Posted on May 10, 2018
We all know that the information security world is constantly evolving, making it increasingly important to keep up with the latest threat, breach, or vulnerability that may be exposing risk to your organization.
There are many security publications, sites, and even blogs that are great resources to learn how to keep you and your organization safe.
Here are a few cybersecurity websites that we thought were better* than the rest:
Brian Krebs is an investigative journalist and reporter whose focus is focusing on cybercrime and other major data breaches and hacks. Taking advantage of his expertise and connections within the security industry, he finds angles in a story that most major publications will miss. Brian is meticulous and dedicated towards ensuring that every aspect of an attack from motive to technique is discovered and reported.
Wombat Security Technologies provides security awareness and training solutions to organizations who want to improve their employee awareness security. Their blog offers insight on recent events as well as employee-specific threats, dedicating an entire section of their blog to phishing and other cyber threats. They also offer a ‘Keys to Success’ section which offers actionable information that individuals and organizations can use to improve their own security.
Errata Security is a blog run by Robert Graham and David Maynor, two security researchers with decades of experience. Their blog is highly opinionated, takes a long-term perspective on security, and offers insight on widely-reported issues. Their articles often combine a high level of technical analysis, providing a unique point of view to each story.
Kaspersky Labs’ Threatpost is a publication that provides daily articles, podcasts, and videos on all things security. Focused on new threats and attacks, this publication is a great daily resource to check to ensure that your organization and your employees are not exposing themselves to the newest vulnerability that may be lurking on their phone, applications, or essential business products. They’re usually one of the firsts to report on a new vulnerability or threat that may be affecting organizations at large.
Security Bloggers Network (SBN) is an aggregation of nearly 300 information security blogs and podcasts. The SBN feed aggregates a wide variety of security blogs that cover recent threats, roundups, popular news stories, and the latest in security research. The aggregated feed is perfect for a more technical and hands-on approach to information security
The Naked Security blog is often cited by major newspapers, and their writers come from a wide swath of security backgrounds. The blog is owned by Sophos’, but it runs like a security newsroom- publishing daily articles on recent events in the security world, new threats that may affect organizations and their employees, and briefs on most important news of the week.
Paul’s Security Weekly is an award-winning podcast, webcast, and security publication, publishing a number of weekly shows focused on recent security events, enterprise security, and interviews with professionals in the field. With a high-production value and robust team behind them, Paul’s Security Weekly provides insight and security news in a different format than many other sites.
Akamai is a content delivery network (CDN) service provider and runs a blog that focuses on enterprise security, data protection, and cloud security. Its blog is written by Akamai writers and analysts with decades of experience working with enterprises and organizations. However, because Akamai is a CDN provider, they have a unique perspective when it comes to attacks that compromise websites, such as a DDoS attack. The blog is well-known for providing a more detailed look into how these kinds of attacks can take down a website and what further fallout an organization can expect.
The Security Ledger is an independent news provider that publishes daily content on recent news events and updates in security with a focus on long-term consequences, enterprise reaction, and government policy. They focus on the Internet of Things (IoT) as well as external threats from malware to cyber-terrorism.
Graham Cluley is a public speaker and independent computer security analyst. His website aggregates numerous posts on breaches, hacks, enterprise security, and the security industry itself.
Infosecurity Magazine has been providing information security insight for over ten years. Its award-winning content delivers extensive analysis and opinions from industry experts centered on current issues and trends. The magazine has established itself as an important resource for industry professionals with its free educational content that is endorsed by industry accreditation bodies, such as its whitepaper syndication programs as well as industry-leading webinars and virtual conferences.
Bruce Schneier is a public-interest technologist who has been writing about security issues since 1998. Referred to as a “security guru” by The Economist, he has written over a dozen books as well as hundreds of articles, essays, and academic papers. His blog, Schneier on Security, and Crypto-Gram Newsletter—both of which are free to access on his website—have a readership of 250,000 people and cover a range of topics centered around the intersection of security, technology, and public policy.
A past winner of Best Corporate Blog and Most Entertaining Security Blog, The State of Security provides a platform for the cybersecurity community to share news, opinions, and resources. The blog, powered by Tripwire—an integrity monitoring, vulnerability management, and security configuration management solutions provider—leverages the company’s employees’ expertise on a variety of topics, from ransomware attacks to cyber resilience and best practices for building an effective cybersecurity program.
We Live Security comes from the experienced researchers and professionals at the IT security firm, ESET. Also a winner of the Best Corporate Security Blog award, We Live Security presents news and insights relating to current cybersecurity threats and trends from experts and researchers across the globe. The blog is both a trusted news source for industry experts and journalists as well as a forum where ESET has published some of its most prominent cybersecurity discoveries.
The SANS Institute is a cooperative research and education organization founded in 1989 with programs reaching more than 165,000 security professionals globally. From security auditors and network administrators to executives, the institute draws upon a wide swath of security leaders who share solutions to the security challenges they face. SANS provides many free resources such as weekly news and vulnerability digests, more than 1,200 award-winning original information security papers, and its blog.
CIS is a forward-thinking nonprofit whose mission is to “identify, develop, validate, promote, and sustain best practice solutions for cyber defense, and build and lead communities to enable an environment of trust in cyberspace.” The organization offers a variety of free materials including advisories, whitepapers, blogs, case studies and webinars. CIS operates within a closed crowdsourcing model, with its members—both private and public sector organizations—sharing, evaluating, and refining security measures by consensus.
Founded in 1998, Help Net Security is an independent site that features a wide range of content geared toward the security and management challenges that organizations face. In addition to news, the site offers thought leadership in the form of regular blog posts, whitepapers, and newsletters. Contributions come from experienced industry leaders who are able to provide insight on security trends across different sectors.
Data Breach Today provides expansive information security insight in the form of training guides, interviews, articles, whitepapers, and blog posts. Published by Information Security Media Group (ISMG)—a cyber intelligence and education firm—the dynamic and interactive site’s content is updated daily. With seasoned, informed perspectives, Data Breach Today goes beyond simple news updates with useful advice for information security and compliance professionals.
InfoSec Institute is a security training and awareness company that provides certification-based courses for specific job functions as well as a vast library of free digital cybersecurity literature. Founded with the public interest at heart, the institute educates organizations on the most current and effective cyber defense strategies.
*What makes these websites better? We determined the best websites by looking at several factors including post frequency, content quality, and social influence.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.