Monday 24 April 2017

Podcasts for Fun and Profit

So, let’s talk about Shadow Brokers... Only kidding! So much has been written in the past few weeks about the Shadow Brokers release(s) that it seems impossible to not at least mention the recent happenings. So I will leave it with the following: Everything I could possibly write has already been written, several hundred times, so I will not add to the noise. I have instead decided to write about something potentially of more use...

Like any budding security professional I am always on the look-out for good sources of security/hacking knowledge, through books, blogs, websites, videos, podcasts, online periodicals and other content types. Over time I have managed to build a reasonably healthy list, which I believe reflects the effort exerted in compiling it.

Often, colleagues wish to compare notes on these sources, attempting to identify any gems that we each may have missed. Through these conversations, I have noticed a trend: many find it particularly challenging to identify quality security/hacking podcasts.

In addition to being a great source of security news, podcasts provide an avenue to hear discussion between experienced security professionals on current topics; dissecting vulnerabilities, security practices and training, often highlighting differing points of view and revealing the present state of the industry. It’s rare that I don’t learn something new when I listen to any of the podcasts present in my podcast player of choice (overcast).
It’s not all industry though, most podcasts feature an enthusiast hacker narrative, or at least a balance between enthusiast and industry: after all, aren't we all enthusiasts at heart?

So here they are:


A long running podcast hosted by journalist Patrick Gray, now over 451 episodes deep. This is a comprehensive review of security news over the previous week, lots of commentary and opinion mixed in with a fair bit of humour. Risky Biz is one of the podcasts I look forward to hearing the most.
The podcast often features sponsor interviews, which I mostly find very interesting and not excessively vendor-y.

 Defensive Security Podcast 

Another well-established podcast, hosted by Jerry Bell and Andrew Kalat - both seasoned information security professionals. The podcast primarily features recent happenings in the security world and discusses them in an industry context. The podcast comes across as welcomingly informal, with lots of educated opinion and debate.

 Paul's Security Weekly 

Paul's Security Weekly is a titan of information security podcasts, running since 2006 - The intro alone will indicate to you exactly what to expect. The show is presented by Paul Asadoorian and often features regular guests Joff Thyer and Carlos Perez. This podcast is comprehensive, covering news with very knowledgeable and highly informed opinion and lively debate. It is fair to say I have learnt a lot about the information security industry by listening to this podcast.
The show is available in audio form, but I strongly recommend watching the videos, as the show often features technical demonstrations. Plus, you also get to see hackers defying the stereotype, one cigar at a time. This one is an absolute must-listen/watch.

 Security Now 

The podcast/video cast legend that is Leo Laporte presents Security Now with computer scientist, developer and security researcher: Steve Gibson (Steve may even be the gibson in the phrase "hack the gibson"). This podcast is expertly produced (as one would expect from the TWiT network). Leo expertly asks the questions we are all wondering, while Steve explains various aspects of recent security news. Educational and very enjoyable.

 Brakeing Down Security Podcast 

I am relatively new to Brakeing Down Security, I was drawn to listening to this podcast through the book written by Amanda Berlin and Lee Brotherston: ‘Defensive Security Handbook’. Amanda is a co-host of Brakeing Down Security with Bryan Brake and Brian Boettcher. All extremely competent professionals eager to impart knowledge to anyone who cares to listen. This podcast appears to be more education than commentary. Very worthwhile.

 Social-Engineer Podcast 

I’m also a new comer to the Social-Engineer Podcast. As a new-comer I am just about qualified to provide the official blurb: "The Social-Engineer Podcast is about humans. Understanding how we interact, communicate and relay information can help us protect, mitigate and understand social engineering attacks." - So far, I have found this podcast fascinating. This podcast is produced by Chris Hadgany's Social Engineer Inc.: Hadgany is the author of the excellent book 'Social Engineering: The Art of Human Hacking' and founder of DEFCON SEvillage and SECTF - all of which should be ample evidence of the podcast's credentials.