BarCode Podcast Episode

In this engaging conversation, Chris Glanden interviews Kevin Johnson, a seasoned expert in IT and cybersecurity. Kevin shares his extensive journey from system administration to becoming a leader in penetration testing and ethical hacking. He emphasizes the importance of hands-on learning, the evolution of penetration testing standards, and the role of open source in the industry. The discussion also touches on the significance of community, acknowledgment, and charity work in cybersecurity, along with personal anecdotes and insights into the future of the field.

00:00 Introduction to Kevin Johnson
03:39 Kevin's Journey in IT and Security
06:29 The Evolution of Penetration Testing
09:35 Transitioning from IT to Security
12:30 The Importance of Hands-On Learning
15:28 Involvement in Open Source Projects
18:38 The Role of Mentorship in Career Development
21:14 Ethical Hacking and Its Misconceptions
24:23 The Future of Cybersecurity
27:27 Understanding Risk in Cybersecurity
29:14 The Evolution of Penetration Testing Standards
31:00 The Human Element in Penetration Testing
32:46 The Challenges of Automated Pen Testing
35:26 Transparency and Knowledge Sharing in Cybersecurity
39:36 Standing on the Shoulders of Giants
44:41 The Importance of Acknowledgment and Gratitude
48:26 The 501st Legion: Charity Through Cosplay
53:08 Creating a Cybersecurity-Themed Bar

SYMLINKS

[Secure Ideas Website] – https://www.secureideas.com
Kevin Johnson’s cybersecurity consulting and training firm, offering penetration testing, security assessments, and educational resources. It also hosts blog posts and tools created by the Secure Ideas team.

[Kevin Johnson on LinkedIn] –   / kevinjohnson  
Kevin’s professional LinkedIn profile, where he shares insights on cybersecurity, career development, and industry leadership.

[@secureideas on Twitter (X)] –   / secureideas  
Kevin’s Twitter/X account, where he frequently shares thoughts on InfoSec, pen testing practices, open-source contributions, and industry transparency.

[Samurai WTF (Web Testing Framework)] – https://github.com/SamuraiWTF/samuraiwtf
An open-source Linux distribution for web application penetration testing. Co-created and taught by Kevin, this toolkit helped train thousands of security professionals in hands-on ethical hacking.

[BASE (Basic Analysis and Security Engine)] – https://sourceforge.net/projects/secu...
A fork of the discontinued ACID project for Snort, created by Kevin to continue development and improve IDS event analysis. This project marked a pivotal moment in his open-source journey.

[SANS Institute] – https://www.sans.org
A premier cybersecurity training organization where Kevin became a senior instructor, authored multiple courses, and earned the GCIA, GCIH, and GCFA certifications that shaped his professional trajectory.

[Penetration Testing Execution Standard (PTES)] – http://www.pentest-standard.org
An industry-defined standard for performing thorough and ethical penetration tests. Kevin is actively involved in modernizing this standard to reflect current tools, risks, and methodologies.

[OWASP (Open Worldwide Application Security Project)] – https://owasp.org
A nonprofit organization focused on improving software security. Kevin previously served on the global board and has long supported OWASP's community-driven tools and educational efforts.