Podcasts are a good way to stay current while taking a break from the screen
Today’s blog post is a little simpler because I spent most of the past week studying for my CompTIA Security+ certification. The good news is, I passed! Onto the next certification! In the meantime, I thought I’d talk about one of the ways I like to stay on top of the latest cybersecurity news: podcasts.
One of the things I like to listen to while going for a run or doing chores around the house is podcasts. My rotation tends to be a pretty eclectic mix — a couple of them are about video games, there’s a few media criticism shows, some historical storytelling, one or two true crime/mystery shows, and a few interview formats about a variety of educational/informational topics.
Lately, I’ve been checking out some more cybersecurity related podcasts as an easy way to keep learning and advancing my professional knowledge while working on other, unrelated tasks. The only problem is: there are so many to choose from! I’ve barely scratched the surface, and it’s certainly a field ripe for exploration. However, as a former audio engineer, I can be a little picky about my podcasts. They don’t need to be recorded in a studio or anything (and I’m definitely more forgiving in the age of COVID), but I do tire very quickly if every episode of a podcast sounds like it was recorded over a phone call. Additionally, while good rapport among hosts is certainly a positive consideration, I tend to prefer a little structure to the overall format and “shooting the breeze” will only carry an episode so far before I get bored.
Generally, I like to listen to a few episodes of a show to really get a feel for it and see if it’s something I would want to listen to regularly, or maybe only just catch once in awhile. Here’s a few that I’ve checked out so far:
- The ISC StormCast — hosted by Johannes Ullrich, the StormCast is a quick daily update about the latest in cybersecurity news. Each episode tends to be about five minutes in length, which means it’s the perfect podcast to throw on at the beginning of the day while getting ready. My only strike against it is purely for personal reasons — since I’m often getting ready for the day while listening to it, I tend to get too busy to follow-up on an interesting topic that deserves more research (since it’s so short, the podcast almost always has show notes linking out each topic in more detail). Nevertheless, this podcast is definitely in my regular rotation. It’s easily digestible, and its quick in-and-out format means its really easy to add it to my routine without upsetting the whole playlist order. In fact, the StormCast was how I first heard about the Microsoft “Zerologon” exploit, which has since been discussed elsewhere at great length. As stated above, I highly recommend going into each episode’s show notes, as some topics absolutely deserve further research.
- Smashing Security — hosted by Graham Cluley and Carole Theriault. Smashing Security is a once-a-week podcast in the style of an interview or talk show. The hosts break down some security-related stories from the past week, while also talking about whatever pop culture thing they happen to be into that week. It’s often light-hearted, both funny and informational, and the hosts have a great degree of chemistry (there are regular guests as well). Of the recent episodes I’ve listened to so far, many of the security topics tend to be more focused on social engineering than straight technical exploits or vulnerabilities, so your mileage may vary, depending on what you’re looking for out of your podcasts (though I certainly think cybersecurity doesn’t always focus on social engineering as much as it should). I’ve added it to my regular rotation.
- Unsupervised Learning with Daniel Miessler — The host (Daniel Miessler) spends the week consuming a ton of info about various cybersecurity topics and then discusses them in the podcast at the end of the week. This one shows up online in a lot of people’s top security podcasts, but I’m not entirely sure if it’s for me yet— I’ve only listened to one episode, but most of the topics covered were only surface level, and the lack of a second host led to it feeling a little repetitive. If you’re just looking for an update on the week’s worth of security news, it provides a great reader’s digest version, but if you try to keep pretty up to date already, the podcast may not cover a whole lot of new ground.
- The Social-Engineer Podcast — a once-a-month podcast about different social-engineering topics. As I said previously, social engineering can be one of the most overlooked aspects of cybersecurity, but it’s also one of the most effective at causing cyber events: There are SO MANY cyber incidents that started with some form of social engineering, so it’s good to be knowledgeable about it. I’ve listened to several episodes, and I’ve always found the interviews to be engaging, insightful, and thought-provoking. It’s less “technical” than some podcasts, but Chris Hadnagy approaches each topic with empathy and astute insight, and, given that it’s only once-a-month, it’s extremely easy to add this podcast to my regulars without greatly impacting my backlog. I’ve found myself looking forward to each new episode.
- Risky.biz (Risky Business) — A weekly podcast hosted by Patrick Gray (and occasional guests). Regularly in the top recommendations by many security professionals for staying up to date on the latest cybersecurity news. I’ve only listened to a few episodes so far (they’re currently on vacation, so the most recent episodes are from a few weeks ago), but it was pithy while remaining very informative. Patrick Gray covers a variety of topics while managing to go into a good deal of depth, providing an excellent, balanced podcast. There is a good likelihood this will remain in my regular rotation when the hosts come back from their well-deserved breaks.
- Security Now — Security Now is actually a video series that also gets converted to a weekly podcast after it airs live. Hosted by Steve Gibson and Leo Laporte, Security Now manages to thread the line of keeping you up to date about regular cybersecurity news from a technical standpoint, while also remaining digestible for people who maybe touch a lot of security topics in a single day and don’t have the time or ability to go into great depth on any particular one. The quality of the podcast is very high, though I do have one strike against it: there are a lot of ads. I understand that keeping a free show going probably has a lot of budget concerns (and it is extremely well produced — probably the best sounding podcast in this list, actually), and I really can’t blame them for it. Nevertheless, it pulls me out of the experience a bit when an ad break goes on for over five minutes. Again, can’t really blame them, but it is a consideration if you’re trying to make room for more podcasts in your already-packed playlist. Regardless, the actual content of the podcast is pretty good. For instance, an episode a couple weeks ago about properly segmenting your network from ioT devices reminded me to reconfigure our guest WiFi network so that any ioT devices in my house were isolated (a practice I had been meaning to actually sit down and do for quite awhile — you may want to consider it yourself, given the history of just how insecure these devices are)
If you look for “top cybersecurity podcasts” on Google, you will come up with dozens of articles with hundreds of results, and it can be a little overwhelming, so I’m still checking out new ones occasionally. Do you listen to podcasts, and, if so, do you have any favorites? Let me know in the comments below!
