Information security podcasts

Listen to this week's podcasts

P O D C A S T D E S C R I P T I O N S

• Security Wire Weekly recaps the week's top news in the world of information security, plus features interviews with industry luminaries, experts and information security pros just like you. RSS Feed
• Newsmaker is an occasional interview series featuring in-depth technical knowledge and industry analysis from one of information security's leading visionaries. RSS Feed
• Threat Monitor is a semimonthly tip that focuses on current information security threats, including hack attacks, viruses, worms, Trojans, backdoors, bots, spyware and DDoS, and provides you with the tactics required to defend against them. RSS Feed
• Security360 offers fresh perspectives from more than one source -- from vendors, experts and infosec pros -- on a variety of complex information security issues. RSS Feed
• Meet the Security Squad. In this podcast series, the writers and editors of SearchSecurity.com and Information Security magazine debate today's hot-button security issues. RSS Feed

Our featured Security School podcasts are tutorials led by infosec experts who offer tips and tactics to help with the latest information security challenges.

Secure Reads and Hot Type: Security books in audio are regular podcast series that feature chapters from popular information security books, read by the authors themselves. Hot Type podcasts exclusively feature books from authors affiliated with publishers Addison-Wesley and Prentice Hall.

Use the players below to stream each podcast to your desktop, or click on the links to subscribe to our podcast feeds and download these podcasts to your desktop or MP3 player.

Threat Monitor -- July 2, 2009
How to defend against rogue DHCP server malware
Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of June 22, 2009

Veiled darknet unveiled; TJX settles dispute
Security researcher Matt Wood of HP talks about a new browser-based darknet he co-developed called Veiled. Also, Pete Lindstrom of Spire Security on TJX's latest data breach news.

Download MP3 | Subscribe to Security Wire Weekly

Threat Monitor -- June 22, 2009
When BIOS updates become malware attacks
Most security pros don't give the system BIOS a second thought, or even a first one, but today's BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri Davidoff explains how attackers can plant BIOS malware and how security pros can thwart such attacks.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of June 15, 2009

Special Report: How to find jobs in information security
Is the recession holding back your career plans? In this free 30-minute podcast, experts Lee Kushner and Mike Murray offer infosec job advice that will help you survive and thrive in tough times.

Download MP3 | Subscribe to Security Wire Weekly

Click fraud threatens Web advertising
Click fraud is threatening online advertising, according to experts. This week, Anchor Intelligence lead scientist Daniel Walling and Richard Sim, vice president of product management talk about how fraudsters are getting more sophisticated. Also Jeremiah Grossman of WhiteHat Security explains why it's so easy for people to carry out click fraud.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of June 8, 2009

Squad: Obama, ISP shutdowns and Web security threats
SearchSecurity.com editors discuss the Obama administration's cybersecurity plans, the FTC shutdown of Triple Fiber Network and what IT security pros can do to address the growing threat posed by the use of social networks and other Web-based services.

Download MP3 | Subscribe to all of our podcasts

Social networking threats
Security consultant Lenny Zeltser of Savvis Security Consulting Services explains the threats posed by employee use of social networking websites and what security pros can do to address them. Zeltser is a faculty member at the SANS Institute. Also, a brief overview of Microsoft Patch Tuesday.

Download MP3 | Subscribe to Security Wire Weekly

Security Newsmakers: Sophos CEO Steve Munford
Steve Munford took over Sophos' leadership as the U.K.-based AV company mounted an aggressive effort to expand its market share, particularly in North America, against industry giants Symantec and McAfee. Munford was president of ActiveState when it was acquired by Sophos in 2003 and served as president for North America from 2003-2005.

In this interview, Information Security magazine's Neil Roiter talks with Munford about the company's acquisition and integration of encryption vendor Utimaco and Sophos strategy for leveraging the acquisition to boost sales in North America and Europe. Munford describes how Sophos engineering culture helps it integrate acquisitions and develop technology in-house.

Download MP3 | Subscribe to Security Newsmakers and our other security podcasts

Hot Type: Keatron Evans on advanced hack attacks
Chained Exploits
In our "Hot Type" podcast this month, Keatron Evans, author of Chained Exploits, explains how attackers can create fake websites and phishing scams that trick employees -- even your boss -- into downloading malicious Trojans that monitor your computer activity.

Download MP3 | Subscribe to "Hot Type" and other security podcasts

After listening to the podcast, read an excerpt from Chapter 2: Discover what your boss is looking at.

Podcasts for the week of June 1, 2009

The Obama Cybersecurity Plan
Information Security magazine's Michael Mimoso reports on the Obama cybersecurity announcement. He speaks with security luminary Howard Schmidt, Paul Kocher, chief scientist of Cryptography Research and Unisys CISO Patricia Titus.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of May 25, 2009

White House cybersecurity czar faces big challenges
Security luminary Bruce Schneier and former cybersecurity czars Amit Yoran and Gregory Garcia share their views on a possible new White House cybersecurity czar. UK-based Paul Wood, senior analyst at Symantec's MessageLabs, gives the international perspective.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of May 18, 2009

Defeating hackers is hard
Sophos senior security consultant Graham Cluley talks about the antivirus industry, the threat landscape, the Conficker worm and why it has been difficult to defeat international cybercriminal gangs.

Download MP3 | Subscribe to Security Wire Weekly

Threat Monitor -- May 21, 2009
Threat Monitor: Cybercrime and threat management
It's no secret that cybercrime is an ever-growing issue for today's security professionals, but what roles and responsibilities need to change as a result of the glut in illicit cyber activity? In this podcast, Bill Boni, VP of information security and technology at Motorola, discusses the changing landscape of cybercrime, and how to react to it.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of May 11, 2009

Botnet threats and countermeasures
AT&T Labs' Brian Rexroad shares how the telecommunications giant detects and defends its network against botnets. Rexroad talks about the most prevalent botnets being monitored, including Conficker, how privacy concerns strain detection and eradication efforts and explains how future technologies could be used to battle the cybercriminals behind the threat. Rexroad is principal architect at AT&T Labs.

Download MP3 | Subscribe to Security Wire Weekly

Squad: Data breach burn-out
SearchSecurity.com editors discuss whether the Berkeley data breach warranted so much news coverage and whether people are becoming desensitized to data breaches. Also, Heartland Payment Systems' push for better industry wide security and whether software vendors should push silent updates to users.

Download MP3 | Subscribe to all of our podcasts

Podcasts for the week of May 4, 2009

Security Wire Weekly: Kodak CISO on virtualization, compliance
Eastman Kodak CISO Bruce Jones on compliance issues, cloud computing and virtualization use. Also, security analyst Eric Ogren on virtualization and other trends from the 2009 RSA Conference.

Download MP3 | Subscribe to Security Wire Weekly

Security skills and certification pay
SearchSecurity.com's Carolyn Gibney interviews David Foote of Foote Partners LLC about the firm's latest skills and certification pay research. Some security skills are holding their own in the tough economy.

Download MP3 | Subscribe to Security Wire Weekly

Security Squad: Federal cybersecurity defenses
In this edition, SearchSecurity editors talk about the electrical grid compromise, restructuring of the federal cybersecurity authorities, who to blame for the Conficker hype and recent criticisms of the Payment Card Industry Data Security Standard.

Download MP3 | Subscribe to all of our podcasts

Threat Monitor -- May 7, 2009
Threat Monitor: How to find and stop automated SQL injection attacks
Automated SQL injection worms use search engines to filter through vulnerable Web servers. In this podcast, Jamie Gamble and Patrick Szeto explains how to keep your website off of the malware's radar.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of April 26, 2009

Incident response and forensics
Trend Micro buys Third Brigade. Also Agile Risk Management's Matthew Shannon talks about incident response best practices, including ways to accelerate the process, how compliance enables better incident response, and what makes a successful incident response.

Download MP3 | Subscribe to Security Wire Weekly

Security Newsmakers: RSA cryptographer Ari Juels on RFID, encryption
SearchSecurity.com's Neil Roiter interviews well known cryptographer Ari Juels about RFID security, cloud storage innovations and his new novel.

Download MP3 | Subscribe to Security Newsmakers and our other security podcasts

Podcasts for the week of April 19, 2009

Kaspersky sees Internet IDs ahead
Kaspersky Lab CEO Eugene Kaspersky predicts that one day people will need an ID card to access the Internet. In this wide ranging interview at the 2009 RSA Conference, Kaspersky talks about the Conficker worm, attacker sophistication and tracking cybercriminals.

Download MP3 | Subscribe to Security Wire Weekly

AJAX platform injects security
Kyle Adams and Al Huizenga of new startup Mykonos talk about their new platform that injects security into the software development lifecycle for AJAX applications. Also, security expert David Mortman on cloud computing.

Download MP3 | Subscribe to Security Wire Weekly

PCI Council readying new virtualization requirements
In an interview at the 2009 RSA Conference, Troy Leach, technical director of the PCI Security Standards Council, said the organization is exploring ways to address the security challenges with virtualization and cloud computing. He said new requirements are likely."

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of April 12, 2009

Threat Monitor -- April 16, 2009
Threat Monitor: Virtualization: Disruptive technologies
Virtualization promises enterprises amazing cost-saving benefits, but what about the inherent security threats? In this video series, renowned security researchers Chris Hoff, Rich Mogull and Dino Dai Zovi discuss the greatest threats to virtualized environments, including some you might not expect.

Download MP3 | Subscribe to our security podcasts

RSA preview: Google makes its case for defending the cloud
Eric Feignebaum, director of security for Google Apps, asserts cloud computing can be as secure as or even more secure than traditional corporate security. Feigenbaum will participate in a panel at the 2009 RSA Conference, "Cloud computing – secure enough for primetime today?"

Download MP3 | Subscribe to Security Wire Weekly

RSA preview: Budget issues to dominate
Andreas Antonopoulos of Nemertes Research, Charles Kolodgy of IDC and Chenxi Wang of Forrester Research talk about the major trends to dominate the RSA Conference. Shrinking budgets, application security, virtualization and encryption could dominate the event, the industry analysts said.

Download MP3 | Subscribe to Security Wire Weekly

Security Newsmakers: Enrique Salem takes charge at Symantec
Enrique Salem, who took over as Symantec CEO for the retiring John Thompson on April 4, talks about the Symantec he worked for in the 1990s, the Symantec he inherits today, and the Symantec he envisions for the future.

Download MP3 | Subscribe to Security Newsmakers and our other security podcasts

Podcasts for the week of April 6, 2009

Security Wire Weekly: Cloud computing security
Jim Reavis of the Cloud Security Alliance talks about the new organization's goals and the challenges ahead for cloud computing. Also, David Goldstone of Goodwin Procter on the failure of data breach class action lawsuits.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 29, 2009

Threat Monitor -- April 2, 2009
Threat Monitor: Short-lived Web malware: Fading fad or future trend?
Attackers are increasingly spreading their malicious code through fly-by-night websites that seem legitimate to unsuspecting users, but are actually laden with malware. Marcos Christodonte II explains how short-lived Web malware works, and how enterprises can use Web filtering, honeytokens and good policy to mitigate the threat.

Download MP3 | Subscribe to our security podcasts

Is Conficker worth the hype?
We talk about the hype surrounding the Conficker worm with Pete Lindstrom, research director at Spire Security. Also, Dave Marcus of McAfee joins us to talk about malware in a down economy.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 22, 2009

OWASP security benchmark study; Mobile threats real?
Boaz Gelbord, who heads the OWASP Security Spending Benchmarks project, explains the survey results. Also, Ivan Arce of Core Security Technologies talks about smartphone threats and penetration testing.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 15, 2009

Hot Type -- Mar. 19, 2009
The Truth about Identity Theft
In the latest edition of "Hot Type: Security Books in Audio," author Jim Stickley reveals just how easy it is for a cybercriminal to get a hold of employee passwords.

Download MP3 | Subscribe to "Hot Type" and other security podcasts

After listening to the podcast, read an excerpt from Chapter 11: Social Engineering.

Jose Nazario on botnets, cyberwarfare
Security expert Lenny Zeltser gives tips on how to appropriately respond to a security incident. Also, a discussion on the relaunch of the L0phtCrack password cracking tool with Chris Wysopal of Veracode.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 8, 2009

Jose Nazario on botnets, cyberwarfare
Botnets are being used more frequently to silence political dissenters, explains Jose Nazario of Arbor Networks. Nazario has been studying the rise of botnets as a tool used in cyberwarfare.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of March 1, 2009

Security Wire Weekly: PCI Council officials mull latest breaches
PCI Council general manager Bob Russo and Council chairman Lib de Veyra talk about the PCI Council's goals in 2009 and the council's role in the latest data breaches. Also, a discussion about virtualization security with Steve Herrod of VMware.

Download MP3 | Subscribe to Security Wire Weekly

Threat Monitor -- March 5, 2009
Threat Monitor: How to use (almost) free tools to find sensitive data
No matter how much security awareness training employees get, some of them will still store sensitive data in insecure places. As a security manager, finding that data becomes of paramount importance -- but how to do it? In this tip, John Soltys offers advice on ways to find insecurely stored data.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of February 22, 2009

Security Wire Weekly: Attacks against SSL
In this podcast, cryptography expert Taher Elgamal of Axway Inc. defends SSL in the wake of research that bypasses it. Elgamal's research led to the development of SSL.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of February 15, 2009

Threat Monitor -- February 19, 2009
Threat Monitor: How to block adult websites from enterprise users by logging content
Inappropriate content has always been a problem for enterprise security teams. What are some best practices for blocking adult content and websites from systems? In this security management tip, learn strategies for keeping users' Web habits in check.

Download MP3 | Subscribe to our security podcasts

Security Wire Weekly: Chris Wysopal on secure coding
In this podcast, secure coding expert Chris Wysopal talks about dynamic and static testing and the state of secure software development tools. Wysopal also explains why he's a big proponent of the SANS/CWE Top 25 Dangerous Programming Errors List.

Download MP3 | Subscribe to Security Wire Weekly

Security Newsmakers: Why top lists don't work
In this podcast, Gary McGraw of Cigital explains why the CWE/SANS Top 25 dangerous programming errors list will fail to have a major effect on secure software development.

Download MP3 | Subscribe to Security Newsmakers and our other security podcasts

Podcasts for the week of February 8, 2009

Top cybersecurity priorities for the Obama administration
In this podcast, Core Security's Tom Kellermann, who served on the Commission for Cybersecurity for the 44th Presidency, talks about President Obama's cybersecurity priorities. Also, Gary McGraw of Cigital explains why the CWE/SANS Top 25 list won't do much to aid secure software development.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of February 1, 2009

Data breach cost analysis
The average cost of data breaches is rising as companies struggle to contain data leakage, explains Larry Ponemon of the Ponemon Institute. Also, Henry Helgeson, CEO of payment processor Merchant Warehouse, talks about PCI and encryption in the wake of the Heartland breach.

Download MP3 | Subscribe to Security Wire Weekly

Threat Monitor -- February 5, 2009
Threat Monitor: Are Windows Vista security features up to par?
Expert Michael Cobb explains why attempts to bypass Windows Vista memory protections don't necessarily mean that the operating system lacks security.

Download MP3 | Subscribe to our security podcasts

Podcasts for the week of January 26, 2009

Microsoft Conficker dangers ahead
In this podcast, Thomas Cross, X-Force security researcher for IBM ISS, discusses the possible dangers posed by the Conficker/Downadup worm. Researchers are waiting for the payload.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of January 19, 2009

Security Wire Weekly: Heartland data security breach
In this podcast, Gartner Analayst Avivah Litan talks about the Heartland data breach. Also, a discussion with Ernst & Young's Sagi Leizerov on data privacy in the retail industry.

Download MP3 | Subscribe to Security Wire Weekly

Security Squad: Are vulnerability lists helpful?
In this podcast, the editorial team debates the usefulness of the CWE/SANS Top 25 List, the state of virtualization security and they discuss the top cybersecurity news stories of 2008.

Download MP3 | Subscribe to all of our podcasts

Podcasts for the week of January 12, 2009

Security Wire Weekly: Top 25 dangerous coding errors
Security experts explain the new Top 25 Errors list. Includes Bob Martin of MITRE Corp., Paul Kurtz, a principal author of the U.S. National Strategy to Secure Cyberspace and application security testers Jacob West of Fortify Software and Chris Wysopal of Veracode.

Download MP3 | Subscribe to Security Wire Weekly

Podcasts for the week of January 5, 2009

Threat Monitor -- January 8, 2009
Threat Monitor: Future security threats: Enterprise attacks of 2009
Expert John Strand reviews what's in store for 2009, including new weapons, old vulnerabilities, and new takes on old attack techniques.

Download MP3 | Subscribe to our security podcasts

Network access control: A look ahead
Patrick Wheeler of Symantec looks back at the market for NAC technologies in 2008 and explains what he sees ahead in 2009.

Download MP3 | Subscribe to Security Wire Weekly

INFORMATION SECURITY PODCAST ARCHIVES
2008 podcasts
2007 podcasts
2006 podcasts
2005 podcasts