Cybersecurity is a fluid and broad field and the latest news can drastically impact your day-to-day life so its important to stay informed. However, it is easy to be overwhelmed and find the proverbial signal in the noise.
There is no perfect system, as I can attest to tweaking my inputs and practices for 10 years, but here are my top recommendations for cybersecurity news.
Authoritative Sources
- Cybersecurity and Infrastructure Security Agency (CISA) – CISA is essential the Security office for all non-DOD Federal Government entities and you should be aware of most anything they publish. Their 2 primary channels are advisories which is timely threat information and vulnerabilities where they publish summaries of vulnerabilities across a massive array of products. They offer mailing lists and RSS feeds.
- For International readers please look up your country’s CERT or appropriate agency. (NCSC – UK, CERT Australia)
- FBI InfraGard – This is the FBI’s primary way of publishing information to vetted private sector partners. You must work in a Critical Sector and be a US Citizen to join. Once you have been accepted to the program you will be plugged in to some excellent feeds and training opportunities.
- The Department of Homeland Security (DHS) also shares info via the Homeland and Security Information Network (HSIN). It can be a process to join and it isn’t user friendly but the resources can be very helpful.
Key Sources
- Microsoft Security Response Center – https://msrc-blog.microsoft.com/
- Google’s Project Zero – https://googleprojectzero.blogspot.com/
- Krebs on Security – https://krebsonsecurity.com/
- Schneier on Security – https://www.schneier.com/
- HaveIBeenPwned Latest Breaches – RSS Only https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches
- Bleeping Computer – https://www.bleepingcomputer.com/ (Noisy but they don’t miss many big issues)
- Becker’s Hospital Review – https://www.beckershospitalreview.com/cybersecurity.html (RSS)
Newsletters
- Securib.ee Newsletter – https://securib.ee/newsletter
- TL;DR Security Newsletter – https://tldrsec.com
- SANS Newsbites & @RISK – https://www.sans.org/newsletters/
Others
- I check Techmeme.com daily, they offer RSS & email subscriptions.
- I curate a Twitter list of Cybersecurity folks worth listening to.
Tips
- Use a RSS reader. It’s a massive time saver. I recommend using Feedly or Inoreader.
- Newsletters: I’m an inbox zero advocate and having lots of unread emails messes with my digital Feng Shui. I use an email alias and mailbox rules to automatically have newsletters skip my inbox and land in a folder. I have a dedicated time each week to read the newsletters.
What did I miss? Please share your top sources in the comments.