Internet security and data privacy are two of the strongest topics in IT right now. Supporting a global industry that is projected to reach $ 200 billion by the end of the decade, there is no shortage of analysis, commentary, and discussion on the latest threats and how best to deal with them.
From programmers to academics, software vendors to technology magazines, everyone seems to have something to say about cyber security. Run a search for an “online security blog” and you’ll return hundreds of results from around the world.
The following purpose is to provide a starting point for finding the best and most up-to-date news, insights, and analysis of network security from across the Internet. If you are dipping your toes for the first time, we hope this list will provide a platform to stimulate your interest and encourage further research. If you are an experienced insider from the industry or a dedicated amateur inspiration, we hope that our focus on the best will attract your interest.
In compiling this list, we had to make some editorial decisions about which websites to include and which not to include. This may mean that one of your favorite sources of cyber security information does not make that list. That doesn’t mean we have anything against any particular site or any type of website – we just had to somehow narrow down the huge number of choices.
The main criteria we used were to focus mainly on “personal” blogs – that is, publications run mostly by one person, usually not for profit, and offering a specialized angle on the world of cyber and security data with no commitment to the cause. We’ve done this mainly because blogs like this don’t benefit from big bucks that support corporate blogs or channels backed by professional publications and, therefore, can easily slip under the radar.
However, this is not a difficult and quick rule, as there are great blogs out there run by major corporate IT security vendors, as well as plenty of industry-leading InfoSec industry news produced by professional publishing houses. For the sake of completeness, we have included, in our humble opinion, the “best of the best” from these categories.
So, without further ado, here they are in no particular order, our recommendations for the top 20 cyber security blogs you should check out in 2020.
Graham Cluley @gcluley
Not everyone who wants to follow the latest InfoSec news and trends is a technical expert, and even those who don’t always want the analyzes read to be full of technical jargon or dense policy discussions. This UK-based antivirus expert blog, Graham Cluley, is the perfect antidote if you check your endurance on the digestion of many cyber security data channels. Available, so far, and with a sense of humor, Cluley and his associates offer insight into the latest big news and a diverse range of their personal security interests. There are also videos and podcasts on the site.
Adam Shostack & Friends @adamshostack
For more than a decade, self-proclaimed author, entrepreneur, technologist and game designer Adam Shostack blogged under the headlines New School Safety and Emergency Chaos before moving to a new URL this year. Author of Threat Modeling: Designing for Security, Shostack is credited with introducing a “new school” approach to integrating security concepts into DevOps, and is a respected figure for his work in the field. His blog ranges from detailed technical analyzes of security software engineering to his personal reflections on games, space, and Star Wars. A great feature is that it gives other blogs that he loves writing about, so he can easily get out of here to find more good reading. Both the New School Security and Emergency Chaos blogs are archived on the new website.
Daniel Tobok @Cytelligence
Daniel Tobok is an internationally recognized expert in cyber security and digital forensics and also an entrepreneur who has revived many companies in the cyber security sector. With more than 18 years of experience, Mr. Tobok is actively involved in cyber intrusions and hacker incidents, acting as an investigator and advisor. As CEO of cyber security company Cytelligence currently runs a news & blog page, where he actively publishes all news from the sector along with educational information for all users. If you want to keep up to date with every move that happens in the field of cyber security, this news & blog page is your place to come.
Trojan Hunt @Troyhunt
Troy Hunt is a full-fledged IT training programmer with Pluralsight and Microsoft’s regional director in his native Australia, which doesn’t mean he actually works for Microsoft, but acts as a technical advisor, mostly in the area of ??security. Entrepreneurial IT expert, employed by Pfizer, Hunt is interested in all things InfoSec on his blog, which makes it good to be up to date with a minimum weekly publishing schedule, given his life span dealing with the globe, speaking at events and holding courses If you want thoughts and opinions on the latest cyber security issues from someone who still has a finger in the pulse of business IT, Troy is your man.
The last guard dog @byronacohido
Byron Acohido is another who has made the transition from investigative journalism to cybersecurity experts. The Hawaiian-born Acohido won the Pulitzer Prize and a number of other awards in 1997 for investigating for the Seattle Times that shortcomings in the construction of the Boeing 737 were potentially linked to a series of fatal collisions. A few years later he turned his attention to cyber security and has since been a regular journalist in the field. In addition to having a big name, his blog brings everything you would expect from a Pulitzer Prize-winning journalist – serious, comprehensive, thoroughly researched content. He creates podcasts and videos as well as written articles and also invites guest posts from various sources. A must for fans of quality journalism.
Schneier on security @schneierblog
Anyone labeled an “security guru” by an economist has the right to claim to be “able to know”. But Bruce Schneier’s confidence in cyber security is much deeper than that. Author of 13 books on the subject, Schneier is from Harvard, specializing in cryptography, algorithms, and protocol analysis, and contributes to the constant flow of essays in national and international publications in the United States. If you want expert insight into malware, security policy, and the general impact of technology on everyday life, this blog is key to reading.
Current matrix @liquidmatrix
One of the longest-running cyber security blogs out there, Liquid Matrix is ??truly a work of love and commitment to the industry. Born Dave Lewis, an InfoSec specialist in Akamai, a day and prolific commentator and thought leader, the rest of the time Liquid Matrix has built a reputation as one of the most respected personal blogs in the business. While Lewis admits he struggles to find time to add content as much as he’s used to, you’ll still find regular features, information, and podcasts aimed at adding depth or a new angle to any topic being addressed, but delivered with characteristic wit, Real a constant blogger on cyber security.
Notice the boring blog
Notice Bored child is dr. Gary Hinson, an experienced IT security expert and consultant, originally from the UK but now based in New Zealand. Boreda’s main function notice is a “safety information service” that includes researching and preparing training materials and information on various InfoSec topics for a wide range of clients. Dr. Hinson brings the same technical knowledge and understanding of business infrastructure that supports the awareness-raising service on his blog – mixed with a sparkling sense of humor and a willingness to express opinions. As well as detailed analysis of the latest cyber security news and risk tips – often including a plethora of technical details – he also blogs on topics of interest such as the Internet of Things and biometrics.
Security jobs @ security issues
Part of a modern wave of self-employed blogs that do a great job of mimicking the style, content and presentation of much larger publications, security issues were crowned last year with EuropeSecurity Europe’s best European personal safety blog. And richly deserved, too. The work of Italian Pierluigi Paganini, who reckons he is a strategic analyst for EU, G7 and Italian governments, plus editing Cyber ???? Combining news and detailed analysis of everything from major cyber attacks to intelligence gathering, hacking trends to terrorism. Paganini is able to attract considerable research that will support his work. With regular daily updates and a professional-looking look, Security Jobs is a blog for those who love their and quick cyber security analysis.
Hacker Combat Hacker_Combat
The Hacker Combat community is a reliable source for learning about the latest developments in the world of cybersecurity. Hear what our security experts have to say and use these tips to protect your businesses from various evolving security threats. HackerCombat covers everything from IT security to hacking-related news, and also offers expert analysis and forums where anything related to IT security can be discussed. The security community also serves as an ideal platform to promote start-ups, organize event management and help a variety of people as well as security geeks.
Threat @ post
Not to be confused with the level of threat, Threat Post is one of a series of blogs run by Russian antivirus and security giant Kaspersky Labs. Focusing on a specific area of ??Kaspersky’s expertise, Threat Post does what its name suggests – bringing you news of the latest major IT security threats, which include ransomware, hacks, phishing scams and known software bugs and vulnerabilities. It features podcasts and video webcasts as well as written articles, and also features a wealth of content on mobile and cloud security, government policy from around the world, and cryptography.
Andrew Hay @andrewsmhay
A veteran of the resume industry who has seen him work with similar OpenDNS, DataGravity and CloudPassage, California’s Andrew Hay is a regular media commentator on all cybersecurity, appearing in the form of Forbes, Bloomberg, Wired and USA Today. , list just a few. The blog on his personal website combines topics selected from personal interest and comments on the biggest current stories at InfoSec, providing a direct link to the thoughts of a leading voice on cyber security issues in the US.
Security Book @securityledger
The security book describes itself as “an independent security news website that explores the intersection of cyber security with business, commerce, politics, and everyday life.” And that sums it up nicely. With a reputation for breaking stories first, Ledger is particularly concerned about the security of the Internet of Things, as well as the usual cost of hacking, malware, applications, and device security. He also produces detailed sections of opinions, reports and white papers, positioning himself as a key source of thought leadership in the industry.
Tech-Wreck InfoSec Blog @TechWreckOrg
Okay, so everyone is talking and writing about cybersecurity issues, but what about finding practical help to take on all the threats that exist there? Many blogs cover a technical point of view – ie. Convenient programming that deals with resisting malware and closing security holes – but from a developer’s point of view, it’s an easy way to solve it. Tech-Wreck does things differently. It basically compiles lists of the latest malware attacks, identified security flaws, and known fixes, and provides a handy resource for IT engineers in finding the latest patches and tips. It’s pretty minimalist in its approach – the blog proudly describes itself as ‘Quick information on IT security minus tireless posting or downplaying conflicts.’ So it’s not a place to find discussion or analysis, but it’s worth the time if you’re looking for a unique station to buy to get alerts from big tech companies.
Operated by global antivirus software developer ESET, WeLiveSecurity is much more than just one corporate blog. In fact, with the accompanying magazine, it’s there with the best dedicated InfoSec information resources out there, with regular updates and analyzes on the fragile stories of cyber security, hacking, cyber crime and privacy. In addition to focusing on the news, the expert collaboration also brings original research and work with other practical “How-To” guides to provide a simple sequence of practical tips on increasing your network security. Although most sites focus on written articles, there is both a podcast and a video channel.
IT security guru @IT_SecGuru
A professional news outlet focused on InfoSec more than a blog, IT Security Guru is nevertheless becoming a staple in the profession. If you want a service that brings together all the latest cyber security news all in one place, then Security IT Guru is the place to look. Every morning, he publishes a handy section of “Top 10 Stories from Across the Internet,” doing a fantastic job of keeping his finger. On top of that, it produces top-notch commentary and analysis, case studies, webinars, and a great section called “Scam of the Week,” which in-depth studies the recent cyber attack. A high quality news source for those who like to keep up with the times.
Dark reading @darkreading
For those of you who follow online publishing, Dark Reading probably doesn’t need to be introduced. Like the IT security guru, it’s News InfoSec, not a blog, and is backed by the editorial weekly Information Week. However, it has been a cornerstone of industry reporting and analysis for years, setting the standard for breaking news. The focus of the editorial is mainly on readers from the business IT world, so there is a lot of healthy comments and advice on protection, risk management and compliance.
Naked security @NakedSecurity
The motto of global home and business security expert Sophos, “security is simplified”. And following the same philosophy, the company calls its blog Naked Security, News and InfoSeca comments that have taken away the jargon and complexity and set it up in terms that a layman can understand. Covering the latest news and attacks, and aiming to gather interesting stories around the world, Naked Security makes InfoSec relevant to the general IT user, focusing on the most well-known platforms and uses of IT.
Security Weekly @securityweekly
The term “vlog” has not been favored in recent years, but that’s exactly what Security Weekly does – it brings an insightful blog about cyber security in video format. Also known as Paul’s Security Weekly after its creator and host, Paul Asadoorian, the platform is built around a major weekly show that can be accessed in three different formats – as a video, as a podcast for audio only or, if you wish, you can read scripts for the show . The shows can be watched or listened to live or retrospectively on channels such as YouTube, iTunes, Google Play, RSS Video and Audio and SoundCloud. In addition to the main weekly show, which focuses on discussing major issues at InfoSec, the team also produces short-form security news Hack Naked News and Enterprise Security Weekly, which focuses on issues related specifically to online business security. Security blogging for the multimedia generation.
Unlike many InfoSec bloggers, Brian Krebs does not come from software development or technological background – he began his professional career as a Washington Post journalist. But after launching a series of hacking investigations and a cyber criminal underworld, he began to specialize in cyber security reporting, making a living today. The author of the book Spam Nation, his blog tends to follow the latest news on security and cybercrime with in-depth analysis and insight.
Within Wired.com’s far-reaching technology publishing catalog is an excellent channel that focuses on cyber security, cyber crime, and Internet privacy. The threat level takes Wired’s high journalistic standards and applies them to the world of InfoSec, providing an affordable “consumer” tilt on issues such as ransomware, hacking, espionage and the dark internet. Perfect if you are following a good story from the world of cyber security.
The InfoSec blog of the global online technology magazine ZDNet, Zero Day brings everything you would expect from such a big name in IT media – well-researched, insightful, original news content, with 24/7 monitoring and detailed analysis. In a world where CyberSecurity is increasingly influencing the headlines, platforms like Zero Day are often where you can first read the biggest and best stories and get the angle of real industry insiders. In addition to a steady diet of news about hacking, CyberCrime, and major security threats, its offering also includes articles on politics, civil liberties, privacy, and “how” advisory articles.