Whether you prefer bookmarks, RSS feeds, or mobile readers, keeping up with information security trends and developments is made infinitely easier through the work of great bloggers. We’ve scoured the Internet for the best of the best, and compiled this list to help you find your next set of bookmarks.
Many of the blogs on this list come from well-known industry pundits, others are rare gems we simply couldn’t leave out.
1. Schneier on Security
The first blogger on our list should be familiar to many of you. With twelve best-selling books, a monthly newsletter, and 250K subscribers, this is the guy the US Congress calls on to explain the really important security stuff.
2. Krebs on Security
Brian Krebs was a reporter for the Washington Post who “fell into” security when he himself was hacked in 2001. Since then he has made a career out of reporting on information security issues.
3. Troy Hunt
A developer security MVP from down under, Hunt blogs regularly on software and security as well as presenting at security conferences world-wide.
4. Lenny Zeltser on Information Security
Zeltser is a member of the SANS Institute, training on digital forensics and malware combat and a member of the board of directors at the SANS Technology Institute. He also leads data protection efforts at NCR, and blogs regularly.
5. Graham Cluley
Cluley is an independent blogger and speaker and presents regularly at conferences around the world whilst covering security news across a diverse range of topics.
6. Roger’s Informative Security Blog
Blogging since 2004, Roger McClinton shares this about himself. “In a previous life I was security administrator responsible for the day to day computer security at a mid-sized beltway bandit. In that role I would recommend, evaluate, select and implement security solutions. This included things like PKI, Desktop Encryption, EFS, Desktop Endpoint Protection, DLP, IDS, Firewall, vulnerability scanning, patch management, FISMA, and NAC. You get the idea. The list could go on and on.”
7. Xavier Mertens Blog
His “About Me” page reads; “Xavier Mertens aka “xme“, proud Dad of two kids, information security consultant by day, security blogger and hacker at night. I can easily be found on social networks and websites via my “Belgian Blowfish” avatar, derived from the OpenBSD official logo. Most information about my business profile have already been leaked to LinkedIn.” Mertens’ blog includes coverage of both hardware and software and dates back to January 2003!
An Irish security consultant, Brian Honan, is recognized internationally as an expert in the field of information security and has worked with numerous companies in the private sector and with government departments around Europe.
9. TAO Security
Richard Bejtlich isChief Security Strategist at FireEye andmaintains his personal blog covering digital security, strategic thought, and military history.
There’s nothing wrong with teamwork, and this next set of blogs comes from teams of infosec pros who have come together to help others.
10. Security Bloggers Network
The Security Bloggers Network boasts one of the largest collection of information security focused blogs and podcasts from 300 different sources.
11. Security Bistro
Security Bistro is a forum where IT security professionals meet to talk and share information about the latest cyber threats and how to counter them.
The next set of blogs come straight from leading companies in the Information Security space. Teams of authors and contributors to this as a way to give back to the community, and may also share their own slant on certain issues.
12. Naked Security
Award-winning computer security news from Sophos.
13. Tripwire’s The State of Security
Another award-winning blog, the State of Security features the latest news, trends and insights on current information security issues, including risk, compliance, incident detection and vulnerability research.
14. Hot For Security
This is more of an aggregation of posts from leading security bloggers as well as new coverage in information security brought to the Internet by Bitdefender.
Darknet is all about Ethical Hacking, Penetration Testing & Computer Security. Their motto? Don`t Learn to HACK – Hack to LEARN. On this blog they share and comment on interesting infosec related news, tools and more.
16. SecuriTeam Security Blog
SecuriTeam covers a wide range of topics which include security news, security reviews, exploits, tools, UNIX focus, and Windows focus.
17. Tech Republic IT Security
TechRepublic blogs offer a number of different topics whilst their security blog offers regularly updated content on news, trends, and best practices.
Javvad Malik is a Senior Analyst at 451’s Enterprise Security Practice (ESP), providing in-depth, timely perspective on the state of enterprise security. He also blogs about emerging trends, competitive research, new product and go-to-market positioning, investment due diligence and M&A. He also an avid YouTuber with a regular series of videos worth checking out.
19. Dark Reading
Information Week brings Dark Reading to the web. They describe themselves as “one of the most widely-read cyber security news sites on the Web, Dark Reading is now the most trusted online community for security professionals like you.”
20. The Stay Safe Online Blog
The National CyberSecurity Alliance (NCSA) maintains this blog, and includes content for a variety of audiences and skill levels. It’s a great source of security information that can be shared with non-technical audiences too.
21. Veracode Security Blog
Veracode does application security testing, and their team puts out a great blog on application security and best practices. Aimed more towardsdevelopers and security pros who work with developers, it is a great source of information on best practices and current trends.
22. Google’s Online Security Blog
We had to mention this one! The latest news and insights from Google on security and safety on the Internet.
23. F-Secure Weblog
The blog of F-Secure Labs – the “security center” of F-Secure – is maintained by the personnel responsible for analyzing virus, phishing, spyware, and spam attacks.
The SANS Institute
The SANS Institute maintains a number of great information security blogs. They cover a wide area of expertise and provide a wide range of content. . Here is a list of what we consider to be their best eight.
24. SANS Computer Forensics Blog
25. SANS Security Awareness Blog
26. SANS Cloud Security Blog
27. SANS Security Trends Blog
28. SANS Internet Storm Center Diary/Blog
29. SANS Penetration Testing Blog
30. SANS Software Security Blog
31. SANS Cyber Defense Blog
Microsoft also maintains a number of blogs with a focus on information security. The DCU blog is one of my personal favorites!
With so many great blogs, we’re bound to have missed a few that you keep bookmarked, so why not let us know what your favorite security blogs are in the comments section below?