Patrick Gray hosts the podcast Risky Business, which is much loved by hackers and the wider Information Security scene. It features breaking hacking news and insightful interviews with security professionals, and has been described as the “must-listen digest” for anyone interesting interested in the culture.
What is it that you do and how did you get into it?
I make a weekly information security news and current affairs podcast. I was a print journalist covering security from about 2001, but I’d gotten sick of writing the same old crap for a general IT audience. I decided to start a podcast so I could delve into the real nitty gritty. The first episode was published on Feb 20, 2007, and it found an audience in the infosec world pretty quickly and I'm still doing the show weekly, ten years later.
Why do you love doing it?
I guess I love it because I have a genuine interest in the material. Can you imagine being a full-time security reporter from 2001 to 2017? I’ve watched security come out of nowhere and eat the mainstream agenda. Fifteen years ago nobody cared about “computer security,” but today, “cyber” is dinner table conversation everywhere. Everyone seems to have an opinion these days. It makes what I do more important I guess, so I don't have plans to jump into anything else anytime soon.
Best or most interesting work experience of the last year?
Absolutely, 100% the DNC leaks. As soon as we saw the Crowdstrike report in July 2016 we knew what this was going to look like. It was so clear from what we were seeing that this was a state-backed operation. We know what it looks like when a teenager phishes a politician or senior bureaucrat, and this didn’t fit the mould. It just screamed Russia from the get-go. One of the nice things about running a podcast like Risky Business is we've been around long enough to make those calls and not get laughed at. The disinformation being spread on this one is outrageous, and it's been amazing to watch the politicization of a discussion of security issues.
Any advice for young people looking to do what you do?
Absolutely none. I had a very weird path into my job. I’m a fully qualified electronics engineer by education and fell ass backwards into tech journalism, but I’d done community radio as a teenager and knew a lot of hackers at high school. I think my job found me, rather than the other way around. As for people who want to get into the industry side of things, there are some clear paths these days. If you're interested in the “hacking” side these days you can go buy The Web Application Hacker’s Handbook and go hit up a few bug bounties. It's a quick way to rack up experience that wasn't available to people even a few years ago.
Any advice for the public about security or the internet in general?
All the oldies I guess. Patch your computer when there are updates available, run at least some antivirus software and do a bit of reading about what phishing is.
How do you like to spend your spare time?
Well I used to surf a lot but there’s been a spate of shark attacks here (in Australia) over the last few years so I’m out of the water, at least for now. I live near the beach in a beautiful small town on the NSW North Coast, so I spend a fair bit of time at the beach and just hanging out with friends. We do a fair bit of camping in remote places, too. I guess I like nature-inspired things because they balance out spending my professional life glued to computers.
"Can you imagine being a full-time security reporter from 2001 to 2017? I’ve watched security come out of nowhere and eat the mainstream agenda. Fifteen years ago nobody cared about “computer security,” but today, “cyber” is dinner table conversation everywhere. Everyone seems to have an opinion these days."