Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.
If you want to find out what’s happening in the world, you probably turn to your favorite news outlet. Maybe it’s your local paper or something more widely circulated, like the Washington Post or the New York Times. But if you want to find out what is happening on a day-to-day basis with cybersecurity governance and policy, you’ll need to have a stash of bookmarked blogs at the ready.
The experts behind the 22 blogs listed below break news, offer detailed commentary, and summarize important security details. The granular-level analyses these IT security blogs provide give a great amount of context and detail you can’t find in the mainstream press.
Andrew Hay is a former research director at OpenDNS, and he has an extensive background in cybersecurity. His blog, which dates back to July 2006, is updated consistently with news and happenings in the security community.
With a tag line that states “Connecting the information security community,” you know Dark Reading is worth the bookmark. Catch up on the latest breaches and hacks, cloud security updates, authentication and privacy happenings, and much more.
3. Data Breach
Data Breach writes loads of articles around risk management, compliance, fraud, and information security. (They published 46 articles in November alone!)
This blog was started over 11 years ago to “monitor the Mydoom worm's DDoS attack on sco.com.” They recently moved websites, but continue to blog regularly about malware and security concerns.
Fortinet, a network security company, has a great (and regularly updated) blog. We suggest you take a look at their top 5 threat predictions for 2016.
6. Hacker News
Hacker News is a “daily news source for IT professionals, webmasters and bloggers.” It focuses on cybersecurity news from the “best IT sources around the world.”
Brian Krebs is a former investigative journalist who breaks news on all of the major breaches. He explains breaches in layman's terms and does a great job of researching how the attackers get in. (By the way, this is one of my personal favorites!)
Sophos, a security hardware and software company, hosts the Naked security blog. It is a “threat newsroom” that covers security news, opinion pieces, advice, and research.
Paul's Security Weekly is a live web show (on Thursdays at 6 p.m. EST) that details the “latest information security news, research, hacker techniques, vulnerabilities, and technical how-tos.”
Politico Morning Cybersecurity is a daily summary of news surrounding the cybersecurity industry. It specializes in cybersecurity legislation, government cybersecurity, the latest cybersecurity research and reports, and quick bytes of security news.
11. Project Zero
This blog consists of updates from Google's dedicated “zero-day team” of security analysts, who focus on finding undisclosed vulnerabilities.
The SANS Institute is a well-known IT security and training firm, of which Frank Kim is the chief information security officer. His blog covers secure software development lifecycles (SDLC), vulnerabilities, and more.
Bruce Schneier is a preeminent security technologist and author. Schneier on Security hosts his blog (which is updated almost daily), news, essays, and newsletters, plus links to his books.
Securelist is a Russian-led website that features articles on security policies, incidents, technologies, research, and much more. It also hosts an encyclopedia and statistics on cybersecurity threats, viruses, and spam.
15. Securosis Blog
Noteworthy on this blog are the Summary posts, which offer a roundup of the author’s favorite articles both on the Securosis blog and from outside sources, as well as noteworthy podcasts, conferences, reports, presentations, news, and more.
These are the original thoughts of Taylor Swift, a rising superstar and information security expert. (Just kidding.) But this is a fun parody on that exact topic—and it’s worth a good laugh.
Not only does Richard Bejtlich discuss cybersecurity on his highly regarded blog, but he also discusses “strategic thought and military history.” Check out TaoSecurity for an interesting look at the security world.
The Register is an independent news source that offers views, opinions, and reviews on the latest in the IT industry.
19. Threatpost Blog
Threatpost offers articles, podcasts, and videos on topics like malware, mobile security, vulnerabilities, privacy, and much more.
The State of Security is an award-winning blog, which features a mix of industry news and analysis. It does a great job of breaking down current security news and events and explaining why the reader should care about the topic at hand.
Unique to the WatchGuard Security blog are the quick little videos called “Security Bytes” that explain new vulnerabilities, malware, and other problems (with links to the sources if you want to find out more).
Make sure to bookmark this page to stay up on “the latest in software/hardware security research, vulnerabilities, threats and computer attacks.”
Which blogs did we miss?
Tweet us @BitSight and tell us which IT security blogs we’re missing—they may show up in a later iteration of this article!
DOWNLOAD GUIDE: 40 QUESTIONS YOU SHOULD HAVE IN YOUR VENDOR SECURITY ASSESSMENT