35 of the Best Information Security Podcasts to Follow in 2019
Podcasts are a go-to resource for security professionals – here's our roundup of 35 of the top podcasts covering information security.
Top 35 Information Security Podcasts
For years information security podcasts have been a popular medium for digesting security news, keeping up with the latest threats, learning about recent incidents, and everything else you need to know to stay at the top of your game. Podcasts can be pretty entertaining, too. After all, no one gets security humor quite like your peers. When you can't attend your favorite information security conferences, podcasts can help you stay on top of the latest trends. And, while reading infosec blogs might not be practical on your morning commute, listening to podcasts is a useful way to pass the time.
There are some fantastic podcasters hailing from the security field, bringing decades of experience, unique perspectives, and valuable insights to audiences around the world. We've rounded up 35 of our favorite, must-listen podcasts from top infosec pros, CISOs, analysts, journalists, and more who aim to educate, entertain, and inform, breaking down hours of reading material into easy-to-digest podcast episodes. In other words, you can absorb hours' worth of security news and information in as little as half an hour or so - or, at least gain awareness of the most pressing threats and other news that you want to dig into further on your own.
If you're looking to expand your podcast subscriptions or spend your time more wisely by digesting security news and insights on your daily commute, here are our top 35 recommendations, sorted into four categories: Independent Podcasts, Educational and Professional Organization Podcasts, Media Podcasts, and Vendor Podcasts.
Security Now! is a weekly podcast featuring Steve Gibson and Leo Laporte who spend nearly two hours discussing vital security concerns ranging from news to long-standing issues, concerns, and solutions. Security Now! focuses on personal security, offering valuable insights to help their audience overcome common challenges and ramp up their personal security.
Three episodes you should check out from Security Now!:
Security Weekly covers IT security news, vulnerabilities, hacking, research, and related topics of interest for the IT community by serving as a security podcast network. Their goal is to reach a wide global audience to share insights and information that help them learn, grow, and become savvy IT professionals. Hosted by Paul Asadoorian, various co-hosts, and special guests, Security Weekly has been going strong for 11 years.
First established in 2007, Risky Business is one of the most highly regarded and most-listened-to podcasts in the information security space. Risky Business aims to take a lighthearted look at information security news and has earned a reputation for covering the most alarming hacks and gaining insights from guests in-the-know.
Three episodes you should check out from Risky Business:
- Risky Business #537 -- Assange arrested, WordPress ecosystem on fire
- Risky Business #534 -- Manning back in clink, automotive industry under attack
- Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more
The Unsupervised Learning Podcast is hosted by Daniel Miessler, an information security professional and writer. Miessler digests five to twenty hours of reading books and articles and listening to podcasts about information security, technology, and people into a concise, summarized podcast of the latest happenings every week. There are dozens of podcasts in the Unsupervised Learning archive, providing a plethora of insights in a brief, entertaining format.
Three episodes you should check out from Unsupervised Learning:
Rafal Los and James Jardine team up to deliver the Down the Security Rabbithole podcast, a weekly podcast first introduced in 2011. The podcast focuses on security from a business perspective and features regular guests who speak on current news and offer expert insights on the latest information security trends and happenings.
Three episodes you should check out from Down the Security Rabbit Hole:
- DtSR Episode 343 - The 31st Human Right
- DtSR Episode 339 - Insuring Against Acts of Cyber War
- DtSR Episode 338 - Failure of Risk Management
The Defensive Security podcast analyzes recent infosec news and disseminates it to identify valuable lessons that you can put to real-world use in protecting your company or your clients' companies. Hosted by Jerry Bell and Andrew Kalat, the Defensive Security Podcast offers new episodes two to three times each month for your listening pleasure.
Three episodes you should check out from Defensive Security Podcast:
- Defensive Security Podcast Episode 235
- Defensive Security Podcast Episode 233
- Defensive Security Podcast Episode 232
The Privacy, Security & OSINT Show is a weekly dose of privacy, security and open source intelligence (OSINT) news and opinions. The podcast is hosted by Michael Bazzell, an OSINT privacy consultant.
Three episodes you should check out from The Privacy, Security, & OSINT Show:
- 116-OSINT Basics & Careers
- 115-Back to Basics: The Costs of Privacy
- 103-Intermediate Disinformation, Reputation Mgmt, & Usenet Archives
Smashing Security, hosted by security industry veterans Graham Cluley and Carole Theriault, is a fun chat about cybersecurity and online privacy. Not your typical security podcast, Smashing Security is a hilarious take on the week's tech snafus.
Three episodes you should check out from Smashing Security:
- 125: Pick of the thief!
- 121: Hijacked motel rooms, ASUS PCs, and leaky apps
- 118: The 's' in IoT stands for security
Host Jack Rhysider takes you on a journey through the dark side of the Internet. Rhysider talks all things privacy hacks, data breaches, and cybercrime in this bi-weekly podcast.
Three episodes you should check out from Darknet Diaries:
The CyberJungle is co-hosted by digital forensic analyst Ira Victor and Samantha Stone, an award-winning journalist who also produces the show. Ira Victor is a sought-after expert in the cyber security realm, and Samantha Stone is a veteran broadcaster and reporter who specializes in politics and legislation. The duo provides an entertaining and informative take on the latest in security news and talk with thought leaders and insiders who can weigh in on current happenings.
Three episodes you should check out from The CyberJungle:
Bryan Brake, host of Brakeing Down Security, is a CISSP who enjoys working in the security field and shares his love for the industry with his listeners. Brake talks about security, legal issues, privacy, and compliance, among other topics of interest to the security community with co-hosts Brian Boettcher and Amanda Berlin.
Three episodes you should check out from Brakeing Down Security:
- 2019-014-Tesla fails encryption, Albany and Sammamish ransomware attacks.
- 2019-012: OWASP ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 1
- 2019-009- Log-MD story, Noid, communicating with Devs and security people-part1
Hacker Public Radio is an internet radio show releasing new episodes every weekday, Monday through Friday. HPR founders have a long history spanning more than 13 years producing popular shows. A unique podcast, Hacker Public Radio is crowd-sourced, featuring news, insights, and discussion from community members.
Three episodes you should check out from Hacker Public Radio:
- hpr2796 :: IRS, Credit Freezes and Junk Mail Ohh My!
- hpr2794 :: Interview with Martin Wimpress
- hpr2791 :: LUKS like truecrypt
The Open Source Security Podcast is hosted by Josh Bressers and Kurt Seifried and covers a variety of information security topics with a focus on open source software. One of the newer podcasts on this list, Open Source Security was launched in September of 2016 but has already released an impressive 34 episodes, with new episodes each week.
Three episodes you should check out from Open Source Security Podcast:
- Episode 141 - Timezones are hard, security is harder
- Episode 140 - Good enough security is a pretty high bar
- Episode 135 - Passwords, AI, and cloud strategy
Hosted by ethical hacker and security aficionado Tom Eston and cyber security auditor and researcher Scott Wright, The Shared Security Podcast explores the trust placed in people, apps, and technology. The pair cover everything falling under the umbrellas of information security, privacy, the Internet of Things (IoT), mobile devices and apps, and everything in between.
Three episodes you should check out from The Shared Security Podcast:
- The State of Cybersecurity Training and Certifications with Kevin Johnson
- Amazon Echo Recording Controversy, New Mobile Phone Scam, Hotels Leaking Data
- Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, World's Most Dangerous Malware
The Crypto-Gram Security Podcast is a unique offering, featuring a reading of Bruce Schneier's Crypto-Gram Newsletter aloud, read by Dan Henage with Schneier's permission. For commuters who don't have the time to read a regular newsletter, listening on your commute to one of the leading security news sources is a welcome alternative.
Three episodes you should check out from Crypto-Gram Security Podcast:
A weekly podcast, Cyber Security Interviews is hosted by Douglas A. Brush who interviews influencers, thought leaders, and other individuals who shape the cyber security industry. Brush explores their journeys into the cyber security field and where they think the cyber security industry is headed.
Three episodes you should check out from Cyber Security Interviews:
- #067 - Fred Kneip: Compliance Doesn't Equal Security
- #065 - Lizzie Cookson: Attackers Adapt with Us
- #063 - Dean Sysman: You Are Swamped with Data
Educational and Professional Organization Podcasts
SANS is the largest and most-trusted resource when it comes to security training and research. The SANS ISC Daily Stormcasts are an extension of the SANS Internet Storm Center and features 5-10 minute updates on security threats each work day to keep professionals and businesses in the know regarding the latest and most pressing threats.
Three episodes you should check out from SANS ISC Daily Stormcasts:
- Finding Domain Admins; X-Protect Covering PE Files; Hotspot Password Leak; Github Hosting Phishing Pages
- Malicious UDF Files; Facebook Clear Text Passwords; Iranian Hackers Hacked; Win8 Live Tiles Takeover
- MTA-STA; AirBNB Cameras; VPN Credentials; MSIE XXE Vulnerability
The Software Engineering Institute at Carnegie Mellon University offers the SEI Podcast Series, presenting conversations in areas such as software engineering, cybersecurity, and future technologies. Podcasts focus on topics aiming to solve the nation's security challenges through general principles and starting points for business leaders who want to launch or improve on enterprise-wide security efforts.
Three episodes to check out from SEI Podcast Series:
- Applying Best Practices in Network Traffic Analysis
- Women in Software and Cybersecurity: Bobbie Stempfley
- 10 Types of Application Security Testing Tools and How to Use Them
OWASP's 24/7 podcast series is hosted by executive producer Mark Miller, who interviews industry experts, volunteers, and security leaders to provide valuable insights on web application security. Here, you'll also find an archive of an original podcast series hosted by Jim Manico, who interviewed OWASP volunteers and other thought leaders in the field of web application security.
Three episodes you should check out from OWASP Podcast:
- Less than 10 Minutes Series: OWASP DockerHub with Simon Bennetts
- Security Processes at the Apache Software Foundation w/ Mark Thomas and Brian Fox
- Struts2 Vulnerabilities: Who Is Responsible?
A cybersecurity-focused news service, The CyberWire podcasts offer a glimpse into what's happening in cyber space. Offering clear and concise summaries of the latest news and essential details you need to know to stay abreast of the security landscape, The CyberWire includes both daily briefings and longer podcasts syndicated from partners.
Three episodes you should check out from The CyberWire Podcast:
- CyberWire Daily: Mueller Report is out. Sea Turtle DNS-manipulation campaign.
- CyberWire Daily: Sri Lanka bombing investigation update. Christchurch call.
- CyberWire Daily: Spearphishing from "Luhansk," Pro-Assange hacktivism.
Security Current is an information and collaboration community founded by veteran journalist and IT network security marketing executive Aimee Rhodes. Offering CISO insights, peer-driven research and analysis, practical advice and discussion, Security Current gives executives the insights they need to make knowledgeable decisions. Hosted by a number of leading CISOs and other industry leaders, Security Current focuses on the issues that matter to today's CISOs and the companies they serve.
Three episodes you should check out from Security Current:
- EDR for All - Bitdefender Discusses Best Practices for Implementing Endpoint Detection and Response Technology
- Tufin Talks Increasing Security and Agility Through Security Policy Orchestration
- Bay Dynamics CEO Discusses How to Gain Insight in to Security Risks Using User Behavior Analytics
For the most up-to-date news on data breach prevention, detection, and notification, the Data Breach Today Podcast is worth a listen. Hosted by the Data Breach Today staff, the Data Breach Today Podcast features interviews with leading experts and thought leaders in the field who offer commentary on the latest cybersecurity news, practical advice for overcoming common security challenges, and more.
Three episodes you should check out from Data Breach Today Podcast:
- The Dangers of Unsecured Medical Devices
- Not So 'Smart' - Child Tech Has Hackable Flaws
- Privacy and Security: Finding the Balance
The Security Ledger is an independent security news website founded in August 2012. Founder and Editor-in-Chief Paul Roberts hosts the Security Ledger Podcasts, bringing you in-depth reporting and insights from security thought leaders about the most pressing infosec issues plaguing businesses and users today.
Three episodes you should check out from Security Ledger Podcasts:
- Podcast Episode 142: On Supply Chains Diamond-based Identities are forever
- Podcast Episode 141: Massive Data Breaches Just Keep Happening. We Talk about Why.
- Podcast Episode 139: the State(s) of Right to Repair and API Insecurity on GitHub
A podcast from 2600: The Hacker Quarterly, Off the Hook discusses the hacker's view of emerging technology and the threat landscape. Offering updates on security flaws from the hacker's perspective, as well as the latest news from the hacker community, Off the Hook is an informative listen for information security professionals. The show airs every Wednesday evening at 7pm EST.
Host Ben Makuch talks to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox each week about their latest breaking stories, as well as to the most famous hackers in the industry, security researchers, and thought leaders, discussing the latest trends, cyber security news, and more.
Three episodes you should check out from Cyber Motherboard:
- The Dark Overlord and the 9/11 Insurance Files Hack
- Why The ASUS Supply Chain Hack Is a Big Deal
- How Google Tracks Hackers
Brought to you by Carbonite, Breach is a new podcast that investigates history's most notorious data breaches, digging into the who, why, and how of the biggest breaches in history with IT security experts, technology reporters, and white hat hackers. Breach is hosted by award-winning cybersecurity journalist Bob Sullivan and veteran podcast producer Alia Tavakolian.
Three episodes you should check out from Breach:
- Equifax Data Breach: Is Privacy Dead
- Equifax Data Breach: The Response
- Equifax Data Breach: What Went Wrong
Hak5 is an entertaining web show led by Darren Kitchen and Shannon Morse that's now the longest running show on YouTube. Hak5 also develops innovative penetration testing devices and immersive information security training in addition to its award-winning weekly podcast. Hak5 covers open source software, pen testing, network infrastructure, and everything in between. The flagship show is so popular that it's syndicated by Discovery Digital Networks, and Hak5 also produces numerous other sister shows including HakTip, ThreatWire, and Metasploit Minute.
Three episodes you should check out from Hak5:
- Inside Glytch's hacker bag - Hak5 2515
- WiFi Hacking Workflow - The NEW WiFi Pineapple 2.5 Firmware - Hak5 2514
- Shell Escape Tricks for Bash & Powershell - Hak5 2508
Defrag This, hosted by Greg Mooney, is a podcast from Ipswitch that aims to help listeners cope with the hurdles that are seemingly cropping up everywhere you look, from the latest malware threat to hardware failures and user errors. Designed for IT professionals, Defrag This offers insights on the latest trends, commentary on IT news, and more.
Three episodes you should check out from Defrag This:
- Podcast: Does Brexit Outcome Have Any Effect On Compliance?
- Podcast: How DevOps Teams Use Network Monitoring Tools
- Podcast: Artificial Intelligence Vs. Automation For SecOps Teams
Threatpost, Kaspersky Lab's security news service, is "the first stop for fast-breaking security news, conversations, and analysis from around the world." Providing a reputable, trustworthy source of news and information for today's security professionals, the Threatpost Podcast Series is a must-add to any serious security pro's listening queue.
Three episodes you should check out from ThreatPost Podcast Series:
- Podcast: Chris Vickery on UpGuard's Discovery of Millions of Facebook Records
- Podcast: The High-Risk Threats Behind the Norsk Hydro Cyberattack
- Podcast: Emotet Grows With Fast-Evolving Tactics
30. Sophos Naked Security Podcast
Hosts: The Sophos Team
The Sophos team hosts the Naked Security podcast, offering coverage of major security events like DEF CON live, insights on major security breaches, industry news, and all things of interest to today's security and privacy professionals.
With a new episode on the second Monday of each month, The Social Engineer Podcast is a regular show with a dedicated monthly topic. Host Chris Hadnagy has an interesting and informative perspective on social engineering, security, and other topics of interest to the security community.
Three episodes you should check out from The Social Engineer Podcast:
- Ep. 113 - Nutrition Facts for Online Information with Clint Watts
- Ep. 111 - Crypto AI Blockchain Smoothies at Walmart with Nick Furneaux
- Ep. 101 - Flash Bangs: The Reformation of a Social Engineer
The SurfWatch Cyber Chat is brought to you by SurfWatch Labs, delivering cyber risk intelligence solutions to aid businesses in understanding and acting on their cyber risks. A weekly show, SurfWatch Cyber Chat includes Q&A sessions with cybersecurity experts as well as weekly cyber risk news.
Three episodes you should check out from SurfWatch Cyber Risk Roundup:
- Talking Fraud with Chargebacks911's Monica Eaton-Cardone
- Talking the Threat Intelligence Mind Map and How It Can Help Organizations
- Talking the Expanding Digital Risk Footprints of Organizations
Tenable's Cyber Exposure Podcast features conversations and interviews on vulnerability management, cyber exposure, and general security topics. Cyber Exposure is hosted by Bill Olson, Tenable's Technical Director, and Gavin Millard, a certified ethical hacker. This is a newer podcast, meaning there are lots of great interviews and commentary to come.
Security Insider, hosted by Patrick Townsend of Townsend Security, is your source of insights on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.
Three episodes you should check out from Security Insider:
- Why Encryption is Critical to FinTech
- Identify Escalated Privilege Attacks on IBM i
- MongoDB, Big Data, and Encryption
Aiming to bolster security awareness, DevelopSec is hosted by James Jardine, an information technology professional with more than 15 years of experience and founder and principal consultant at Jardine Software, Inc. Jardine is also a co-host for the Down the Security Rabbit Hole podcast, another popular show.
Three episodes you should check out from DevelopSec:
Bonus: SecurityCast Radio
SecurityCast isn't a security podcast but instead a 24x7 streaming re-broadcast that aggregates many popular security podcasts, including much of this list. You can tune to SecurityCast anytime, anywhere and will be sure to catch quality content spanning a wide range of infosec topics, from security best practices and news to penetration testing and vulnerability research.