Information security is one of the most important areas in enterprise IT today, and it’s only becoming more prominent as large-scale breaches of corporate networks and political organizations continue to shake consumer trust and incite ever-increasing government regulation.
Staying on top of the latest industry news and trends is a big part of the job for any InfoSec pro, and blogs are a great resource, but with hundreds, even thousands of InfoSec blogs out there, it can be difficult to know where to start.
Lucky for you, we’ve combed through the security blogosphere and pulled the top 17 most influential InfoSec blogs and websites, presented here in no particular order.
Of course, this list is totally subjective, so if you think we’ve missed anything, feel free to let us know in the comments.
Graham Cluley is a British security blogger who was inducted into the InfoSecurity Europe Hall of Fame in 2011 and was given an honorary mention in the “10 Greatest Britons in IT History” for his contribution as a leading authority in Internet security.
SC Magazine is a publication with the goal of “arming information security professionals with the in-depth, unbiased business and technical information they need” to handle security challenges, and they do a pretty good job of that.
SC Magazine has editorial teams in the US and UK, and posts a steady stream of cyber security news, as well as opinion pieces and white papers.
London and New York City-based Info Security magazine is dedicated to the strategy and technology of information security and is a valuable resource for the latest security news and best practices.
Dark Reading is an internet security news site and online community for security professionals providing the latest information security news and opinion. DR maintains a dedicated page for nearly every aspect of security and is a great resource for infosec news and opinion.
Security Balance is a popular blog by Augusto Barros, who has been working in Information Security for over a decade. Barros is currently working as a Research Director at Gartner, where he focuses on security and risk management.
The Data-Driven Security blog (and book) is a collaboration between Jay Jacobs and Bob Rudis aimed at helping security domain practitioners “embrace and engage all elements of security data science to help defend their organizations.”
Schneier on Security
Bruce Schneier is one of the creators of the Blowfish cipher algorithm, a fellow at Harvard Law School’s Berkman Center for Internet & Society, and the author of several books on computer security and privacy. Schneier is a bit of an authority on encryption and, as such, many of his posts deal with privacy and encryption.
Dan Kaminsky’s Blog (FKA DoxPara Research)
The personal blog of Dan Kaminsky, a security researcher and chief scientist at White Ops. Kaminsky is best known for his work finding a critical flaw in the Internet’s Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet’s infrastructure of all time.
Krebs on Security
Krebs on Security author Brian Krebs is an independent investigative journalist covering cybercrime. Krebs was formerly a security reporter at The Washington Post where he won widespread recognition for his work exposing some of the biggest corporate data breaches of all time, such as the ones at Target and Home Depot.
Founded by Richard Bejtlich, chief security strategist at FireEye, TaoSecurity is a popular blog that views digital security through the lens of military history and ‘strategic afterthought.’ Perfect for dual InfoSec/History nerds (I know you’re out there).
Paul’s Security Weekly
Founded by Paul Asadoorian, Security Weekly is a popular blog featuring written posts as well as a series of podcasts and webcasts covering security-related topics. Asadoorian was formerly an instructor at the SANS Institute and is currently working as a product evangelist for Tenable Network Security.
Wired’s Threat Level
Probably the most established and “mainstream” news outlet on this list, Wired isn’t exactly known for security news, but the Wired team deftly tackles issues of privacy and security.
Matt Flynn’s Identity Management Blog
The personal blog of Matt Flynn, an identity management specialist at Oracle. Flynn’s covers identity management and security with a depth and precision that’s hard to beat.
ThreatPost (AKA Kaspersky Labs News)
One of the most popular security blogs on the net, ThreatPost is Kaspersky Lab’s security news blog and is run by a team of infosec experts covering a wide range of security topics including malware, vulnerabilities, and threat protection.
Liquidmatrix provides both long-form articles and lively and entertaining podcast is hosted by four opinionated security pros who aren’t afraid to speak their minds.
Sophos Naked Security
Advanced Data Protection provider Sophos’ Naked Security blog features content from security experts with a specific focus on malware and advanced data protection, naturally.
The Security Ledger
A blog from Paul Roberts, a former ThreatPost editor and analyst at 451 Research, The Security Ledger brings an independent view on cybersecurity with a keen focus on the future of the internet of things.
Widget not in any sidebars
Latest posts by Jeff Edwards (see all)
- Key Takeaways from Gartner’s New 2017 Access Management Magic Quadrant - August 18, 2017
- Key Takeaways From Forrester’s 2017 Risk Based Authentication Wave Report - August 15, 2017
- 7 Resources on Our Identity and Access Management Reading List - August 10, 2017