As offices everywhere start to quiet down for the season, we have our top 8 recommendations ready for your holiday podcast playlist. At runZero, we understand how important it is to keep learning. Many of us learn through podcasts that have become invaluable resources, offering insights, analysis, and sometimes a dose of humor.

Cybersecurity is relevant to more and more of our lives. So it’s no surprise that the podcasts we listen to also range widely. We made a list of the best cybersecurity podcast episodes from 2023. The podcasts talk about funny stories and detailed discussions on OT/ICS security, social engineering, application security, and other important topics in our field. Join us on this auditory journey as we break down our favorite episodes.

Number 8 – Smashing Security #308: Jail after VPN fail, criminal messaging apps, and wolf-crying watches #

Listen: Smashing Security #308

In episode 308, the Smashing Security crew adds a touch of humor to the serious world of cybersecurity. The recount of the ANOM messaging app, engineered by the FBI, reveals the amusing side of cybercrime investigations. With 27,000 messages shared unknowingly with the US investigative organization, leading to the arrest of 80 criminals in 16 countries, this episode proves that even in the cybersecurity world, truth can be stranger than fiction.

Number 7 – BHIS - Talkin about Infosec News 6 December 2023 #

Listen: BHIS - Talkin about Infosec News 6 December 2023

The Black Hills Information Security team humorously rates “hacked screens” in this episode, which was immensely entertaining. They also emphasize a major problem: recent breaches in water facilities. As advocates for OT/ICS security, runZero appreciates discussions that raise awareness of vulnerabilities in these environments.

Number 6 – Unsolicited Response - Interview with HD Moore #

Listen: Unsolicited Response - Interview with HD Moore

In a deep dive into OT/ICS security, runZero’s HD Moore converses with Dale Peterson about OT modules in Metasploit. They also discuss the challenges of creating an asset inventory for these “fragile” OT devices. They specifically talk about how HD successfully solved the technical hurdles against active scanning in OT environments. This episode provides valuable insights into securing critical infrastructure.

Number 5 – Breadcrumbs by TraceLabs - Social Engineering and OSINT #

Listen: Breadcrumbs by TraceLabs - Social Engineering and OSINT

The story of one person’s ongoing journey of learning and personal growth in the security industry. Chris Kirsch from runZero recounts his adventures in social engineering, culminating in a victory at DEF CON where he earned a black badge.

Number 4 – Cybersecurity Defenders Podcast - Tips for submitting papers to conferences #

Listen: Cybersecurity Defenders Podcast - Tips for submitting papers to conferences

DEF CON is just one of the many security conferences. Lead organizer of BSidesNYC and runZero team member Huxley Barbee shares valuable insights on speaking at conferences. This episode offers practical advice for cybersecurity professionals, covering everything from generating ideas to delivering a great presentation.

Number 3 – SANS Internet Storm Center Daily StormCast #

Listen: SANS Internet Storm Center Daily StormCast

A daily ritual for some on the runZero team, the SANS Internet Storm Center’s Daily StormCast delivers concise updates on new vulnerabilities. This podcast is so useful, the ENTIRE podcast series earns a spot on our list for providing information that is timely and easy to understand.

Number 2 – SC Magazine #263: AppSec in 2023 and 2024 #

Listen: SC Magazine #263: AppSec in 2023 and 2024

Karl Triebes analyzes the trends of the past year and provides insights into what security professionals can expect in 2024. With a focus on application security, this episode highlights the evolving challenges in the industry and how API abuse continues to be the wild west of access.

Number 1 – Risky Business #701: Why infosec is wrong about TikTok #

Listen: Risky Business #701: Why infosec is wrong about TikTok

HD Moore returns in Risky Business, discussing how APIs of various productivity suites and directory services can reveal crucial information. One example is how the data recorded by Google Drive’s desktop version can be similar to a lightweight MDM. The same information can be useful for defenders who want to track down device owners to speed remediation.

In this episode, Pat Gray and guests also discuss cl0p’s exploits of security file transfer services, Accellion and GoAnywhere MFT, three months before cl0p’s exploit of MOVEit came to light. We had discussed on on the first runZero Hour webcast that it was potentially the most impactful vulnerability of 2023.

At runZero, we believe that staying informed is key to effective cybersecurity. Happy listening and happy holidays!

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved