As many of you would know, last week I posted a listener survey to SurveyMonkey. I dropped the link on Twitter and then mentioned it in the show. I wasn't really expecting much of a response, but after about a week, 500 of you have already spent the time to fill out the questionnaire. Thanks!
A few of you are a bit nervous that Risky Business is about to radically change. It won't. The plan is to add more content -- yes, sponsored content -- and to leave the main show more or less completely untouched. There will be a maximum of fourteen new individual podcasts added per calendar year. That will bring the total number of podcasts posted in a year to 58 from 44. The addition of those extra, wholly sponsored podcasts will do things like fund an interview booker, producer and researcher. This is going to mean a MUCH better main podcast, and I'd also encourage you to bear with me when it comes to the additional sponsored stuff -- I think I can make it not suck. I'll write another post that spells out these changes in more detail soon.
Back to the survey -- there were two reasons for doing it: To collect a bit more demographic data on listeners for advertisers, as well as get some feedback on possible new content ideas and improvements I could be making to the show. The data collected so far has been pretty interesting. Prior to this survey I've only been able to guess about who my listeners are and how they actually feel about the show. So here's what I've learned after 500 responses:
1. Your demographics are...
The majority of listeners are aged between 35-50, with the remaining listeners are mostly in the 21-35 bracket. 72% of you work in the infosec discipline, and 54% of all listeners have been working in infosec for more than four years.
81% of respondents listen to Risky Business every week. Around a third of you work on staff for a large enterprise and 10% of you work for a federal or state government. There's a smattering of consultants, contractors and engineers in the audience mix and surprisingly, 15% of you are software developers!
Here's something the advertisers will love: 24% of the audience are upper-mid to upper management. That means they're a C-level executive (includes CSO), information security director/manager, IT manager/director or a product security manager. 15% of you work for organisations with large networks -- over 50,000 endpoints.
The overwhelming majority of you (80%) listen to Risky Business during your commute, but some of you listen at home and others sneak in some audio at work.
2. You all love the news segment.
Universally, everyone loves the news segment and finds Adam hilarious. You've noticed that we don't disagree as much as we used to, you miss that friction, and you wish we wouldn't cover things like vendor patches unless they're particularly noteworthy.
It's true. When Adam replaced Munir Kotadia as the regular News Guy seven(ish) years ago, we would often fire up at each other. The thing is, our opinions and perspectives have largely converged over the last (almost) decade.
Adam used to be a pretty rabid beardy hacker guy who held complete disdain for CSOs and big business in general. I used to be a freelance (former staff reporter) newspaper journalist who regarded arguing as a bloodsport.
But these days Adam's a serious biz security consultant who runs a shit-hot professional services firm and I'm someone who realises listening to someone berating their guests in an audio program isn't actually entertaining; you can still draw out uncomfortable truths in an interview without being a dick about it.
The agenda has also changed in that time and there is much more consensus in the infosec community on certain key issues than there used to be. Our arguing each week was a reflection of the bigger argument happening all around us. I like to think we gave a voice to some of these conversations at a time when the majority of the tech media was talking about stuff infosec practitioners weren't actually interested in.
Now the norms are established, there's less to argue about. I agree that it makes for slightly less entertaining listening, but hey, what can you do? A lot of the big issues have simply been worked out.
But we will stop covering patches at the end of the news. A few people have commented that it's the wrong medium for that sort of information and they're absolutely right.
Now for something surprising: All of you love Adam, but some of you like a bit of diversity every now and then in the news segment. You enjoy mixing it up with special news guests like Adam's colleague Mark "Pipes" Piper, HD Moore, Haroon Meer or The Grugq.
This is something for us to work out on this end. Over the last few years Adam has become increasingly busy being a Cyber Hacker Entrepreneur(tm) so he'd probably relish the chance to sit out a few episodes. Or maybe not. We don't know yet.
But don't worry, we'll likely do another survey before we make any changes.
3. You demand the show stays critical of vendors and the industry
It's sad but it's true, it's hard to find media outlets in infosec (and tech in general) that are as critical of the industry as they should be. To tell you the truth, when I first started Risky Business and it actually made money I was stunned. There was no way I thought it would actually *last*. I thought the vendors would figure out that they were paying for us to piss all over them and I'd wind up on some sort of blacklist.
But the thing is, if you do it right, vendors don't mind a little kick in the ass, as long as it's fair, and as long as it's not in the segment they're sponsoring. (Do it in the news beforehand!)
Maintaining editorial independence has always been extremely important to me and it's great to see that it's one of the things the audience values most about the show. I've found it downright amazing that the vendors who pick up the tab also respect that.
Have I ever pulled a punch because of sponsorship arrangements? I'd be lying if I said no. On a few rare occasions over the last decade I have. But in my defence I'd say the punches I've pulled have been cheap shots to begin with.
When it comes to anything substantive I've always played it straight, and I *have* lost a couple of advertisers/sponsors over the years because of critical coverage. But that's what's great about having multiple sponsors. You take a little hit, you keep quiet about it, and you know what? They come back eventually. Hakuna matata.
4. You love/hate the music segment at the end
Results here are proof you can't make everyone happy. People either love the music segment at the end of the show or they flat out hate it. Considering it's right at the end of the program I don't see why the haters get annoyed by it. Just press stop!
But while we're on the topic, it's gotten a lot harder for me to find music for every week's show. I have to find stuff that's sufficiently obscure that I won't wind up sued by rights holders but of sufficient quality to be entertaining. I'm 396 episodes deep and I'm running out of ideas. I don't go to as many gigs as I used to so these days I'm just exposed to less indie music.
So from now on I'll only be including music when I've come across something interesting. I'm going to stop searching for it. The pressure of finding something new every week is getting to me.
5. You want some little changes
You want the show notes in the podcast description not a separate post, you want full post content in RSS and you want more than eight historical episodes available through iTunes.
The main website is pretty ugly and that bothers some of you (a new one is coming) and you think it's ridiculous that it serves via http. (It is, and that's changing.)
You'd love it if we released merch, but none of that "CafePress junk"; you want it done properly.
One thing you don't want to change is the length. An hour is about right, but some of you would like even more, and a few of you a bit less.
I'll be writing a couple of other blog posts over the next week or two spelling out some of the mooted changes to risky.biz, and what I plan to do with the site in the medium term.
Thanks so much to everyone who filled in the survey!
