The Official Offensive Security Podcast

The one and only official podcast from Offensive Security, leaders in cybersecurity training.

Where to listen

Listen on Apple-Podcasts
Listen on Google Podcasts
Listen on Spotify

OffSec Podcast





Previous Episodes

OffSec Podcast #19
APR 13, 2022

#28: ShadowKhan, Lead Pentester and OffSec Community Moderator

In this episode, host TJ Nulls sits down with ShadowKhan, a lead pentester and a community moderator in the OffSec Discord server. ShadowKhan tells his non-traditional story as to how he got into infosec. He also tells what resources he used to get started and gives some tips for anyone interested in getting into the security world. There's one book in particular, that he highly recommends.

ShadowKhan recently obtained his OSCE³ certification and describes his favorite aspect of those courses. On the offensive side of security, our guest tells us his favorite environment to access as well as two of his biggest mistakes when on an assessment. Finally, they wrap by talking about current community projects and blog posts ShadowKhan is working on, as well as what he’s doing outside of infosec.

Enjoy the episode!


Load Episode

OffSec Podcast #19
APR 6, 2022

#27: YinYang in Infosec with Jeremy (harbinger) Miller

In this special episode, Jeremy (harbinger) Miller chats with Chris Glanden on the BarCode podcast. From BarCode’s show notes:

"The YinYang philosophy says that the universe is composed of competing and complementary forces governed by a cosmic duality, sets of two opposing and complementing principles or energies that can be observed in nature.

Similarly, the nature of offensive security requires a balance of proper mindset and technical expertise. To truly master this security discipline, you must learn to balance and draw from different sides of experiences in life, including the psychological aspect as well as the ones and zeros.

Jeremy (harbinger) Miller is an InfoSec professional primarily interested in how security skills are taught, learned, and applied by individuals and organizations. He is currently the Product Manager of Content Development at Offensive Security. We catch up at the bar to discuss his unorthodox path into Infosec, his background in teaching martial arts, the true meaning of OffSec’s mantra, ‘Try Harder,’ and the importance of counterbalancing of mind and technical skills."

Enjoy!


Load Episode

OffSec Podcast #19
MAR 23, 2022

#26: Cybersecurity hiring with CISO, Mike Manrod

For this week's episode, host Dr. Heather Monthie chats with Mike Manrod, CISO of Grand Canyon Education. As a cybersecurity leader, he shares his expertise on how he recruits, mentors, and guides aspiring cybersecurity professionals in their career paths. He first starts by sharing his mid-career switch into the cybersecurity world along with his interest in martial arts. Then, he discusses his experience as a CISO, plus the biggest challenge and most rewarding part of the role. He offers tips for security leaders and managers on how to hire top talent in the cybersecurity industry. Moreover, they chat about the best way to train an individual into a top cybersecurity professional, even if they don't have the technical skills. Finally, Mike shares his thoughts on the state of cybersecurity education today and what he envisions for its future. Enjoy!


Load Episode

OffSec Podcast #19
MAR 16, 2022

#25: Mentoring and OSCP Tips with Mike Waxman (Security Engineer, LinkedIn)

This week, hosts TJ Null and FalconSpy sit down with Mike Waxman, Security Engineer at LinkedIn. Mike was originally a TPM and is now a Security Engineer. He starts off by describing how he made the switch and shares some advice for those looking to change roles into security. And for those already in the field, he also gives tips on how to get that coveted promotion. Related to that, Mike discusses his mentoring experience and what kinds of knowledge he passes along to those new to the industry.

Mike is currently working through his PEN-200 journey toward the OSCP and provides some key tips for those also pursuing the OSCP. He also shares a specific idea on how to best prepare for the exam. Finally, he shares some words of encouragement to those early in their career looking to make their mark. Enjoy!


Load Episode

OffSec Podcast #19
MAR 2, 2022

#24: Kerberoasting & Security Consulting with Tim Medin (@timmedin)

On this week's episode, host TJ Null is joined by Tim Medin. Tim is the creator of kerberoasting and the CEO of Red Siege Information Security. He begins by recounting how he joined the infosec field as well as some resources he used to get himself started. Next, he highlights his favorite tools that he enjoys using on an engagement. TJ and Tim also chat about the first moment Tim discovered kerberoasting and his research on new attack techniques. He gives advice to users who want to implement detection/protection against kerberoasting. Then, he details what it's like to run his own consulting company, Red Siege, and shares tips for those looking to start their own.

Tim also reveals the one thing he would like to see change in the infosec community. Lastly, he discusses his love for the Olympics and football and his interest in competing in triathlons. Enjoy the episode!


Load Episode

OffSec Podcast #19
FEB 23, 2022

#23: Sharing Knowledge in Infosec with Phillip Wylie

This week host TJ Null chats with Phillip Wylie, Tech Evangelist at cycognito. Phillip has been a pentester for several years and in the IT industry for even longer. He tells an interesting story of how he got into infosec and some of the resources he used to get started. TJ and Phillip also chat about the OSCP, the Try Harder mindset, and what they mean for Phillip. Our guest regularly shares knowledge, gives talks, blogs, and teaches, and, in this episode, dives into what drives him to pass on knowledge. He also gives some tips for those starting out in infosec on how to share their experience and possibly even get a job in the process. Besides this, Phillip shares one thing he'd like to see changed in the infosec community and how. Enjoy!


Load Episode

OffSec Podcast #19
FEB 16, 2022

#22: Cybersecurity in Higher Ed with Ken Pyle

Host Dr. Heather Monthie sits down with Ken Pyle, a graduate professor of cybersecurity and a partner of CYBIR. He begins the episode by chatting about how he got into cybersecurity and teaching in higher education. Then, he shares what he considers the hardest part as well as the most rewarding part of teaching cybersecurity to students. Heather and Ken also discuss how technology will change how higher education approaches teaching and learning infosec.

Ken reveals how he believes colleges and universities can meet the demand for skilled professionals in this field and advice he has for infosec professors. Additionally, Ken sheds light on how universities can meet employers' demand for cybersecurity talent and how employers can attract cybersecurity professionals. Lastly, he shares his favorite book for all things hacking. Enjoy the episode!


Load Episode

OffSec Podcast #19
FEB 9, 2022

#21: PEN-200 (PWK) Topic Exercises with Matteo Malvica (uf0)

Join host, Jeremy Miller (harbinger), as he sits down with Matteo Malvica (uf0) to discuss the new PEN-200 (PWK) Topic Exercises. They start the chat with Matteo's background and what it's like to be a Content Developer at OffSec. His first project was SOC-200, though his background was largely offensive. They chat about taking on the creation of a defensive course, coming from the offensive side.

Matteo also reveals more details about SOC-200, including its structure and forthcoming content. Then they move to PEN-200 (PWK)'s new Topic Exercises: what they are and why they help the student. They finish up with a few rapid-fire questions. Enjoy the episode!


Load Episode

OffSec Podcast #19
FEB 2, 2022

#20: The importance of a growth mindset in infosec with J3rryBl4nks

Hosts FalconSpy and TJ Null sit down with J3rryBl4nks, a member and Community Moderator on the OffSec Discord server. J3rryBl4nks is a Director of InfoSec for a small business organization. In this episode, he talks about how he got interested in the infosec field. He discusses why he thinks gaining knowledge through a degree or certifications is imperative in the infosec industry, along with a growth mindset. Then, he details his experience with PEN-200, including his take on the OSCP exam and tips to future students embarking on their PEN-200 journey.

Additionally, J3rryBl4nks outlines what he looks for in a new hire regardless of their experience in the field. He then highlights his passion for password cracking and good rules to use with hashcat to optimize these results. Lastly, he shares his interest in both card and board games, video games, and his love of hiking and spending time with his family.


Load Episode

OffSec Podcast #19
JAN 26, 2022

#19: Getting comfortable with the uncomfortable in infosec with Heather Monthie

Host Harbinger (Jeremy Miller) sits down with Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation at OffSec. In this episode, Heather highlights her diverse background in education, leadership, and technology and how this allows her to improve initiatives at OffSec. Then, she details the intersection of teaching and learning in the classroom and how this relates in OffSec courses.

Harbinger and Monthie additionally dive into the importance of being a lifelong learner in the cybersecurity industry and the best way to create a safe learning environment. Finally, they wrap up by emphasizing the significance of continuing to do the work and why Try Harder allows students to get comfortable with the uncomfortable.


Load Episode

OffSec Podcast #18
DEC 20, 2021

#18. From Defensive to Offensive with Billy Trobbiani (c0ntra)

Host TJ Null sits down with Billy Trobbiani (c0ntra), Content Developer at OffSec. c0ntra starts by describing what got him interested in joining the Information Security field. Then, he details the role he specialized in when he was a blue teamer and the issues that blue teamers face during their day-to-day operations.

c0ntra additionally reveals how he felt after his transition from defense to offense in cybersecurity. Next, they dive into how people on the defensive side of cybersec can learn techniques from those on the offensive side. We then learn how c0ntra got into the blue team side of cybersec. Lastly, they chat about c0ntra's interest in cooking and escape rooms. Enjoy the episode!


Load Episode

OffSec Podcast #17
DEC 7, 2021

#17. Web Developer turned InfoSec Pro with Omeganeth

Hosts FalconSpy and Harbinger (Jeremy Miller) catch up with Omeganeth, a member and Community companion on our Discord server. In the episode, Omeganeth reveals what got him into the Information Security field. He then mentions the resources he leveraged that got him started on his journey with InfoSec. They dive into the struggles and challenges he faced on his PEN-200 journey and how that changed through the Learn One subscription.

Omeganeth gives a description of his experience on Discord when interacting with the community and offers advice to fellow students in regards to it. Finally, Omeganeth ends with a description of Math modeling, one of his interests apart from the world of InfoSec.


Load Episode

OffSec Podcast #16
NOV 5, 2021

#16. Nation-State Level Defense with Max Kelly, Founder and CEO of [redacted]

Hosts Harbinger (Jeremy Miller) and TJNull catch up with Max Kelly, Founder and CEO of [redacted], a threat intelligence and response platform. Max starts by describing his interesting professional story with nation-state level defense from the highest levels of the private and public sectors at organizations including Facebook and U.S. CyberCom. With the level of sophistication used in cyber-attacks increasing, they discuss how this has changed how organizations need to defend themselves. Specifically, they dig into whether purely defensive playbooks apply anymore.

They also get into how this changes the skill set that infosec professionals need to be successful. Finally, they chat about Max's recent feature in the Wall Street Journal on how it's possible for companies to work within the confines of the law to take action against attackers, stopping short of hacking back. Enjoy the episode!


Load Episode

OffSec Podcast #15
OCT 26, 2021

#15. Cloud Security with Seth Art, Sr. Security Consultant at Bishop Fox

Hosts TJNull and FalconSpy catch up with Seth Art, Sr. Security Consultant at Bishop Fox, who also holds his OSCP. They discuss how Seth got into security and his varied background. He also reveals his favorite aspects of working for Bishop Fox, as well as what a junior pentester should know in order to join an offensive security-focused firm like Bishop Fox. They talk about Seth's OSCP journey and the challenges he overcame to earn his OSCP, including juggling parenting and studying.

They then turn to cloud pentesting and Kubernetes security and Seth spills the details on interesting findings from his recent research. Specifically, they discuss potential vulnerabilities in Kubernetes and AWS. Finally, they chat about the crucial skills Seth recommends budding penetration testers develop. Enjoy the episode!


Load Episode

OffSec Podcast #14
OCT 14, 2021

#14. macOS Control Bypasses (EXP-312) with Csaba Fitzl (@theevilbit)

In this episode, Jeremy Miller (Harbinger) catches up with Csaba Fitzl (@theevilbit), Lead Content Developer for macOS Control Bypasses (EXP-312) at OffSec. They start with how Csaba got into InfoSec, particularly macOS security. Csaba explains why he focuses on macOS and why OffSec decided to offer a course on this topic. They dive into the syllabus and Csaba walks us through what EXP-312 covers.

Csaba gives a brief description of many of the vulnerabilities and exploits covered and the different techniques employed. They also discuss what to expect in terms of labs as well as prerequisites for the course. Finally, Csaba reveals what surprising things he learned about macOS while preparing this course.


Load Episode

OffSec Podcast #13
SEP 29, 2021

#13. Developer Turned InfoSec Pro, Rey Bango (@reybango)

In this episode, our host TJNull chats with Rey Bango (@reybango), Sr. Director, Developer and Security Relations at Veracode. They cover many topics, starting with Rey's story of how he got into InfoSec, transitioning from being a full-time developer. Rey talks about his favorite programming languages and why he likes each one. They also talk about helping those getting into the field, what languages they should learn, and other skills to develop.

Since Rey's been a developer for a long time, they discuss common coding practices that Rey believes developers should be doing. Additionally, they cover the one change in the InfoSec community that Rey would like to see, plus much more. Enjoy!


Load Episode

OffSec Podcast #12
SEP 21, 2021

#12. Harbinger spills the details on the OffSec Training Library!

Host TJNull talks with Harbinger (Jeremy Miller), Product Manager and Content Contributor at OffSec, who tells about Learn One and Learn Unlimited subscriptions from the OffSec Training Library. They go into why OffSec decided to launch this model as well as the new features and benefits of the Training Library. One area that's particularly exciting is the brand-new PEN-100 fundamentals content. Harbinger goes into detail on what this fundamentals content is all about and how it differs from anything else OffSec has released to date.

They also touch on the new EXP-312 course (macOS Control Bypasses)—which is exclusive to subscription holders—as well as the new PEN-103 content (Kali Linux Revealed) and PEN-210 (the updated WiFu course). To access the exclusive content in this new flexible way to learn, there are two subscription options: Learn One and Learn Unlimited. Harbinger delves into how these packages work and why OffSec decided to go in this direction.


Load Episode

OffSec Podcast #11
AUG 30, 2021

#11. Second-career pentester, Drew Kirkpatrick (@hoodoer)

Join our host TJNull as he stills down with Drew Kirkpatrick (@hoodoer), Senior Security Consultant at TrustedSec and former Senior Computer Scientist for the U.S. Navy. They discuss his second-career pentesting pursuits and how he made the transition to infosec from a different career. Find out which three skills are the most important to have in pentesting—and how they differ for internal pentesters vs. consultants.

They also discuss hoodoer's favorite tools for web app pentesting as well as some interesting stories from recent engagements he's been on. Finally, hear some helpful advice for those who are working to become a pentester or enter the infosec field. Enjoy this week's episode!


Load Episode

OffSec Podcast #10
AUG 23, 2021

#10. Team Hashcat Contributor, Dustin Heywood (@EvilMog)

Listen in as our host TJNull chats with Dustin Heywood (@EvilMog), a contributor to Team Hashcat who has an extreme addiction to cracking hashes. In addition, he is a Black Badge Holder at DEF CON, DerbyCon, SkyDogCon, and THOTCON. After covering how EvilMog got into infosec, they discuss the most important quality for a pentester or red teamer: writing. Find out why EvilMog considers writing skills to be more important than technical skills when pentesting.

Learn more about Team Hashcat as well and the Crack Me If You Can contest they competed in. TJNull and EvilMog get into some detail on how to crack a hash and EvilMog comments on custom wordlists and tools used. Join us for this exciting conversation. Enjoy!


Load Episode

OffSec Podcast #9
AUG 6, 2021

#9. Red Teamers from Oracle: @ttimzen and @r00tkillah

In this episode, our host, FalconSpy, sits down with Topher Timzen (@ttimzen) and Michael Leibowitz (@r00tkillah), two red teamers from Oracle. They discuss a number of topics, including Topher's and Michael's DEF CON 27 Endpoint Detection & Response presentation. They dive into how they got into the infosec field and what makes them so passionate about it. Find out their answer to the age-old question: what's the difference between red teaming and pentesting? Plus, get their take on certifications and what you really need these days to be successful.

Finally, as BSides Portland organizers, Topher and Michael give you a rundown on the process of developing a security conference. Enjoy!


Load Episode

OffSec Podcast #8
JUL 23, 2021

#8. DEF CON Goon, Andy Gill (ZephrFish)

Our host, TJ Null, sat down with Andy Gill (ZephrFish) to hear lots of interesting stories from his 15+ years in infosec, including his experience as a Goon at DEF CON (he even met Elon Musk!). They discuss how he got started, his book on learning the ropes, important qualities every pentester and red teamer should have, and more.

Hear what ZephrFish advises aspiring pentesters learn and get into before they embark on this path. They also discuss what ZephrFish would like to see changed in the infosec community and how to get there. Enjoy this week's episode!


Load Episode

OffSec Podcast #7
JUN 25, 2021

#7. Popular YouTuber talks offense/defense, imposter syndrome, gatekeeping, and more

Hear from Cybersecurity Meg, X-Force Cybersecurity Incident Responder for IBM and popular cybersecurity YouTuber, as she sits down with Harbinger and FalconSpy! They discuss a number of interesting topics, ranging from defense vs. offense and her CISSP journey to what inspired Meg to become a YouTube creator. They also discuss overcoming imposter syndrome and how to handle it as well as naysayers and gatekeepers.

Hear about how to maintain mental health, specifically within the information security field, as well as ensuring work-life balance. Finally, learn what Meg has planned next, including earning her OSCP. Enjoy the episode!


Load Episode

OffSec Podcast #6
JUN 11, 2021

#6. Chief OffSec content developers pull back the curtain on course development and what's coming next

In this exciting episode, hear from OffSec's chief content developers, Morten Schenk and Alex Uifalvi (Sickness). They discuss with hosts TJ Null and Jeremy Miller (Harbinger) a range of topics including course design, pedagogy, their own backgrounds, and exploit development. Learn about the philosophy behind OffSec's courseware and their most important lesson learned to teach well.

They also spill the details on upcoming projects they are working on as well as how to best prepare for an OffSec course. Finally, get tips on how many lab days are best for you, directly from OffSec. Enjoy the episode!


Load Episode

OffSec Podcast #5
MAY 28, 2021

#5. Hear from DEF CON Black Badge, Social Engineering CTF winner: Alethe Denis!

In this action-packed episode, our host TJ Null sits down with Alethe Denis, to talk social engineering, red team, blue team, raising chickens, and everything in between! Learn why Alethe was honored by DEF CON with a Black Badge following her win of the Social Engineering Capture the Flag (CTF) contest at DEF CON 27.

She shares her favorite tools for social engineering campaigns as well as the best way to gain trust and get the answers you need in a phishing campaign. Alethe breaks down what it takes to be a world-class social engineer. She also touches on her work with the Innocent Lives Foundation (ILF) and what you can do to help.


Load Episode

OffSec Podcast #4
MAY 14, 2021

#4. S1REN on advice for women in Infosec, essential technical skills and more!

In this episode, hosts TJ Null and Harbinger talk infosec with S1REN, a very accomplished member of the community and a moderator of OffSec's Discord. Among other things, they discuss how S1REN got into infosec and why, some advice for women looking to get into infosec, and why BASH, Python, and TCP/IP are so essential for people to get into before getting into security.

They also touch on good ways to break into infosec and some things S1REN would like to see changed in the infosec field.


Load Episode

OffSec Podcast #3
MAY 1, 2021

#3. 0xdade on hacking and making music about the Infosec world

In this action-packed episode, hosts TJ Null and FalconSpy sit down with 0xdade. Here are some of topics they discuss:

  • How 0xdade broke into InfoSec
  • 0xdade's OSCP advice
  • The importance of note taking and communication skills in InfoSec
  • The most important quality of a pentester or red teamer
  • 0xdade's project, Natlas - what it is and what it does
  • Advice for those who want to develop and release their own tools for the community
  • How 0xdade wound up writing and recording the hip-hop/rap song, "Red Team"


Load Episode

OffSec Podcast #2
APR 13, 2021

#2. BlindHacker on the importance supporting people with disabilities in cybersecurity

In this second episode of the Official Offensive Security Podcast, hosts TJ Null and Harbinger sit down with the very talented and respected Joe (BlindHacker), where they discuss the challenges and opportunities around improving accessibility for the disabled community in Infosec.

BlindHacker provides insights and perspective on how we can all help to provide more accessibility options, considerations and accommodations to people across a range of disabilities -- and why it's critical for filling the skills gap in cybersecurity going forward.


Load Episode

OffSec Podcast #1
MAR 22, 2021

#1. The best ways to prepare for PWK/OSCP -- learn how from the experts!

The best ways to prepare for PWK/OSCP -- learn how from the experts! In this first episode of the all-new, official Offensive Security Podcast, hear first hand from experts TJ Null, FalconSpy and Jeremy (Harbinger) share some of the latest, greatest and even lesser-known ways to prepare for the Penetration Testing with Kali (PWK, PEN-200) course in preparation for getting your OSCP certification.

Real, frank talk from OffSec experts and OffSec community leaders!


Load Episode