Security Podcasts

I’ll preface this with I listen to as many podcasts (security and otherwise) as I have time for. Some weeks I have more time than others so a few of these get listened to frequently while a few rarely ever get a listen and a couple have been dropped because they just don’t cover areas I am interested in but hey they may be exactly what you are looking for.

SANS Daily Stormcasts – This is my go to morning podcast that I rarely miss. This is a quick 5 – 10 minute recap of the previous day’s security news delivered by Dr. Johannes Ullrich. It is well worth catching up with this one.

Defensive Security Podcast – This is one of the few podcasts that I have found that spends most of its time on the defensive side of the house. This one is mostly news and commentary.

Source Code – This is a rather unique podcast in that the host, Chris Sanders, has chosen to dedicate each episode to a luminary in the security field. I highly encourage you to give this one a listen and check out the past episodes as well.

Risky Business – This falls into the category of more of a radio show with distinct segments. These segments include the week’s news with commentary and usually two interviews including one from a sponsor.

Paul’s Security Weekly – This was probably the first security podcast I started listening to regularly. It’s kind of like listening to a room full of bright pros talk. There is always a recap of news. There are also frequent technical segments and more in-depth discussions or technology. The topics frequently diverge and may not be family friendly.

Hack Naked TV – Weekly quick news recap from the Security Weekly family of shows. I honestly prefer the Stormcast.

Enterprise Security Weekly – Another show from the Security Weekly family with an enterprise emphasis.

Startup Security Weekly – Another show from the Security Weekly family with an emphasis on the startup world. They spend time both discussing security startup news and tips for creating a startup. It’s not really my thing but it is well produced.

CyberTalkRadio – This is radio show that is archived as a Podcast. The content is well produced and the topics are of interest to a fairly wide audience. This is not overly technical but it’s also not fluffy either. The guests are great. This is not your typical podcast and I highly recommend giving it a listen for that reason if no other.

Brakeing Down Security Podcast – This podcast is mostly topical per episode.

Advanced Persistent Security Podcast – This podcast is mostly topical per episode. At least the early episodes can feel a bit like a sales pitch.

Exploring Information Security – A new guest and topic each episode

The Standard Deviant – This podcast seems to have died after 17 episodes but it’s worth looking at the limited run because each episode was a fairly long interview with someone of note in the IT field. I miss this podcast.

Hacked – This is infrequent but the limited episodes they have are well produced. The content is not overly technical nor offensively simple. You could listen to this with your grandmother.

Smashing Security – Three hosts discuss security topics. This is fairly topical. Overall a good show.

the security ledger – There is a new topic each episode. This is overall a good show but a bit hit or miss for my personal preference on topics. I have it in the rotation for those good episodes.

Digital Guardian did a recent 35 of the Best Information Security Podcasts to Follow article that includes several podcasts I was not familiar with.

Useful Links

Below are several links I have found useful.

Active Directory

Active Directory Maximum Limits – Scalability
Post-Graduate AD Studies (Numerous links to advanced Active Directory topics)
MCM: Core Active Directory Internals (Deep dive into Active Directory structure that helped me understand the databases a bit better)

Test Lab / Self Training While I would really prefer to spend a little money and buy a TechNet subscription which I did for years Microsoft has decided that will no longer be an option. Here are a few poor substitutes for creating a test lab or getting free Microsoft evals.

TechNet Eval Center – Get them while they are current MSFT will remove these when newer version of software come out.
Microsoft has a number of prebuilt scenarios that include a lab manual as well as a block of time to try the new techniques in the cloud. This is also a pretty impressive example of Hyper-V automation.
If you want a more free form lab experience holSystems is the company that hosts Microsoft’s test labs.
Microsoft Virtual Academy provides a number of online training scenarios.


Scripting with Windows PowerShell Technet resources for PowerShell
Learn Windows PowerShell 3 in a Month of Lunches  by Don Jones – This is the book I always recommend when people ask me for a PowerShell learning recommendation.


Microsoft Anti-Virus Exclusion List
OWASP Cheat sheets
SANS Cheat sheets
PacketLife Cheat sheets


There is no real rhyme or reason to this page. It is just a list of quotes I have seen and liked.

  • I am a great believer in luck, and I find the harder I work, the more I have of it. -Thomas Jefferson 
  • In ancient times cats were worshipped as gods; they have not forgotten this. – Terry Pratchett
  • When Thomas Edison worked late into the night on the electric light, he had to do it by gas lamp or candle. I’m sure it made the work seem that much more urgent. – George Carlin
  • We are continually faced with a series of great opportunities brilliantly disguised as insoluble problems. – John W. Gardner
  • An excuse is a skin of a reason stuffed with a lie.  – Billy Sunday
  • Another flaw in the human character is that everybody wants to build and nobody wants to do maintenance. – Kurt Vonnegut
  • One never notices what has been done; one can only see what remains to be done, and if one didn’t like the work, it would be very discouraging. – Marie Curie
  • You are not entitled to your opinion. You are entitled to your informed opinion. No one is entitled to be ignorant. – Harlan Ellison

Geek Jokes and Trivia

  • A tcp packet walks in to a bar and says “I want a beer”, barman says “you want a beer?” and tcp packet says “yes, a beer”
  • A udp packet walks in to a bar and says “I want a beer”
  • I’d tell you another udp joke but you might not get it.
  • Teredo tunneling is Microsoft’s implementation for IPv6 over IPv4. The Teredo navalis is a species of saltwater clam also known as the naval shipworm that destroy submerged wood.

SANS Cheat sheets

The SANS Institute provides some of the best security training in the industry. Many of their classes include the so called “Cheat Sheets” which are short documents packed with useful commands and information for a specific topic. I have linked as many as I am aware of below.