Comparing My Top Four Security Podcasts/Newsletters

top 4 podcasts newsletters miessler 2021

I get asked a lot what my go-tos are for security content. My top four recommendations are Darknet Diaries, Risky Business, Unsupervised Learning (yes, my own show), and TL;DRSec.

As for including my own show, I’m too old and well-read for false humility or arrogance.

What’s so interesting about these four is how different they are. I did this analysis so I could capture what I cared about and how each of them provides those items in different amounts—which allows me to make better recommendations to people.

Here’s my analysis and summary.

Show identity

  1. Darknet Diaries is, first and foremost, a storytelling podcast. It is, without question, the best produced and executed podcast in security, and arguably anywhere. It has the quality level of a professional podcast series put out by NPR or the New York Times. But it isn’t just production quality—it’s the quality combined with the content. Jack dives deep into fascinating stories and topics like a combination of Columbo and Malcolm Gladwell, pulling threads and peeling layers and describing the process as he goes. This podcast should have a warning label for anyone doing any other profession when they start listening, because a few episodes of this show might make them want to start a career in security.
  2. Risky Business is a security and hacking news show, with a secondary note of vendor exposure and education. Patrick applies his journalism background to cover security stories in an entertaining way, especially when he’s accompanied by his regular partner, Adam Boileau, who is a professional penetration tester. Patrick is from Australia and Adam is from New Zealand, so they’re both cheeky, which keeps their rendition of security news not just informative but also entertaining. They also have regular interviews with interesting people, and have sponsor slots that expose the audience to new security companies and their tools. Risky Business is—at least in my circles—the most known and most popular security news podcast.
  3. Unsupervised Learning is a show that explores the patterns in security, tech, and society. My primary emphasis for this show is efficiency, i.e., giving people as much quality information and ideas as possible in the shortest amount of time. The broader scope of the show is polarizing because it’s not a pure security show, or a pure tech show, or a pure show about society. Patrick from Risky Business once told me it was a “thinking podcast”, which I’ll happily accept. Think of it as a zoomed-out view of what’s happening in security, tech, and society—combined with analysis, original thinking, and a Discovery section that lists the best stuff I’ve found in my reading from the last week.
  4. TL;DRSec is a newsletter centered around security research. Clint applies his academic background (he actually has a Ph.D. but never mentions it), to find and summarize the best security tools and presentations. Many newsletters have sections for tools, including my own, but Clint’s is the best because it’s his entire focus. Many of the tools he covers are centered around cloud security, but he often has sections for network security, mobile security, and many other areas. As I’ve said before, Clint’s is the one security newsletter that I will not skip a week on, and will not stop until I’ve read the entire thing. I open more links in his newsletter than for any other.

Analysis

So, since this is all about recommendations, let’s look at the attribute breakdown and see what we can learn.

  • One thing that jumped out at me was that Darknet Diaries had really low scores in a lot of areas I care about, but it was the only show with 10s. And it had two of them. I like this. It means it knows what it is and it leans heavily into that. Like I said, if you’re up for being entertained and educated about the world of hacking, there is simply nothing better.
  • Coming less from the scorecard, I’ve found there are generally two types of people when it comes to podcasts: people who need to be entertained to listen, and people who are simply searching for nuggets they can use elsewhere. I am in the second category, which is why I built a show around that. But if you’re looking for humor and entertainment, I’d say you should move towards Risky Business and avoid Unsupervised Learning. And if you’re looking for a super-efficient (but somewhat antiseptic) injection of content/ideas, I’d say go with UL. Note that TL;DRSec doesn’t have a podcast, so it’s not really rated on this count.
  • One thing that Risky Business has that Unsupervised Learning and TLDRSec doesn’t have, is a strong sense of attacker activity. With Patrick’s curiosity and Adam’s pentesting focus, they aren’t just talking about what happened but they also focus on linking the activity to a given threat actor, and mentioning other attacks they’ve been associated with. If you like being up to speed on what the bad guys are doing, from a security news perspective, Risky Business definitely has that covered. Darknet Diaries does that as well, but at a much narrower scope and in much more depth.
  • Unsupervised Learning, over the course of a year, ends up being less like a security show and more like a thinking and analysis show from the perspective of a security professional. Like I said, that’s either good or bad, depending on what you’re looking for. The show attempts to give not just the stories and the details, but the context and patterns and impact that they have on our lives. That’s the goal anyway.
  • TL;DRSec is highly focused on exposure to great research and does a really good job of highlighting the people behind that work. Clint is an extremely kind and positive person, and it shows in his newsletter. He is constantly lifting people up, exposing their work to people who might be interested, and making connections people with similar interests. You can think of Clint as a security research maven who is the most aware person out there of what people are working on. Combine that with his own technical expertise and you have a brilliant guy and a wonderful newsletter.

Summary

  1. These are my top four recommendations for people to read or listen to within security.
  2. They are very different.
  3. Darknet diaries you have to listen to regardless. End of story.
  4. Listen to/read Risky Business if you like Aussy/Kiwi snark combined with in-depth coverage of attacker groups.
  5. Listen to/read Unsupervised Learning if you want security news combined with context, ideas, and analysis of how it impacts us as humans.
  6. Read TLDRSec if you want the best exposure to the best security research, delivered in a positive and uplifting way.

I hope this helps you.

Notes

  1. The original version of this piece had Adam as Australian. Apologies.