WyzGuys Tech Talk

Just how in the heck does a cybersecurity professional stay on top of the rapidly evolving threat landscape, the ever changing attacks and exploits, and new security solutions? I can assure you it involves a lot of reading.

Last month the Twin Cities chapter of (ISC)2 held a meeting on the topic of trusted sources for threat intelligence.  It seemed like a great topic idea, so I decided to share my list with my readers.  This list is not comprehensive, but one story leads to another, and this is how I discovered all these sites.  Most of these sites allow you to sign up and they provide the content via email newsletter, which is my preference.  This also is where I do a lot of my research for articles I post on the blog.  Weekend Update, my Saturday post, contains a loosely curated selection of articles from these sources that I felt are worth a look.

My threat intelligence sources are listed below:

• Krebs on Security https://krebsonsecurity.com/  Journalist turned cybersecurity researcher always has something worth reading.
• Schneier on Security https://www.schneier.com/  An expert on cryptography, cybersecurity researcher, speaker, and writer.
• AlienVault Open Threat Exchange https://otx.alienvault.com/
• The Internet Protocol Journal http://ipj.dreamhosters.com/internet-protocol-journal/issues/current-issue/
• US-CERT/CISA https://www.us-cert.gov/ncas Sign up for information on current activity, daily alerts, weekly bulletins, and periodic analysis reports.
• CIS Center for Internet Security MS-ISAC Multistate Information Sharing and Analysis Center https://www.cisecurity.org/ms-isac/  There are other ISAC groups for other industry sectors, sign up at the National Coucil of ISACs.  https://www.nationalisacs.org/
• IT-ISAC https://www.it-isac.org/blog
• Malwarebytes blog https://blog.malwarebytes.com/
• Wired https://wired.com
• Ethical Hacker Network https://ethicalhacker.net
• SecureWorld https://www.secureworldexpo.com/resources and https://www.secureworldexpo.com/industry-news
• Sophos Naked Security Blog https://nakedsecurity.sophos.com/
• KnowBe4 Cyberheist News https://blog.knowbe4.com/
• TechRepublic https://techrepublic.com  TechRepublic allows you to subscribe to dozens of different topic areas.
• Good Morning Silicon Valley/Mercury News https://www.mercurynews.com/
• TechDirt https://www.techdirt.com/
• Wordfence Blog https://www.wordfence.com/blog/  Critically important if you run a WordPress site, and a good source of web site security information for other website CMS platforms.

Here are some additional sites from peers of mine in the Twin Cities (ISC)2 Chapter.

• Reddit:  https://www.reddit.com/
• Twitter.com   following various security professionals
• Dark Reading: https://www.darkreading.com
• IT Pro Today:  https://www.itprotoday.com/
• SANS Newsletter: https://www.sans.org/newsletters

It told you it’s a lot of reading!  My basic strategy is to scan the headlines for topics that interest me or I need know about, and then dig in.  There is just too much going on to keep up with everything, but you can use these sites as a start, be a little choosy, and stay current with what you need to know for your organization or your role.