Podcasts I Rate — IT on the Couch
Curated, current and bias-towards-action. I gravitate to shows that sharpen red/purple team craft, cloud/Azure security, and real-world threat intel. If you’ve got a favourite I’ve missed, tell me and I’ll give it a spin.
Red & Purple Teaming
- Risky Business — Weekly news + interviews with Patrick Gray & Adam Boileau; consistently sharp analysis without the waffle.
- Risky Bulletin — Short, frequent audio briefings from the Risky Biz crew to keep your situational awareness up between main episodes.
- Security Weekly Network — From Paul’s Security Weekly to Enterprise/AppSec shows; panel chats, tool talk, and hands-on segments.
- Down the Security Rabbithole (DtSR) — Long-running interviews that get to “what actually works” in the field.
- Detection: Challenging Paradigms — Deep dives into detection engineering and response tradecraft.
- The Purple Team Podcast — Practitioner-led conversations on collaborative offence/defence. The last recording was in 2020, however these are a good listen.
Cloud, Microsoft & Identity
- Cloud Security Podcast by Google — Anton Chuvakin & Tim Peacock challenge threat models, share lessons from big-scale cloud.
- Azure Security Podcast — Microsoft hosts on Azure security, compliance, detection and architecture patterns.
- Microsoft Threat Intelligence Podcast — Case studies and TTPs from MSTIC and friends; good for keeping an eye on actor tradecraft.
News, Briefings & Threat Intel
- CyberWire Daily — Weekday news hits plus researcher interviews to start the day informed.
- SANS ISC Stormcast — 5-minute daily on what matters now (vulns, exploits, trends).
- ShadowTalk (ReliaQuest) — Practitioners unpacking current campaigns, CVEs and defensive takeaways.
- Hacking Humans — Social engineering, scams and human factors — handy for red team pretexting & awareness angles.
Narrative Deep Dives
- Darknet Diaries — Monthly long-form stories from the infosec underbelly; top-tier production.
- Malicious Life — History of cyber with hackers, researchers and historians; great commute listening.
- The Lazarus Heist (BBC) — The North Korea cyber-crime saga; bingeable, still relevant for threat context.
Networking & Architecture (Security-adjacent)
- Packet Pushers: Heavy Networking — Deep, practical infra chats (SASE, zero-trust, automation) to bridge NetOps and SecOps.
AppSec & DevSecOps
- The Secure Developer — Secure SDLC, developer experience, and the AI/dev pipeline from people shipping code at scale.
How I pick ’em
- Actionable: clear takeaways I can test in lab or take to an engagement.
- Current: active shows with regular releases.
- Credible: practitioners, researchers, and teams with a track record.
Updated: 7 September 2025.