
Risky Business
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Latest episodes

19 snips
Jul 2, 2025 • 1h 2min
Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses
This week features Jimmy Mesta, co-founder of RAD Security and a specialist in AI automation for cloud security. He shares insights on the rise of technical surveillance tactics by drug cartels to target FBI informants, showcasing a chilling intersection of cybercrime and law enforcement. The conversation also dives into how AI is revolutionizing vulnerability management in cloud environments, emphasizing its role in enhancing security posture. Fascinatingly, it highlights the growing complexities that cyber threats pose to organizations today.

38 snips
Jun 25, 2025 • 1h 2min
Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators
Andrew Morris, founder of GreyNoise Intelligence, provides insights into the world of cyber threats, discussing a botnet comprised of ASUS routers. The conversation unpacks the absurdity behind a recent claim of 16 billion leaked credentials, dives into the complexities of state-sponsored cyber attacks, and highlights vulnerabilities in modern technology. Morris also shares his expertise on detecting and dealing with advanced botnets, emphasizing the significance of staying vigilant against evolving cyber threats. It's a blend of humor and serious cybersecurity discussion!

40 snips
Jun 18, 2025 • 1h 1min
Risky Business #796 -- With special guest co-host Chris Krebs
Chris Krebs, former Director of CISA, joins the hosts to delve into the latest cybersecurity threats. They analyze a bold cyber attack against Iran's Bank Sepah by Israeli hacktivists, discussing its implications for banking security. Krebs shares insights on the rising identity threats in the insurance sector and the shift towards zero trust models. The conversation also covers Microsoft's strategy to address European concerns over data sovereignty and highlights emerging AI vulnerabilities within M365 and Azure. This engaging chat is packed with vital security trends and challenges.

24 snips
Jun 16, 2025 • 31min
Soap Box: AI has entered the SOC, and it ain't going anywhere
Ed Wu, founder of Dropzone AI and a former leader at ExtraHop Networks, discusses the revolutionary impact of AI in Security Operations Centers (SOCs). The conversation dives into the debate on AI's capabilities and limitations in threat detection. Wu highlights how multi-model AI systems enhance efficiency by automating various tasks and the significant transition from skepticism to acceptance among professionals. He also emphasizes the importance of coachability in AI, showcasing how adaptable models perform better in dynamic cybersecurity environments.

17 snips
Jun 11, 2025 • 1h 8min
Risky Business #795 -- How The Com is hacking Salesforce tenants
Alex Tilley, Global Threat Research Coordinator at Okta and former investigator for the Australian Federal Police, joins to discuss pressing cybersecurity concerns. They tackle the alarming trends in social engineering, particularly focusing on Salesforce vulnerabilities. Tilley shares insights on identifying North Korean tactics in job scams, underscoring the need for collaboration between security teams and HR. The conversation also highlights the rise of cybercrime dynamics and how organizations can enhance their defenses against evolving threats.

54 snips
Jun 4, 2025 • 58min
Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242
Matt Muller, Field CISO at Tines, joins the discussion to dive into critical issues surrounding SaaS security. He highlights an open letter from JP Morgan Chase’s CISO urging SaaS providers to enhance their security measures. The conversation touches on the complexities of cybersecurity risk management and the need for better collaboration among vendors. Muller emphasizes the importance of transparency and improved compliance as businesses increasingly adopt AI solutions. The lively exchange also covers unconventional communication tactics used by cyber threat actors.

49 snips
May 28, 2025 • 1h 5min
Risky Business #793 -- Scattered Spider is hijacking MX records
Dmitri Alperovitch, a cybersecurity expert and co-founder of CrowdStrike, teams up with Haroon Meer, founder of Thinkst Canary, to dive deep into the latest cyber threats. They discuss a Scattered Spider crew hijacking DNS records for rapid enterprise breaches and the rising dangers of SVG images used in phishing attacks. Alperovitch shares insights on the volatile state of cybersecurity leadership in the U.S., while Meer critiques the AI hype in security, stressing the need for grounded solutions over empty promises.

27 snips
May 21, 2025 • 53min
Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now
Toni de la Fuente, founder of Prowler, dives into the complexities of cybersecurity, discussing recent breaches like the Coinbase data theft by a contractor. He shares insights on the importance of open-source tools and their adaptability for cloud security. The conversation highlights Telegram's crackdown on crime, the rising threat of phishing, and the challenges UK businesses face amid data vulnerabilities. Toni also introduces Prowler's exciting new features, including AI assistance for enhanced security checks.

21 snips
May 15, 2025 • 34min
Risky Biz Soap Box: Push Security's browser-first twist on identity security
Adam Bateman, Co-founder and CEO of Push Security, and Luke Jennings, Head of Research, dive into the critical world of identity security in modern browsers. They discuss the evolution of phishing techniques and the need for organizations to adapt their defenses. The duo explains how browser-based security solutions can monitor user interactions and protect against sophisticated threats. They also highlight the importance of safeguarding Single Sign-On (SSO) passwords and the complexities involved in securing identities across various platforms.

52 snips
May 14, 2025 • 58min
Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys
This week features Travis McPeak, Founder and CEO of Resourcely, who specializes in cloud security and Terraform management. They delve into the intriguing role of AI in SharePoint, revealing how Copilot could unintentionally leak sensitive data. The discussion also unpacks the evolving ransomware landscape, including shifts in group dynamics and the implications of recent high-profile attacks. Additionally, they highlight innovative research on vehicle hacking using Bluetooth vulnerabilities and emphasize the need for coordinated cloud security efforts, showcasing Resourcely's mission to streamline Terraform management.