5 Must-Listen Information Security Podcasts

Ben Wilde | Security, Security First

Information security can be a tricky topic to get up to speed on. That’s not for lack of information, but rather because there’s so much out there, including lots of vendor speak. With so many different people adding their voice to the discussion, figuring out who really knows what they’re talking about can be tricky.

To help, we’ve compiled a list of our favorite information security podcasts. We admire the folks behind them because they have a solid track record in the industry and broad experience in a variety of roles. And, while we don’t claim to be the arbiters of all things useful in this space, we think the information security podcasts we’ve identified here are some of the most useful and informative.

In addition to pointing you to some of our favorite episodes of each podcast, we’ve also provided links to the social media accounts (where available) of the people behind them. We think this is another helpful way to let you see for yourself how deep the experience and expertise of some of these podcasters go.

1. Defensive Security Podcast

Defensive Security PodcastThe Defensive Security podcast is focused on sharing the latest InfoSec news and talking through lessons learned. They add value by sharing insights not noted anywhere else.

For example, in a recent episode they covered the Anthem breach of 2015. What was particularly useful is that they delved into using two-factor authentication to protect against phishing, something I didn’t see anyone else mention in connection with the breach.

Hosts:  Jerry Bell (@maliciouslink | LinkedIn) and Andrew Kalat (@lerg | LinkedIn)

Screen Shot 2016-03-17 at 2.46.24 PMNotable Episodes:

Episode 151: Jerry and Andrew talk in depth about the Anthem Breach one year on (and the importance of two-factor authentication in making these types of attacks less common) as well as stories on ransomware and one from Krebs on Security about a recent attempt to warn a credit union of a breach.

Episode 129: The guys talk about the security disclosure missteps by Oracle as an example of how not to handle customer-based security research, the impact of malware served up via malicious ads (and why you need an ad-blocker) and more.

2. Data Driven Security: The Podcast

Screen Shot 2016-03-15 at 4.02.37 PM

Brought to you by two of the team members who worked on the Verizon Data Breach Investigations Reports (both have since moved on) this podcast takes a scientific, data-driven approach to information security. In fact they wrote the book on it.

Every two weeks, Bob and Jay take a look at the dark art of security data science and talk with a variety of security practitioners who are pioneering the data-driven security movement.

Jay Jacobs (@jayjacobs | LinkedIn) and Bob Rudis (@hrbrmstr | LinkedIn)

Notable Episodes:

Episode 26 – Rapid7 Data Science: Bob takes us for a look behind the curtain into how Rapid7 is using data science. Lots of interesting discussion about the applications for data science in the information security field.

Episode 22 – Security Data Science: Bob and Jay talk to Allison Miller about the state of security data science and wonder if it’s already dead (don’t worry, it’s not).

3. The Silver Bullet Security Podcast with Gary McGraw

The Silver Bullet Security Podcast

The focus of this podcast, like its host’s, is on software security. The show follows an interview format and provides a great platform for understanding the topic from a wide variety of points of view.

Gary can rightfully claim to be one of the fathers of the study of software security, having written the book on it, and first made a name for himself in the 1990s by finding gaping holes in Java.

Host: Gary McGraw (@cigitalgem | website)

Screen Shot 2016-03-17 at 2.40.20 PMNotable Episodes:

Show 111 with Marcus Ranum, inventor of the proxy firewall and now a security strategist at Tenable Security, includes an interesting discussion on the state of software security and de-perimeterization.

Show 119 with Jacob West, the Chief Architect for Security Products at NetSuite, includes a good discussion on why we need to worry about security flaws as well as bugs, and just what flaws are. Jacob is also the author of “Secure Programming with Static Analysis.”

4. Duo Tech Talks

Screen Shot 2016-03-15 at 4.23.13 PM

Ok, so this isn’t actually a podcast. Instead, it’s a great video series from Duo Security, a two-factor authentication platform provider based in Ann Arbor, Michigan. These folks record their monthly talks on a variety of interesting topics, including hardware hacking and computer security.

While not so easy to listen on your commute, overall the quality of their speakers is outstanding, making this well worth your time to check out.

Host: Duo Security (@duosec)

Notable Episodes:

March 2015: The Best of Bug Finding with Charlie Miller, of Uber, who’s best known for his Apple zero day hacks and most recently for his part in remotely hacking a Jeep Cherokee. This is a funny and informative talk by an experienced security bug hunter and includes discussion of his iPhone, Second Life and SMS hacks.

September 2014: Building a Modern Security Organizations with Zane Lackey, who’s a founder and CSO at Signal Sciences and has also contributed to our own blog here.

5. The Impact Podcast

The Impact Podcast

I’d be remiss if I didn’t mention The Impact Podcast by Georgian Partners. While the focus of our podcast is on a variety of disruptive, cutting-edge technologies like applied analytics, messaging for business, and artificial intelligence, we also frequently talk about information security.

Our mission is to help entrepreneurs harness the power of leading tech trends to dominate their market and make a real impact.

Host: Jon Prial (@jonprial | LinkedIn)

Screen Shot 2016-03-17 at 2.43.23 PM
Notable Episodes:

In Episode 5: Breaches Beware, we talk to veteran entrepreneur and CTO Richard Hyatt about why it’s so important to put security first in your organization. It includes an interesting discussion on the key security trends the businesses should be focusing on.

Episode 8: Putting Security First features Ben Sapiro, Senior Director of Security, Privacy, and Compliance at Vision Critical. In the episode you’ll learn about where companies should start when it comes to putting security first. You can also hear Ben on the LiquidMatrix Podcast, a long-running and entertaining security podcast started and co-hosted by Dave Lewis (@gattaca| LinkedIn).

So there you have it, our list of the top information security podcasts. What did we miss? Share your thoughts and ideas in the comments section of this post.