Goodpods logo
Goodpods

Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
We think we know - We think we know hackers thrive on deep environment knowledge

We think we know hackers thrive on deep environment knowledge

04/09/24 • 73 min

We think we know

“Not everything works as configured. Not everyone behaves as trained.”

The reality of this statement makes it possible for us, the people in offensive security, to have a job. It also highlights how unpredictable our work can be and how never-ending our learning process is.

We work in a space where things are so complex that we need to combine big-picture, higher-level thinking with boost-on-the-ground practice.

And our guest today is brilliant at doing just that.

Pete Herzog has spent over two decades distilling the fundamental principles of security testing, turning them into a decade-defining manual - the Open Source Security Testing Methodology Manual (OSSTMM). Pete brings offensive and defensive security concepts together to break down important misconceptions.

Listen to this conversation to uncover:

  • Why you can’t do security without understanding the process behind it [08:23]
  • How automation can help but, at the same time, hurt the ones using it [11:00]
  • Why you can’t rely only on automated security tools in your pentests [19:10]
  • The importance of implementing security controls to change the environment [28:22]
  • Pete’s perspective on "Zero Trust" and how they tackled this ion OSSTMM [35:18]
  • Why he thinks there are “too many parrots, not enough pirates” in this space [43:42]
  • The excitement of researching for OSSTMM v4 and exploring new technologies [51:40]

From the expert systems behind AI-driven tools and their blindspots to generalizations that hurt offensive security outcomes, we explore key elements that shape today’s problems - some of which you’re probably wrestling with as well.

Let’s explore them!

plus icon
bookmark

“Not everything works as configured. Not everyone behaves as trained.”

The reality of this statement makes it possible for us, the people in offensive security, to have a job. It also highlights how unpredictable our work can be and how never-ending our learning process is.

We work in a space where things are so complex that we need to combine big-picture, higher-level thinking with boost-on-the-ground practice.

And our guest today is brilliant at doing just that.

Pete Herzog has spent over two decades distilling the fundamental principles of security testing, turning them into a decade-defining manual - the Open Source Security Testing Methodology Manual (OSSTMM). Pete brings offensive and defensive security concepts together to break down important misconceptions.

Listen to this conversation to uncover:

  • Why you can’t do security without understanding the process behind it [08:23]
  • How automation can help but, at the same time, hurt the ones using it [11:00]
  • Why you can’t rely only on automated security tools in your pentests [19:10]
  • The importance of implementing security controls to change the environment [28:22]
  • Pete’s perspective on "Zero Trust" and how they tackled this ion OSSTMM [35:18]
  • Why he thinks there are “too many parrots, not enough pirates” in this space [43:42]
  • The excitement of researching for OSSTMM v4 and exploring new technologies [51:40]

From the expert systems behind AI-driven tools and their blindspots to generalizations that hurt offensive security outcomes, we explore key elements that shape today’s problems - some of which you’re probably wrestling with as well.

Let’s explore them!

Previous Episode

undefined - We think we know you can't attack what you don't understand

We think we know you can't attack what you don't understand

In this episode, we continue to ask the meaningful questions:

  1. What makes a great pentester?
  2. How can you balance the art of manual testing with the efficiency of automation?
  3. What is the unique value that pentesters bring to offensive security?
  4. And what can't be commoditized in this craft?

Gabrielle's mantra, “action for cyberpeace”, resonates through her work, and today, she shares her journey, experiences, and the lessons that shaped her career so far.

Key highlights from this conversation:

  • What specific skills do you need to be a great penetration tester [02:45]
  • How self-learning and consistency help you achieve your goals [07:55]
  • Why she values team collaboration to deliver the best work you can do [13:57]
  • How she got into cybersec and why she strives for cyberpeace [24:35]
  • How to find balance between your personal life and your work [28:37]
  • When automation is effective in pentesting and where that ends [32:02]
  • How to set healthy boundaries to protect your personal life and health [41:11]
  • Which hobbies juggle her curiosity and broaden her horizons [51:59]

Give this episode with Gabrielle a listen if you want to level up your ethical hacking skills and challenge your modus operandi.

If you like this episode you’ll love
ITSPmagazine Podcasts

ITSPmagazine Podcasts

The Torch: The Great Courses Podcast

The Torch: The Great Courses Podcast

Aspen Ideas to Go

Aspen Ideas to Go

TED Talks Daily (SD video)

TED Talks Daily (SD video)

The Edtech Podcast

The Edtech Podcast

Episode Comments

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/we-think-we-know-342745/we-think-we-know-hackers-thrive-on-deep-environment-knowledge-49835614"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to we think we know hackers thrive on deep environment knowledge on goodpods" style="width: 225px" /> </a>

Copy