Free Daily Podcast Summary
Exploring Information Security - Timothy De Block: Daily Summaries Delivered
by Timothy De Block
Get key takeaways, quotes, and insights from Exploring Information Security - Timothy De Block in a 5-minute read. Delivered straight to your inbox.
Latest Episodes
The most recent episodes — sign up to get AI-powered summaries of each one.
- 2 weeks ago29 min
[RERELEASE] What is the perception of information security - part 2
In part two of this part two series Chris and I talk about security being a friendly face, the word hacker, and developers vs. security.
- 3 weeks ago23 min
[RERELEASE] What is the perception of information security - part 1
In part one of a two part series we talk about the perception of infosec in business, how we change it, and where security first in an organization.
- 4 weeks ago26 min
Exploring the Quantum Horizon: Why We Need CBOMs Today
Summary: In this episode, host Timothy De Block sits down with John Morello to dive into the world of Cryptography Bill of Materials (CBOM) and the looming transition to Post-Quantum Cryptography (PQC). They discuss why tracking cryptographic assets is becoming a critical security requirement, how CBOMs are being integrated into existing SBOM standards, and why organizations need to start future-proofing their encrypted data against quantum computing threats today. Key Topics Discussed What is a CBOM? A Cryptography Bill of Materials provides a trustworthy, structured, and machine-readable way to represent what cryptographic components exist in your software and how they are configured. Beyond the Basic SBOM: While a standard SBOM might tell you that a component like OpenSSL is present, a CBOM details the specific algorithms, key lengths, and operational modes in use. The Consolidation of Standards: CBOMs are actively being merged into broader SBOM frameworks like CycloneDX and SPDX. Over the coming months, CBOM data will simply become a subset of the tags and artifacts within standard SBOM files, reducing complexity for developers and security teams. The Post-Quantum Threat: The mathematical foundations of common encryption algorithms like RSA, DES, and SHA will eventually be defeatable by quantum computers. "Harvest Now, Decrypt Later": Adversaries may already be recording encrypted traffic today with the intention of decrypting it years down the line once quantum computing becomes viable. NIST and Regulatory Standards: NIST has been running a Post-Quantum Cryptography (PQC) project for several years and is expected to finalize approved algorithms soon. This guidance will likely be codified into future standards, such as a FIPS 140-4 update. Who Owns the CBOM? DevOps and developer teams should be responsible for creating and maintaining the CBOM data alongside their existing SBOM processes. Security teams will then consume this data to understand exposure, measure adoption of quantum-resistant algorithms, and prioritize risk mitigation.
- Apr 14, 202634 min
Exploring the Risks of Model Context Protocol (MCP) with Casey Bleeker
Summary: Timothy De Block sits down with Casey Bleeker from SurePath AI to demystify the Model Context Protocol (MCP). They discuss how this emerging standard allows Large Language Models (LLMs) to interact with external tools and why it represents a significant, often invisible, exposure risk for enterprises. Casey explains why MCP should be viewed like the HTTP protocol—ubiquitous and fundamental—and outlines the critical security controls needed to prevent data exfiltration and malicious code execution without blocking AI adoption. Key Topics Discussed What is MCP? MCP is a standard for creating a "natural language definition" of an API, allowing an LLM to intelligently determine when to call a specific tool rather than just generating text. It acts as a translation layer between a REST interface and the AI model, enabling the model to execute tasks like updating a CloudFormation stack or querying a database. The "HTTP" Analogy & Exposure Risk: Casey argues that MCP should be thought of as a protocol (like HTTP) rather than a specific tool. It is being implemented broadly across many open-source tools and providers, often hidden behind the scenes when users add "connectors" or extensions. Because it functions as a protocol, it creates a broad exposure risk where users grant AI agents permissions to create, update, or delete resources on their behalf. Vulnerabilities to Watch for in the MCP: Malicious Payloads: Downloading an external MCP resource (e.g., via npm) can lead to unvalidated code execution on a local machine before the model even calls the tool. Data Exfiltration: Users effectively grant their identity permissions to untrusted code controlled by external third parties (the LLM), allowing the AI to act as a proxy for the user on internal systems. Defense Strategies: Central Management: Organizations need a central MCP management gateway authenticated via Single Sign-On (SSO) with role-based permissions to control which tools are authorized. Deep Payload Inspection: The only true control point is the interaction between the user/agent and the AI model. Security teams must inspect the payloads in real-time to steer usage away from unapproved resources or prevent destructive actions. Authentication Specs: DCR vs. CIMD: Casey warns against the Dynamic Client Registration (DCR) flow, citing complexity and vulnerabilities in many implementations. He highly recommends demanding vendors support the CIMD (Client-Initiated Management Data) specification, which allows for proper validation of destinations and enforces valid redirect URIs.
- Apr 7, 202641 min
From Combat Zones to Corporate Lobbies: A Guide to Physical Security with Josh Winter
Summary: In this episode, host Timothy De Block dives into the often overlooked but critically important world of physical security with Josh Winter. Josh shares his unique journey from serving in combat infantry with the 82nd Airborne Division to running executive protection for high-net-worth individuals and conducting physical penetration testing for major corporations. They discuss the glaring differences between corporate security and residential security, how to spot the illusion of safety (like unplugged cameras and empty lobby desks), and why human behavior is always the most unpredictable variable in any security plan. Key Topics Discussed Josh's Background: How Josh transitioned from military service (82nd Airborne, PSD work in Afghanistan) to state security, executive protection for a wealthy family in San Diego, and eventually physical pen testing for a major firm. Corporate vs. Residential Security: The stark contrast between the static, often complacent environment of a corporate office and the highly dynamic, unpredictable nature of securing a private residence. The "Illusion of Security": Why lobby attendants without actual access control or security training are merely "decorations" and how unmonitored or broken cameras create a false sense of safety. Physical Pen Testing Tactics: Josh explains how simple confidence, observation, and exploiting human nature (like tailgating or holding the door) are often more effective than sophisticated hacking tools. The "Catch Me If You Can" Approach: How acting like you belong—much like Frank Abagnale Jr.—is the most powerful tool for bypassing physical security measures. Practical Security Upgrades on a Budget: Why $500 spent on motion-activated lighting, a simple ring camera, and upgraded door hardware is far more effective than a multi-million dollar system that isn't properly maintained. The Insider Threat: The reality that disgruntled employees, not shadowy hackers, often pose the greatest physical threat to an organization, and how to assess that risk. Security Culture: How to shift an organization's mindset so that challenging an unknown person in the hallway is seen as a sign of respect and vigilance, rather than rudeness.
- Mar 31, 202623 min
[RERELEASE] What is a SIEM?
Derek (@dth0m) has a lot of experience with SIEM and can be found on Linkedin participating in discussions on the technology. I had the opportunity to hang out with Derek at DerbyCon in 2015 and I came away impressed with his knowledge of SIEM. He seemed to be very passionate about the subject and that showed in this interview. We discuss: How to pronounce SIEM; what it is; how to use it; the biggest challenge; how to tune; and more.
- Mar 24, 202622 min
[RERELEASE] What is threat modeling?
Wolfgang has presented at many conference on the topic of threat modeling. He suggests using a much similar method of threat modeling that involves threat paths, instead of other methods such as a threat tree or kill chain. You can find him taking long walks and naps on Twitter (@jwgoerlich) and participating in several MiSec projects and events. In this interview Wolfgang covers: what threat modeling is; what needs to be done to get started; who should perform it; resources; and the lifecycle of a threat model.
- Mar 17, 202624 min
[RERELEASE] What is cryptography?
Justin is a security and privacy research currently working on a project titled, "Mackerel: A Progressive School of Cryptographic Thought." You can find him on Twitter (@JustinTroutman) discussing ways in which crypto can be made easier for the masses. In the interview Justin talks about: what cryptography is; why everyone should care; some of its applications; and how to get started with cryptography.
Get Exploring Information Security - Timothy De Block summaries in your inbox
Free AI-powered daily recaps. Key takeaways, quotes, and mentions — in a 5-minute read.
Get Free Summaries →Free forever for up to 3 podcasts. No credit card required.
You Might Also Like
Listeners also like.
Decipher Security Podcast
Decipher
HACKED: Into the minds of Cybersecurity leaders
Talking cybersecurity with nexus IT Security group
Getting Into Infosec
Ayman Elsawah
CISO Series Podcast
David Spark, Mike Johnson, and Andy Ellis
Business Security Weekly (Audio)
Security Weekly Productions
eXecutive Security
Gene Fay
The Sensuous Sounds Of INFOSEC
Ben Malisow, Matt Snoddy, and Raphael Fiedler
Infosecurity Magazine Podcast
Infosecurity Magazine
The Security Podcast of Silicon Valley
YSecurity
Bitcoin Security Maps
Mateusz
CISO Stories Podcast (Audio)
SC Media
ISF Podcast
Information Security Forum Podcast
About Exploring Information Security - Timothy De Block
The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.
Customized Recaps
AI-powered recaps with compact key takeaways, quotes, and insights.
Straight to Your Inbox
Get key takeaways from Exploring Information Security - Timothy De Block in a 5-minute read.
Save Hours Every Week
Stay current on your favorite podcasts without falling behind.
Frequently Asked Questions
What is Podzilla's Exploring Information Security - Timothy De Block daily summary?
It's a free AI-powered email that summarizes new episodes of Exploring Information Security - Timothy De Block as soon as they're published. You get the key takeaways, notable quotes, and links & mentions — all in a quick read.
How does the Exploring Information Security - Timothy De Block podcast summary work?
When a new episode drops, our AI transcribes and analyzes it, then generates a personalized summary tailored to your interests and profession. It's delivered to your inbox every morning.
Is this an official Exploring Information Security - Timothy De Block product?
No. Podzilla is an independent service that summarizes publicly available podcast content. We're not affiliated with or endorsed by Timothy De Block.
Can I get summaries of other podcasts too?
Absolutely! The free plan covers up to 3 podcasts. Upgrade to Pro for 15, or Premium for 50. Browse our full catalog at /podcasts.
What topics does Exploring Information Security - Timothy De Block cover?
Exploring Information Security - Timothy De Block covers topics including Technology. Our AI identifies the specific themes in each episode and highlights what matters most to you.
Start getting Exploring Information Security - Timothy De Block summaries tomorrow morning.
Free forever for up to 3 podcasts. No credit card required.
Free forever for up to 3 podcasts. No credit card required.