Skip to main content

Information Overload: A Resource Starter Pack


Now I’ve spent weeks filling your heads with the how’s and whys of Cyber Security, possibly scarring you for life or worse (like helping you choose to enter the field), I suppose I should give you an extra boost, for I am a kind, benevolent Internet stranger. This is not a happy gift, it is one loaded with addiction, bleary-eyed mornings and red-eyed nights spent down this rabbit hole. This is how you keep on track of the outside world, and learn how to keep it from getting inside your nice, cosy, secure network. Say farewell to a social life, and hello to my last listicle of the year: welcome to my resource starter pack. Happy reading!

I would recommend learning a bit about your browser, how to run multiple instances of it and controlling users. Unless you are super-organised and proficient with bookmarks, you will need another browser instance for all your resources, both the ones you pick from below and those you find yourself. If you run Chrome, it might be time for a RAM upgrade!

Before I start categorising these links, there’s this one you might want to look at first. This might be one of the most important tools you can access, as it presents you with a one-stop shop of curated CyberSec feeds from varying trusted sources. Infosec Industry curates alerts, articles, Twitter feeds and more from some of the most respected sources in the field. Also really useful for training your eyes to read separately, and driving yourself mad.

Blogs

As you can imagine, like with every other subject matter on the planet, there are a lot of InfoSec blogs out there. Thousands of the damn things, actually, and not all of them good. You will get some of these from the Infosec Industry list above, but some are worth the separate mention.

Brian Krebs is one of those. Krebs on Security is one of the most widely respected and read security blogs in the world. He’s hot on the latest news and provides an in-depth analysis.

Daniel Miessler is a practicing InfoSec professional, and his blog is a very useful tool. His writing is clear and easy to follow, and he often posts detailed explanations and tutorials in various aspects of cyber security, technology and other random things that catch his interest.

Tisiphone, a.k.a. Lesley Carhart writes, speaks, lives and breaths cyber security and digital forensics. She does this a lot, and does it very well. Her Tisiphone blog contains some really good information and great advice for people breaking into the industry, so be sure to give it a read.

Javvad Malik over at AlienVault is one of the Big Names (like the aforementioned Krebs), and reading his blog it’s clear why: insightful, considered posts composed with a light touch. Nice, easy reading.

Another Big Name is Jeremiah Grossman: the man described as the “embodiment of converged IT and physical security” by InformationWeek. He knows lots of things about security, and can tell you about them while killing you with his hands and feet in a fancy flurry of Brazilian Ju-Jitsu moves. It is very possible I have a man-crush.

Finally, I would recommend keeping up with corporate blogs from the big players: Anti-malware companies like F-Secure, Sophos’ Naked Security, Webroot’s Threat Blog, and Norton are good ones, but look at them all and find your preferences. Other Security vendors’ blogs to check out include Check Point, Cisco’s CyberSec blog (although it’s always worth watching what Cisco are up to in general), SentinelOne and RSA.

I was going to do a section on newsletters, but given the state of my mailbox (after 2 rounds of cleaning up), I’ll leave things at the blogs, and let you sign up to the ones on offer by the bloggers.

Podcasts

Sometimes, a podcast is easier than a blog or newsletter. I’ve drawn up a short list here, but there are collections and lists abound, just a Google search away.

Defensive Security is the go-to podcast. You will need a couple of hours though, so if you have a bit of a commute, this will work out nicely.

Unsupervised Learning by Daniel Miessler tries to compress about 5 hours of reading into ~40 minutes. Really good quality stuff, and is published as a newsletter weekly, too.

Data Driven Security is a monthly podcast that focuses on security through data analysis.
SANS StormCast Information Security podcast is a short, daily threat alert podcast.

Down the Security Rabbithole features guest experts and talks through some of the bigger events of the week.

OWASP The Open Web Application Security Project’s 24/7 blog, like their site, discusses everything to do with web application security.

Security Weekly gives a good overview of a week in security.

Miscellaneous

Just a bunch of random, useful links that will come in handy:

Peerlyst – A platform for all manner of CyberSecurity resources.

Infosec Resources 4 All – GitHub repository with some really good material

Swift on Security – A security-focused Taylor Swift parody account. Pure Gold.

The Open Source Cyber Security Playbook – Cyber Security planning tool

The National Cyber Security Centre – The GCHQ-based Cyber Security agency

Institute for Security and Open Methodologies – Security research organisation

The Register – Tabloid parody news outlet for IT. Also hosts new BOFH stories. Read them, laugh, weep then go to the pub.

I think that’s about everything covered. I would put a Twitter list in, but I don’t really use it myself. If you are interested, plenty of the folk in everything I’ve mentioned have accounts, and have recommended people to follow. Enjoy the information overload!


Comments

Post a Comment

Popular posts from this blog

You and who’s party?

“I don’t care to belong to any club that will have me as a member” Groucho Marx Much of the past 17 years has been dedicated to fighting fundamentalist extremism, largely of the religious persuasion. This is understandable, as the religious mindset, certainly in those areas of the globe where faith is a majority holding, affects and informs the cultural values of society, and certainly in the West we have found ourselves at odds with extremist Islamic groups. Fundies of the Muslim persuasion have been at the forefront f these combative efforts, although we have also seen the dangers of the looming Christian theocratic state. It is fair to say while this will be an ongoing struggle, it is one we are coming to understand very well and are able to combat. But what of other types of fundamentalist creeds? What of political fundamentalism? This is, I fear, something we are neglecting to talk about, instead preferring to remain steadfastly tribalised to the point where discuss
Post a Comment
Read more

GHIDRA

Well, well, isn't this one for the books: the NSA have released GHIDRA, their reverse engineering tool. Yes, you read that correctly, the NSA have released something. Not The Shadow Brokers or any other APT, it hasn't been leaked or nabbed and let into the wild, this is a deliberate sharing of technology by the Puzzle Palace. Not what you'd expect, is it? Announced at this years RSA conference (already controversial this year as Adi Shamir, the 'S' in RSA, was unable to obtain a visa to attend), this reverse engineering tool seems primed to shake things up a bit, as many RE tools cost a fair bit of money. It also seems to be free of backdoors, and although one bug has been found , it can be remedied was reasonable ease. I've not really done much RE myself, but with a powerful, military-grade tool such as this, it might be a whole lot easier to get into. I'll let you know more when I've had a chance to play around with it. If you are interested
Post a Comment
Read more

Multidisciplinarianism

Nice, long, big word there as a title. I'll shorten it for you: polymath. A person of wide knowledge or expertise. The desired human state. I have long been an advocate for something I call wide-spectrum literacy: competence in reading, writing, arithmetic, science, technology, politics, philosophy, economics, to say the least. I have what you could mildly call a vehement dislike of ignorance, particularly wilful ignorance: I find little to no excuse for it, especially in developed nations where access to technological marvels which act as gateways to endless learning and knowledge, most of it free, is commonplace to the point of being carried around in pockets. You can imagine, then, my sickening disgust at the state of the world, and the horror of facing an international society in which ignorance, bigotry, and mendacity don't just roam freely, but are actively pursued as if they were the highest virtues.  Now, I'm not going to lay the blame entirely at the feet of
Post a Comment
Read more