What is Information Security, Penetration Testing and Ethical Hacking?

ETM Show # 5 is a chat with Frank Trezza, an InfoSec Professional and Certified Ethical Hacker, about how he got started, examples of cyber attacks and best practices to protect yourself.

After listening to this episode you will learn:

• How Frank found the teacher’s answers to the course assignments for the year
• How the field of InfoSec and Cyber Security got him out of homelessness
• How he used Social Engineering to get into DEFCON
• How to learn a few key skills without knowing “everything” (but still easily having access to the unknown knowledge you need)
• Some industry standards for Pen Testing
• Why a lot of courses aren’t very good (and the best way to really learn the craft)
• Some free or cheap tools you can get to start learning right away
• Why you shouldn’t get used to using one tool alone
• Examples and definitions of various Cyber attacks
• Best practices to protect yourself from attackers
• Why the work from home trend caused a revolution in Cybersecurity
• Why Vulnerability Assessments are less accurate than Pen Test audits
• The idea of “Security Theater” and why it always be a cat and mouse game

Subscribe to ETM

InfoSec Show Notes

• Information Security
• Systems Administrator (sysadmin)
• Social Engineering
• Offensive Hacking vs. Defensive Hacking
• r/ physec
• Chris Hadnagy
• Kevin Mitnick
• Deviant Ollum
• LockPickingLawyer
• ISSA
• Jayson Street
• John Strand
• Dave Kennedy
• Adrian Crenshaw
• Nathan Hauk
• Pen Test Execution Standard (PTES) Release 1.1
• Pen Test with Kali by Offensive Security
• Hack The Box
• Yubikey
• OWASP Vulnerable Web Apps Directory
• MITRE ATT&CK frameworks
• Security Mindset Reset
• NIST Cyber Security Framework
• ISO 27001 – standard for information security management systems (ISMS)
• Security Technical Implementation Guide (STIG)
• Cybersecurity Attacks
  • Man in the middle
  • DDoS
  • DNS Hijacking
  • Ransomware
• Nessus
• OpenVAS
• DEFCON
• Busted Sec (Frank’s Twitter)

Action Steps for InfoSec Learning

1. Re-listen to 55:00 for best security practices
2. Out of what was mentioned, what do you do or not do?
3. Make a list of ways to improve your security model
4. Read the NIST Cybersecurity Framework and PTES 1.1
5. What did you understand or did not understand?
6. Note down how you can apply what you read
7. Feel free to comment below with any questions, comments or insights

Further ETM Resources

• 8 Reasons Why the Raspberry Pi Rocks
• ETM Show #0: Introducing Ourselves and Your Emerging Tech Journey
• Emerging Technology 101