One of the topics we’re passionate about here at TalkTechToMe is security, and there’s no better way to keep up-to-date and aware of all that is going on than by checking in regularly with our favourite security blogs.
We’ve compiled this list to share with you, so that you too can benefit from all the wisdom and sage advice you can find on these blogs. From best practices to how-to articles, to coverage on the security news that matters most, these 15 blogs are the go-to source for security information.
1. Network Security Blog – Martin McKeay has been blogging his views on security, privacy and anything else that catches his attention since August, 2003. His blog includes topics such as security in the cloud, firewall, hacking, malware, social networking, privacy, risk, testing and several other interesting security related posts.
2. TaoSecurity – Chief Security Officer for Mandiant, Richard Bejtlich, shares his knowledge and covers digital security and the practices of network security monitoring, intrusion detection, and incident response in his blog.
3. KrebsonSecurity – Brian Krebs came onto the security scene in 2001 after being hacked himself. Taking a very intense and personal interest in security, he’s become one of the most well-known names in information security, covering topics including the latest threats, security updates, data breaches, and cyber justice.
4. Andrew Hay – Andrew Hay is a Senior Security Analyst at 451 Research, and serves on the GIAC Advisory Board. A CISSP with four SANS certifications and a veritable alphabet of other security certifications to his name, his blog covers log management, compliance, firewalls, and more.
5. Amrit Williams Blog – This CTO of Quantivo by way of BigFix and IBM covers security topics including cloud computing, cybercrime, virtualization, and more. Williams’s writing is as entertaining as it is informative.
6. W. Mark Brooks – A Principal Advisor for Security and Compliance at EMC, Brooks’ blog focuses on compliance and ethics, information security strategies, intellectual property, process and more.
7. The AShimmy Blog – Alan Shimel is the founder and managing partner of The CISO Group, and frequently speaks at government conferences. His podcasts include some of the industry’s best and brightest, and his blog covers a broader range of security topics than practically any other blog on this list. Reading Shimel is like having a conversation with a wise friend who has written hundreds of posts full of knowledge.
8. IT Security Expert – Dave Whitelegg’s blog focuses on spam, botnets, identity theft and more, targeting the home user and the SMB market. His posts are easy to read and are the sort you can send to your friends when they want to read something targeted to a less technical audience.
9. Jon’s Network – Jon’s Network says it targets IT directors and network administrators, but its appeal is much broader with that. It’s a great place to pick up quick tips on a wide variety of security topics, and to get pointers to other great reads you might otherwise miss.
10. The New School of Information Security – Inspired by the security book that carries the same name, this blog keeps true to the spirit of the book and includes regular posts from several contributing authors. Together they focus on cloud security, data breaches, risk management, and other related topics.
11. Schneier on Security – Bruce Schneier is probably the most widely recognized name on this list, and for good reason. Blogging since 2004, Schneier has made a name for himself in the information security field, and he’s not afraid to share his opinions, no matter how controversial they may seem. You’ll come for the op eds, but you’ll subscribe for the entertaining and enlightening content.
12. Troy Hunt’s Blog – Hunt is a software architect, and his coverage of security issues related to software, databases, and coding shows it. His passion for security is probably one of the reasons he was awarded MVP status by Microsoft, and his writing is as entertaining as it is informative.
13. Kevin Townsend – Townsend’s byline is “Security centric issues, news and rants – and other things” and that sums up his blog better than most bylines we’ve seen. The rants are fun, the issues are informative, and the news summaries are another great way to catch things you might otherwise have missed.
14. Lenny Zeltser on Information Security – A SANS Institute instructor and senior faculty member, and Director at NCR Corporation, Zeltser’s blog focuses on malware and its involvement in breaches worldwide. One of his best recurring posts is his weekly summary of the best security reads of the week.
15. Dan Kaminsky’s Blog – You probably know Kaminsky from his work with securing DNS. His blog frequently gets far deeper into the technical weeds than most, but his ability to explain things clearly is a gift he shares generously, and his coverage of vulnerabilities in all aspects of networking helps you really understand the issues and implications.
So there you have it – 15 of the best security blogs on the web. Pay them all a visit, add them to your RSS feeds, and watch as your security IQ goes up by several points a week. And once you’re at it, you can also look for the latest news on online threats, social engineering ploys, and noteworthy scams on our GFI Labs.
But before you click away to do some heavy security reading, leave a comment and share your favorite security blogs so that we can add them to the list!