Now I’ve spent weeks filling your heads with the how’s and whys of Cyber Security, possibly scarring you for life or worse (like helping you choose to enter the field), I suppose I should give you an extra boost, for I am a kind, benevolent Internet stranger. This is not a happy gift, it is one loaded with addiction, bleary-eyed mornings and red-eyed nights spent down this rabbit hole. This is how you keep on track of the outside world, and learn how to keep it from getting inside your nice, cosy, secure network. Say farewell to a social life, and hello to my last listicle of the year: welcome to my resource starter pack. Happy reading!
I would recommend learning a bit about your browser, how to run multiple instances of it and controlling users. Unless you are super-organised and proficient with bookmarks, you will need another browser instance for all your resources, both the ones you pick from below and those you find yourself. If you run Chrome, it might be time for a RAM upgrade!
Before I start categorising these links, there’s this one you might want to look at first. This might be one of the most important tools you can access, as it presents you with a one-stop shop of curated CyberSec feeds from varying trusted sources. Infosec Industry curates alerts, articles, Twitter feeds and more from some of the most respected sources in the field. Also really useful for training your eyes to read separately, and driving yourself mad.
As you can imagine, like with every other subject matter on the planet, there are a lot of InfoSec blogs out there. Thousands of the damn things, actually, and not all of them good. You will get some of these from the Infosec Industry list above, but some are worth the separate mention.
Brian Krebs is one of those. Krebs on Security is one of the most widely respected and read security blogs in the world. He’s hot on the latest news and provides an in-depth analysis.
Daniel Miessler is a practicing InfoSec professional, and his blog is a very useful tool. His writing is clear and easy to follow, and he often posts detailed explanations and tutorials in various aspects of cyber security, technology and other random things that catch his interest.
Tisiphone, a.k.a. Lesley Carhart writes, speaks, lives and breaths cyber security and digital forensics. She does this a lot, and does it very well. Her Tisiphone blog contains some really good information and great advice for people breaking into the industry, so be sure to give it a read.
Javvad Malik over at AlienVault is one of the Big Names (like the aforementioned Krebs), and reading his blog it’s clear why: insightful, considered posts composed with a light touch. Nice, easy reading.
Anther Big Name is Jeremiah Grossman: the man described as the “embodiment of converged IT and physical security” by InformationWeek. He knows lots of things about security, and can tell you about them while killing you with his hands and feet in a fancy flurry of Brazilian Ju-Jitsu moves. It is very possible I have a man-crush.
Finally, I would recommend keeping up with corporate blogs from the big players: Anti-malware companies like F-Secure, Sophos’ Naked Security, Webroot’s Threat Blog, and Norton are good ones, but look at them all and find your preferences. Other Security vendors’ blogs to check out include Check Point, Cisco’s CyberSec blog (although it’s always worth watching what Cisco are up to in general), SentinelOne and RSA.
I was going to do a section on newsletters, but given the state of my mailbox (after 2 rounds of cleaning up), I’ll leave things at the blogs, and let you sign up to the ones on offer by the bloggers.
Sometimes, a podcast is easier than a blog or newsletter. I’ve drawn up a short list here, but there are collections and lists abound, just a Google search away.
Defensive Security is the go-to podcast. You will need a couple of hours though, so if you have a bit of a commute, this will work out nicely.
Unsupervised Learning by Daniel Miessler tries to compress about 5 hours of reading into ~40 minutes. Really good quality stuff, and is published as a newsletter weekly, too.
Data Driven Security is a monthly podcast that focuses on security through data analysis.
SANS StormCast Information Security podcast is a short, daily threat alert podcast.
Down the Security Rabbithole features guest experts and talks through some of the bigger events of the week.
OWASP The Open Web Application Security Project’s 24/7 blog, like their site, discusses everything to do with web application security.
Security Weekly gives a good overview of a week in security.
Just a bunch of random, useful links that will come in handy:
Peerlyst – A platform for all manner of CyberSecurity resources.
Infosec Resources 4 All – GitHub repository with some really good material
Swift on Security – A security-focused Taylor Swift parody account. Pure Gold.
The Open Source Cyber Security Playbook – Cyber Security planning tool
The National Cyber Security Centre – The GCHQ-based Cyber Security agency
Institute for Security and Open Methodologies – Security research organisation
The Register – Tabloid parody news outlet for IT. Also hosts new BOFH stories. Read them, laugh, weep then go to the pub.
I think that’s about everything covered. I would put a Twitter list in, but I don’t really use it myself. If you are interested, plenty of the folk in everything I’ve mentioned have accounts, and have recommended people to follow. Enjoy the information overload!