20 episodes

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Risky Business ITRadio.com.au

    • Technology

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

    Risky Business #573 -- Gas plant ransomware attack, Huawei mega-indictment and more

    Risky Business #573 -- Gas plant ransomware attack, Huawei mega-indictment and more

    On this week’s show Patrick and Adam discuss the week’s security news, including:


    Ransomware shutters US natural gas plants
    Huawei hit with huge indictment
    Voatz mobile voting app shredded by MIT, dust-up ensues
    The latest from the Vault7 trial
    Reality Winner seeking clemency
    Ring to force all users on to 2FA
    Israeli court rules Facebook must reinstate NSO staff profiles
    USG drops more North Korean samples
    OpenSSH gets Fido/U2F support


    This week’s sponsor interview is with Dave Cottingham from Airlock Digital.

    They make whitelisting software that’s actually useable. And until I did this interview I didn’t know that their agent actually does host hardening as well, which is pretty cool. Since we last spoke they’ve also popped up in CrowdStrike’s app store thingy, which means a bunch of you Crowdstrike customers will be able to dabble in some whitelisting if you want to.

    Dave joins the show to talk about a bunch of stuff, including their experience having Silvio Cesare do a code audit on their agent.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Risky Biz Soap Box: Cmd's Jake King talks Linux security

    Risky Biz Soap Box: Cmd's Jake King talks Linux security

    Soap Box podcasts are fully sponsored which means everyone you hear on these editions of the show paid to be here. If you’re looking for the regular, weekly Risky Business podcast, just scroll one back in your podcast feed.

    But you know what? I wouldn’t recommend it, because this edition of Soap Box is top notch. In it we’re joined by Jake King, a co-founder of Cmd Security.

    Cmd makes Linux security software, and I love their approach mostly because, well, it’s simple. It has two main functions – visibility and control – but both of these functions focus on execution. The visibility piece is “which user executed what?” and the control piece is “only let user X execute Y”. The idea here is you can apply an additional layer of control over user actions, but obviously the visibility aspect to this is pretty useful at driving decisions around what sort of limits to put on various accounts.

    Jake has fronted this edition of the show with an exclusive offer to Risky Business listeners, which is free use of their software. Obviously you won’t get access to absolutely all its features, but certainly enough of them to be very, very useful. They’re getting to the point where they can do this – throw out most of the functionality and just sell the icing on the cake to companies who want it. You can register for early access to the free trial at cmd.com/risky.

    Risky Business #572 -- Equifax indictments land, some big Huawei news

    Risky Business #572 -- Equifax indictments land, some big Huawei news

    On this week’s show Patrick and Adam discuss the week’s security news, including:


    Chinese operators indicted over Equifax breach, more indictments coming
    Alleged backdoor in Huawei lawful intercept features
    Data on 6.4m Israelis exposed by political party app
    Iowa caucus app was a pile of crap, 4chan clogged up caucus night phones
    Corp.com is up for sale. That’s a lotta hashes.
    Much, much more.


    This week’s show is brought to you by Corelight.

    Corelight’s Richard Bejtlich joins the show this week in the sponsor slot to talk about what the company is doing to try to build the open source community behind Zeek, the tool its products are based on.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Risky Business #571 -- Is Joshua Schulte The Shadow Brokers?

    Risky Business #571 -- Is Joshua Schulte The Shadow Brokers?

    On this week’s show Patrick and Adam discuss the week’s security news, including:


    Iowa app falls over, social and mainstream media chaos ensues
    Twitter acknowledges state-backed API abuse
    CDA 230 under review. Uh oh.
    Toll Group ransomware
    ICS-compatible ransomware spotted in wild
    UN got owned pretty hard
    Is Joshua Schulte The Shadow Brokers? A theory
    Much, much more.


    This week’s show is brought to you by Okta.

    Okta’s Simon Thorpe will be along this week to talk about a new trend they’re seeing and obviously encouraging – enterprises ditching Microsoft’s Active Directory. It’s a cloud, cloud, cloud, cloud, world these days. and in the year 2020, you might want to actually ask yourself – do you still need to be using AD?

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Risky Biz Soap Box: Zane Lackey on the rush to Azure and securing Web apps against logic flaws

    Risky Biz Soap Box: Zane Lackey on the rush to Azure and securing Web apps against logic flaws

    In this edition of the Soap Box podcast we’re joined by Zane Lackey, a co-founder of Signal Sciences.

    Signal Sciences makes, in essence, a “next generation” Web Application Firewall, or WAF. Signal Sciences is a pretty well-established startup these days with a zillion customers, so he has some real insight into what’s happening out there in webapp land.

    In this conversation he has some really interesting things to say: First, there’s a rush to Azure happening right now. It has become the platform of choice for all sorts of organisations.

    He also has some really interesting things to say about how to protect web applications from logic flaws. Some simple ideas that should really help lock things down.

    Enjoy!

    Risky Business #570 -- FTI report lands like a lead balloon

    Risky Business #570 -- FTI report lands like a lead balloon

    On this week’s show Patrick and Adam discuss the week’s security news, including:


    The FTI report on the Bezos incident is a massive let down
    UK lets Huawei into 5G build
    SeaTurtle campaign pinned on Turkey
    Mitsubishi owned through its AV solution
    Ransomware crews owning unpatched Citrix boxes
    Much, much more.


    This week’s sponsor guest is Sherrod DeGrippo of Proofpoint. She’s a senior director of threat research there and she’ll be along to talk about the Emotet malware. Despite being spray and pray malware, it’s pretty successful because it operates at such ridiculous scale. Sherrod joins us with details.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Customer Reviews

SuperNerdDad ,

Absolutely the best InfoSec podcast

Patrick is a unique blend of skilled journalist and journeyman hacker, giving him a background that makes Risky Biz the best hard news podcast in InfoSec. He also gets great guests, and his model of turning sponsor interviews into something that is actually informative is unique in the space.

siliconvsales ,

I recommend to all my peers

I’ve shared this podcast in my company slack as well as directly to lots of friends due to the variety of complex topics they cover. Somehow they even produce good content from InfoSec vendors pitches. This is my favorite weekly InfoSec news podcast and a good twitter follow.

d1str0 ,

Best current events podcast for Cybers

Hands down the most current, succinct, and funny current events podcast for all things cybers.

Top Podcasts In Technology

Listeners Also Subscribed To