Even if you’ve only been in cybersecurity for a short while, you’ve probably realized that things move pretty fast in this industry. If you’re looking to stay informed, listening to cybersecurity podcasts is a great way to hear from experts about the latest cyber attacks, data breaches, and other emerging threats as they happen.
For this blog, our team surveyed the streaming apps to highlight 10 cybersecurity podcasts that we can’t stop listening to. Some we listen to when we’re able, while commuting or walking the dog. Others are so entertaining that we have to drop everything and listen as soon as a new episode drops.
Three Buddy Problem
Website | Spotify | Apple | YouTube
An offshoot of cybersecurity writer Ryan Naraine’s Security Conversations brand, Three Buddy Problem offers a refreshingly unfiltered take on the week’s news.
Joined by Juan Andres Guerrero-Saade, Executive Director for Intelligence and Research at SentinelOne and Costin Raiu, a longtime security researcher with a background in uncovering nation-state APTs, the trio aren’t afraid to go against the grain, especially when it comes to calling out vendors for lapses in judgement.
While the show generally follows a format where everyone gets to weigh in on news of the week, new research, and infosec conference talks, it’s very much a free flowing conversation where the occasional rant is welcome, if not expected.
Topics of discussion on a recent episode included hardware hacking, mobile exploits, and zero days in VPN products.
Average length: 1.5-2.5 hours
Recommended listen: The hosts are joined by Katie Moussouris, Luta Security CEO and bug bounty legend to discuss China’s recent exposure of Taiwan APT actors, Citizen Lab’s report on Paragon spyware, and the future of the Cybersecurity and Infrastructure Security Agency.
Risky Business
Website | Spotify | Apple | YouTube
In what may be the longest-tenured podcast on the list—Risky Business was first started nearly 20 years ago, in 2007—Aussie Patrick Gray and Kiwi Adam Boileau have a great rapport as they go over the week’s cybersecurity news.
There’s a reason the podcast has lasted as long as it has. It’s exactly what people want it to be: A concise conversation that mostly sticks to the week’s headlines. That said, Gray has built the Risky Business brand up over the years, recording video versions of podcasts and launching standalone shows like The Soapbox and Between Two Nerds.
Risky Business also produces a newsletter, Risky Bulletin, that gets sent out four times a week with stories culled by scribe Catalin Cimpanu.
Like any good podcast these days, you can subscribe via your favorite podcast app or watch on YouTube. If you watch the YouTube broadcast, screenshots of the headlines they discuss are shown along with a ticker along the bottom of the screen that highlights stories from Risky Bulletin.
Average length: 45-60 minutes
Recommended listen: Gray and Boileau discuss the controversy surrounding “Signalgate,” a Kubernetes remote code execution vulnerability, and more.
The Blueprint by SANS
Website | Spotify | Apple | YouTube
While the SANS Institute has a handful of podcasts—six, plus the popular StormCast, a brief recap of pressing cybersecurity news—one Canary raved about The Blueprint. Listening to it, it’s clear to see why. Hosted by SANS Senior Instructor John Hubbard, the podcast is a treasure trove of advice and guidance for defenders looking to hone their cyber defense skills.
Recent episodes have included conversations with experts from Microsoft on creating phishing resistant credentials, how GenAI and LLM can improve your Security Operations Center (SOC), and navigating the nebulous concept of how to measure performance in cybersecurity.
When he’s not podcasting, Hubbard is busy teaching SANS classes about blue teaming and building and leading SOC teams. Like those classes, the show is full of valuable guidance from a professional; Hubbard rose through the ranks of a SOC, from a Tier 1 Analyst to SOC Manager, so when he walks you through ways to help improve your security operations team, he speaks from experience.
Average length: 1-1.5 hours
Recommended listen: Red Canary’s Director of Intelligence Operations Katie Nickels talks to The Blueprint about what threat intelligence is, where to get it, what you should expect from it, and how the SOC should be using it.
Darknet Diaries
Website | Spotify | Apple | YouTube
Few infosec podcasts have enjoyed the meteoric rise in popularity that Jack Rhysider’s Darknet Diaries has over the past few years. According to The Record, the show had more than 8 million downloads in 2019. Six years later, it has nearly twelve times that: 91 million.
Rhysider, who previously worked as a network security engineer, has been probing the darker corners of the internet, uncovering tales about hacking, data breaches, cybercrime, since 2017.
Slickly edited—we’re fans of the propulsive new intro—and led by a gifted and animated storyteller in Rhysider, Darknet Diaries should interest anyone learning more about the inner workings of the dark web, passwords, and hacking.
Average length: 1-1.5 hours
Recommended listen: Rhysider talks with Joe Grand, aka “Kingpin,”—who was the youngest member of the hacker group L0pht Heavy Industries that famously testified before Congress in the ’90s—about hacking, phone phreaking, and more.
The Microsoft Threat Intelligence Podcast
Microsoft has a staggering number of active podcasts—21 by our count—that it’d be near impossible to actually keep up with them all. Those in the incident response and threat hunting space may want to prioritize subscribing to Sherrod DeGrippo’s Threat Intelligence Podcast for stories and research from the company on ransomware, advanced persistent threats, and malware trends.
On one recent podcast, DeGrippo, Microsoft’s Director of Threat Intelligence Strategy, and a guest dug into how Lumma stealer uses GitHub repositories and redirector networks to deliver malicious payloads. Another episode looked at the current state of ransomware, the rise of ransomware-as-a-service outfits, and why healthcare organizations continue to find themselves in the crosshairs of threats.
While a lot of the podcasts on this list can be a bit of time commitment, Microsoft’s is more digestible and usually clocks in between 30 and 40 minutes.
Average length: 30-40 minutes
Recommended listen: DeGrippo and Kajhon Soyini, a Senior Microsoft Security Researcher, dig into how Lumma Stealer uses GitHub repositories and redirector networks to deliver malicious payloads.
Hacked
Website | Spotify | Apple | YouTube
Like a lot of these podcasts, the hosts of Hacked, which bills itself as “a technology show about people hacking things together and apart,” have a congenial chemistry as they tell stories about insider threats, crypto heists, and denial-of-service attacks. While they’re not always new stories, they are tales that benefit from the pair’s even keel and well-researched storytelling.
The podcast, which is sponsored these days by Push Security, can run long—over an hour most episodes—but the episodes can make fine listening for a long drive.
Recent podcasts looked at undocumented commands in a widely produced bluetooth chip, the $1.5 billion ByBit crypto heist, and a deep dive into the history surrounding Ross Ulbricht and the Silk Road.
For those looking to take things to the next level, the podcast also has its own Patreon, Discord server, and merch store.
Average length: 1 hour
Recommended listen: The hosts peel back the layers on the massive $1.5 Billion Bybit hack earlier this year.
Detection at Scale
Website | Spotify | Apple | YouTube
With so many vendor podcasts these days, it’s difficult not to include at least one or two here. Detection at Scale, hosted by Panther’s Founder and Chief Technology Officer Jack Naglieri, focuses on having educational discussions around how to build effective detection programs.
The episodes, which are largely based around how to drive successful security strategies, have featured guests in charge of detection and response programs at companies like Netflix, Salesforce, and Grammarly.
Recent episodes have touched on the intersection of generative AI and security operations. Think: how to incorporate AI agents into your detection and engineering team and implement LLM-assisted detection engineering.
Looking to go further? An accompanying Substack has show notes and newsletters relevant to some of the discussions had in podcasts.
Average length: 30 minutes
Recommended listen: Naglieri speaks to Kelly Jackson Higgins, Editor-in-Chief at Dark Reading, about how cybersecurity threats have changed over the years.
Security Cryptography Whatever
Website | Spotify | Apple | YouTube
It may not be for everyone but Security Cryptography Whatever is an entertaining, niche listen for those looking to add to their cryptography content intake.
Started “accidentally” in 2021 by David Adrian, Deidre Connolly, and Thomas Ptacek, the podcast has discussed everything from the market for zero-day vulnerabilities to Dual_EC_DRBG and more recently, Apple’s decision to pull Advanced Data Protection in the UK.
Cryptography is hard but it helps to listen to people who know what they’re talking about, which is where this podcast excels. Guests over the years—including Johns Hopkins’s Matthew Green, Mark Dowd, and Steve Weis—are respected authorities in their fields as well.
Looking to keep up with the looming specter of quantum computing or the ongoing threat of eroding encryption? There’s a new episode every month or so recapping some of the latest cryptography news.
Average length: 1-1.5 hours
Recommended listen: Matt Green and Joe Hall, Distinguished Technologist at the Internet Society, join the hosts to discuss Apple’s decision to pull their opt-in iCloud end-to-end encryption feature in the UK.
CyberWire Daily
Website | Spotify | Apple | YouTube
If you’re just getting started with cybersecurity or looking for a quick, high-level look at industry headlines, CyberWire, a cybersecurity media company owned by N2K, is a fine place to start your journey.
While the site hosts an abundance of podcasts—it also hosts another of our recommended listens, Microsoft’s Threat Intelligence Podcast—those seeking a simple and straightforward rundown of the day’s cybersecurity news should seek out CyberWire Daily.
Dave Bittner, the show’s host, sounds as if he could easily fill in for Steve Inskeep on NPR’s Morning Edition if he was running late to the studio one day.
Average length: 30 minutes
Recommended listen: While every episode follows a typical “news of the day” pattern, this podcast from April 9, 2025 also features an interview with another one of our recommended podcast’s hosts, Darknet Diaries’ Jack Rhysider.
Talkin’ About [Infosec] News, Powered by Black Hills Information Security
Website | Spotify | Apple | YouTube
![A YouTube screencap of Black Hills Information Security's Talkin' [Bout] Infosec podcast.](https://redcanary.com/wp-content/uploads/2025/04/bhistalkininfosec.png)
Listeners looking for a loose and informal roundup of the week’s news will want to check out Talkin’ Bout [Infosec] News, a weekly dose of rabble rousing from the friendly penetration testers over at Black Hills Information Security.
Every Monday, the group runs through a batch of infosec-adjacent headlines. Recent stories included a look at the 10 biggest cryptocurrency hacks in history, a new phishing-as-a-service (PhaaS) platform making the rounds, and GitHub plans to roll out updates to its Advanced Security platform.
While the livestream can get busy from time to time—it sometimes features up to 10 different people chatting—the show has a fervent fanbase. The episodes regularly get over 2,000 views on YouTube, including many fans who follow along with the group’s active Discord channel.
Average length: 1 hour
Recommended listen: While the show generally follows a “news of the week” format and varies from week to week, this episode from March 2025 does a great job digging into some of the issues stemming from malicious browser plugins.
Looking to stay up to date on the latest threat detection, intelligence, and incident response news?
- Subscribe to our blog for research and insight from our intelligence team.
- Visit the Resources section of our site for links to our latest reports, including the 2025 Threat Detection Report
- Follow our YouTube channel for educational videos, including our weekly Office Hours series
Related Articles
Getting started with Conditional Access: 5 must-have Entra ID policies
Cybersecurity metrics that matter (and how to measure them)
Cybersecurity metrics that matter (and how to measure them)
What does Google’s $32B acquisition of cloud security startup Wiz mean for security operations?