stronger collaboration across teams. Early detection and proactive measures like business impact analysis are critical to minimizing ransomware damage. Communication planning—including legal, internal, and external messaging—is essential for effective response. Connect with Anushree LinkedIn: Anushree Vaidya Women in CyberSecurity (WiCyS) Midwest Chapter Member Anushree is passionate about connecting with others in cybersecurity, particularly in the Midwest region. Her DMs are always open for those who want to discuss ransomware, threat hunting, incident response, and cybersecurity strategy. Use the promo code “ExploringSec” to get $50 off your registration

  --------  

  31:23
• What is the Human Behavior Conference (HUBE)?

  Summary: Chris Hadnagy returns to the podcast to discuss the upcoming Human Behavior Conference (HUBE CON), a unique event blending psychology, neuroscience, and cybersecurity. Hosted in Orlando, FL, the 2025 conference focuses on the theme of "Influence and InfoSec"—with a diverse speaker lineup covering everything from nonverbal communication to neurodiversity in the cybersecurity field. In this episode, Chris and Tim dive into how the conference is designed to foster deep learning and genuine human connection. They discuss how the sessions go beyond standard talks with hands-on trainings, interactive discussions, and practical takeaways for both cybersecurity professionals and those outside the industry. Chris also highlights how the conference has evolved over the years, the importance of accessibility for introverts, and what attendees can expect from this year's upgraded format. Chris also shares updates on the Innocent Lives Foundation (ILF), a nonprofit focused on helping law enforcement identify and stop child predators, and touches on cutting-edge work at Social-Engineer, LLC—including new services involving deepfake social engineering simulations. Discussion Points: How the Human Behavior Conference bridges behavioral science and cybersecurity Creating a conference you want to attend Balancing science and practicality in session content Building a community for introverts and extroverts alike Why audience interaction creates stronger learning moments The expanding role of AI in podcast production and social engineering A preview of topics and speakers at this year’s HUBE CON Updates from the Innocent Lives Foundation and Social-Engineer, LLC Resources Mentioned: Human Behavior Conference (HUBE CON) Innocent Lives Foundation Social-Engineer, LLC

  --------  

  32:49
• [RERELEASE] How to deal with the "experience required" paradox

  Jerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.

  --------  

  30:28
• [RERELEASE] How to ZAP your websites

  Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

  --------  

  17:34

Meer Technologie podcasts

Trending Technologie -podcasts

Over Exploring Information Security - Exploring Information Security