Skip to main content

Information Overload: A Resource Starter Pack


Now I’ve spent weeks filling your heads with the how’s and whys of Cyber Security, possibly scarring you for life or worse (like helping you choose to enter the field), I suppose I should give you an extra boost, for I am a kind, benevolent Internet stranger. This is not a happy gift, it is one loaded with addiction, bleary-eyed mornings and red-eyed nights spent down this rabbit hole. This is how you keep on track of the outside world, and learn how to keep it from getting inside your nice, cosy, secure network. Say farewell to a social life, and hello to my last listicle of the year: welcome to my resource starter pack. Happy reading!

I would recommend learning a bit about your browser, how to run multiple instances of it and controlling users. Unless you are super-organised and proficient with bookmarks, you will need another browser instance for all your resources, both the ones you pick from below and those you find yourself. If you run Chrome, it might be time for a RAM upgrade!

Before I start categorising these links, there’s this one you might want to look at first. This might be one of the most important tools you can access, as it presents you with a one-stop shop of curated CyberSec feeds from varying trusted sources. Infosec Industry curates alerts, articles, Twitter feeds and more from some of the most respected sources in the field. Also really useful for training your eyes to read separately, and driving yourself mad.

Blogs

As you can imagine, like with every other subject matter on the planet, there are a lot of InfoSec blogs out there. Thousands of the damn things, actually, and not all of them good. You will get some of these from the Infosec Industry list above, but some are worth the separate mention.

Brian Krebs is one of those. Krebs on Security is one of the most widely respected and read security blogs in the world. He’s hot on the latest news and provides an in-depth analysis.

Daniel Miessler is a practicing InfoSec professional, and his blog is a very useful tool. His writing is clear and easy to follow, and he often posts detailed explanations and tutorials in various aspects of cyber security, technology and other random things that catch his interest.

Tisiphone, a.k.a. Lesley Carhart writes, speaks, lives and breaths cyber security and digital forensics. She does this a lot, and does it very well. Her Tisiphone blog contains some really good information and great advice for people breaking into the industry, so be sure to give it a read.

Javvad Malik over at AlienVault is one of the Big Names (like the aforementioned Krebs), and reading his blog it’s clear why: insightful, considered posts composed with a light touch. Nice, easy reading.

Another Big Name is Jeremiah Grossman: the man described as the “embodiment of converged IT and physical security” by InformationWeek. He knows lots of things about security, and can tell you about them while killing you with his hands and feet in a fancy flurry of Brazilian Ju-Jitsu moves. It is very possible I have a man-crush.

Finally, I would recommend keeping up with corporate blogs from the big players: Anti-malware companies like F-Secure, Sophos’ Naked Security, Webroot’s Threat Blog, and Norton are good ones, but look at them all and find your preferences. Other Security vendors’ blogs to check out include Check Point, Cisco’s CyberSec blog (although it’s always worth watching what Cisco are up to in general), SentinelOne and RSA.

I was going to do a section on newsletters, but given the state of my mailbox (after 2 rounds of cleaning up), I’ll leave things at the blogs, and let you sign up to the ones on offer by the bloggers.

Podcasts

Sometimes, a podcast is easier than a blog or newsletter. I’ve drawn up a short list here, but there are collections and lists abound, just a Google search away.

Defensive Security is the go-to podcast. You will need a couple of hours though, so if you have a bit of a commute, this will work out nicely.

Unsupervised Learning by Daniel Miessler tries to compress about 5 hours of reading into ~40 minutes. Really good quality stuff, and is published as a newsletter weekly, too.

Data Driven Security is a monthly podcast that focuses on security through data analysis.
SANS StormCast Information Security podcast is a short, daily threat alert podcast.

Down the Security Rabbithole features guest experts and talks through some of the bigger events of the week.

OWASP The Open Web Application Security Project’s 24/7 blog, like their site, discusses everything to do with web application security.

Security Weekly gives a good overview of a week in security.

Miscellaneous

Just a bunch of random, useful links that will come in handy:

Peerlyst – A platform for all manner of CyberSecurity resources.

Infosec Resources 4 All – GitHub repository with some really good material

Swift on Security – A security-focused Taylor Swift parody account. Pure Gold.

The Open Source Cyber Security Playbook – Cyber Security planning tool

The National Cyber Security Centre – The GCHQ-based Cyber Security agency

Institute for Security and Open Methodologies – Security research organisation

The Register – Tabloid parody news outlet for IT. Also hosts new BOFH stories. Read them, laugh, weep then go to the pub.

I think that’s about everything covered. I would put a Twitter list in, but I don’t really use it myself. If you are interested, plenty of the folk in everything I’ve mentioned have accounts, and have recommended people to follow. Enjoy the information overload!


Comments

Popular posts from this blog

This is not a New Year’s Resolution

I'm not a one for resolutions or anything, I prefer to at least try to be a bit more practical than that. Instead, now that I've had time to consider what I want to do this year, here my list of upcoming projects. Let me know what yours are: 1) Re-evaluate the website and blog, and actually keep to a posting schedule. Might help if I started using artwork/photos. 2) Social Media application for my desktop: I'm getting a bit sick of having and average of 20 browser tabs open at a time, so lets see if I can't design an app, even if it's just a fixed browser thing, I can use to track my SM activity in one place so it's not clogging up my precious browser memory. 3) Stop wasting time with my writing projects: My biggest issue here is that while I can write some flowery prose or engage in worldbuilding like I'm Slartibartfast, I don't actually have a tale to tell. I need to adjust my focus here, and maybe I'll get something out of it. 4) Top Secre

The Cultural Value of Algorithms

I am aware that there are misgivings amongst the musical community about Spotify's business model, and from the bits I know, these are perfectly reasonable. Unfortunately, it is useful and productive consumer model, and it's this I want to briefly write at you about. Spotify's catalogue is huge, an ever-expanding horizon that seems to want to engulf the soundscape in totality. It's easy to use, and you can usually find the album or artist you want to listen to. But it's true genius is in its algorithms, specifically the ones it uses to create the playlist it constantly nudges you to listen to. Now, because of how pushy it seemed, I avoided my Discover Weekly and Release Radar playlist like the plague for ages. This was a mistake. Or maybe, because I hadn't listened and followed enough, they just weren't right for me yet. Now, however, I spend a good two days paying attention to them, and then expanding my aural sphere to at least 3 of the recommend

You and who’s party?

“I don’t care to belong to any club that will have me as a member” Groucho Marx Much of the past 17 years has been dedicated to fighting fundamentalist extremism, largely of the religious persuasion. This is understandable, as the religious mindset, certainly in those areas of the globe where faith is a majority holding, affects and informs the cultural values of society, and certainly in the West we have found ourselves at odds with extremist Islamic groups. Fundies of the Muslim persuasion have been at the forefront f these combative efforts, although we have also seen the dangers of the looming Christian theocratic state. It is fair to say while this will be an ongoing struggle, it is one we are coming to understand very well and are able to combat. But what of other types of fundamentalist creeds? What of political fundamentalism? This is, I fear, something we are neglecting to talk about, instead preferring to remain steadfastly tribalised to the point where discuss