Resources

300x250-Free-Security-Policy-template

A proud sponsor of Securitybtn.org

 

CIO
Resources related to information security, including news and opinion and more on software and application flaws and fixes, data breaches, the inside threat, the latest hacker attacks.

 

TechRepublic – Security
TechRepublic helps IT decision-makers identify technologies and strategies to empower workers and streamline business processes. Their security section dives into the latest threats surrounding cyber security.

 

Thycotic Blog
Provides in-the-trenches viewpoints from security experts who have spent decades working in the field and consulting with the world’s largest enterprises, universities, the U.S. Government, startups, and other entities.

 

US Cert
US CERT’s mission is to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks.

 

Wired’s Threat Level
Privacy, crime, and online security are the topics that carry the headlines here. You’ll find everything from opinionated pieces, to the latest threat alerts.

 

Zero Day from ZDNet
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks. The Zero Day blog on ZDNet is a must for anyone keeping track of the industry.

 

CERIAS Security Blog
The Center for Education and Research in Information Assurance and Security blog is where Gene Spafford shares his expertise. It’s called the center for multidisciplinary research for a reason.

 

CSO Online
Areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more.

 

Dark Reading
Dark Reading is a comprehensive news and information portal that focuses on IT security, helping information security professionals manage the balance between data protection and user access.

 

Privileged Password Vulnerability Benchmark
Developed with input from the Privileged Account Management (PAM) industry’s leading experts, the free Privileged Password Vulnerability Benchmark gives you the opportunity to see how your Privileged Password practices compare to those of your peers.

 

Google Online Security Blog
This is Google’s own security blog, which focuses on all of the latest developments in the security world. Get the latest news and insights from Google on security and safety on the Internet.

 

Red Tape Chronicles
NBC News Red Tape Chronicles brings you news stories and information on the latest developments in the cyber security space. Find topics that range from privacy to security.

 

Internet Storm Center
The Internet Storm Center gathers millions of intrusion detection log entries every day, from sensors covering over 500,000 IP addresses in over 50 countries.

 

Schneier On Security
Bruce Schneier is an internationally renowned security technologist, and called a “security guru” by The Economist. He knows his stuff and is a voice in the cyber security industry.

 

Securelist Cyber Security Blog
This is another Kaspersky Lab web property that focuses on malware, phishing, and the cyber security industry. There is no shortage of information and news on what’s happening in the cyber world.

 

Symantec Weblog
The Symantec Weblog uses global research to provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.

 

The Guardian’s Information Security Hub
The Guardian is a respectful, global media company that highlights issues across many areas. Their Information Security Hub lives up to the coverage they offer in other areas and focuses on security.

 

Zone Alarm Cyber Security Blog
Information on malware and protecting yourself online. From malware alerts to practical online security tips, the Zone Alarm blog will keep you briefed on the latest industry news.

 

Contagio Malware Dump
Contagio is a collection of the latest malware samples, threats, observations, and analyses. Get informed, technical education on the newest forms of malware.

 

Cyber Crime & Doing Time
CyberCrime & Doing Time is a blog about cyber crime and justice related issues. Gary Warner from Malcovery owns this blog and offers up educational and engaging posts on the latest threats.

 

David Lacey’s IT Security Blog
David Lacey’s IT Security Blog offers the latest ideas, best practices, and business issues associated with managing security. The blog is hosted on ComputerWeekly.com.

 

Fox IT Security Blog
Information technology is the main topic on the Fox IT Security Blog. From news to opinions, Fox IT provides excellent content for anyone interested in technology and security.

 

Fortinet Blog
The Fortinet cyber security blog has something for everyone. There are articles on security research and industry trends, as well as, a healthy section focusing entirely on Security 101.

 

Help Net Security
Help Net Security has been a prime resource for information security news since 1998. The site always hosts fresh content including articles, new product releases, latest industry news, podcasts and more.

 

Infosecurity Magazine
What more can you ask for? It’s an online magazine dedicated entirely to the strategy, insight, and techniques that are a daily part of the cyber security industry.

 

Krebs On Security
Brian Krebs is the face of cyber security journalism. As a former writer for the Washington Post, Krebs is able to take is skills as an investigative journalist to the task and provide the most in-depth coverage of security.

 

Malwarebytes
Malwarebytes is at the forefront of malware protection, which makes this the perfect blog to stay up-to-date with the latest zero day threats and cyber security news.

 

McAfee Security Blog
The McAfee Security Blog talks about research and threat analysis, as well as, provides knowledgeable insight into malware and zero day threats that plague businesses and consumers.

 

Microsoft Malware Protection Center
The Microsoft Malware Protection Center (MMPC) is committed to helping Microsoft customers keep their computers secure. The MMPC stays agile to combat evolving threats.

 

Naked Security
Naked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats.

 

Network Computing
Network Computing’s content adheres to the valuable “For IT, By IT” methodology, delivering timely strategy & tactics, news, in-depth features, expert reviews, and opinionated blogs.

 

SANS Institute AppSec Blog
SANS Software Security focuses the deep resources of SANS on the growing threats to the application layer by providing training, certification, research, and community initiatives.

 

SC Magazine
SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.

 

Search Security
Search Security provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security and certification training resources.

 

Securing The Human
SANS is the most trusted and by far the largest source for information security training and security certification in the world, which makes their blog a must read for security professionals.

 

Security Watch
Neil Rubenking heads the charge on PC Mag’s Security Watch. His style is witty and he post frequently, so you’ll always find something worthwhile to read.

 

Stop Badware Blog
StopBadware is a nonprofit anti-malware organization whose work makes the Web safer through the prevention, mitigation, and remediation of badware websites.

 

Sucuri Blog
Sucuri knows all about malware and WordPress security. It’s what they do. You’ll find no shortage of expert advise on how to secure your WordPress site and keep it malware-free.

 

TaoSecurity
Richard Bejtlich’s blog on digital security, concentrating on global challenges posed by China and other targeted adversaries. Definitely a blog that has been a fixture in the security community.

 

Techworld Security
The cyber security section on Techworld.com covers news on the latest threats and zero-day exploits. They also offer an abundance of topics ranging from security to how-tos, as well as, technology reviews.

 

The Honeynet Project
The Honeynet Project members engage the broader security community and educate the public about threats to systems and information.

 

Threatpost
Threatpost, The Kaspersky Lab security news service, is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

 

Threat Track Security
Threat Track Security’s IT blog has its thumb on the pulse of the industry. Whether you are in the IT industry or not, if you are interested in security, this blog is for you.

 

Trend Micro Simply Security
Trend Micro Simply Security offers independent news and views as well as expert insight from Trend’s security experts. The site covers topics ranging from cloud security, data protection, security and privacy.

 

Unmask Parasites Blog
Unmask Parasites focuses on reviewing the latest security threats, zero days, and exploits. There is everything from security-related news, to information on keeping your site secure and malware-free.

 

We Live Security
We Live Security is a site about research and information, not products. We Live Security’s writers represent the cream of ESET’s researchers and writers. They deliver in-depth research and analysis on security.

 

Xylibox Security Blog
Tracking and demystifying cybercrime is what happens here. The author never fails to produce consistent, detailed breakdowns of the latest malware and security tools.

 

BankInfoSecurity
BankInfoSecurity is a multi-media website published by Information Security Media Group, Corp. (ISMG), a company specializing in coverage of information security, risk management, privacy and fraud.

 

Cyveillance Blog
From sophisticated DDoS botnet attacks to phishing, the Cyveillance blog will keep you up-to-date with breaking cyber security news and information on everything related to web threats, malware and security.

 

Forbe’s Firewall
Forbe’s Firewall covers cyber security news and information on the latest exploits and trends affecting the industry. The articles are on point and informative, with the quality you can expect from Forbes.

 

GovInfoSecurity
GovInfoSecurity is a multi-media website published by Information Security Media Group, Corp. (ISMG), a company specializing in coverage of information security, risk management, privacy and fraud.

 

Graham Cluley’s Security Blog
Graham Cluley is an award winning cyber security blogger and independent computer security analyst. His blog reflects his knowledge and experience in the industry.

 

GRC’s Security Now Podcast
Security Now is a weekly podcast hosted by Steve Gibson and Leo Laporte. The show is sponsored by Gibson Research Corporation, a company specializing in data recovery and security.

 

HotforSecurity
This blog covers the sizzling world of computer security. You’ll find plenty of steamy stories from the dynamic world of internet fraud, scams, and malware.

 

IT Knowledge Exchange – Security Bytes
Written by the staff of SearchSecurity.com and Information Security magazine, Security Bytes covers topics across the spectrum of security, privacy and compliance.

 

ItProPortal.com
ITProPortal.com was one of the very first technology websites to launch in the UK back in 1999 and has grown to become one of the UK’s leading and most respected technology information resources.

 

Lenny Zeltser On Information Security
This blog by Lenny Zeltser focuses on information security. Lenny is a business and tech leader with extensive hands-on experience in IT and information security.

 

Network Security Blog with Martin McKeay
One man’s views on security, privacy – and anything else for that matter. Trends, information, news: you’ll find it all on the Network Security blog, and what’s more is it’s delivered with style.

 

Privacy & Information Security Law Blog
The views of one man on security, privacy and anything else that catches his attention. Security expert Martin McKeay talks about malware, privacy and security on this blog.

 

Rational Survivability
Hoff’s ramblings about information survivability, information centricity, risk management and disruptive innovation. Hoff was a CISSP, CISA, CISM and NSA IAM, he now spends the AMF money on coffee.

 

Risky Business
Risky.biz is another security podcast that focuses on covering recent developments in cyber security and the threat landscape. The show has been around since 2007, and takes a light approach to security news.

 

Root Labs RDIST
Their research provides cutting-edge insight into solving tough security problems. There are countless articles on the latest cyber security trends and threats.

 

Seculert Blog
The Seculert blog is a security blog with a focus on Advanced Persistent Threats and malware. There is no shortage of network security tips and insider information on the latest zero days.

 

Securosis Blog
Securosis is the world’s leading independent security research and advisory firm, offering unparalleled insight and unique value to meet the challenges of managing security and compliance in a Web 2.0 world.

 

SpiderLabs Security Blog
SpiderLabs is an elite team of ethical hackers, investigators and researchers at Trustwave advancing the security capabilities of leading businesses and organizations throughout the world. The site covers the latest security news.

 

Social-Engineering.org
Social-Engineering.org is a cyber security blog that covers a wide range of security related topics. The site is also home to a podcast and a team of security professionals who share their expertise on all things security.

 

The Security Skeptic
The Security Skeptic blogs about all matters related to Internet Security, from domain names (DNS), firewalls and network security to phishing, malware and social engineering.

 

Thought Crime Cyber Security Blog
Moxie Marlinspike’s blog covers computer security and software development, particularly in the areas of secure protocols, cryptography, privacy, and anonymity.

 

Troy Hunt’s Blog
Software architect and Microsoft MVP, you’ll find Troy Hunt writing about security concepts and process improvement in software delivery. The quality of content found here makes this blog worth visiting.

 

1 Raindrop
Gunnar Peterson weaves his thoughts on distributed systems, security, and software together on his blog  1 Raindrop. The blog is both informative and insightful, and the coverage is on point.

 

Andrew Hay’s Cyber Security Blog
Andrew Hay is the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc. This is his personal blog where he talks about security and other news.

 

Carnal Ownage
Carnal Ownage is a must stop for security researchers and hackers alike. This cyber security blog goes into excruciating detail on attack methodology and highlights the threats your organization should be aware of.

 

Darknet
Don’t Learn to HACK – Hack to LEARN. That`s the motto at Darknet. The site covers ethical hacking, penetration testing, and computer security. Learn about interesting infosec related news, tools and more.

 

Errata Security
Errata Security is a team of dedicated security researchers that practice offensive security. The insight gained from research is delivered on the blog, which covers a variety of topics and real world scenarios.

 

Exotic Liability
Chris Nickerson and Ryan Jones take it up a notch in their cyber security podcast. They routinely thumb their nose at the typical industry rhetoric and offer insight and commentary you won’t hear anywhere else.

 

InfoSec Institute Resources
The InfoSec Institute resources section has a broad selection of content and research on cyber security, threats, and of course, infosec. You’ll also find tutorials, training videos and more.

 

J4vv4D Security Blog
Javvad Malik has worked in information security for his entire career and covers different aspects of security on his blog, J4vv4D. He also regularly offers his insight through entertaining and informative YouTube videos.

 

Malcovery Security Blog
This is Malcovery Security’s contribution to the knowledgebase of information security issues. They provide relevant insight and opinions on all of the newest threats faced by the industry.

 

Malware Don’t Need Coffee
Malware Don’t Need Coffee is a cyber security blog that focuses on malware research and provides educated commentary on all the latest exploits and security bugs. The site covers research in all areas of network security.

 

McGrew Security Blog
Wesley McGrew understands security and the nature of today’s digital landscape, especially its impact on infrastructure and business security. His blog covers all of the important cyber security stuff.

 

Network Security Podcast
Since 2007, the Network Security Podcast has been dishing out the dirt on cyber threats and security issues faced by the industry. It’s a great resource if you want to hear a discussion on what’s happening in infosec.

 

New School Security
This blog is inspired by the book and the movement towards a New School.  The New School of Information Security is a book by Adam Shostack and Andrew Stewart, published in 2008.

 

NoVA Infosec
Founded in January of 2008 on a Saturday evening, NovaInfosec.com is dedicated to the community of Northern Virginia-, Washington, DC-, and southern Maryland-based security professionals.

 

Packet Pushers Podcast
The Packet Pushers Podcast offers deeply technical, hardcore discussions on the latest security trends. Co-hosts Greg Ferro and Ethan Banks lead the show with their many years of network engineering.

 

Security Affairs
Pierluigi Paganini is a company director, researcher, security evangelist, security analyst and freelance writer. His blog Security Affairs stays abreast of all the latest in cyber security.

 

Security Bistro
Security Bistro is where security experts come together for good talk, information on the latest ingenious threats and, one hopes, the latest clever ways to counter them.

 

Security Geeks
Find tips on computer security, choosing a password properly, and other practical online security tips. No shortage of interesting content circling the technology space here.

 

Security Musings
Gemini Security Solutions, Inc. is an information security consulting firm that applies creativity, passion, and insight to defend against today’s growing threats. Their blog, Security Musings, covers everything security.

 

Security Uncorked
Jennifer (Jabbusch) Minella aka JJ is a network security engineer and consultant with 15 years of experience. She shares her knowledge on infosec on her blog and offers plenty of information on the latest security trends.

 

S!Ri.URZ
This blog has been on the cyber security scene since as far back as 2006. The blog covers malware, rogues, ransomeware and everything else related to cyber security.

 

The AShimmy Blog
StillSecureAfterAllTheseYears.com (yes, a really long domain!) is the AShimmy Blog, Alan Shimel’s personal blogger blog on security, work, and family life.

 

The Falcon’s View
Ben Tomhave is a security professional that has served the industry in a variety of roles and security positions. This is reflected in his writing and the knowledge shared on his cyber security blog.

 

The Harmony Guy
You’ll find links and commentary related mostly to online privacy and security, particularly with social networking. The blog started back in 2007 and has been going ever since.

 

The Southern Fried Security Podcast
The SFS Podcast is designed to be an information security podcast that fills the gap between technical security podcasts and Security Now. This podcast offers respectful insight on the state of security.

 

Uncommon Sense Security
Small business information security has been an oxymoron for too long. Uncommon Sense Security is attempting to change that. The blog is entertaining, and informative at the same time.

 

Andy Ellis — Protecting A Better Internet
Andy Ellis is the Chief Security Officer of Akamai Technologies. Opinions here are mostly his own. His blog dives into the issues centered around cyber security and technology.

 

DHS Daily Report
A U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security leads the charge on this blog, offering daily news on the industry.

 

IT Security Expert by Dave Whitelegg
The UK based IT Security Expert blog by Dave Whitelegg CISSP CCSP providing general Information Security advice & help in securing the home PC & home computer user, as well as business IT systems.

 

IT Specialist
A virtual community of social networks for IT professionals located throughout the world. A great way to connect and collaborate with others in the cyber security industry.

 

MichaelPeters.org
Michael D. Peters has been an independent information security consultant, executive, researcher, author, and catalyst with many years of information technology and shares that information on his site.

 

Security Xploded Blog
SecurityXploded – the community division of XenArmor – is a popular Infosec Research & Development organization offering free security software, latest research articles and free cyber security training.

 

Thom Langford’s Personal Security Blog
An information security professional, award winning blogger, and industry commentator. Thom Langford talks about topics relating to information security, risk management and compliance.

 

W. Mark Brooks IT Security Blog
On his cyber security blog Brooks talks about mitigating risks and business strategies as they relate to IT. There is never a dull post and the author finds plenty of interesting security topics to dissect.

 

Ethical Hacking
Ehacking.net explores ethical hacking, penetration testing, and hacking. You’ll also find a wealth of tutorials on BackTrack and other penetration testing tips. An ideal site for information security researchers.

 

IT Security Column
An IT security blog that features general knowledge of IT security, online crime news, and tips on how to deal with online and computer threats. Plus, listings of information security threats and defenses.

 

Kevin Townsend’s Cyber Security Blog
This site is about computer and information security. It is maintained by Kevin Townsend, the original founder of ITsecurity.com and a freelance journalist and writer with more than 10 years experience.

 

DDoS Protection & Cyber Security Blog
A blog that centers around the threat posed by distributed denial of service (DDoS) attacks. You’ll find a news section that offers a snapshot of the latest security trends, as well as, epic posts highlighting the industry.

 

Dave Waterson on Security
Dave Waterson is an experienced IT security technologist, inventor of patented and patent-pending security technology in the anti-key logging and anti-phishing fields.

 

Following The Wh1t3 Rabbit
Rafal Los has been working in the defensive side of security for over 10 years. His blog, Following The Wh1t3 Rabbit, focuses on clearing the confusion around security and offering tools to improve security.

 

How They Hack
HowTheyHack is a general tech blog surrounding themes related to hacking and network security. Most of the posts are centered around tutorials, hacking news, security exploits and the author’s opinions.

 

Technology.info
Technology.info combines the best of ITProPortal.com and IP EXPO, offering a resource for IT professionals and those interested in security. The boasts a wide variety of information security research and topics.