I was recently asked by a colleague of mine who just graduated university and started their first full time Security Analyst gig where I get my netSEC News.
Instead of blasting away in Slack with an intermittent stream of links and commentary I thought it would be more beneficial to create a simple and concise blog post containing my current Top 5 sources.
I’m also interested in where other security professionals get their news from. I’m sure there is a better way to do this so maybe this post will aid in opening up some discussions in the community.
Lists on Lists on Lists on Lists
Reddit is usually a huge time-waster and thus I usually try to avoid it. However, the r/netsec community is full of valuable information and knowledge. There are also various related subreddits which are useful as well. Link
- /r/Malware - malware related subreddit
- /r/pwned - updates on who’s gotten
- /r/ReverseEngineering - Reverse Engineering related subreddit
2. Slack Workspaces
I find participation in Slack communities with fellow infosec professionals to be extremely valuable for a number of reasons. The curation of relevant news and updates is among them. People post content from sources you may not have seen or heard about. There’s always someone smarter and more informed, why not stay plugged into them and their thoughts. Slack communities are the perfect way to do just that.
There are a number of open Slack communities you can participate in by simply signing up with an e-mail address. I’ve listed a few below.
- SANS Internet Storm Center (ISC)’s Slack workspace 1
- Demisto Digital Forensics & Incident Response Community
3. SANS ISC Daily Podcast
The SANS Internet Storm Center’s Daily Podcast is hosted by Johannes B. Ullrich, PhD.
The daily podcast is a great way to start your day and get up to speed on the latest breaking news involving critical vulnerabilities and general cybersecurity news. Each episode averages around 5 minutes so it’s concise, informationally dense and to the point.
I made a habit of listening to it each morning on my daily commute and it has served me well. Link
Twitter is not my favorite, but I’ve lately gotten into the habit of checking it once every other day or so to see what the high-profile / cutting-edge security practicioners that I follow are up to.
Twitter’s recommendation engine is pretty solid and once I started following a handful of
netSEC personalities solid recommendations for people I hadn’t heard of before started to pop up.
Good in moderate doses, easy to get lost in link inception and or distraction.
Some of my favorite to follow are:
- Matt Graeber - member of the
PowershellMafiaand creator of the ubiquitous Powersploit and Powershell Empire frameworks / software /toolkits whatever you want to call em’.
- InfoSecHotSpot - don’t know much about the entity behind this account but frequently tweets relevant infosec news and info.
- SwiftOnSecurity - if Tay Swift had a Twitter account and was a fellow
netSEC Ninja. Highly recommended.
5. Hacker News
Hacker News, the great king of distracted technology professionals everywhere. The Hacker News material design app for Android widget serves me just the right amount of Hacker News.
Although not security specific there are always interesting technical articles. Hacker News also helps me stay abreast of the latest trends in programming and application / software development.
Mainstream Media / Major Publications
The major news publications often cover cybersecurity from a National Security perspective as opposed to a deeply technical or a “What’s the latest hype in Enterprise Security” mumbo-jumbo sort of slant (looking at you Dark Reading).
Some pubs to chew on: