The Best ‘Guilty Pleasure’ Security Podcasts

I’ve been listening to a lot of podcasts recently and for those of you in the network/information security industry, there are a lot of podcasts about security out there. If you search for “security podcasts” on Google you’ll get this:

And honestly, it’s great to see this industry developing a community and being more widely discussed, however, it can be overwhelming. I know that there’s a lot of great content out there, but I just don’t have enough time in the day to listen to all of these podcasts.

Most of the security-related podcasts available have a fairly standard format. There are one or two co-hosts introducing a current event (recent breach, vulnerability, acquisition etc.) and proceed to discuss every angle of it over the course of a one or two-hour segment. I can handle this on occasion, but there are a couple podcasts that I continuously come back to that have become more guilty pleasures than real, in-depth perspectives.

Internet Storm Center (ISC) StormCast

This podcast is by-far one of the best security podcasts out there. It’s a no-fluff look into the most recent threats and new vulnerabilities that have just been discovered and it’s 100% ad-free! The host, Johannes Ullrich, is the Dean of Research and a faculty member of the SANS Technology Institute; he distills a wealth of information about what security experts should be aware of in a 5-10 minute episode. It’s a great way to stay on top of zero-day threats without needing to sift through 2 hours of co-host banter. If you’re going to consistently listen to one podcast in this article, this is the one to listen to.

CISO-Security Vendor Relationship Podcast

David Spark, former stand-up comedian turned tech journalist and his co-host Mike Johnson, former Lyft CISO, do a wonderful job of taking a potentially mundane subject and turning it into a really fun 30-minute podcast episode. It’s the perfect show length to have nerdy jokes and cheeky segments like “What’s Worse?!” where they determine what security situation is worse. My absolute favorite segment is when they read marketing content from a vendor’s website and proceed to guess what type of business the vendor is in. They invite legit security experts or CISOs from other companies to participate and it’s an all-around enjoyable podcast to listen to.

Reply All

This probably isn’t what you were expecting because Reply All is already such a popular show (Gimlet was acquired by Spotify) but I just had to include it. They claim to be “a podcast about the internet” and even the hosts of the show, Alex Goldman and PJ Vogt, debate whether that’s true in several segments. But there are episodes that, I would argue, have such a good internet security story, that anyone working in the field of network security would benefit from listening to this show. While my favorite episode has to be Episode #102: Long Distance, the more security-focused ones that I enjoy are ones like Episode #130: Snapchat Thief and #135: Robocall: Bang Bang. Regardless of what industry you’re in, Reply All is a must because of its relevance to today’s internet privacy and security expectations.

BONUS:

Though it’s not a podcast, I’ve been intrigued by Google’s online text for Site Reliability Engineering (SRE). You can read it for free here: https://landing.google.com/sre/books/

When I first reviewed the Table of Contents, I thought it was going to be a snoozefest, but after reading snippets of it, I was surprised at how easy it was to read. They put in the effort to make this book simple and digestible. To be fair, I haven’t been reading these chapters in order, mostly skipping to chapters that I find interesting. My favorite chapter so far is the one about Monitoring Distributed Systems and The Four Golden Signals: https://landing.google.com/sre/sre-book/chapters/monitoring-distributed-systems/

Whether you’re a serious security expert or a casual IT hobbyist, these podcasts are great to listen to. They don’t get too deep in the weeds but also provide enough information to hold a conversation at your local water cooler. So throw some of these guilty pleasure episodes into the mix between your podcasts about investing and the 4-hour Joe Rogan Experience.

Alvin is a network security/performance evangelist and entrepreneur. His ramblings can be found at www.alvintai.com. Follow him @thealvintai