Introducing Snake Oil, a new podcast from Risky.Biz!

Roll up, roll up, and let me tell you about its amazing healing properties!

As many of you would know, Risky Business has been through a bit of change over the last couple of years. What started as an Australian security podcast launched with the intention of making me just enough money not to have to write about enterprise storage systems for magazines anymore (the horror) has actually become a popular media outlet for infosec pros.

These days, each episode of Risky Business clocks up about 16,000 downloads, with approximately 50% of the audience in the USA and the rest scattered all over the globe. That means we actually have a really great reach into the industry.

Last year I set my mind to “modernising” Risky.Biz. I wanted to be able to grow the business side of things without killing off the thing that makes it worth listening to – the fact that we don’t take ourselves too seriously, and the fact that we cast a critical eye over the infosec industry.

As some of you will know, the Risky Business weekly sponsorships are ridiculously popular. Our weekly show sponsorships are currently booked out until 2018 and have been since January.

With that in mind, I came up with two new podcast ideas that would be commercially successful yet still deliver something valuable to the audience: The Soap Box podcast and the Snake Oil podcast.

The idea behind the Soap Box podcasts is pretty simple – a CTO or other senior exec from a major vendor can spend 45 minutes chatting with me about the way they see things, and the company they work for sponsors the exercise. Some people were concerned it would consist of 45 minutes of a CTO just pushing product, but that’s not the way it’s worked out, and it was never the intention. We’ve already published one of these, with HPE Fortify’s Jason Schmitt talking about DevOps and security. You can listen to that one here.

We’ll be running a maximum of one of those per month, pushed to the main feed. The nice thing about doing a podcast like Risky Business in 2017 is the vendors are capable of having really interesting discussions about security concepts. That wasn’t possible in 2007 when we launched, and it’s what Soap Box is designed to facilitate and I think it’s working well.

The other podcast series we’re launching is something we’ll be doing four or five times a year called Snake Oil.

The idea behind the Snake Oil series is to get five vendors together into an hourlong podcast to each pitch a specific product for about 10 minutes. Now, before you think “ye gads, I don’t want to listen to sales people prattle on about their box with lights that goes BING!” I want you to consider that a lot of Risky Business listeners are technology buyers. And where can you actually go for decent product information?

The copy on most infosec vendors’ websites consists primarily of indecipherable gibberish and Gartner reports are more of a guide to what people are using than specific product capabilities.

This is different. You remember those lift-outs infosec magazines used to do that were pay-to-play product information guides? Think of this as an audio equivalent of that.

The idea behind this product series is listeners who actually have to buy tech can get five, high-quality pitches that actually answer such questions as:

* What are you selling us today?
* Who is the typical buyer? (Operations? Management? Development?)
* What does your product actually do?
* Who are your competitors?
* Why do you think yours is better?
* How much does it cost?

This will save them approximately five hours of lunches with vendor salespeople who can’t actually answer those questions. We’re not offering any endorsement of the products on sale, we’re just a conduit, connecting distilled vendor pitches to the 16,000 or so weekly Risky Business listeners.

Of course the name “Snake Oil” is a gag. For a long time the products peddled by the information security industry were indeed about as affective as carnival-sold snake oil for arthritis. Thankfully there’s been a trend towards more useful stuff these days, but hey, we still want to have fun with the name.

As I say, we’ll only be doing four or five of these a year, and we genuinely think they’ll be useful for a whole bunch of our listeners. Even those of you who aren’t actually tech buyers should find it an efficient way to figure out which vendor sells which product and what they claim it does.

So that’s it! We’re hoping to publish the first Snake Oil podcast in late March, but that’ll really depend on what the demand is like from the vendor side. But the tl;dr is you can expect 10-11 Soap Box podcasts in your feed every year, and maybe 4-5 Snake Oil podcasts. We’re going from 44 podcasts a year to 58-60.

Also, I hope it goes without saying that buying any Risky Business sponsorship product doesn’t shield any vendor a free pass from criticism in the weekly show. Credibility is currency in media, especially in infosec, and we know who really butters our bread: the listeners.

Of course if you’re not interested in listening to the Snake Oil stuff, just don’t download it! Listening isn’t mandatory. That said, we think you’ll probably quite like it. And if you’re a vendor who’s interested in participating in a Snake Oil podcast, please contact

We’re quite familiar with what marketing products in the infosec space look like, and if you can’t find budget to do this, frankly you’re mental.