My favourite podcasts

 Keeping up with industry news, and the latest research and developments from Information Security is no small task. Over the years I listened to many InfoSec podcasts. Some are great and I have stuck with them for many years, others have come and gone. In this post, I'm going list my personal favourites.

Daily News

Read all about it. Get the latest, up to date InfoSec news from around the world. 

ISC Stormcast

If you only have 5-10 mins to listen during your morning coffee then this is the one. I try to listen to this one every day. Chances are if something big is breaking you're going to hear about it here first.  Often the shows point the way to further information for interesting research and features the latest malware techniques you should be aware of.   
Presented by the Dr. Johannes Ullrich Dean of Research for SANS Technology Institute and SANS Faculty Fellow, and founder of the SANS Internet Storm Center (ISC),  with frequent contributions from the ISC Incident Handlers and SANS Bachelors and Masters degree programs alumni. 

Weekly News

Once a week I really enjoy an in-depth review of the week’s comings and goings in InfoSec.


Risky Biz

You simply can't beat the Risky Biz news and analysis hosted by Patrick Gray, an award winning journalist with his regular co-host Adam Boileau of Insomnia Security. Not only do you get a thorough run-down of the week’s news with real insight into new attacks but you also are kept thoroughly entertained in the process. Pat Gray has a quick wit and Aussie turn of phrase that makes the show a real giggle but make no mistake this is serious journalism;  Adam Boileau's expertise as a Penetration Tester and Security Researcher really brings home the detail of each story. Each episode of the show has a news section and sponsored interview, these are really interesting with many industry luminaries and experts talking on wide variety of subjects. 

Application Security Weekly

If you're not into Application Security; why not? One of the most interesting areas that has emerged in recent years.  Everything, and I do mean EVERYTHING, is made from code now, and this is where InfoSec starts its journey.  Regular anchorman Mike Shema, from whom the best podcast intros ever  heard come, and John Kinsella co-founder and CTO of Cysense delving deep into the application security news and featuring so great guests with insights into a variety of areas such as DevSecOps, Threat modelling and more. This podcast is from the Security Weekly stable of InfoSec podcasts, so there is much more there if my picks have only served to whet your appetite. 

Magazine Program

As a blue teamer I need my regular serial with features from around the world of InfoSec. 

Blueprint

It's back for a third season! Hosted by SANS Senior Instructor John Hubbard, the podcast produced by the SANS Blue Team.  There is a real variety of topics discussed here from SOC 2 audits or AI/ML - keeping that blue team focus throughout. Each season is released annually and is around ten episodes, so if you need to catch-up you can binge-listen from the beginning.   This is one of the best I've come across, I'm glad to see they are back again with another set of episodes. 



Comments

Post a Comment

Popular posts from this blog

Squid Proxy with SOF-ELK Part 1

Image
In this post I wanted show how a Squid Proxy could be used with OpenDNS to provide a simple but effective security for home  or small business. This blog post was inspired by the SANS course SEC530 Security Architecture & Engineering  which leads to the GIAC Defensible Security Architecture (GDSA) certification. This is a great course for anyone looking to develop and improve their 'full stack' defensive posture.  Monitoring is by courtesy of SOF-ELK , one of the many tools by those nice people at SANS .  SOF-ELK is used in a few SANS course including FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response ,  and SEC555 SIEM with Tactical Analytics . OpenDNS Enterprise is now Cisco Umbrella , however, the OpenDNS Home service is available for free and small businesses can use the Prosumer services for a modest fee. The fist step is to install a CentOS 7 minimal and then apply the latest updates. In order to use the OpenDNS Home service I inst
Read more

Netflow analysis with SiLK - Part 1 Installation

Image
About netsa SiLK SiLK provides a way to capture netflow and interrogate flow data. It can be used for a variety of purposes including situational awareness, forensics and anomaly detection. Installing SiLK Prerequisites Before installing SiLK examine the perquisites for the build. I’m using CentOS 6.3 minimal install with a virtual machine disk of 100GB in total with a separate partition for /data of about 60GB. The virtual machine will be allocated 4GB of RAM and 2 virtual processors. Configure the network settings for your lab environment. In order to use YUM for installing software the the lab system will require access to the Internet. Download the following source code files from the netsa CERT project home page libfixbuf-1.2.0.tar.gz netsa-python-1.3.tar.gz silk-2.5.0.tar.gz yaf-2.3.2.tar.gz Copy the required packages to the /usr/local/src directory. If you are using scp to copy over the packages dont’ forget ‘yum install openssh-clients’ first on the serv
Read more

CI/CD Pipeline Security & Shifting Left

Image
Recently I have been doing far more AppSec work in Agile, Lean environment. I also took the SANS SEC 540 course Cloud Security and DevSecOps Automation  which has lots of really great exercises but I like to try to create some of my own examples.  In this one I wanted to create a CI/CD (Continuous Integration/Delivery) pipeline that integrates Static Analysis Software Testing (SAST) and Software Composition Analysis (SCA) and finally some Postman testing of API endpoints that include negative test (more on this later). To start with I needed some example code so I found an example and adapted it to my own needs. The code along with the other supporting files like the Jenkinsfile can found on my GitHub under Planetary-API . Please note, I don't claim to be the best coder in the world :-) I chose an API partly for simplicity of the examples and partly because there are things I wanted to explore further later in terms of bearer authentication and the use of JWTs (for another project
Read more