One of the topics I’m passionate about is security, and there’s no better way to keep up-to-date and aware of all that is going on than by checking in regularly with my favourite security blogs.
I’ve compiled this list to share with you, so that you too can benefit from all the wisdom and sage advice you can find on these blogs. From best practices to how-to articles, to coverage on the security news that matters most, these 15 blogs are the go-to source for security information.
- Network Security Blog
Martin McKeay has been blogging his views on security, privacy and anything else that catches his attention since August, 2003. His blog includes topics such as security in the cloud, firewall, hacking, malware, social networking, privacy, risk, testing and several other interesting security related posts.
Chief Security Officer for Mandiant, Richard Bejtlich, shares his knowledge and covers digital security and the practices of network security monitoring, intrusion detection, and incident response in his blog.
Brian Krebs came onto the security scene in 2001 after being hacked himself. Taking a very intense and personal interest in security, he’s become one of the most well-known names in information security, covering topics including the latest threats, security updates, data breaches, and cyber justice.
- Andrew Hay
Andrew Hay is a Senior Security Analyst at 451 Research, and serves on the GIAC Advisory Board. A CISSP with four SANS certifications and a veritable alphabet of other security certifications to his name, his blog covers log management, compliance, firewalls, and more.
- Amrit Williams Blog
This CTO of Quantivo by way of BigFix and IBM covers security topics including cloud computing, cybercrime, virtualisation, and more. Williams’s writing is as entertaining as it is informative.
- W. Mark Brooks
A Principal Advisor for Security and Compliance at EMC, Brooks’ blog focuses on compliance and ethics, information security strategies, intellectual property, process and more.
- The AShimmy Blog
Alan Shimel is the founder and managing partner of The CISO Group, and frequently speaks at government conferences. His podcasts include some of the industry’s best and brightest, and his blog covers a broader range of security topics than practically any other blog on this list. Reading Shimel is like having a conversation with a wise friend who has written hundreds of posts full of knowledge.
- IT Security Expert
Dave Whitelegg’s blog focuses on spam, botnets, identity theft and more, targeting the home user and the SMB market. His posts are easy to read and are the sort you can send to your friends when they want to read something targeted to a less technical audience.
- Jon’s Network
Jon’s Network says it targets IT directors and network administrators, but its appeal is much broader with that. It’s a great place to pick up quick tips on a wide variety of security topics, and to get pointers to other great reads you might otherwise miss.
- The New School of Information Security
Inspired by the security book that carries the same name, this blog keeps true to the spirit of the book and includes regular posts from several contributing authors. Together they focus on cloud security, data breaches, risk management, and other related topics.
- Schneier on Security
Bruce Schneier is probably the most widely recognised name on this list, and for good reason. Blogging since 2004, Schneier has made a name for himself in the information security field, and he’s not afraid to share his opinions, no matter how controversial they may seem. You’ll come for the op eds, but you’ll subscribe for the entertaining and enlightening content.
- Troy Hunt’s Blog
Hunt is a software architect, and his coverage of security issues related to software, databases, and coding shows it. His passion for security is probably one of the reasons he was awarded MVP status by Microsoft, and his writing is as entertaining as it is informative.
- Kevin Townsend
Townsend’s byline is “Security centric issues, news and rants – and other things” and that sums up his blog better than most bylines we’ve seen. The rants are fun, the issues are informative, and the news summaries are another great way to catch things you might otherwise have missed.
- Lenny Zeltser on Information Security
A SANS Institute instructor and senior faculty member, and Director at NCR Corporation, Zeltser’s blog focuses on malware and its involvement in breaches worldwide. One of his best recurring posts is his weekly summary of the best security reads of the week.
- Dan Kaminsky’s Blog
You probably know Kaminsky from his work with securing DNS. His blog frequently gets far deeper into the technical weeds than most, but his ability to explain things clearly is a gift he shares generously, and his coverage of vulnerabilities in all aspects of networking helps you really understand the issues and implications.
So there you have it – 15 of the best security blogs on the web. Pay them all a visit, add them to your RSS feeds, and watch as your security IQ goes up by several points a week. But before you click away to do some heavy security reading, leave a comment below and share your favourite security blogs so that I can add them to the list!