Top 8 Podcasts Picks of 2023: Navigating the Cybersecurity Soundscape


As offices everywhere start to quiet down for the season, we have our top 8 recommendations ready for your holiday podcast playlist. At runZero, we understand how important it is to keep learning. Many of us learn through podcasts that have become invaluable resources, offering insights, analysis, and sometimes a dose of humor.

Cybersecurity is relevant to more and more of our lives. So it’s no surprise that the podcasts we listen to also range widely. We made a list of the best cybersecurity podcast episodes from 2023. The podcasts talk about funny stories and detailed discussions on OT/ICS security, social engineering, application security, and other important topics in our field. Join us on this auditory journey as we break down our favorite episodes.

Number 8 – Smashing Security #308: Jail after VPN fail, criminal messaging apps, and wolf-crying watches #

Listen: Smashing Security #308

In episode 308, the Smashing Security crew adds a touch of humor to the serious world of cybersecurity. The recount of the ANOM messaging app, engineered by the FBI, reveals the amusing side of cybercrime investigations. With 27,000 messages shared unknowingly with the US investigative organization, leading to the arrest of 80 criminals in 16 countries, this episode proves that even in the cybersecurity world, truth can be stranger than fiction.

Number 7 – BHIS - Talkin about Infosec News 6 December 2023 #

Listen: BHIS - Talkin about Infosec News 6 December 2023

The Black Hills Information Security team humorously rates “hacked screens” in this episode, which was immensely entertaining. They also emphasize a major problem: recent breaches in water facilities. As advocates for OT/ICS security, runZero appreciates discussions that raise awareness of vulnerabilities in these environments.

Number 6 – Unsolicited Response - Interview with HD Moore #

Listen: Unsolicited Response - Interview with HD Moore

In a deep dive into OT/ICS security, runZero’s HD Moore converses with Dale Peterson about OT modules in Metasploit. They also discuss the challenges of creating an asset inventory for these “fragile” OT devices. They specifically talk about how HD successfully solved the technical hurdles against active scanning in OT environments. This episode provides valuable insights into securing critical infrastructure.

Number 5 – Breadcrumbs by TraceLabs - Social Engineering and OSINT #

Listen: Breadcrumbs by TraceLabs - Social Engineering and OSINT

The story of one person’s ongoing journey of learning and personal growth in the security industry. Chris Kirsch from runZero recounts his adventures in social engineering, culminating in a victory at DEF CON where he earned a black badge.

Number 4 – Cybersecurity Defenders Podcast - Tips for submitting papers to conferences #

Listen: Cybersecurity Defenders Podcast - Tips for submitting papers to conferences

DEF CON is just one of the many security conferences. Lead organizer of BSidesNYC and runZero team member Huxley Barbee shares valuable insights on speaking at conferences. This episode offers practical advice for cybersecurity professionals, covering everything from generating ideas to delivering a great presentation.

Number 3 – SANS Internet Storm Center Daily StormCast #

Listen: SANS Internet Storm Center Daily StormCast

A daily ritual for some on the runZero team, the SANS Internet Storm Center’s Daily StormCast delivers concise updates on new vulnerabilities. This podcast is so useful, the ENTIRE podcast series earns a spot on our list for providing information that is timely and easy to understand.

Number 2 – SC Magazine #263: AppSec in 2023 and 2024 #

Listen: SC Magazine #263: AppSec in 2023 and 2024

Karl Triebes analyzes the trends of the past year and provides insights into what security professionals can expect in 2024. With a focus on application security, this episode highlights the evolving challenges in the industry and how API abuse continues to be the wild west of access.

Number 1 – Risky Business #701: Why infosec is wrong about TikTok #

Listen: Risky Business #701: Why infosec is wrong about TikTok

HD Moore returns in Risky Business, discussing how APIs of various productivity suites and directory services can reveal crucial information. One example is how the data recorded by Google Drive’s desktop version can be similar to a lightweight MDM. The same information can be useful for defenders who want to track down device owners to speed remediation.

In this episode, Pat Gray and guests also discuss cl0p’s exploits of security file transfer services, Accellion and GoAnywhere MFT, three months before cl0p’s exploit of MOVEit came to light. We had discussed on on the first runZero Hour webcast that it was potentially the most impactful vulnerability of 2023.

At runZero, we believe that staying informed is key to effective cybersecurity. Happy listening and happy holidays!

Written by Huxley Barbee

Huxley Barbee is a former Security Evangelist at runZero. He spent over 20 years as a software engineer and security consultant, previously working for Cisco, Sparkpost, and Datadog. Huxley attended his first DEF CON in 1999, and holds both CISSP and CISM certifications. Huxley is also an organizer of BSidesNYC.

More about Huxley Barbee
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Related Articles

runZero Insights
Using runZero to verify network segmentation
There are many benefits of network segmentation, and fact checking proper implementation can be a difficult, arduous task. runZero is here to help...
Life at runZero
Employee Spotlight: James McNulty
James is our website manager and dynamic SEO strategist! Read on to learn about James' journey on the Marketing team at runZero!
Product Release
Introducing the customizable dashboard, Wiz integration, and more!
Introducing the customizable dashboard, Wiz Integration, and other Q2 2024 enhancements to the runZero Platform.
Product Release
How to integrate your SIEM platform with runZero to create an actionable asset inventory
Learn how to combine runZero's real-time asset inventory with SIEM exports for comprehensive asset tracking and historical data analysis..

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved