The Evolution of Offensive Security with Erik Cabetas

In this episode, we delve into the mind of Erik Cabetas, a renowned figure in offensive security and Defcon CTF winner. Erik shares his unique journey from hacking to offensive security, detailing the critical turning points that shaped his career. Together with Mackenzie and Dwayne, Eric discusses the evolution of security practices, the importance of ethical hacking in today's digital world, and offers some advice for aspiring hackers. Join us to explore the fascinating intersection of technology, ethics, and security through Erik's expert lens.

Show Notes
Include Security Blog: https://blog.includesecurity.com/
Include security Website: https://includesecurity.com/


00:00 - 04:28 Intro and what is offensive security?
04:29 - 05:00 Acronyms born at RSA conf
05:00 - 08:15 What are the most common findings these days?
08:15 - 12:50 Discussing the decline of utility of pentesting, why the current industry status quo is failing us.
12:51 -14:28 Checking the box vs. actually improving security; Economic theory and motivations for reach security assurance
14:28 - 17:45 How do we improve the industry and making pentesting great again?
17:45 - 18:44 Musings about Log4J, could an EO have stopped it?
18:45 - 21:44 What are memory safe applications?
21:45 - 25:55 Defcon & other CTFs
25:55 - 28:09 Do you still check out Defcon?
28:10 - 29:05 Enjoyment of watching colleagues come up with cool hacks at IncludeSec
29:05 - 31:15 How to even start practicing for offensive security and getting into CTFs?
31:15 - 32:06 Git guardian
32:07 - 34:35 Are technical challenges good for interviews at US gov orgs like CISA?
34:35 - 38:12 Best advice to new people getting into security positions?
38:12 - 39:27 What's the worst advice you hear in security? Compliance oriented mindset providing security advice!
39:28 - 41:41 Closing thoughts from Erik, Mac, and Dwayne