

Risky Business
Patrick Gray
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Episodes
Mentioned books

14 snips
Oct 1, 2025 • 39min
Risky Business #809 -- Hackers try to pay a journalist for access to the BBC
In a twist of irony, hackers offering money to a journalist only lead to a juicy story. A surprising arrest links a middle-aged man to airport chaos, raising eyebrows. Georgia Tech researchers reveal the dark side of Tile trackers fueling stalking dangers. Meanwhile, the UK's CISA urges agencies to swiftly patch Cisco flaws, highlighting vulnerabilities. Adam captures attention discussing the risks of bribing insiders, while Amberleigh covers the shocking $7 billion Bitcoin seizure tied to a crypto scam. A cyberattack disrupts operations for Asahi, showcasing the far-reaching impacts of digital crime.

51 snips
Sep 24, 2025 • 53min
Risky Business #808 -- Insane megabug in Entra left all tenants exposed
Rob Joyce, a former NSA senior official and cybersecurity expert, joins to discuss major security news, including the Secret Service's takedown of a New York SIM farm and MI6's dark web recruitment portal. They dive into a significant vulnerability in Entra ID that could grant unauthorized access across tenants. In a sponsor segment, Josh Kamdjou, CEO of Sublime Security, shares insights on AI-driven email security, emphasizing the trade-offs and strategies for deploying effective detection methods.

38 snips
Sep 17, 2025 • 53min
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc
In this discussion, Adam Pointon, CEO and co-founder of Knock Knock, shares insights on innovative identity authentication solutions and their application in securing internal services. The conversation dives into the alarming Shai-Hulud npm worm, which can steal developer credentials, and the significant ransomware attack on Jaguar Land Rover that threatens smaller suppliers. They also tackle concerns surrounding vulnerabilities in popular cybersecurity systems like Kerberos and discuss practical strategies for navigating the complexities of network security.

Sep 15, 2025 • 34min
Risky Biz Soap Box: runZero shakes up vulnerability management
HD Moore, industry legend and CEO of RunZero, discusses the company’s revolutionary approach to vulnerability management. He explains how the new Nuclei integration enables precise identification of vulnerabilities without deploying overly privileged credentials. The conversation highlights the need for agile solutions in vulnerability scanning and the importance of focusing on exploitable risks. Moore also touches on the stagnation of traditional management practices and how RunZero aims to innovate and streamline security operations for organizations of all sizes.

48 snips
Sep 10, 2025 • 52min
Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal
Toni de la Fuente, Founder of Prowler, dives into cloud security innovations and the new support for Microsoft 365 in Prowler. He discusses how the tool enhances security for services like OneDrive and SharePoint. The conversation highlights Apple's recent memory integrity enforcement, which complicates exploit attempts and fortifies device security. Toni also explores the rise of ransomware attacks and the importance of accountability in cybersecurity. With humorous insights into the complexities of NPM supply chain attacks, this episode is both informative and engaging.

15 snips
Sep 8, 2025 • 47min
Snake Oilers: Nebulock, Vali Cyber and Cape
Damien Lewke, CEO of Nebulok, highlights how their AI threat hunting platform uncovers hidden attacker activities beyond traditional detection methods. Austin Gadient, CTO of Vali Cyber, discusses ZeroLock, a hypervisor security solution designed to combat ransomware threats in virtual environments. Stephen Dowie from Cape presents a privacy-focused mobile network that prioritizes user anonymity and data security, directly challenging the shortcomings of typical American cell providers. Their innovative approaches aim to reshape cybersecurity and mobile communication.

65 snips
Sep 3, 2025 • 1h 2min
Risky Business #805 -- On the Salesloft Drift breach and "OAuth soup"
Edward Wu, the Founder and CEO of Dropzone.AI, joins the discussion as they explore the cybersecurity landscape. They dive into the implications of the Salesloft breach, addressing OAuth security challenges and its effects on client data. Wu shares insights on how AI-driven tools can significantly aid smaller organizations in enhancing their security measures. The conversation also touches on the ongoing struggles of cyber warfare and ransomware, emphasizing the importance of innovative solutions for those facing resource constraints.

49 snips
Aug 27, 2025 • 54min
Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy
Greg Bell, Chief Strategy Officer at Corelight, dives into the intriguing intersection of AI and network security. He explains how AI is streamlining the analysis of packet logs, making cybersecurity investigations more efficient. The discussion veers into the complexities of hacking attributions, particularly the mislabeling of perpetrators, such as a supposed DPRK hacker likely being Chinese. Additionally, advanced techniques for embedding covert instructions in digital media hint at the evolving challenges in cybersecurity. It's a riveting look at the future of data security!

28 snips
Aug 25, 2025 • 46min
Wide World of Cyber: Microsoft's China Entanglement
In this discussion, cybersecurity experts Alex Stamos, former CISO at Yahoo and Facebook, and Chris Krebs, founding director of CISA, dive deep into Microsoft's controversial ties with Chinese engineers. They uncover how these collaborations raise unsettling national security concerns, particularly regarding the integrity of military cloud systems. Stamos and Krebs also debate the tricky balance between ethical business practices and profit in China’s tech landscape. The conversation highlights implications for trust, transparency, and the tech industry’s future.

35 snips
Aug 20, 2025 • 58min
Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs
Fletcher Heisler, CEO of Authentik and an expert in open-source identity solutions, shares his insights on the intricacies of implementing SSO across different operating systems. He reveals surprising challenges that varied significantly between Windows, Mac, and Linux. The discussion also touches on the broader cybersecurity landscape, including recent issues surrounding Oracle's departing CSO and the critical need for robust identity management solutions. Tune in for a blend of technical challenges and industry insights!