
Risky Business
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Latest episodes

18 snips
May 21, 2025 • 53min
Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now
Toni de la Fuente, founder of Prowler, dives into the complexities of cybersecurity, discussing recent breaches like the Coinbase data theft by a contractor. He shares insights on the importance of open-source tools and their adaptability for cloud security. The conversation highlights Telegram's crackdown on crime, the rising threat of phishing, and the challenges UK businesses face amid data vulnerabilities. Toni also introduces Prowler's exciting new features, including AI assistance for enhanced security checks.

May 15, 2025 • 34min
Risky Biz Soap Box: Push Security's browser-first twist on identity security
Adam Bateman, Co-founder and CEO of Push Security, and Luke Jennings, Head of Research, dive into the critical world of identity security in modern browsers. They discuss the evolution of phishing techniques and the need for organizations to adapt their defenses. The duo explains how browser-based security solutions can monitor user interactions and protect against sophisticated threats. They also highlight the importance of safeguarding Single Sign-On (SSO) passwords and the complexities involved in securing identities across various platforms.

39 snips
May 14, 2025 • 58min
Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys
This week features Travis McPeak, Founder and CEO of Resourcely, who specializes in cloud security and Terraform management. They delve into the intriguing role of AI in SharePoint, revealing how Copilot could unintentionally leak sensitive data. The discussion also unpacks the evolving ransomware landscape, including shifts in group dynamics and the implications of recent high-profile attacks. Additionally, they highlight innovative research on vehicle hacking using Bluetooth vulnerabilities and emphasize the need for coordinated cloud security efforts, showcasing Resourcely's mission to streamline Terraform management.

25 snips
May 9, 2025 • 53min
Wide World of Cyber: How state adversaries attack security vendors
Steve Stone, SVP of Threat Discovery and Response at SentinelOne, and Alex Stamos, CISO at SentinelOne, dive into the alarming tactics used by state adversaries against security vendors. They reveal how North Korea employs deceptive job applications to infiltrate, and explore the evolution of ransomware attacks that adapt to new security measures. The discussion covers the vulnerabilities in endpoint protection and cloud authentication, emphasizing the critical need for collaboration in combating these sophisticated cyber threats.

32 snips
May 7, 2025 • 56min
Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate
Aaron Unterberger, Director of Sales Engineering at Nucleus Security, dives into the complexities of vulnerability management in cloud environments. He discusses the shift from traditional practices to modern techniques, emphasizing the importance of a proactive approach and advanced tools for asset discovery. The conversation tackles the risks associated with cloud components, including the need for effective patch management and accountability. Unterberger also highlights how unified data can enhance cloud risk management, proving essential in today’s complex digital landscape.

10 snips
May 6, 2025 • 50min
BONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffs
Senator Mark Warner, Vice Chair of the Senate Select Committee on Intelligence, dives into the pressing issues of Signalgate and cyber threats from China. He argues for a more assertive U.S. response to the Volt Typhoon campaign and critiques tariff impacts on American alliances. Warner emphasizes the sanctity of the Five Eyes alliance and discusses the potential dangers of using unapproved communication platforms. The conversation also touches on the need for bipartisan support in maintaining integrity within intelligence operations while countering disinformation.

53 snips
Apr 30, 2025 • 1h 3min
Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful
Adam Pointon, CEO of Knocknoc, shares insights on the vital security enhancements unlocked by IPv6. He emphasizes its role in enabling zero-trust access control and network isolation for critical systems. The discussion also touches on severe vulnerabilities found in Apple's AirPlay, highlighting ongoing challenges in cybersecurity. Pointon explains how Knocknoc's technology enhances firewall management and the adoption hurdles of IPv6. His engaging narrative sheds light on the innovative approaches needed in the evolving landscape of network security.

13 snips
Apr 28, 2025 • 39min
Snake Oilers: LimaCharlie, Honeywell Cyber Insights, CobaltStrike and Outflank
In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products:
LimaCharlie: A public cloud for SecOps
Honeywell Cyber Insights: An OT security/discovery solution
Fortra’s CobaltStrike and Outflank: Security tooling for red teamers
This episode is also available on Youtube.
Show notes

16 snips
Apr 17, 2025 • 48min
Snake Oilers: Pangea, Cosive and Sysdig
In this discussion, Chris Horsley, Founder of Cosive, shares insights on hosting MISP servers in the cloud, freeing cybersecurity teams from outdated hardware. Alex Lawrence, from Sysdig, unveils innovations enhancing Linux security in cloud environments. Oliver Friedrichs, CEO of Pangea, tackles pressing concerns around AI applications, discussing the importance of guardrails to prevent rogue outputs and protect sensitive data. The trio emphasizes the evolving landscape of cybersecurity, underscored by collaboration and AI integration.

35 snips
Apr 16, 2025 • 54min
Risky Business #788 -- Trump targets Chris Krebs, SentinelOne
Rob Joyce, former NSA Cybersecurity Director, discusses the fallout from Trump targeting Chris Krebs for his election security stance. The implications for the cybersecurity industry are alarming, with potential chilling effects on public safety. Fletcher Heisler, CEO of Authentik, dives into the complexities of the identity ecosystem and how innovative solutions are emerging to tackle these challenges. They also touch on recent cyber threats, including ransomware trends and the ongoing push for accountability in the spy industry.