In 2025, the cybersecurity landscape shifted from "theoretical risk" to "operational reality." This was reflected in the listening habits of the Exploring Information Security community, where the most-consumed content focused on the internal mechanics of cybercrime and the emerging threats of the AI era.

To create the list this year, I looked at the data from two distinct data sets Apple Podcasts and the views on YouTube. Then I threw those into Gemini and had it spit out the Top 10 episodes for this year.

The Top 10 Episodes:

1. How Do Ransomware Gangs Work? (Kyle Andrus)

The Global #1: This was the undisputed heavyweight champion of 2025. It resonated because it stripped away the "hooded hacker" myth and showed ransomware for what it is: a highly organized, corporate-style business.

Key Insight: Cybercriminal groups now have HR departments, performance reviews, and 24/7 customer support.

2. Hacking Space Systems: Inside Tempest (Tim Fowler)

The Visual Standout: While popular on audio, this exploded on YouTube. Tim Fowler’s "Tempest" CubeSat project gave the community a rare, hands-on look at the vulnerabilities in our satellite infrastructure.

Key Insight: Space is simply the newest extension of the internet—and it’s just as vulnerable.

3. Exploring the Rogue AI Agent Threat (Sam Chehab)

The 2025 Trend-Setter: This episode caught the "AI anxiety" wave perfectly. It identified a new attack vector: sanctioned AI agents that go "rogue" due to over-privileged API permissions.

Key Insight: Your biggest AI threat isn't a malicious outsider; it's a misconfigured internal tool with too much power.

4. Real-World Windows Forensics & IR (JC)

The Technical Masterclass: A staple for practitioner reference. JC’s breakdown of forensic artifacts remains one of the most shared episodes among SOC analysts and incident responders.

Key Insight: Digital detective work is about meticulous troubleshooting and pattern recognition.

5. NDR with Corelight (Brian Dye)

The Visibility Anchor: As perimeter defenses failed throughout 2025, the industry turned to Network Detection and Response. This episode became the standard guide for understanding the power of open-source Zeek telemetry.

Key Insight: In 2025, if you can't see your network traffic in real-time, you've already lost.

6. Monitoring the Inner Workings of a Cybercriminal Org (Matthew Maynard)

The Intelligence Deep-Dive: This served as the perfect companion to Rank #1. Matthew Maynard provided the "how-to" for researchers looking to safely infiltrate and monitor threat actor communities.

Key Insight: Effective threat intelligence requires a mix of technical OSINT and a deep understanding of criminal psychology.

7. Info Stealers and Supply Chain Attacks (Kyle Andrus)

The Credential Crisis: This episode highlighted why MFA alone isn't enough anymore. It focused on the rise of "session hijacking" and the commodity market for stolen employee tokens.

Key Insight: The supply chain is only as strong as the browser session of your most privileged administrator.

8. How to Implement a Content Security Policy (Jason Gillam)

The Developer’s Choice: A highly technical and practical episode that broke down the stats on why most CSPs fail. It’s the "how-to" guide that many listeners used to harden their own web applications.

Key Insight: Security shouldn't be a "bolt-on"—it needs to be built into the code using modern headers like CSP.

9. Gamifying Your Incident Response Playbook (Anushree Vaidya)

The Engagement Winner: This episode stood out for its unique approach to a dry topic. Anushree's method of using game mechanics to train IR teams saw a massive spike in social media sharing and community interaction.

Key Insight: People don't learn from boring slide decks; they learn from immersive, high-stakes simulations.

10. 2025 State of the API Report (Postman)

The Data-Driven Wrap-Up: Rounding out the top 10, this provided the statistical backbone for the year. It confirmed that the explosion of AI has made API security the most critical battleground for security engineers.

Key Insight: 2025 was the year the API became the "limbs" of the AI brain, creating a massive new attack surface.

What was your favorite episode from this past year. Leave a comment below.

As we wrap up an incredible year, we're thrilled to reflect on the top podcasts of 2024 that captured the attention of listeners across the cybersecurity community. These episodes brought forward thought-provoking discussions, practical insights, and exciting guests, making this a standout year for Exploring Information Security. Below are the top 10 episodes that ChatGPT thought were the best of 2024. As I analyzed the analytics I couldn’t decide which stats to focus in on. Here’s what the podcasts look like based on plays from Apple Podcast Analytics.

Screenshot of the analytics from Apple Podcasts analytics

I thought about going by average consumption but I noticed that we have lower percentage than in the past. That’s due to the longer episodes I’m putting out. When I’m putting out 20-30 min episodes I get closer to a 70-80% consumption rate. Do unique listeners and engagement say more? At this point I decided to just let ChatGPT do the analysis of all the analytics and provide me with the Top 10 list. It also, wrote the first draft of this blog post. I’m okay with the Top 10 list. I believe it represents the podcast well and some of the interest I’ve seen in other places regarding individual episodes.

The numbers are just from Apple Podcast. There are listeners on other platforms such as Spotify, Amazon, and other podcast platforms that grab the feed. I also expanded into YouTube in the middle of the year and hope to get that tuned better. I may try to consolidate the stats all into one platform at some point but I’m not there yet. Apple Podcast is the most popular platform so I think it provides the best sample size.

Without further ado let’s get into the Top 10 list for 2024.

2024 Top 10 Exploring Information Security Podcast

1. Exploring Information Security 2024 Relaunch

Release Date: January 2, 2024
Guest: Solo Episode

Key Highlights:
Our relaunch episode kicked off the year by outlining an exciting new direction for Exploring Information Security. I’m shocked that this came out on top but there seemed to be some excitement at the return of the podcast. Which I’m very appreciative of and makes me want to kick myself for not bringing the podcast back sooner.
Listen Here: Exploring Information Security 2024 Relaunch

2. What Cybersecurity Tools Every Organization Should Have

Release Date: February 27, 2024
Guest: Rob Fuller

Key Highlights:
Rub Fuller shared insights into the essential tools that every organization should have to secure their digital infrastructure. The episode covered endpoint protection, threat intelligence platforms, and emerging technologies that simplify security operations. This was the result of a discussion we had during another podcast recording. I thought it was a great discussion to turn into it’s own topic.
Listen Here: What Cybersecurity Tools Every Organization Should Have

3. How to Hack a Satellite

Release Date: January 23, 2024
Guest: Tim Fowler

Key Highlights:
Tim Fowler took listeners on a deep dive into the vulnerabilities and challenges of securing space technology. From real-world case studies of satellite hacks to strategies for defense, this episode offered a unique and fascinating perspective on the intersection of cybersecurity and aerospace. This will continue to grow as a new field for cybersecurity very similar to how cloud security, identity access management, and AI have become their own fields. And as usual we’re already behind on securtiy…
Listen Here: How to Hack a Satellite

4. What Are the Hiring Trends in Cybersecurity for 2024?

Release Date: January 16, 2024
Guest: Erin Barry

Key Highlights:
In this insightful episode, Erin Barry analyzed the latest hiring trends in cybersecurity heading into 2024. The conversation touched on the growing demand for professionals with cloud and AI expertise, the importance of soft skills, and tips for breaking into the field. A must-listen for job seekers and industry leaders. This is a podcast I’d like to make a staple for the new year because it did seem to be a popular topic.
Listen Here: What Are the Hiring Trends in Cybersecurity for 2024?

5. How to Navigate a Career in Cybersecurity

Release Date: August 13, 2024
Guest: Ralph Collum

Key Highlights:
Ralph Collum shared his journey from entry-level roles to executive leadership in cybersecurity. The discussion covered mentorship, certifications, and strategies for navigating career plateaus. I always enjoy talking to Ralph. He’s very passionate about developing careers in Cybersecurity. It makes sense that this one would follow the hiring trends for 2024. I expect that with the current hiring market job seeking and career podcast episodes will remain popular.
Listen Here: How to Navigate a Career in Cybersecurity

6. How AI Is Impacting Cybersecurity

Release Date: July 30, 2024
Guest: Steve Orrin

Key Highlights:
Steve Orrin explored the dual role of artificial intelligence in cybersecurity, highlighting its use in threat detection and the ethical concerns it raises. The episode featured real-world examples of AI-driven security solutions and debated the future of automation in the industry. I really enjoyed this conversation with Steve because he’s not only an executive but someone who also attends DEFCON on a regular basis. He traverses both worlds well and has a very intelligence take on key topics in Cybersecurity.
Listen Here: How AI Is Impacting Cybersecurity

7. How Responding to Phishing Has Changed in the Last 5 Years

Release Date: January 30, 2024
Guest: Kyle Andrus

Key Highlights:
Kyle Andrus and I discussed how phishing has changed since I last had him on the podcast. I always enjoy have Kyle on because we always have a good conversation. In fact he and I have had a couple recording sessions at this point on other topics because we always end up talking about something else. I’ve got another recording sessions scheduled with him for early 2025 to talk about ransomware gangs.
Listen Here: How Responding to Phishing Has Changed in the Last 5 Years

8. How to Automate Information Security with Python

Release Date: July 23, 2024
Guest: Mark Baggett

Key Highlights:
Mark Baggett broke down the ways Python is revolutionizing cybersecurity automation. From simplifying vulnerability scanning to streamlining log analysis, this episode was packed with actionable insights for security professionals looking to enhance their workflows. Mark is the Python guru for Cybersecurity. He’s written an entire SANS class on it and he’s been talking about Python ever since I’ve been in the industry.
Listen Here: How to Automate Information Security with Python

9. What Is Mimikatz?

Release Date: February 6, 2024
Guest: Rob Fuller

Key Highlights:
Rob Fuller delivered an in-depth look at Mimikatz, a powerful tool often used in penetration testing and malicious attacks. He explained its functionality, provided examples of its use, and discussed the countermeasures security teams can implement to defend against it. I’ve dubbed Rob the Hacker Historian because of his wealth of knowledge in hacking. He made the Top 10 list three times this year and was also in the RERELEASE of the episode on the MS08-067 vulnerability.
Listen Here: What Is Mimikatz?

10. How Worrying Is SIM Swapping in 2024?

Release Date: August 6, 2024
Guest: Rob Fuller

Key Highlights:
Rob Fuller returned to discuss the NOT SO alarming rise of SIM swapping attacks in 2024. This was based on a LinkedIn post he made on SIM Swapping that got quite a bit of commentary. I thought it was a great discussion and would make for an interesting episode. Surprise! It was a great conversation and people seemed to engage with the podcast episode. These are the kind of episodes I want to have that challenge some of the norms within Cybersecurity.
Listen Here: How Worrying Is SIM Swapping in 2024?

Honorable Mentions

Two of the people I always wanted to have on the podcast but I was to scared to ask prior to shutting down the podcast was Troy Hunt and Patrick Gray. Both people have helped me navigate and shape my career in cybersecurity and I was happy that both agreed to come on. Both were absolutely amazing people to have a conversation with.

What is Have I Been Pwned?

The Origins of Risky Business with Patrick Gray

Finally, Dave Chronister has been a huge supporter of the show and a wonderful friend. He also runs a phenomenal conference called ShowMeCon (early-bird tickets available now!)! He’s always a joy to have on the show but this past year he sponsored several episodes and I had a lot of great conversations with presenters from the conference. I have probably never laughed more than I did talking to Kevin Johnson about whatever was on his mind. Also, I really enjoyed the panel we did at ShowMeCon. Unfortunately, I forgot to hit the record button and thus entered the mythical status as a podcast that only those present got to enjoy.

ShowMeCon: Kevin Johnson and whatever he wants to talk about

Final Thoughts

As always, I’m grateful to the listeners of the show. I don’t hear from a lot of them but based on the numbers and engagement they’re out there. I’m also super grateful to all the guests that have come on the show to share their insights and knowledge. I am looking forward to another great year of conversations with amazing guests!

What were your favorite episodes in 2024?