As offices everywhere start to quiet down for the season, we have our top 8 recommendations ready for your holiday podcast playlist. At runZero, we understand how important it is to keep learning. Many of us learn through podcasts that have become invaluable resources, offering insights, analysis, and sometimes a dose of humor.
Cybersecurity is relevant to more and more of our lives. So it’s no surprise that the podcasts we listen to also range widely. We made a list of the best cybersecurity podcast episodes from 2023. The podcasts talk about funny stories and detailed discussions on OT/ICS security, social engineering, application security, and other important topics in our field. Join us on this auditory journey as we break down our favorite episodes.
Number 8 – Smashing Security #308: Jail after VPN fail, criminal messaging apps, and wolf-crying watches #
Listen: Smashing Security #308
In episode 308, the Smashing Security crew adds a touch of humor to the serious world of cybersecurity. The recount of the ANOM messaging app, engineered by the FBI, reveals the amusing side of cybercrime investigations. With 27,000 messages shared unknowingly with the US investigative organization, leading to the arrest of 80 criminals in 16 countries, this episode proves that even in the cybersecurity world, truth can be stranger than fiction.
Number 7 – BHIS - Talkin about Infosec News 6 December 2023 #
Listen: BHIS - Talkin about Infosec News 6 December 2023
The Black Hills Information Security team humorously rates “hacked screens” in this episode, which was immensely entertaining. They also emphasize a major problem: recent breaches in water facilities. As advocates for OT/ICS security, runZero appreciates discussions that raise awareness of vulnerabilities in these environments.
Number 6 – Unsolicited Response - Interview with HD Moore #
Listen: Unsolicited Response - Interview with HD Moore
In a deep dive into OT/ICS security, runZero’s HD Moore converses with Dale Peterson about OT modules in Metasploit. They also discuss the challenges of creating an asset inventory for these “fragile” OT devices. They specifically talk about how HD successfully solved the technical hurdles against active scanning in OT environments. This episode provides valuable insights into securing critical infrastructure.
Number 5 – Breadcrumbs by TraceLabs - Social Engineering and OSINT #
Listen: Breadcrumbs by TraceLabs - Social Engineering and OSINT
The story of one person’s ongoing journey of learning and personal growth in the security industry. Chris Kirsch from runZero recounts his adventures in social engineering, culminating in a victory at DEF CON where he earned a black badge.
Number 4 – Cybersecurity Defenders Podcast - Tips for submitting papers to conferences #
Listen: Cybersecurity Defenders Podcast - Tips for submitting papers to conferences
DEF CON is just one of the many security conferences. Lead organizer of BSidesNYC and runZero team member Huxley Barbee shares valuable insights on speaking at conferences. This episode offers practical advice for cybersecurity professionals, covering everything from generating ideas to delivering a great presentation.
Number 3 – SANS Internet Storm Center Daily StormCast #
Listen: SANS Internet Storm Center Daily StormCast
A daily ritual for some on the runZero team, the SANS Internet Storm Center’s Daily StormCast delivers concise updates on new vulnerabilities. This podcast is so useful, the ENTIRE podcast series earns a spot on our list for providing information that is timely and easy to understand.
Number 2 – SC Magazine #263: AppSec in 2023 and 2024 #
Listen: SC Magazine #263: AppSec in 2023 and 2024
Karl Triebes analyzes the trends of the past year and provides insights into what security professionals can expect in 2024. With a focus on application security, this episode highlights the evolving challenges in the industry and how API abuse continues to be the wild west of access.
Number 1 – Risky Business #701: Why infosec is wrong about TikTok #
Listen: Risky Business #701: Why infosec is wrong about TikTok
HD Moore returns in Risky Business, discussing how APIs of various productivity suites and directory services can reveal crucial information. One example is how the data recorded by Google Drive’s desktop version can be similar to a lightweight MDM. The same information can be useful for defenders who want to track down device owners to speed remediation.
In this episode, Pat Gray and guests also discuss cl0p’s exploits of security file transfer services, Accellion and GoAnywhere MFT, three months before cl0p’s exploit of MOVEit came to light. We had discussed on on the first runZero Hour webcast that it was potentially the most impactful vulnerability of 2023.
At runZero, we believe that staying informed is key to effective cybersecurity. Happy listening and happy holidays!
