Exploring Information Security - Exploring Information Security

• Gamifying Your Incident Response Playbook with Anushree Vaidya

  Summary: In this episode, Tim speaks with Anushree Vaidya about her upcoming presentation at ShowMeCon: Ransomware Rampage: Gamifying Your Incident Response Playbook. Anushree shares her passion for making cybersecurity training more interactive, emphasizing how gamifying the ransomware incident response process can transform traditional playbook exercises into dynamic, collaborative experiences. Anushree explains how ransomware-specific playbooks differ from general incident response plans, the benefits of hands-on exercises for diverse teams, and how organizations of all sizes can adapt her training approach internally. She also discusses overlooked early indicators of ransomware attacks, communication challenges between technical teams and leadership, and how proactive preparation can significantly reduce the pain of an incident. Topics Discussed Why ransomware-specific playbooks matter Turning incident response into a team-based, gamified learning experience Building ransomware exercises that include IT, security, PR, HR, and leadership teams Common gaps in ransomware detection and proactive preparation Coaching technical teams on communication during incidents Using AI to stay up to date with threat intelligence and reports Tailoring incident response playbooks for different industries and organizational sizes Key Takeaways Participants will leave Anushree’s presentation with a customizable ransomware playbook and tools to take back to their organizations. Gamified incident response exercises promote better communication, quicker learning, and stronger collaboration across teams. Early detection and proactive measures like business impact analysis are critical to minimizing ransomware damage. Communication planning—including legal, internal, and external messaging—is essential for effective response. Connect with Anushree LinkedIn: Anushree Vaidya Women in CyberSecurity (WiCyS) Midwest Chapter Member Anushree is passionate about connecting with others in cybersecurity, particularly in the Midwest region. Her DMs are always open for those who want to discuss ransomware, threat hunting, incident response, and cybersecurity strategy. Use the promo code “ExploringSec” to get $50 off your registration

  --------  

  31:23
• What is the Human Behavior Conference (HUBE)?

  Summary: Chris Hadnagy returns to the podcast to discuss the upcoming Human Behavior Conference (HUBE CON), a unique event blending psychology, neuroscience, and cybersecurity. Hosted in Orlando, FL, the 2025 conference focuses on the theme of "Influence and InfoSec"—with a diverse speaker lineup covering everything from nonverbal communication to neurodiversity in the cybersecurity field. In this episode, Chris and Tim dive into how the conference is designed to foster deep learning and genuine human connection. They discuss how the sessions go beyond standard talks with hands-on trainings, interactive discussions, and practical takeaways for both cybersecurity professionals and those outside the industry. Chris also highlights how the conference has evolved over the years, the importance of accessibility for introverts, and what attendees can expect from this year's upgraded format. Chris also shares updates on the Innocent Lives Foundation (ILF), a nonprofit focused on helping law enforcement identify and stop child predators, and touches on cutting-edge work at Social-Engineer, LLC—including new services involving deepfake social engineering simulations. Discussion Points: How the Human Behavior Conference bridges behavioral science and cybersecurity Creating a conference you want to attend Balancing science and practicality in session content Building a community for introverts and extroverts alike Why audience interaction creates stronger learning moments The expanding role of AI in podcast production and social engineering A preview of topics and speakers at this year’s HUBE CON Updates from the Innocent Lives Foundation and Social-Engineer, LLC Resources Mentioned: Human Behavior Conference (HUBE CON) Innocent Lives Foundation Social-Engineer, LLC

  --------  

  32:49
• [RERELEASE] How to deal with the "experience required" paradox

  Jerry recently had a blog post on his site (malicious link) titled, "Dealing With The Experience Required Paradox For Those Entering Information Security." It is a wonderful article with actionable items on what people can do to overcome that stipulation on job postings. Jerry is also a co-host for the Defensive Security podcast.

  --------  

  30:28
• [RERELEASE] How to ZAP your websites

  Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

  --------  

  17:34
• How Do Ransomware Gangs Work?

  Summary: In this episode of Exploring Information Security, we dive deep into the dark, complex world of ransomware gangs with returning guest Kyle Andrus. Drawing on leaked chat logs, real-world cases, and extensive incident response experience, Kyle helps us understand the internal operations, motivations, and evolution of these cybercriminal organizations. We explore how ransomware gangs are structured like modern corporations—with developers, access brokers, negotiators, HR, and even customer support. Kyle also shares insights into how these gangs are adapting to legal pressure, sanctions, and the cybersecurity community’s defensive advancements. Topics covered: The organizational structure of ransomware gangs Ransomware-as-a-Service (RaaS) models and profit sharing Affiliate programs, access brokers, and laundering tactics The impact of geopolitics on ransomware operations Creative pressure tactics, including triple extortion and SEC complaints The role of insider threats and chat log leaks (e.g., Conti) Use of AI by defenders and attackers The evolving response of law enforcement and regulation

  --------  

  59:28

More Technology podcasts

Trending Technology podcasts

About Exploring Information Security - Exploring Information Security