Yesterday, after reading a post in which I cautioned about a popular security podcast, someone asked me what cyber security podcasts I do listen to. I wrote this up a long time ago and never posted it for some reason, so now I’m correcting the oversight. Here’s my collection of the best of the best security podcasts.
These are the security podcasts I’ve been listening to for several years now and continue to recommend. Security podcasts are a good way to keep in touch with current issues, and also a good way to get continuing education.
My favorite is Risky Business (http://risky.biz) by Patrick Gray and Adam Boileau. This one won podcast of the year this year, and it’s about time it got the recognition. It’s consistently excellent. Patrick and Adam talk about the week’s security news, then Patrick interviews one guest and one security vendor. Adam is from New Zealand, and Patrick is from Australia, but that’s not a bad perspective. Patrick is an engineer-turned-journalist, and Adam is a pentester. Several times a year Patrick lands interviews with some shady people, so that perspective can be enlightening.
Liquid Matrix Security Digest
Liquidmatrix Security Digest (www.liquidmatrix.org) is almost always the #2, at least in the years they are able to record every week. Some changes in their personal lives the last couple of years keep them from recording every week anymore. But when they do record, make this one a priority. I went back and listened to every episode. I recommend you do the same. Most of them are Canadian, which colors their perspective slightly. Three of the four have been doing this a very long time. At least two of them have been CISOs and one was an (ISC)2 director.
Southern Fried Security
Southern Fried Security (www.southernfriedsecurity.com) is a little heavy on the policy side but it’s the only one of the bunch I can listen to with my kids in the room, and they wander off topic a lot less than most. Their main guy is the CISO of a hospital in Atlanta.
The Defensive Security Podcast (www.defensivesecurity.org) is the only podcast I’ve found that talks solely from the defender’s point of view. Pen testing is glamorous but someone has to fix the stuff the pen testers find. We can listen to pen testers grouse about MS08-067. But I think it’s more productive to listen to the guys who know how to make sure there’s no MS08-067 in your network for the pen testers (or bad guys) to find.
Paul’s Security Weekly (formerly Pauldotcom) (www.securityweekly.com) is the one everyone listens to. They get heavier on the tech than anyone else. They once walked through creating an exploit for a D-Link router in real time on the air, and that’s a good thing. But nobody is sober, which means they talk freely, but sometimes the guy we need to hear the most keeps getting interrupted. That’s a shame when it happens. This one wins all of the awards, but it’s not perfect. Then again, not chasing perfection definitely helps you survive to record 450 episodes.