Just how in the heck does a cybersecurity professional stay on top of the rapidly evolving threat landscape, the ever changing attacks and exploits, and new security solutions? I can assure you it involves a lot of reading.
Last month the Twin Cities chapter of (ISC)2 held a meeting on the topic of trusted sources for threat intelligence. It seemed like a great topic idea, so I decided to share my list with my readers. This list is not comprehensive, but one story leads to another, and this is how I discovered all these sites. Most of these sites allow you to sign up and they provide the content via email newsletter, which is my preference. This also is where I do a lot of my research for articles I post on the blog. Weekend Update, my Saturday post, contains a loosely curated selection of articles from these sources that I felt are worth a look.
My threat intelligence sources are listed below:
- Krebs on Security https://krebsonsecurity.com/ Journalist turned cybersecurity researcher always has something worth reading.
- Schneier on Security https://www.schneier.com/ An expert on cryptography, cybersecurity researcher, speaker, and writer.
- AlienVault Open Threat Exchange https://otx.alienvault.com/
- The Internet Protocol Journal http://ipj.dreamhosters.com/internet-protocol-journal/issues/current-issue/
- US-CERT/CISA https://www.us-cert.gov/ncas Sign up for information on current activity, daily alerts, weekly bulletins, and periodic analysis reports.
- CIS Center for Internet Security MS-ISAC Multistate Information Sharing and Analysis Center https://www.cisecurity.org/ms-isac/ There are other ISAC groups for other industry sectors, sign up at the National Coucil of ISACs. https://www.nationalisacs.org/
- IT-ISAC https://www.it-isac.org/blog
- Malwarebytes blog https://blog.malwarebytes.com/
- Wired https://wired.com
- Ethical Hacker Network https://ethicalhacker.net
- SecureWorld https://www.secureworldexpo.com/resources and https://www.secureworldexpo.com/industry-news
- Sophos Naked Security Blog https://nakedsecurity.sophos.com/
- KnowBe4 Cyberheist News https://blog.knowbe4.com/
- TechRepublic https://techrepublic.com TechRepublic allows you to subscribe to dozens of different topic areas.
- Good Morning Silicon Valley/Mercury News https://www.mercurynews.com/
- TechDirt https://www.techdirt.com/
- Wordfence Blog https://www.wordfence.com/blog/ Critically important if you run a WordPress site, and a good source of web site security information for other website CMS platforms.
Here are some additional sites from peers of mine in the Twin Cities (ISC)2 Chapter.
- Reddit: https://www.reddit.com/
- Twitter.com following various security professionals
- Dark Reading: https://www.darkreading.com
- IT Pro Today: https://www.itprotoday.com/
- SANS Newsletter: https://www.sans.org/newsletters
It told you it’s a lot of reading! My basic strategy is to scan the headlines for topics that interest me or I need know about, and then dig in. There is just too much going on to keep up with everything, but you can use these sites as a start, be a little choosy, and stay current with what you need to know for your organization or your role.
ShareDEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com