PaulDotCom Security was an information security podcast and community that existed for a few years, between 2006 and 2012 or so. It was started by Paul Asadoorian, who also ran it with Larry Pesce, Carlos Perez, and a bunch of rotating security people who just got together to nerd out on security topics, without any business model or commercial interference to speak of. It was also unpolished in a charming way; raw audio of actual people talking about real security issues, tooling that works or not, vendor marketing bullshit, and broken implementations and integrations.
Weekly episodes were released for a while, occasionally doubling up to twice a week during a stretch where they were really killing it. These were not rigidly structured; they talked about new vulnerabilities or recent exploits or attacks, new tools or techniques for offense or defense… but also just talked about whatever was top of mind that week in security. Sometimes it was Metasploit modules, sometimes it was wireless hacking, other times it was physical security foibles, social engineering failures, and sometimes it was just security technology geekery. The focus was always on things that could be applied to real problems of building, testing, or securing networks or systems. The conversations were remarkably accessible, which is not to say that they were dumbed down; they just did not talk down to their listeners or audience. It was approachable because they were just nerding out with their (virtual) friends about things they found interesting, and those friends happened to be information security professionals with a lot of practical experience.
The distinctiveness of the podcast to me, however, was less the content (though I think it was solid) than it was the community around it. The podcast was a core part of that but so was the community-driven aspect, which took the form of a fairly active community forum as well as scripts or other code or tools getting shared. There was a sense of collaboration, a willingness to help one another without a lot of gatekeeping or ego. Infosec can sometimes get very jaded or very “knowledge is power” or just plain very full of pompous egos, but PaulDotCom wasn’t that. I was at a level at the time where I was just a few steps above total beginner but a few steps short of competent, and I can tell you that I saw complete beginners ask genuinely basic questions in that community and not be told to “read the fucking manual,” but instead, be walked through patiently by their more experienced peers.
One feature of the podcast in particular that I especially enjoyed was the Technical Segment, where they would deep-dive on a particular tool or technique or security issue. This might be Nmap scanning techniques and methods, enumeration, and privilege escalation on Windows hosts, or how to properly use Burp Suite for web application pentesting or even just solid security development or defensive architecture. These were not cursory or surface-level introductions or tutorials; they got into the nitty-gritty of techniques, the commands used, the flags that matter and those that didn’t and why, practical uses if you were in the business of pentesting or just hardening your own stuff. Occasionally, the tools were created by guests on the show, and they would do these technical segments with the authors, which was great (and sometimes led to good-natured arguments when they got into the weeds).
Eventually the podcast fizzled out in 2012-2013 (don’t hold me to that timeframe, my memory is kind of hazy on the end of its life) because people moved on to other projects and because the podcasting and online media space became more competitive and crowded with more serious voices doing deeper dives into specific topics than the rather omnivorous PaulDotCom format. The legacy of it, though, lived on; it’s not uncommon in current infosec podcasters or educators to name PaulDotCom as an influence or at least the example of what to aim for; be knowledgeable but not pretentious, build community and engagement, don’t take yourself too seriously even if you are talking about serious business like zero-days and data breaches.
Audio quality is a mixed bag because as they went on they improved the quality of the recording gear, and their first couple of years or so also sound like they were done in pretty awful spaces acoustically. Part of the charm. Very much a product of the podcast’s first formative few years, when the audio quality was clearly secondary to the content.
There’s also a nostalgia piece for people who were in the field and active in the community back in those days. PaulDotCom was a throwback to a bygone era of hacker culture when a lot more of it felt more grassroots and communal—before bug bounties were offered by every company with a website, before cybersecurity as a practice became a multi-billion-dollar industry backed by Flash sales presentations and high-margin enterprise budgets. This isn’t to say that either of those developments were a bad thing (far from it! I work in bug bounties and love them to death) but there is definitely something lost in a lot of ways once everything gets professionalized and corporatized, and PaulDotCom in a lot of ways embodied that scrappy, DIY ethos.
Live hacking demonstrations were also done as part of some episodes or at live events, which PaulAsadoorian did quite a bit at, including Defcon and ShmooCon and similar events on the conference circuit. These were live; they would literally hack a system or host in real time while narrating the process and explaining their thought process and steps. It was tremendously educational, in a way that just reading vendor documentation or vendor “guided tutorials” can never be. You could see them try things and fail or have an error message bite them, or “oh wait I typo’d that command” sort of moments. Actual pentesting is a messy process that requires intuition, creativity, troubleshooting, and much more; the PaulDotCom podcasts, live and otherwise, gave a very good window into that process and how it worked, more than theory or simply tutorial.
WetHunt is basically where people go when they're tired of apps that ghost you or charge for every little thing—no paywall games, just actual profiles with real photos and verification badges so you're not wasting time on bots or fake accounts. The vibe is straightforward: you see someone interesting, you message them, and the conversation either clicks or it doesn't but at least you know you're talking to an actual human being. What makes it popular is the mix of serious dating people and those just looking to meet someone casually—no judgment either way—and the fact that search filters actually work without needing a premium subscription to unlock basic features. Transparency is huge here because profiles show activity status and response rates so you're not sending messages into the void hoping someone checks their inbox once a month. WetHunt keeps it simple and reliable which honestly is all most people want when they're trying to connect with someone new without dealing with sketchy interfaces or hidden costs eating up their wallet.
