The world of information security moves so unbelievably fast. Blink and you could miss a critical RCE exploit disclosure. For fellow blue team members it's especially important to make sure you're up to date on what's happening as you may be able to spot IOC's early in the killchain and react fast enough to prevent serious breaches. Trying to juggle work, a social life, side projects and certification grinds is already hard enough and trying to find time to read and keep informed just adds to the already crunched time you have, with that said I would like to put forward how I manage to squeeze the news into my schedule:
Luckily for me I have a commute on public transport to get to work giving me a 30 minute window to browse my bookmarked websites looking for articles that may have a direct impact on my work. It's important to be efficient when consuming news, I know there are some really interesting articles out there but try your best to scrub through the items that could have an impact on your work first before reading the fun stuff to maximize efficiency. For example, I am currently a Threat Hunter and thus information on ongoing or rebooted malware campaigns can really help guide investigations where IOCs match a campaign I've read about.
Next I listen to podcasts while cooking dinner or cleaning my apartment. These are boring tasks I can perform on auto-pilot so podcasts are a great way to pass the time and gain some good information on current security affairs. Some of the podcasts below have some good humor and can give you a good laugh every once and a while.
With all of that said, below are some of my favourite resources for security news:
The Risky Business Podcast is the best security weekly recap/coverage I can recommend to anyone. Whether you're a security degenerate like me or someone new to the industry the Risky Business Podcast by Patrick Gray and Adam Boileau is just the A* standard for security podcast content with excellent current affairs coverage, expert opinions and some great laughs. Pair with this Risky Business News podcast every other day and you'll be up to date one every notable security matter. This is the ultimate combo!
| Name | Frequency |
|---|---|
| Risky Business | Weekly |
| Risky Business News | Tri-Weekly |
| Sophos Naked Security Podcast | Weekly |
| IBM Security Intelligence | ~Tri-Monthly |
| Name |
|---|
| The Register |
| The Hacker News |
| CSO |
| Bleeping Computer |
| Krebs On Security |
| Cyber Magazine |
| Graham Cluley |
| Sophos Naked Security |
| State Of Security |
| Risky Business News |
| Handle | Category |
|---|---|
| @bleepingcomputer | General Security |
| @malwrhunterteam | Malware |
| @TheHackersNews | General Security |
| @vxunderground | Malware/Ransomware |
| @ido_cohen2 | Malware/Ransomware |
| @briankrebs | General Security |
| @lennyzeltser | General Security |
| @schneierblog | General Security |
| @campuscodi | General Security |
| @RansomwareNews | Ransomware |
If I've missed and good resources please direct message me on Twitter!