Reading blogs is an excellent way to keep up with current events and trends in the information assurance world. A quick search on the Internet for blogs returned lists of many candidates for "best blogs to follow":
- 29 Security Blogs You Should Be Reading
- The 41 Amazing Internet Security Blogs You Should Be Reading
- Top 100+ Cyber Security Blogs & Infosec Resources
These lists go beyond recommendations for individual bloggers, however, and extend to magazine and journal websites (e.g., Wired, Ars Technica, SC Magazine, CSO), as well as to company-specific, professional, and security community (e.g., Verizon, Symantec, McAfee, ISACA, ACM). With limited time to sift through marketing subtext and blog reposts from others, I have tried to pare down my go-to list to these cybersecurity experts whose blogs are well researched, informative, and influential.
Brian Krebs - A victim of a computer hack in 2001, Krebs has since taken up his journalistic cudgel against cyber scoundrels. His must-read posts on information compromise incidents are consistently among the earliest, including the first report as I am writing this (20 July 2015) of the hack of hook-up site Ashley Madison. Its tagline advice—Life is short. Have an affair.®—apparently resonated with its more than 37 million subscribers globally. More reverberations are anticipated.
Eugene Kaspersky - Leading a global company of more than 3,000 employees gives Kaspersky significant street creds when he comments on emerging threats, current practices, and even the bad behavior of those who would tamper with Kaspersky's security controls. His assembled team of experts at Kaspersky Labs post daily. Kaspersky Labs is well known for alerting readers to attacks at the nation-state level, for example, Stuxnet, Duqu, Duqu 2.0, Gauss, Regin.
Dr. Eugene (Spaf) Spafford - Founder of Purdue's Center for Education and Research on Information Assurance Studies (CERIAS), Cyber Security Hall of Famer, and immediate past chair of the ACM's US Public Policy Council, Spaf is an information security pioneer who writes fluidly about unintended consequences and emerging problem areas. His deep technical knowledge and natural cynicism combine in postings that are disturbingly prescient.
Mary Ann Davidson - The CSO of Oracle and one-half of the sister writing team "Maddi Davidson," Davidson delivers contextually and historically rich commentary with a rich dose of pragmatism. Although she doesn't publish frequently, she delivers more quotables per inch than any other cyber guru I've read. And her murder mysteries are lively (is that an oxymoron?) and reflect an insider's view of the technology industry.
Richard Bejtlich (aka TaoSecurity) - Chief Security Strategist at FireEye, Bejtlich asks important questions about how best (or at least accepted, current) practices are defined and whether consequences (and victims) are really understood. He ponders the extent to which public policy addresses problems or just dresses them up.
Lenny Zeltser - On the Board of Directors at the SANS Institute and with experience at NCR and elsewhere, Zeltser dives into detailed security control techniques, including social engineering tactics (and even actual dialogues).
The open exchange of information encouraged by the cyber security community offers us abundant opportunities for questioning assumptions, sharing insights—and little justification for just accepting the imperfection or futility of security efforts. The experts highlighted here take time to synthesize different factors into verbal images of how to make technology safer for the world and the world safer for technology. You can also read through Regis University’s blog section, which includes blog entries by adjunct faculty and alumnus, to name a few.