Podcasts are a go-to resource for security professionals – here's our roundup of 35 of the top podcasts covering information security.
For years information security podcasts have been a popular medium for digesting security news, keeping up with the latest threats, learning about recent incidents, and everything else you need to know to stay at the top of your game. Podcasts can be pretty entertaining, too. After all, no one gets security humor quite like your peers.
There are some fantastic podcasters hailing from the security field, bringing decades of experience, unique perspectives, and valuable insights to audiences around the world. We've rounded up 35 of our favorite, must-listen podcasts from top infosec pros, analysts, journalists, and more who aim to educate, entertain, and inform, breaking down hours of reading material into easy-to-digest podcast episodes. In other words, you can absorb hours' worth of security news and information in as little as half an hour or so – or, at least gain awareness of the most pressing threats and other news that you want to dig into further on your own.
If you're looking to expand your podcast subscriptions or spend your time more wisely by digesting security news and insights on your daily commute, here are our top 35 recommendations, sorted into four categories: Independent Podcasts, Educational and Professional Organization Podcasts, Media Podcasts, and Vendor Podcasts.
Security Now! is a weekly podcast featuring Steve Gibson and Leo Laporte who spend nearly two hours discussing vital security concerns ranging from news to long-standing issues and their solutions. Security Now! focuses on personal security, offering valuable insights to help their audience overcome common challenges and ramp up their personal security.
Three episodes you should check out from Security Now!:
Security Weekly covers IT security news, vulnerabilities, hacking, research, and related topics of interest for the information security community. Their goal is to reach a wide global audience to share insights and information that help them learn, grow, and become savvy security professionals. Hosted by Paul Asadoorian, Security Weekly has been going strong for 11 years.
Three episodes you should check out from Security Weekly:
- Episode500 - February 9, 2017 - Round Table and Episode 500 Celebration
- Episode497 - January 19, 2017 - Jason Blanchard, SANS and Bruce Potter, SchmooCon
- Episode493 - December 15, 2016 - Dave Shackleford, Voodoo Security and SANS Institute
First established in 2007, Risky Business is one of the most highly regarded and most-listened-to podcasts in the information security space. Risky Business aims to take a lighthearted look at information security news and has earned a reputation for covering the most alarming hacks and gaining insights from guests in-the-know.
Three episodes you should check out from Risky Business:
- Risky Business #440 -- Matt "PwnAllTheThings" Tait on the politicisation of infosec
- Risky Business #438 -- Rich Mogull: Infosec as we know it is over
- Risky Business #434 -- Mirai v2 is coming, Shadowbrokers latest and more
The Unsupervised Learning Podcast is hosted by Daniel Miessler, an information security professional and writer. Miessler digests three to five hours of reading about information security, technology, and people into a concise, 15 to 30-minute summarized podcast every week. There are dozens of podcasts in the Unsupervised Learning archive, providing a plethora of insights in a brief, entertaining format.
Three episodes you should check out from Unsupervised Learning:
- Unsupervised Learning: No. 64: Tax Phishing, Microsoft SMB Vulnerability, and more
- Unsupervised Learning: No. 62: An OWASP Gaming Security Framework, AMP is a horrible idea, the End of Twitter, and more
- Unsupervised Learning: No. 60: How we know Russia did it, the FBI using Best Buy, an IBM study on ransomware, and more
Rafal Los, James Jardine, and Michael Santarcangelo team up to deliver the Down the Security Rabbithole podcast, a weekly podcast first introduced in 2011. The podcast focuses on security from a business perspective and features regular guests who speak on current news and offer expert insights on the latest information security trends and happenings.
Three episodes you should check out from Down the Security Rabbit Hole:
- DtSR Episode 230 - The IoT You Got for Christmas
- DtSR Episode 229 - NewsCast for January 24th 2017
- DtSR Episode 226 - Targeted Threats Facts From Fiction
The Defensive Security podcast analyzes recent infosec news and disseminates it to identify valuable lessons that you can put to real-world use in protecting your company or your clients' companies. Hosted by Jerry Bell and Andrew Kalat, the Defensive Security Podcast offers new episodes two to three times each month for your listening pleasure.
Three episodes you should check out from Defensive Security Podcast:
- Defensive Security Podcast Episode 175
- Defensive Security Podcast Episode 172
- Defensive Security Podcast Episode 170
Cybersecurity scribe Ryan Naraine hosts a series of discussions around threat intelligence, penetration testing, bug bounties, red team exercises, and more. Ryan releases several episodes a month in which he discusses security with CEOs, CISOs, engineers, and researchers.
Three episodes you should check out from Security Conversations:
- Juan Andrés Guerrero-Saade on the nuances of threat intelligence
- Ivan Arce on hacking culture in Argentina
- Aanchal Gupta, Director of Security, Facebook, on how young women can overcome societal obstacles in security
Andy Willingham, Martin Fisher, Steve Ragan, and other hosts discuss information security, news, and conduct interviews with thought leaders and other personalities of interest within the information security community. An entertaining podcast held every few weeks, The Southern Fried Security Podcast is one you'll want to tune into. Check out iTunes for the most recent podcast archives.
Three episodes you should check out from The Southern Fried Security Podcast:
- Episode 172 - Security Awareness Deep Dive
- Episode 181 - WWDC Wish List with Guillaume Ross
- Episode 180 - Interview with Patrick Heim
Jay Jacobs and Bob Rudis host Data Driven Security, a podcast focused on "the journey to discovery and decision making through data in information security." A monthly podcast, Jacobs and Rudis cover everything data security, featuring leaders in the data science world and veterans from the information security sector.
Three episodes you should check out from Data Driven Security:
Timothy De Block's career started back in 2001 when he joined the U.S. Navy as an electronics technician. After serving in the military, De Block climbed the IT career ladder and discovered his interest in security after taking a role as a network and system administrator. He continues his work in security today and produces the Exploring Information Security podcast where he shares his expertise and talks with industry leaders about the latest happenings in the world of security.
Three episodes you should check out from Exploring Information Security:
The CyberJungle is co-hosted by digital forensic analyst Ira Victor and Samantha Stone, an award-winning journalist who also produces the show. Ira Victor is a sought-after expert in the cyber security realm, and Samantha Stone is a veteran broadcaster and reporter who specializes in politics and legislation. The duo provides an entertaining and informative take on the latest in security news and features thought leaders and insiders who weigh in on current happenings.
Three episodes you should check out from The CyberJungle:
Bryan Brake, host of Brakeing Down Security, is a CISSP who enjoys working in the security field and shares his love for the industry with his listeners. Brake talks about security, legal issues, privacy, and compliance, among other topics of interest to the security community.
Three episodes you should check out from Brakeing Down Security:
- 2017-005-mick douglas, avoid bad sales people, blue team defense tools
- 2017-004-sandboxes, jails, chrooting, protecting applications, and analyzing malware
- 2017-002: Threat Lists, IDS/IPS rules, and mentoring
Hacker Public Radio is an internet radio show that releases new episodes every weekday. HPR founders have a long history spanning more than a decade producing popular shows. A unique podcast, Hacker Public Radio is crowd-sourced, featuring news, insights, and discussion from community members.
Three episodes you should check out from Hacker Public Radio:
- hpr2227 :: FOSDEM 2017 H Building and the Hallway track
- hpr2221 :: HPR Community News for January 2017
- hpr2200 :: Episode one of the future of free software series
The Open Source Security Podcast is hosted by Josh Bressers and Kurt Seifried and covers a variety of information security topics with a focus on open source software. One of the newer podcasts on this list, Open Source Security was launched in September of 2016 but has already released an impressive 34 episodes, with new episodes each week.
Three episodes you should check out from Open Source Security Podcast:
- Episode 31 - XML is Never the Solution
- Episode 27 - Prove to me you are human
- Episode 3 - The Lock Picking Sewing Circle
The PVC Security Podcast is hosted by Paul R. Jorgensen, Edgar Rojas, Chris Maddalena, and Tracy Z. Maleeff, each bringing a unique perspective and valuable expertise to the table for a regular discussion about leadership and security.
Three episodes you should check out from PVC Security Podcast:
Hosted by ethical hacker and security aficionado Tom Eston and cyber security auditor and researcher Scott Wright, The Shared Security Podcast explores the trust placed in people, apps, and technology. The pair cover information security, privacy, the Internet of Things (IoT), mobile devices and apps, and everything in between.
Three episodes you should check out from The Shared Security Podcast:
- The Shared Security Podcast Episode 60 – The Secure Messaging Episode: Signal, WhatsApp, Facebook Messenger
- The Shared Security Podcast Episode 59 – Amazon Echo, Wifi Router Security, EFF Privacy Badger
- The Shared Security Podcast Episode 55 – IoT Horror Stories, Biometrics, Staying Safe Online
The Crypto-Gram Security Podcast is a unique offering, featuring a reading of Bruce Schneier's Crypto-Gram Newsletter aloud, read by Dan Henage with Schneier's permission. For commuters who don't have the time to read a regular newsletter, listening on your commute to one of the leading security news sources is a welcome alternative.
Three episodes you should check out from Crypto-Gram Security Podcast:
Educational and Professional Organization Podcasts
SANS is among the largest and most-trusted resources when it comes to security training and research. The SANS ISC Daily Stormcasts are an extension of the SANS Internet Storm Center and feature daily, 5-10 minute updates on security threats to keep professionals and businesses in the know regarding the latest and most pressing threats.
Three episodes you should check out from SANS ISC Daily Stormcasts:
- #NoPatchTuesday; #Adobe & #Websphere Patch; Operation Kingphish
- #RSAC2017; Collecting WiFi Client History; XAgent; Conference Phone
- #Samsung #KNOX Patch; #MongoDB Audit; Crypto in #PHP
CERT is a division of the Software Engineering Institute at Carnegie Mellon University. The CERT Division holds regular podcasts aiming to solve the nation's security challenges through general principles and starting points for business leaders who want to launch or improve on enterprise-wide security efforts.
Three episodes to check out from CERT Podcasts:
- Becoming a CISO: Formal and Informal Requirements
- Intelligence Preparation for Operational Resilience
- Building Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations
OWASP's 24/7 podcast series is hosted by executive producer Mark Miller, who interviews industry experts, volunteers, and security leaders to provide valuable insights on web application security.
Three episodes you should check out from OWASP Podcast:
- Security as Part of DevOps and Development with Jason Schmitt
- Interviews and Insights from AppSecEU 2016
- 2016 State of the Software Supply Chain Report Released
Deciphering the day's security news into a brief, easy-to-digest summary to give you the essential details you need to know to stay abreast of the security landscape, The Cyber Wire features an essential daily briefing and a longer podcast brought to you by Pratt Street Media. Published each weekday in the afternoon, during prime East Coast drive-time, this podcast catches you up on the day's events during your daily commute.
Three episodes you should check out from The Cyber Wire:
- Daily: Nation-states or criminal gangs? Update on Polish banking attacks. And an update on RSA.
- Daily: The Martin NSA-contractor case. Fileless malware hits banks worldwide. DDoS tools undergo refinement. Ransomware developments. Industry notes.
- Daily & Week in Review: Jailbreaking or forensics? W-2s and business email compromise. Router vulnerabilities. Windows zero-day. Enterprise security priorities. Iranians cyber ops and Iranian dissent. US-Russian cyber tensions.
Security Current is "an information and collaboration community by CISOs for CISOs." Hosted by a number of leading CISOs and other industry leaders such as Richard Stiennon, Gartner Research VP Anton Chuvakin, IBM Cloud and SaaS Global CISO David Cass, and others, Security Current focuses on the issues that matter to today's CISOs and the companies they serve.
Three episodes you should check out from Security Current:
- SC 96: David Cass, Global CISO IBM Cloud and SaaS Speaks with Chris Roberts, Acalvio Chief Security Architect, on Threat Deception, the Internet of Things and Technology Innovation
- SC 95: Matt Hollcraft, Maxim Integrated CISO, Speaks with Dan Schiappa, SVP & GM, Sophos Enduser Security Group on Ransomware, IoT and Hacking as a Business
- SC 93: IBM Cloud & SaaS Global CISO and ADP Vice President & Global Security Architect Discuss the Business and Technology Benefits of User Behavior Analytics (UBA) Tools
For the most up-to-date news on data breach prevention, detection, and notification, the Information Security Media Group's Data Breach Today Podcast is worth a listen. Hosted by the Data Breach Today staff, the Data Breach Today Podcast regularly features expert guests and commentators to discuss the most pressing data breach news of the day in short, easily digestible episodes.
Three episodes you should check out from Data Breach Today Podcast:
- Could Blockchain Support Secure Health Data Exchange?
- OT vs. IT Security: The Need for Different Approaches
- What It Takes to Achieve Digital Trust
The Security Ledger is an independent security news website founded in August 2012. Editors Paul Roberts and Robert Vamosi host the Security Ledger Podcasts, bringing you in-depth reporting and insights from security thought leaders about the most pressing infosec issues plaguing businesses and users today.
Three episodes you should check out from Security Ledger Podcasts:
- Cybersecurity: the other Elephant on the Campaign Trail
- Exclusive – Cyber Security in the Trump Administration: an Interview with Lt. Gen Michael Flynn
- Can Blockchain Save the Internet of Things?
Hak5 is an entertaining web show led by Darren Kitchen and Shannon Morse. Hak5 covers open source software, pen testing, network infrastructure, and everything in between. The flagship show is so popular that it's syndicated by Discovery Digital Networks, and Hak5 also produces numerous other sister shows including HakTip, ThreatWire, Metasploit Minute and TekThing.
Three episodes you should check out from Hak5:
- Advanced Password Recovery with Hashcat - Hak5 2122
- VM Packet Sniffing and Lasers - Hak5 2119
- Stealing Files with the USB Rubber Ducky Pt 3 - Hak5 2114
Root Access is a podcast brought to you by Cisco, hosted by Security Researcher Josh Pyorre. Focused on security and privacy, Root Access takes an in-depth look at events that shift the course of the Internet and how these events impact people's daily lives.
Three episodes you should check out from Root Access:
ThreatPost, Kaspersky Lab's security news service, is "the first stop for fast-breaking security news, conversations, and analysis from around the world." Providing a reputable, trustworthy source of news and information for today's security professionals, the ThreatPost Podcast Series, hosted by Chris Brook, is a must-add to any serious security pro's listening queue.
Three episodes you should check out from ThreatPost Podcast Series:
- Threatpost News Wrap, February 13, 2017
- Dino Dai Zovi on Securing Linux in Modern Workloads
- Justine Bone on St. Jude Vulnerabilities and Medical Device Security
Chester Wisniewski hosts the Sophos Chet Chat along with other members from the Sophos team. They cover major security events like DEF CON live, offer insights on major security breaches, industry news, and all things of interest to today's security and privacy professionals.
Three episodes you should check out from Sophos Chet Chat:
- That’s MY Facebook account/No it isn’t/Yes it IS! [Chet Chat Podcast 245]
- Yes, I can see your Pattern Lock code! [Chet Chat Podcast 257]
- Big breaches, bad blunders – and good news, too [Chet Chat Podcast 256]
Tripwire's Security Slice is an extension of its State of Security news portal, aiming to provide news, informative opinions, and valuable resources for security professionals looking to keep up with the constantly changing security landscape. Security Slice, hosted by Shelley Boose, has a broad audience and features interviews with leading industry experts.
Three episodes you should check out from Tripwire Security Slice:
- Security Slice: The Zero-Day Arms Race
- Security Slice – Sweet Security: Building a Defensive Raspberry Pi
- Security Slice: The Resurgence of Ransomware
With a new episode on the second Monday of each month, The Social Engineer Podcast is a regular show with a dedicated monthly topic. Host Chris Hadnagy has an interesting and informative perspective on social engineering, security, and other topics of interest to the security community.
Three episodes you should check out from The Social Engineer Podcast:
- Ep. 088 – Wisdom alone is not enough
- Ep. 089 – An Illusion of Unique Vulnerability
- Ep. 085 – A Psychologists View of Security for the Digital Age
The SurfWatch Cyber Risk Roundup is brought to you by SurfWatch Labs, delivering cyber risk intelligence solutions to aid businesses in understanding and acting on their cyber risks. A weekly show, SurfWatch Cyber Risk Roundup focuses on how cybercrime is impacting businesses today.
Three episodes you should check out from SurfWatch Cyber Risk Roundup:
- Episode 77: DNC Fallout Continues, LastPass Exploit Discovered and Bitcoin is Not Real Money
- Episode 76: Pokemon Go Tops Cybercrime Targets, GOP Unveils Cyber Platform and Other Risk Trends
- Episode 75: Healthcare Leaks, POS Breaches, and Latest Malware and Legal News
Software security pioneer Gary McGraw hosts the Silver Bullet Podcast by Cigital, featuring interviews, news, and commentary by industry leaders and relevant experts who share insights on the security threats and news impacting the world.
Three episodes you should check out by Silver Bullet Podcast by Cigital:
- Show 130: Jessy Irwin Discusses How to Make Security and Privacy Accessible
- Show 129: Kelly Lum Discusses Bug Hunting and a Unique Analytical Outlook on Security
- Show 127: Dr. Marie Moe Discusses Medical Device Security
The Virtualization and Cloud Security Podcast "provides an open forum to discuss all things related to Virtualization, Virtual Environment, and Cloud Computing Security." Hosted by The Virtualization Practice, The Virtualization and Cloud Security Podcast also makes video episodes available on YouTube.
Three episodes you should check out from The Virtualization and Cloud Security Podcast:
- #173 - Container Encryption
- #171 - Security in the Hybrid Cloud
- #168 - Encryption Up and Down the Stack
CYDEFE is all about making cyber defense simple. Hosted by Michael Evans and Micheil Fairweather, CYDEFE's mission is to help people understand the always-changing cyber landscape. With minicasts filling in the time between regular, full-length episodes, there's always something new to learn from CYDEFE.
Three episodes you should check out from CYDEFE:
- Minicast 5 The one about password leaks
- Episode 23 The one with Ben0xA
- Episode 22 The one after the long break
Aiming to bolster security awareness, DevelopSec is hosted by James Jardine, an information technology professional with more than 15 years of experience and founder and principal consultant at Jardine Software, Inc. Jardine is also a co-host for the Down the Security Rabbit Hole podcast, another popular show featured on this list.
Three episodes you should check out from DevelopSec:
- Ep. 63: Remember Me Feature: Security Considerations
- Ep. 61: Multi-factor Authentication
- Ep. 58: "Untrusted" Data
Bonus: SecurityCast Radio@securitycast
SecurityCast isn't a security podcast but instead a 24x7 streaming re-broadcast that aggregates many popular security podcasts, including much of this list. You can tune to SecurityCast anytime, anywhere and will be sure to catch quality content spanning a wide range of infosec topics, from security best practices and news to penetration testing and vulnerability research.