This is a collection of information security / cybersecurity resources for people in tech who are not information security practitioners. Please send me suggestions for updates!

Newsletters

“This Week In Security” by Zack Whittaker is an excellent weekly round-up of big stories, with well-written blurbs.

Violet Blue also publishes an engaging weekly roundup of cybersecurity news whose angle is slightly different from Zack’s so there isn’t a lot of overlap. She also does a good weekly roundup of news about the COVID pandemic which, contrary to what you may have heard, isn’t actually over.

The “Cyber Daily” newsletter from Recorded Future News is worth checking out. Obviously a daily newsletter is going to be higher volume than a weekly like TWIS, so it might be a bit overwhelming, but you don’t have to read every article. 😉 Recorded Future News also has a news feed and a podcast, described below.

The folks over at Risky Business publish both newsletters and podcasts. Their content is a mix of stuff that’s too obscure for non-practitioners and stuff that isn’t. Their newsletters and podcast episodes usually focus on a single topic, so you can subscribe and then skip the ones that don’t interest you. They cover governments (both U.S. and others) and politics a bit more than some other sources, so if that’s your thing you might find them worth your time. Their “Seriously Risky Business” newsletter and corresponding podcast focus specifically on public policy and intelligence, a.k.a., “government stuff.”

Krebs on Security (see below) has a mailing list you can subscribe to.

News feeds

Wired does a lot of good security reporting (RSS feed).

“The Record” by Recorded Future News (RSS feed) covers a lot of good stuff, including a substantial amount of government and policy content. They also have a newsletter and podcast, described above and below.

404 Media (RSS feed) is an independent investigative journalism outlet focusing on technology, cybersecurity, and privacy. They break significant stories and their writing is targeted at non-practitioners. They also have a podcast.

Brian Krebs’s Krebs on Security (RSS feed) is a well-regarded source of infosec industry news. While some of his stories have mass-market interest (i.e., they’re interesting to people who aren’t infosec practitioners), many of them aren’t, so read the ones that you think are useful and skip the others.

Zack Whittaker, mentioned above as the author of “This Week In Security”, is the security editor at TechCrunch, which is also a good infosec resource (though in my opinion a bit noisier and more “inside baseball” than Zack’s newsletter). You can visit their security page or subscribe to their RSS feed.

Metacurity claims to be a “One-stop destination to end infosec news overload, scanned from thousands of sources,” but the catch is that unless you pay them $8.99 per month or $89.99 per year you can only read the most recent article at any given time. However, you may be able to work around this if you use their RSS feed cleverly; if you use a feed reader that refreshes several times per day and sends the contents of new entries to you, then you’ll have access to their full articles since the most recent entry in the RSS feed is published there in its entirety.

Podcasts

“Click Here” from Recorded Future News (RSS feed) is quite accessible and engaging. They also have a newsletter and news feed, described above.

404 Media does a weekly podcast where they talk about some of their recent stories. If you have more podcast time than reading time then you might find this more useful than their news feed.

Jerry Bell does a Podcast called “Defensive Security“. It’s a bit on the insider side, so if you’re not interested in going into the weeds and familiar with infosec terminology acronyms, you might find it a bit challenging, but only a little. If you feel like you’re moving past the introductory level and want to move into slightly deeper water, this is a good place to start.

See Risky Business above.

Books

I haven’t yet had time to vet any of these recommendations.

• Human-Centered Security by Heidi Trost
• Information Security Essentials: A Guide for Reporters, Editors, and Newsroom Leaders by Susan E. McGregor
• Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem by Chris Hughes and Nikki Robinson

Esoterica

Ed Zitron’s Where’s Your Ed At isn’t exactly about cybersecurity, but it is about how everything is wrong in tech right now, and that includes security and privacy. He’s a Cassandra telling the truth very loudly and honestly when few people in tech are. If your goal of working in tech is to make the world a better place then you should be reading what he has to say, because we can’t fix the problems until we acknowledge them.