Infosec Success (with Lesley Carhart)

Advanced Persistent Security
Advanced Persistent Security
Infosec Success (with Lesley Carhart)

Infosec Success (with Lesley Carhart)



GUEST:Lesley Carhart

January 2, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Infosec Success (with Lesley Carhart)



We discuss our predictions for 2017. Lesley gives us her theme of “Reaching a Breaking Point.” She says that some things will get worse in places. This will give risk managers a little more budgetary leverage. Lesley predicts more Distributed Denial of Service (DDOS) and IOT botnet DDOS attacks. Joe predicts a data breach bigger than Yahoo in terms of sensitivity, records, applicability, and ability for misuse. Lesley’s next prediction is government/Law Enforcement on cloud and social media providers and their data retention policies. Joe’s final prediction is to see a rise in social engineering and phishing.


Lesley shares with us her wisdom about taking GIAC exams after SANS training and the value of having solid indices. We talk about what to take into the testing center. We talk about the various cost offset models. Lesley and I also talk about the advantages and disadvantages of the larger SANS events versus smaller events and venues. We talk about the SANS Blue Team (DFIR) and Red Team (Pen Test) pipelines. We talk about true “Purple Teamers.”


In our Infosec success segment, Lesley’s first tidbit of advice is “Want to be in infosec.” Joe talks about being able to teach someone the knowledge, but not the passion. Joe talks about learning outside of work and tinkering in a home lab. Lesley talks about learning types and finding the method for you to learn best. Joe recommends getting active in the security community via BSides, defcon groups, 2600, ISSA, OWASP, and (ISC)2 chapters. We also talk about Irongeek’s site as well. Joe recommends business cards regardless of your career level. We talk about report writing and public speaking and the importance of producing quality reports regardless of the role. We discuss languages and programming languages.

ABOUT Lesley

Infosec Success (with Lesley Carhart)
Lesley Carhart

Lesley Carhart (GCIH, GREM, GCFA, GPEN, B.S. Network Technologies, DePaul University) is a 17 year IT industry veteran, including 8 years in information security (specifically, digital forensics and incident response). She speaks and writes about digital forensics and incident response, OSINT, and information security careers, is highly involved in the Chicagoland information security community, and is staff at Circle City Con, Indianapolis.

In her free time, Lesley studies three martial arts, is a competitive pistol marksman, and is generally all around a huge geek.

Lesley loves to speak about information security and digital forensics to technical and non-technical audiences, and would be happy to come to your con or speak to your class (time allowing)! Please reach out to @hacks4pancakes on Twitter, or at [email protected].


Twitter: @hacks4pancakes
Twitter: @Infosec_VetTix
Blog: Tisiphone

SANS References:

Rtfm: Red Team Field Manual
SANS Cheat Sheet Google Search String
Joe’s SANS Security 504 Mentor Course


Hosted Locally on Advanced Persistent Security


Hosted Locally on Advanced Persistent Security




When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:

Delivered by FeedBurner


* indicates required

This site uses Akismet to reduce spam. Learn how your comment data is processed.