"Is your application secure?"
Few other questions induce unease and that sinking feeling, like this one does. Depending on who you ask (and how many you ask), you'd get all sorts of answers. But one thing common in their hearts, which they may or may not tell you, will be — they're not sure!
Yes, security is hard, vague, based on luck, and cannot be guaranteed by the developer. But that doesn't mean we're sitting ducks. Even a little knowledge of common security loopholes will make your app several times stronger. And if you think your application has nothing to worry about, hire a penetration tester and watch them demolish the foundations in a few minutes!
Anyway, the point is, security is important for all of us. And like other important things (exercise, financial planning, proposing to that guy/girl), we keep putting it on the backburner. Not anymore! Thanks to podcasts, the topic of security is now available in a much more interesting and palatable format. An hour or two of entertainment and laughter every week, and you won't even realize how many tricks of the trade you'll pick up over time.
So, without further ado, I present some of my most favorite security podcasts!
Open Source Security
I don't think I have fully figured out yet what the "open source" part of the name is about. It's not as if this podcast reviews only open source projects. But that takes nothing away from the value it delivers! From deep exploration of the intricacies of, say, DNS poisoning, to illuminating and lightweight conversations about bank lockers, there's always plenty going on to keep you interested!
Here are some of the episodes I really enjoyed:
The Open Source Security podcast has been a consistent pleasant surprise for me; their range and depth of security topics and issues is admirable. The podcast doesn't make an effort to spell out the ABCs, so us devs might have to make a little more effort. That said, the podcast is more than worth it, especially because each episode is strictly around 30 minutes in length.
Check it out on Google Podcasts.
Security Weekly News
If you're more of a get-to-the-point person and want a quick round-up of the latest in the security world, this podcast is for you. The "news" part in the podcast name isn't a clever marketing tactic — the podcast is structured like a news show. The host is serious and gets to the point right from the very start; the news items are dissected methodically; and there's sincere research and serious interviews thrown in.
There isn't much point linking to their "best" episodes as it's hard to say which news is better than which one. But I will vouch for the value delivered and the engrossing delivery — it's far more entertaining than a generic news program where everyone is sleeping and soon you too fall asleep!
With short (30 minutes) episodes that reveal just how many and how embarrassingly large mistakes are being made by the companies we've handed our lives over to, the Security Weekly News is a must-listen.
Here's the link to its Google Podcasts page.
2.5 Admins
The title says it all — it's a podcast run by two sysadmins and one guy who can sometimes be considered a sysadmin! Jokes aside, 2.5 Admins is another podcast I deeply admire and look forward to. It's not fixated on security in any typical way, instead opting to cover peripheral issues around it. Often, the conversation veers towards the GPU industry, Linux, Bitcoin, or anything else that's interesting.
So, yes, you won't strictly "learn" as much about security as some other podcasts, but for overall awareness and entertainment, I highly recommend this podcast. Let's sample some of their interesting episodes:
With small episodes (30 minutes), analysis of the latest happenings, and a spoonful of humour combined, the 2.5 Admins is a must-try if you're even remotely connected to security and the Dev(Ops) world.
Here's the link to their Google Podcasts page.
Cyber Security Interviews
Exactly what it says on the tin, Cyber Security Interviews is a podcast that regularly interviews professionals in the security domain. These episodes are neither sensational nor knee-deep in details, but they serve to bring out the human side of the cybersecurity profession — what the people leading important companies are like, what they think about security and how it's going to change, what their success mantra is, what advice they'd give to us lesser mortals, and so on.
- John Hammond: Raise The Cyber Security Poverty Line (Hammond is a security researcher)
- David Wong: Many Layers of Complexity (Wong worked on the Libra project at Facebook)
- Ed Bellis: Complexity is the Enemy (Bellis is an industry veteran and CTO + Co-Founder of Kenna Security)
- Brian Martin (Jericho): The Hacker Mindset (Martin is a former hacker who later turned hardcore security engineer)
- Jorge Orchilles: Offense Informs Defense (Orchilles is the author of the book Microsoft Windows 7 Administrator’s Reference)
The episodes are what I'd call short-ish (40-50 minutes), because interview podcasts can easily cross the 90-minute mark! Cyber Security Interviews is perfect for those occasions when your mind is at peace and you're just looking to absorb some interesting, human-focused insights.
Check it out on Google Podcasts.
Cyber Work
It's all fine and amazing to listen to security news talking about hacks, data breaches, and how someone built an impenetrable fortress. But what if you want to be part of the action? How do you get in and what does the career path look like? In fact, what does an average day look like?! And what about people from other domains (devs, sysadmins, testers, etc.) who want to make a switch?
Cyber Work is a podcast dedicated to resolving these dilemmas. Career advice, leadership progression, new ideas, industry interviews — this podcast has you covered.
Let's look at some interesting episodes:
- Moving up in cybersecurity: From help desk to FireEye to CEO
- Malware analyst careers: Getting hired and building your skills
- Cybersecurity careers: Risk management, privacy and healthcare security
- Hiring a ransomware negotiator: Tactics, tips and careers
- Get started in computer forensics: Entry-level tips, skills and career paths
Cyber Work is a unique and refreshing podcast in the security ecosystem. Getting to know the inside stories as well as exhaustive advice on how to get there (and keep growing) is rare. For making that effort, Cyber Work deserves to be a part of your podcast feed.
Check it out on Google Podcasts.
The Privacy, Security, & OSINT Show
This podcast is also about news, analysis, and opinion, but it sticks to one topic per episode and goes into the kind of depth that people hungry for knowledge will appreciate. The issues discussed are not strictly about the attack-and-defense skirmishes in cybersecurity, but also issues related to privacy, slip-ups, or pure negligence. Which is great, because security doesn't live in a bubble; it's a tech-driven but extremely social+human thing where we, rather than the machines, are mostly at fault.
- Secure Messaging Comparison
- The Trouble With VPNs
- Contact Management & Crash Reporting Concerns
- Privacy Crash Course 03: Mobile Devices
- The Latest Unemployment, IRS, & ID Fraud
In-depth, eye-opening, engrossing, scary, motivating . . . this podcast is everything! You'll barely find a better doorway into the security world than what this one offers. It's a must-subscribe-to if you want serious learning and are ready to give serious attention.
Check it out on Google Podcasts.
Recorded Future - Inside Security Intelligence
A very rich podcast with a slightly different view of security. Rather than talk about and analyze news stories, as other podcasts are doing, Recorded Future focuses on problems, solutions, threats, and defences not yet fully formed and understood. That doesn't mean they operate in the realm of speculation; rather, they try to identify trends and threats while they're still in their early stages of development and don't look like a menacing concern to anybody.
I'm beginning to sound like a goat, so I'll let these sample episodes do the talking:
- Deepfakes as a Service
- Correlating the COVID-19 Opportunist Money Trail
- Examining Russian Threats to the 2020 Election
- The Diversity of Security Challenges in Higher Education
- A Healthy Respect for Ransomware
Recorded Future is a subtle exploration of not just security disasters but also the factors that contribute to them. If you stick to this podcast medium- to long-term, the results will be phenomenal.
Check it out on Google Podcasts.
The Social-Engineer Podcast
Social engineering is perhaps as old as secrets are. When all logical approaches to cracking the safe (so to speak) fail, we resort to ego massaging and other psychological tactics. These methods are successful more often than not, be it cryptography, phishing, espionage, or just plain-old hacking (ransomware, etc.).
As the name says, The Social-Engineer Podcast covers social engineering in the context of today's security environment. This is one area that is everyone's concern in an organization — everyone has sensitive data or entry points to leak, and so everyone needs to be aware of the subtle ways in which social engineering works.
Here are some interesting episodes from the podcast:
- Human Hacking With Chris Hadnagy
- Altered Memories and Alternate Realities with Dr. Elizabeth Loftus
- The Human Hacking Conference 2020 Recap
- Using Deception Detection Techniques Daily with William Ortiz
- Can I Scare You Into Being Secure With Dr. Jessica Barker
The Social-Engineer Podcast is very different and hits the cybersecurity problem at one of its most sensitive areas. As much as we need a technical foundation in security to do our jobs better (as developers), the human link in the chain can't be ignored.
Check out the podcast on Google Podcasts.
Conclusion
We all know how important security is, but I don't want to give off the impression that we should be pros at it. Security will always be a murky domain demanding devotion and specialization, which is simply not an option for us devs. These podcasts are meant to raise our awareness . . . and perhaps provide a solution or two that we end up using in daily work. That's all. The most important skill is a security mindset — whether you're a developer or sysadmin.
Originally published on WorksHub by Ankush Thakur.
Top comments (1)
THanks a lot man for these amazing list of podcast. Can you recommend me some podcast related to Cyber Security?