InfoSec 101 — Part Two: How to Keep Informed
(If you’re wondering where the previous part is, click here!)
Cyber security impacts almost everything in this day and age; from software and hardware products, politics, SME businesses, industry verticals (think healthcare, finance, transportation), IoT, and so much more. Naturally, the news surrounding this space is hardly ever quiet. It becomes difficult to keep up sometimes especially if you’re studying or engaged in a full-time job, but there are several reasons as to why it’s important to remain up to date:
- You’ll learn something — whether it’s about the latest exploits, vulnerabilities, or techniques for analysts, there is no shortage of what you may discover within these publications
- Being informed will make you more employable — particularly for entry level/junior roles, interviewers will ask you questions such as the most memorable news item you’ve recently read, what news sources you subscribe to, or simply as straight forward as “how do you keep up with current trends and news in the industry?”
- Topics of discussion with peers and colleagues — as mentioned in Part One of this series, it can be daunting to attend a networking or industry event where you don’t know anyone in the room. I’ve often found at times that striking up a conversation with someone new, could be as easy as “so did you hear about that ____ (breach|attack|exploit)?”. If they haven’t, it’s a good time to share what you’ve learnt, and perhaps they’ll chime in with a similar story that they’ve heard about.
There are endless amounts of sources for current security news. I’ll be sharing these in four seperate sections: Podcasts, News Outlets, Technical Reports, and Twitter feeds.
Podcasts
No matter how long your commute is to the office, there is a podcast waiting to be listened to. Not only are podcasts a fantastic time-filler, I find them helpful as they summarise news stories well enough to not have to read the full story. Of course, if you want to find out more, podcasts almost always have show notes which is where they list the sources for each story that was discussed.
The podcasts I listen to on a weekly basis include:
- Risky Business by Patrick Gray: an hour long podcast that is fun, quick, and easy to follow. A new format was brought into 2019, which involves small audio clips from seasoned professionals, to share their expertise and insights into a particular story.
- Security Now by Steve Gibson and Leo Laporte: this is a much more involved podcast that runs for 2 hours on average for each episode (recommendation: set it to 1.5x speed). While this podcast does not cover as many stories, the news they do cover is done in great detail. If you’re particularly interested in browser security (and most things OWASP), this is the one to tune into.
- State of the Hack by Christopher Glyer and Nick Carr: this podcast delves into activity seen from state-sponsored groups and targeted attackers. The two hosts work at FireEye, a US cybersecurity firm, that also introduce a new guest to each podcast to share a “tale from the trenches”. They also publish the podcast videos on Youtube if you prefer visuals.
News Outlets
Due to the number of news sites, it’s best to select a few that cover all bases, or go with those that you prefer. This could be based on geographical location, frequency of updates (daily, weekly), or publication types.
I’ll break this down into news feeds that send you emails (upon subscription), and then news outlets you can visit online.
Email Subscriptions
- this week in security by Zack Whittaker: these are weekly instalments that cover a broad range of topics, and include links to articles for further research. I’ve added a link to the most recent release of this newsletter so you can check out the format; to subscribe, follow this link.
- Daily Cyber Digest by ASPI: the Australian Strategic Policy Institute (ASPI) run a daily digest of news that concerns both Australia and foreign countries. Here’s the link to subscribe, and for the online version, visit their Twitter page for the link (is only viewable on the day of the release).
- SANS NewsBites: this is a semi-weekly high-level summary of the news provided by SANS Institute. By following the link, you can view the archive of newsletters that have been published, and subscribe to the publication too. What I value most out of NewsBites is how they provide multiple sources for each news entry.
Online News
If I cover all of them, this will quickly turn into a PhD dissertation. I’ll briefly mention those that I view more frequently:
- ZDNet, Dark Reading, The Hacker News, Bleeping Computer, and iTWire are good for general IT and cyber security news, with the latter having more coverage of Australian-based stories
- The Register provide comedic value to fully-serious security events by coming up with awesome headlines.
- Krebs on Security and Schneier on Security: are written by two prominent security professionals, where they blog and give commentary on developing stories.
- ThreatPost: aside from more generalist technology news, ThreatPost offers articles focusing on cloud security, malware, vulnerabilities, and privacy.
If you’re into RSS feeds, and would rather one site to conglomerate all of these online resources (plus so many more), check out Feedly. You can easily sign up and select which sites you would like to read stories from, and is updated as often as articles are published, which is all the time.
Technical Reports
I usually categorise these into reports that are based on a recently exposed vulnerability or exploit, or an annual publication that shares security trends. I quite like these as we tend to forget all that has happened as we live our day-to-day lives, and it generally covers what we may have missed.
Technical Blogs:
- FireEye Threat Research: focus on attacker activities and techniques
- Talos Intelligence and Symantec: who do threat round-ups, and report on new campaigns
- US-CERT: provides an insight into all kinds of threats, from phishing campaigns to politically motivated activity.
Security Trends:
- Mandiant M-Trends Report, Symantec Internet Security Threat Report: these delve into much detail on what was common from an attack and vulnerability standpoint over the past year, and provide insights into what is expected for the following year
- Internet Organised Crime Threat Assessment: although this is written by Europol and thus focuses on European based activity, it’s fascinating to read what type of attacks target different industries, and what the emerging threats are
- Global State of the Internet: it makes sense for Akamai to report on this, and they do an awesome job at breaking down global security threats.
If twitter is your thing, or you’re willing to try it out, I’ve included some great people to follow (mostly from a defensive security standpoint). As you continue using Twitter, you’ll quickly find a whole treasure trove of professionals who publish their own blog posts about their side projects and research, others who share breaking news, and those that simply want to engage in discussion about the current state of the industry.
DFIR/Threat Intelligence/APT Activity and Techniques:
- @ItsReallyNick, @QW5kcmV3, @stvemillertime, @jepayneMSFT, @sansforensics, @HECFBlog, @asfakian, @davisrichardg, @LiveOverflow
Phishing Campaigns/Malware Research:
Penetration Testing/Red Team:
Believe it or not, this is just the beginning. There’s a staggering list of resources that I could list out but I wanted to share those that have had an impact on my career thus far, for it’s quality and integrity — I do hope that this post will help newcomers to the industry familiarise themselves with current affairs, terminology/jargon, and perhaps learn something along the way.
Stay tuned for InfoSec 101 — Part Three.
