July 01, 2010, 7:52 AM — by Matt Neely, SecureState - It may be cliché but security is an ever-changing world. I am often asked how I keep up to date on the latest security trends and news in this rapidly changing world. The two primary tools I use to do this are security podcasts and Twitter. Being a consultant I spend a lot of time on the road and have long periods of free time while driving or flying to clients' sites. While on the road, or during my daily commute, I fill those open hours by listening to podcasts. I am going to discuss the security podcasts I listen to, with a short description of each one. In a future post I'll discuss how I use Twitter to keep in touch with the security community and stay on top of emerging trends.
ASIS Security Management Podcast is a monthly podcast containing highlights from the ASIS Security Management magazine. The magazine and podcast tend to be heavily focused on physical security, but there is some information security mixed in also. This is a great podcast if you want to learn more about physical security.
Crypto-Gram Security Podcast is simply Bruce Schneier's monthly Crypto-Gram newsletter read aloud by Dan Henage. If you don't have time to read the printed version of Crypto-Gram, this is a great way to keep up to date on a fascinating newsletter. If you haven't read the Crypto-Gram newsletter you owe it to yourself to check out this podcast. I leave every podcast thinking about a security problem or issue in a new way.
CyberSpeak is a podcast focused on forensics. It is hosted by two formal federal agents who have spent their careers doing data forensics work. This show covers everything from basic to cutting edge forensic techniques. Whether you are a novice in forensics or an experienced forensics examiner, you will learn something from each episode.
Eurotrash Security Podcast comes to us from a band of security professionals and hackers based in Europe. This is one of the few podcasts that covers information security from a European point of view, so it is curious to see how security concerns over there line up and differ from the concerns in the States.
Exotic Liability Podcast is often offensive, usually informative, but always a fun time. This podcast is definitely not safe for work. So be careful where you listen to it. I recommend skipping this podcast if you are offended at obscene language and concepts. Topics usually focus on penetration testing and social engineering. The hosts also have some entertaining war stories about penetration testing.
OWASP Security Podcast focuses on all aspects of web application security. Many of the episodes are short interviews with experts in this field. This podcast is a wonderful way to learn about or keep on top of web application security topics.
Network Security Podcast is a weekly security news podcast covering new stories from the previous week. This show covers all aspects of security. The hosts comment on the news stories, often adding insight which makes the program well worth the listen.
PaulDotCom Security Weekly focuses on the technical side of security. Shows usually include a technical segment, new stories from the previous week, and interviews with special guests. If you want to learn more about the technical side of security this is a podcast you must check out. They also provide very detailed show notes which can be helpful when trying to implement an attack discussed on the show. An episode of PaulDotCom Security Weekly often is broken into two parts and the entire weekly show usually runs two to three hours. If I am running short on podcast time in a week, I also will use the show notes to determine what topics are of interest so I can fast forward to that portion of the podcast.
Risky Business is a news show which focuses on security from down under. The host of the show, Patrick Gray, does a very good job of explaining security concepts and concerns. Patrick also has a good handle on the importance of balancing security with business requirements, something many security folks forget. Because of these two factors, this is a great show for someone just getting into security.
SANS Audio Cast is a short weekly newscast produced by SANS. Episodes tend to be ten to fifteen minutes long so it is a great way to quickly catch up on the hot security news from the previous week. Even if I am running behind on podcasts, I try to listen to this one the week it is released while the information is still fresh.
SecuraBit Podcast is a security news podcast that focuses on technical security topics. I mainly listen to SecuraBit for the special guests they have, who tend to be big names in the security community.
Security Justice is hands down the best security podcast ever made. This monthly podcast covers a variety of security topics but tends to lean more toward physical security and the convergence of physical and logical security. This also is the only security podcast recorded live in a bar. Because this podcast is recorded in a bar, expect bar like language that may not be safe for work. Also in the interest of full disclosure, I should state the author of this post is also a co-host on this show so his views of the show are most likely biased.
Social Media Security Podcast focuses on the security concerns related to social media sites such as Facebook, Twitter, MySpace, and LinkedIn. The team that runs socialmediasecurity.com hosts the show. This podcast is a great way to learn about the threats in the emerging area of social media. The show also provides great case studies and stories that can be used for end user education and awareness training.
Social-Engineering.org Podcast is a monthly podcast focusing on social engineering. Produced by the team that run social-engineering.org, the podcast covers a number of topics related to social engineering. This podcast brings in some amazing guests. At first the guest's or show topic's relationship to social engineering might not be clear, but hang in there and the team always ties in how they relate. At its roots this podcast is about how to influence people, which is an important skill for any security professional to have. So even if you are not interested in social engineering, I still recommend you check out a few episodes of this podcast.
The Southern Fried Security Podcast looks at security from the CSO and management level, which is a welcome change from the often technical-heavy security podcasts. The podcast focuses on integrating security into a business and the importance of balancing the business needs with security. Most security professionals have a hard time achieving this balance, so do your self a favor and listen to at least a few episodes of this podcast.
If any of these podcasts sound interesting to you, I recommend you download a few episodes and give them a listen.
What security podcasts do you listen to? Any podcast you think I should start listening to? If so, tell me why in the comments.
Matt Neely is a security researcher at SecureState