Top 10 Information Security (InfoSec) Blogs To Read in 2018
We’ve said before that communication is key for Information Security (InfoSec) experts, observers, and solutions seekers. We did not say that in idleness. Hackers are developing their own channels to exchange tactics, tips, and products to inflict greater damage and glean great profits from their crimes. If information security professionals are going to keep up, they have to stay abreast of each other’s works, findings, and analyses of products, headlines, and predictions.
But doing that takes time, effort, and knowing who are the top voices in the field to follow. Blogs are a great resource in this regard, but with hundreds, even thousands of InfoSec blogs out there, how do you know where to start?
Fortunately, we’ve combed through the information security blogosphere and picked the 10 InfoSec blogs and websites we’ve found most influential, presented here in no particular order.
Of course, this list is totally subjective, so if you think we’ve missed anything, feel free to let us know on social media!
Graham Cluley is a British information security blogger who was inducted into the InfoSecurity Europe Hall of Fame in 2011, receiving an honorary mention in the “10 Greatest Britons in IT History” for his contribution as a leading authority in Internet security. His blog strikes the perfect balance between humorous and informative, providing excellent best practices advice without becoming overwhelmingly technical or dry. It’s a great way to stay informed and to grow from the deluge of headlines in our field.
Dark Reading is an internet security news site and online community for security professionals, providing the latest information security news and commentary. DR maintains a dedicated page for nearly every aspect of information security. It is virtually required reading here at the Solutions Review InfoSec desk, as their experts cover everything from the latest headlines to the gender gap in cybersecurity staffing to follow-up reports. It is a great resource for Infosec professionals anywhere.
Krebs on Security
Brian Krebs is an independent investigative journalist covering cybercrime. Krebs was formerly a security reporter at The Washington Post where he won widespread recognition for his work exposing some of the biggest corporate data breaches of all time, such as the incidents at Target and Home Depot. He’s one of the most recognized names in the field, and he’s been able to speak with industry thought leaders and explore headlines that would escape the notice of other publications. Krebs on Security is a vital read for those both looking to keep up and to get a sense of where the field is going.
TaoSecurity is the brainchild of Richard Bejtlich, chief security strategist at FireEye. His approach is more historical, framing information security through the lens of military history and strategy. His blog will appeal to those with an interest in both InfoSec and History (we know you’re out there), but also people looking for a fresh, straightforward voice on the subject that will give an unbiased account of the latest headlines and best practices. He will also appeal to readers looking for more condensed pieces rather than long-form; that seems to be his penchant, which can be a welcome change of pace.
Founded by Paul Asadoorian, Security Weekly is, as it suggests, a weekly blog featuring live video broadcasts, podcasts, written posts, and other media, all of which explore security-related topics. With the express objective of turning their audience into “security ninjas,” Security Weekly covers not only InfoSec News but the latest hacking techniques, product tutorials, and InfoSec research. Asadoorian was formerly an instructor at the SANS Institute and is currently working as a product evangelist for Tenable Network Security; he’s also very entertaining, which can be a relief in a field often feels quite dry.
Dr. Eric Cole
Dr. Eric Cole has been in the information security field for more than 20 years, and his experience shows in his Computer Security Specialist blog. His work is ideal for people looking to go into more detail about the threats plaguing enterprises today; his blog features both longf-orm written posts that examine the best practices conversations in the field and shorter pieces that cut to the heart of the issue. He’s knowledgeable, professional, and great for answering questions you didn’t even know you had. Solutions Review recently got the chance to speak to him about the Spectre and Meltdown vulnerabilities.
This is a technical industry, but every industry has a culture embedded within it. LiquidMatrix is an excellent publication that not only looks at the latest InfoSec headlines in short post, long-form, and podcast formats, but it also deconstructs and critically examines the culture of InfoSec professionals. Some recent posts examined the notion of the security rock star and the fractured status of communication in the industry, both of which were fascinating and necessary. LiquidMatrix is hosted by four opinionated security pros who aren’t afraid to speak their minds.
Schneier on Security
Bruce Schneier is a lot of things: one of the creators of the Blowfish cipher algorithm, a fellow at Harvard Law School’s Berman Center for Internet & Society, author of several books on computer security and privacy, and an InfoSec thought leader for the past 10 years. He’s a renown cryptography expert, and he also discusses privacy issues for those interested in the political aspects of our field as well as those interested in the science of encryption. Some of his content is behind paywalls, but what is available is intriguing and detailed.
The Security Ledger
The Security Ledger is the blog of Paul Roberts, a former ThreatPost (the Kaspersky Lab blog) editor and analyst at 451 Research. He also provides commentary and analysis of the latest InfoSec headlines and has his own podcast, but with a noticeable twist. Roberts is very much interested in internet of things (IoT) security, a niche that is rapidly becoming more and more central to the InfoSec conversation as that aspect of communication and interconnectedness grows. His work is certainly worth a look for those looking to secure an ever increasing network.
SC Magazine is a global publication with the goal of “arming information security professionals with the in-depth, unbiased business and technical information they need” to combat security challenges. They have editorial teams in both the U.S. and U.K. to post news, opinion pieces, and even white papers. They’re another must-read here at the InfoSec desk, as they are always on top of the latest headlines.