

Risky Business
Patrick Gray
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Episodes
Mentioned books

24 snips
Oct 22, 2025 • 52min
Risky Business #811 -- F5 is the tip of the crap software iceberg
Jacques Louw, co-founder and Chief Product Officer at Push Security, dives into a LinkedIn phishing campaign that targeted CEOs. He explains how compromised contacts initiated complex phishing chains, exploiting Google and Microsoft services. Louw also highlights Push's browser-centric detection techniques, including session tracing that reconstructs user navigation, enhancing the early identification of similar attacks. The discussion emphasizes the importance of tracking origin links to sharpen detection capabilities and provide actionable insights.

27 snips
Oct 21, 2025 • 39min
Wide World of Cyber: A deep dive on the F5 hack
In this discussion, cybersecurity experts Alex Stamos and Chris Krebs delve into the F5 hack and its implications. Stamos shares insights on why low-rated vulnerabilities can still pose serious threats. Krebs highlights the risks associated with private equity ownership of cybersecurity firms, underscoring potential exploitation. The two also address the importance of corporate response strategies post-breach and the role of AI in securing outdated codebases. Their dynamic dialogue sheds light on the evolving landscape of cybersecurity challenges and solutions.

Oct 16, 2025 • 31min
Risky Biz Soap Box: Why Mastercard is scaling its cybersecurity business
In this insightful discussion, Johan Gerber, Executive Vice President at Mastercard, dives deep into the company’s strategic pivot into cybersecurity. He reveals why Mastercard invested $2.65 billion in threat intelligence, explaining their proactive measures against fraud and malware, including dark web monitoring. Johan shares how they collaborate with banks and governments, and discusses the impact of ransomware on small businesses. He also touches on the role of AI in enhancing defensive strategies against evolving cyber threats.

13 snips
Oct 15, 2025 • 1h 3min
Risky Business #810 -- Data extortion attacks have a silver lining
Mike Wiacek, Founder of Stairwell, shares insights on enhancing cybersecurity with their file-analysis platform, providing VirusTotal-like visibility for private files. The discussion highlights the surge in data extortion compared to ransomware, with recent high-profile breaches like Qantas and Discord. Wiacek explains how Stairwell integrates AI to improve threat-hunting efficiency and reduce false negatives. The conversation touches on the implications of government actions against leaked data and how organizations can proactively utilize Stairwell for better security outcomes.

Oct 7, 2025 • 46min
Snake Oilers: Realm Security, Horizon3 and Persona
Pete Martin, CEO of Realm Security, delves into AI-native security data pipelines, aiming to cut SIEM costs while optimizing log delivery. Snehal Antani from Horizon3 introduces autonomous AI hackers that demonstrate the real-world impact of vulnerabilities, showing how they outperform traditional scanners. Dimitri Greco of Persona discusses innovative identity verification techniques, including live ID checks and deepfake defenses. Together, they explore cutting-edge security solutions that push the boundaries of technology and fraud prevention.

40 snips
Oct 1, 2025 • 39min
Risky Business #809 -- Hackers try to pay a journalist for access to the BBC
In a twist of irony, hackers offering money to a journalist only lead to a juicy story. A surprising arrest links a middle-aged man to airport chaos, raising eyebrows. Georgia Tech researchers reveal the dark side of Tile trackers fueling stalking dangers. Meanwhile, the UK's CISA urges agencies to swiftly patch Cisco flaws, highlighting vulnerabilities. Adam captures attention discussing the risks of bribing insiders, while Amberleigh covers the shocking $7 billion Bitcoin seizure tied to a crypto scam. A cyberattack disrupts operations for Asahi, showcasing the far-reaching impacts of digital crime.

51 snips
Sep 24, 2025 • 53min
Risky Business #808 -- Insane megabug in Entra left all tenants exposed
Rob Joyce, a former NSA senior official and cybersecurity expert, joins to discuss major security news, including the Secret Service's takedown of a New York SIM farm and MI6's dark web recruitment portal. They dive into a significant vulnerability in Entra ID that could grant unauthorized access across tenants. In a sponsor segment, Josh Kamdjou, CEO of Sublime Security, shares insights on AI-driven email security, emphasizing the trade-offs and strategies for deploying effective detection methods.

38 snips
Sep 17, 2025 • 53min
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc
In this discussion, Adam Pointon, CEO and co-founder of Knock Knock, shares insights on innovative identity authentication solutions and their application in securing internal services. The conversation dives into the alarming Shai-Hulud npm worm, which can steal developer credentials, and the significant ransomware attack on Jaguar Land Rover that threatens smaller suppliers. They also tackle concerns surrounding vulnerabilities in popular cybersecurity systems like Kerberos and discuss practical strategies for navigating the complexities of network security.

Sep 15, 2025 • 34min
Risky Biz Soap Box: runZero shakes up vulnerability management
HD Moore, industry legend and CEO of RunZero, discusses the company’s revolutionary approach to vulnerability management. He explains how the new Nuclei integration enables precise identification of vulnerabilities without deploying overly privileged credentials. The conversation highlights the need for agile solutions in vulnerability scanning and the importance of focusing on exploitable risks. Moore also touches on the stagnation of traditional management practices and how RunZero aims to innovate and streamline security operations for organizations of all sizes.

61 snips
Sep 10, 2025 • 52min
Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal
Toni de la Fuente, Founder of Prowler, dives into cloud security innovations and the new support for Microsoft 365 in Prowler. He discusses how the tool enhances security for services like OneDrive and SharePoint. The conversation highlights Apple's recent memory integrity enforcement, which complicates exploit attempts and fortifies device security. Toni also explores the rise of ransomware attacks and the importance of accountability in cybersecurity. With humorous insights into the complexities of NPM supply chain attacks, this episode is both informative and engaging.