S07E04 - Mastering Information Security: A Conversation with Robert E Lee

In this eye-opening episode of the podcast, I have the pleasure of engaging with Robert E. Lee, a seasoned expert in the field of information security. Our conversation plunges into the technical depths of cybersecurity, making it a treasure trove for those keen to understand the nuts and bolts of security protocols. We delve into the intricacies of TCP/IP and HTTP, unravel the techniques of effective port scanning, and confront the complex business challenges like account takeovers. This episode is a must-listen for anyone passionate about the inner workings of cybersecurity and looking for insights beyond the surface-level understanding.

Our discussion takes a critical turn as we explore the prevailing issues within the information security community, particularly the problem of groupthink and its impact on the sector's progression.

0:00 Intro
2:28 Robert's foray into infosec
12:56 Manual pen testing to automation
19:09 Portscan innovations
22:27 Sockstress
31:15 CIA triad and availability
35:25 Full disclosure
38:48 Dan Kaminsky, Jack Lewis and James Flom
41:32 Black hat vs white hat
43:43 Slow and minimalistic attacks
47:21 Selling Dyad Security
52:39 Hyper performant dynamic apps
57:21 Blue teaming vs red teaming
1:09:03 Banking and authentication
1:22:38 Conflicts of interest in red teaming
1:26:08 Amazon security
1:31:56 Twitter security and the bot problem
1:50:34 How infosec has changed and merit
2:12:06 Snap and OTP and fraud
2:17:30 Outro