Below is a sample of the great podcasts that are available to the IT professional. For awhile particularly interesting podcasts were being posted under the “Recent Podcasts” area of this blog. I have been bad on keeping that area updated. It comes down to a matter of priorities. Plus, posting to the “Recent Podcast” area takes a few steps. Since podcasts are listened to away from the computer, it is a pain to come back and have to remember what podcasts were particularly interesting. Contrast that with posting under the “Shared Postings” area. Thanks to Google Reader, a person can read the blog posts and news items they are subscribed to via RSS and by simply clicking on “Share,” that post’s title will show up on their blog. Nice and easy. That is my excuse for not keeping the podcast area up to date. Considering this is the security monks site, mea maxima culpa. To atone for my sins, please note that new items have been added to “Recent Podcast” area and below I have highlighted a few chosen podcast. For additional podcasts that might be of interest, please see the “Podcasts” page.
The Pragmatic Programmers
This podcast is good for people doing development work in IT. While not all topics will be of interest, that is the nice thing about podcasts. You can always listen to the beginning of the podcast and skip those that do not grab your interest. The podcast focus is on the books the publisher produces and will feature interviews with the authors. A great podcast that would be of interest to most anyone (verses the podcast where the author’s book is on a specific language or platform) is Andy Hunt on Pragmatic Wetware. Andy discusses the Dreyfus model of skill acquisition, lateral specialization in the brain, mindmaps and more. It is a fascinating discussion.
CERT’s Podcast Series
This is a podcast I highly recommend to security professional. The speaker’s focus tends to be at the the enterprise level and offer good security discussions at that level. Nowadays, it is so important to not only speak tech, but also business. This is especially true when it comes to security. The security professional has to be able to step away from the details and discuss implementation at an organizational, and sometimes international, level. One of the recent podcasts is “Getting to a Useful Set of Security Metrics.” Clint Kreitner, president and CEO of the Center for Internet Security (CIS), talks about the CIS new project. To quote from the summary, Clint “discusses the challenges and opportunities in creating a common set of widely accepted security metrics that business leaders and security professionals can use to make better informed decisions.”
The Silver Bullet Security Podcast
Gary McGraw is well known and respected in the web application security area. Gary serves as host and is able to feature leaders in the security world as guests. For example, Gary has an Interview with Bill Cheswick, who is credited with coining the term “proxy” in 1990 with reference to firewalls. To quote from the description of the podcast, “Gary and Bill discuss whether we’re winning or losing the computer security war, how security threats have evolved from pimply-faced teenagers to organized crime, whether we should move security into ‘the cloud,’ and whether re-naming ‘Christmas lights’ to ’solstice lights’ would bypass NJ holiday decoration ordinances.”
Enterprise Leadership
I often find myself surprised by this show, because normally “enterprise leadership” is not a phrase that sparks much interest in me. Now I know, it is important that security people learn to talk to business leaders. Otherwise, you end up with non-technical managers setting themselves up as the translator for IT. Frequently, IT loses when that happens. This show frequently turns out to be very pertinent to the security professional. I will warn you, the show can be somewhat depressing. It may just reveal how badly your organization is being managed, even from the business side. Tom Parish does a great job interviewing top guns from across many industries.
A really good podcast to start with is the more recent interview with Warren Bennis. Warren is the author of “Transparency: How Leaders Create a Culture of Candor“. He is also Distinguished Professor of Business Administration at the University of Southern California. What I particularly liked is Warren stressing the importance of the people within the organization. He even uses the phrase, “1 plus 1 equals 3.” The idea is that together we can produce more than what we can do by ourselves. The show addresses the implementation of social networking, not for the sake of the “neatness factor” but to serve a purpose and benefit the company.
Here is a brief description: “Together Bennis, Goleman, and O’Toole explore why the containment of truth is the dearest held value of far too many organizations and suggest practical ways that organizations, their leaders, their members, and their boards can achieve openness. After years of dedicating themselves to research and theory, at first separately, and now jointly, these three leadership giants reveal the multifaceted importance of candor and show what promotes transparency and what hinders it. They describe how leaders often stymie the flow of information and the structural impediments that keep information from getting where it needs to go. This vital resource is written for any organization–business, government, and nonprofit–that must achieve a culture of candor, truth, and transparency.”
Also, the interview with Toby Redshaw, Global CIO of Avia Group, was very good. Initially I thought, “another ROI” discussion. What interested me was Toby’s discussing his role to make sure IT operates at the right pace, with the right resources, and with the right talent. Nice to hear people matter. To quote the episode’s description, “In this podcast, Toby Redshaw, the global CIO of the Aviva Group, talks about three areas that IT needs to improve: keeping an eye on the bottom line, trying to innovate ahead of competitors, and keeping the current talent base engaged and focused on the company’s goals.” The point is, it is not just about innovation.
IT Conversations
There are some really good podcasts posted under IT Conversations. I’ll confess, I end up skipping many of the podcasts because of limited time. If I made the time to listen to all of these podcasts, I have a feeling that I would a better IT professional. We do what we can. Let me point out some recent podcasts.
Jimmy Wales, creator of Wikipedia, talks at O’Reilly Media Open Source Conference. The podcast just brings up the idea of making things open source verses security through obscurity. It got me thinking about the heavy use of automation in security verses including people. Jimmy uses the example of wanting to open a restaurant. First step, we need to design the new restaurant. One thing we decide is to serve steak. In order to eat steak, we will need to give people knives. We know people sometimes stab others with knives. So, do we design the restaurant where each patron is put into a cage to prevent them from stabbing or being stabbed? Think of it this way, the cage idea is putting security at the end of the process, where you may only have bad possible choices. Now if security is designed into the process, better solutions are likely to be available. Wikipedia is possible because it was designed so changes could be rolled back. Sometimes to operate, there will be some acceptable risks. Before deciding what is an acceptable risk, you have to be aware of what those risks are and what possible solutions exist. Wikipedia is also designed with the idea of including people to make the product better. How might security utilize this philosophy?
Nat Torkington talks at OSCON is a very humorous talk. To quote IT Conversations, “Using black humor and irony to convey a noble idea, Nathan Torkington, the chair of OSCON, lightens up the mood, frequently throwing his audience into fits of laughter, as he hurriedly wraps up three key messages into the time allotted for one.” His talks is for just thirteen minutes. I wish I could of seen the slides. Still very funny. Listen to it for pure enjoyment.
Speaking of Security
This is done by RSA. Normally, I don’t care for vendor produced podcasts. RSA cover good security practices in a short, to the point, podcast. I like listening to these podcasts to help organize in my mind security topics as selling points to business managers. In the podcast I listened to today, Rod Nelsestuen from the TowerGroup talked about business continuity. Of importance to me is that he ties in security and risk management to the evolution of business continuity planning. It is a simple idea, but have you run into a business person who just doesn’t get IT security? You have to learn how to relate security to something they do understand and cannot dismiss.
FLOSS Weekly
Randal Schwartz is one of the people on IT I like to keep an eye on. Outside of his focus on open source solution, Randal has a keen instinct for interesting and useful IT technology. Plus, like Leo Laporte, he is a genuinely nice guy. Since I could not decide on just one episode, below are a few of the recent podcast topics I found particularly interesting. If you do any open source development, you need to listen to FLOSS Weekly.
The interview with John Roberts, CEO of SugarCRM is a great introduction to this open source customer relationship management (CRM) software. To quote from the SugarCRM website, “Sugar easily adapts to any business environment by offering a more flexible, cost-effective alternative than proprietary applications. SugarCRM’s open source architecture allows companies to more easily customize and integrate customer-facing business processes in order to build and maintain more profitable relationships. SugarCRM offers several deployment options, including on-demand, on-premise and appliance-based solutions to suit customers’ security, integration and configuration needs.”
In the interview with Jacob Kaplan-Moss on Django, they discusses this Python-based Web framework that “encourages rapid development and clean, pragmatic design.” Leslie Hawthorn from the Google Open Source Blog wrote this concerning Django, “We love Django, making use of it extensively in products like Google App Engine, so it was a pleasure and privilege to give back to this community.” Randal and Leo on a later podcast interviewed Jeff Robbins on Lullabot and Drupal. Lullabot is a consulting company specializing in Drupal. They also produce a weekly podcast focused on Drupal and building web sites.
Finally, check out the interview with Brian Aker of Drizzle, a lightweight fork of the MySQL database. To quote the Drizzle site, “the Drizzle project is building a database optimized for Cloud and Net applications. It is being designed for massive concurrency on modern multi-cpu/core architecture.”
Network Security Podcast
This is a podcast for security professionals. I started listening to this podcast when Martin McKeay flew solo. He did a great job. When Martin added Rich Mogull, the podcast got even better. The podcast consist of Martin and Rich discussing major news and topics in security. Frequently they will be joined by major players in the security field. Martin and Rich will also do special podcasts from security conferences. They went to Black Hat and Defcon, so I didn’t have to. My travel budget appreciates it. These guys do great straight security. With their different backgrounds, they really compliment each other.
Red Monk Podcast
Red Monk is like FLOSS, but with a whole gang of Randall Schwartzes. The co-hosts are Michael Cote and John Willis, who are joined by special guests. Sometimes I have no clue what they are talking about. That is a good thing. You get exposed to a bunch of topics from a bunch of people. For example, in their most recent podcast “Jane Curry Evaluates Nagios, OpenNMS, and Zenoss,” they discuss Jane’s paper. This is a 148 page draft paper titled “Open Source Management Options.” The podcasts also contain discussions of news and topics affecting IT professionals. Their podcasts tend to go over an hour, but are filled with content. Listen to the podcasts when you have some time to concentrate on what they are discussing. You will learn a great deal.
This WEEK in LAW (TWiL)
There might be something seriously wrong with me. I love to listen to lawyers talk. They are fascinating. Lawyers use the English language like IT folks will use computer languages. They will dissect points like the best debuggers I have ever met. While TWiL does not come out regularly, it is a true treat when it does. If you do not share my fascinating with lawyers, TWiL still will cover very relevant IT topics that should be of interest to anyone in the IT field. For example, check out the episode “Cloud Computing And EULA Law.” The podcast does tend to go longer than an hour, but cover a great deal of ground. It is so very important to be exposed to the laws that are affecting topics of importance to the IT world. The really great thing is, you get to listen to lawyers and it costs you nothing. Still, do consider donating to the folks who create these great podcasts.
Grammar Girl
While this podcast is not security, IT, or even business focused, it could prove most beneficial for anyone in the IT field. I grew up in New Jersey and I got into computers at the age of twelve. Those are two strikes against me when it comes to grammar. I am thankful for the tips that Grammar Girl provides. Disclaimer: if you find grammar mistakes on this site, which I am sure you will, just imagine how bad it would be if I never started listening to this podcast. You may also want to check out “the Public Speaker” podcast. Both podcasts are short, lasting less than ten minutes. That makes them easy to listen to while going about your day.
Parting Words
If you are wondering, “What about …”, take it easy. No insult was intended to your favorite podcast. This is not a “Top 10″ list. A friend asked me to recommend some security podcasts. This post is meant to discuss some of the great content that is out there. Since security should be integrated into the organization, I included some business and IT focused podcasts. Hopefully a few of these podcasts are new to you. Being told what you already know, while possibly providing some ego boosting, does not expand your horizons. That is the danger of group think. Break free! The power of podcasts are that they can introduce you to people who are in different positions, organizations, sectors of the industry, and even different fields.
One of my favorite stories of Abraham Lincoln involved the McCormick-Manny case of 1855, which I included in my post, “Herding Cats.” Since I enjoy the story so much, I am going to share it again. W. M. Dickerson, one of the Cincinnati lawyers, wrote, “Mr. Lincoln had prepared himself with the greatest care; his ambition was to speak in the case and measure words with the renowned lawyer from Baltimore. He came with the fond hope for making fame in a forensic contest with Reverdy Johnson. He was pushed aside, humiliated and mortified.” Edwin M. Stanton, the Baltimore lawyer, pretty much told Lincoln that he did not need Lincoln’s help. Stanton did not think well of Lincoln, describing him as “a long, lank creature from Illinois, wearing a dirty linen duster for a coat and the back of which perspiration had splotched wide stains that resembled a map of the continent.”
After the trial, Lincoln told Ralph Emerson, a young lawyer who was present at the trial, “I am going home. I am going home to study law.” Emerson asked, “Mr. Lincoln, you stand at the head of the bar in Illinois now! What are you talking about?” Lincoln replied, “Ah, yes, I do occupy a good position there, and I think that I can get along with the way things are done there now. But these college-trained men, who have devoted their whole lives to study, are coming West, don’t you see? And they study their cases as we never do. They have got as far as Cincinnati now. They will soon be in Illinois.” Emerson stated Lincoln turned to him, his countenance suddenly assuming that look of strong determination which those who knew him best sometimes saw upon his face, and said, “I am going home to study law! I am as good as any of them, and when they get out to Illinois, I will be ready for them.”
As you know, Lincoln was to become President of the United States and Stanton would become his Secretary of War. A mutual respect, loyalty, and trust would develop between these two very different men. The moral of the story is to continue to strive to improve and always remember that the greatest service is done by that which challenges us.
Thanks for saying nice things about me, and about plugging FLOSS Weekly. Your comments are appreciated.