There are hundreds of InfoSec blogs in the webosphere. Some are clear leaders in the industry, widely regarded as thought leaders and earning recognition from just about everyone in the security field as being among the best of the best. Some started out strong but fizzled out after a few short months, while others have compiled hundreds – thousands, even – of in-depth perspectives on a variety of security topics (from general cyber security to specific topics like data loss prevention (DLP)) over the course of nearly a decade.
We scoured the far corners of the web to dig up some of the best, most insightful and informative InfoSec blogs in existence. Not only the blogs you’ve seen named time and time again in best-InfoSec-blogger lists, but also some hidden gems you may not have known existed but will be glad you’ve finally discovered. These blogs provide deep insights from some of the leading information security professionals; in-the-trenches viewpoints from security experts who have spent decades working in the field and consulting with the world’s largest enterprises, universities, the U.S. Government, startups, and other entities.
These bloggers tackle major security news, InfoSec hacks, tricks, and discoveries, offer tutorials and solutions for problems they’ve encountered in their day-to-day work, and sometimes bring a little humor to the fascinatingly complex world of information security. Note: These blogs aren’t listed in any particular order. Rather, they make up a collection of 50 awesome InfoSec blogs that we think stand out among the pack but might not already be on your must-read list. The numerical system is used to make it easy to reference a specific blog, but aren’t intended to imply that #1 is better than #50.
Wired is an established digital publication focused on technology and gear, but it’s not as widely recognized for its impressive coverage of the InfoSec realm, though it should be. Wired talks privacy, crime, and security online, delving into clever hacks and workarounds and reporting on the latest security news impacting consumers and professionals in the field.
Three posts we like from Wired’s Threat Level:
- Despite Apple’s Privacy Pledge, Cops Can Still Pull Data Off a Locked iPhone
- Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying
- How Online Black Markets Have Evolved Since Silk Road’s Downfall
Roger McClinton started his blog back in 2004, primarily as a means to collect links and research he wanted to be able to easily refer to later. But as time went on, he started adding commentary and to his surprise, his blog developed a substantial readership. After a brief hiatus in the second half of 2013, Roger is again offering news and commentary on all things InfoSec, musings about his current employment situation, and the occasional personal anecdote.
Three posts we like from Roger’s Information Security Blog:
Every InfoSec pro has likely visited Dark Reading at least once, a blog that has done a fine job of solidifying its position as a leading resource for the latest security news and information. With a goal of “helping security pros manage the balance between data protection and user access,” and a panel of contributors including some of the most prestigious names in the industry, Dark Reading is clearly a must-read.
Three posts we like from Dark Reading:
- An AppSec Report Card: Developers Barely Passing
- 5 Ways To Monitor DNS Traffic For Security Threats
- Google Backs New Effort To Simplify Security
Brian Krebs is a household name in information security, and his blog is among the most well known and respected in the space. An investigative reporter at heart, Krebs comes from a journalist background and has honed his self-taught expertise through over a decade of dedicated interest in security. He is credited with discovering the Target data breach last year and being the first to report on the Stuxnet worm in 2010.
Three posts we like from Krebs on Security:
- Banks: Credit Card Breach at Staples Stores
- Sources: Target Investigating Data Breach
- Reports: Liberty Reserve Founder Arrested, Site Shuttered
You’d be hard pressed to find a “Best of InfoSec” blog list that doesn’t include ThreatPost. Billed as “Kaspersky Labs’ Security News Service,” ThreatPost is run by a team of recognized infosec experts with a focus on topics such as privacy, web security, vulnerabilities, and more.
Three posts we like from ThreatPost:
- APTs Target Victims with Precision, Ephemeral Malvertising
- Staples Looking into Potential Payment Card Breach
- How to: Chrome Browser Privacy Settings
All the breaking IT security news you need to stay abreast of the latest happenings in the industry are found at IT Security Guru – first thing in the morning. With the goal of compiling all the most pressing industry news in one spot, IT Security Guru makes it easy for you to keep your finger on the pulse of the InfoSec world without spending hours searching the Internet or scrolling through dozens of blogs and news sites.
Three posts we like from IT Security Guru:
- Dell fellow: Credit card and identity fraud “will be passé” in five years
- Consultancies see a “boom” in cyber and digital security
- Employees rate mobile privacy highly, as less than half prefer to keep work and personal lives separate
Dan Kaminsky has advised Fortune 500 companies like Cisco, Avaya, and Microsoft, and he’s been a well-known security researcher for more than a decade. His blog, formerly known as DoxPara Research, features in-depth posts with insights on the most pressing security issues facing the industry, such as Heartbleed. It’s kind of like picking Kaminsky’s brain from the comfort of your desk.
Three posts we like from Dan Kaminsky’s Blog:
Paul Asadoorian’s Security Weekly features a weekly live video broadcast, along with written posts, covering the latest InfoSec news, hacker techniques, tutorials, InfoSec research, and more. With a mix of technical content and entertainment, Security Weekly’s objective is to “use new technologies to reach a wider audience across the globe to teach people how to grow, learn, and be security ninjas.”
Three episodes we like from Security Weekly:
- Penetration Testing Tales From The Trenches – Part 1
- Building A Security Program From The Ground Up: Crawl, Walk, Run!
- The Three Most Common Tools Used to Breach Systems
Kevin Townsend’s IT Security blog aims to present and discuss information security in a “new and challenging manner.” A panel of leading information security experts contribute regularly, offering an expert perspective on many of the pressing news stories and incidents impacting the field of information security today. Contributors include Dr. Brian Bandey, David Harley, Bev Robb, and other thought leaders, as well as, of course, Townsend himself.
Three posts we like from IT Security:
Run by Brian Honan and Lee Munson, BH Consulting IT Security Watch covers security news and major data breach news that impacts both consumers and enterprises. The blog is a monthly digital publication highlighting the most interesting news and articles related to the security field. Much of the coverage is relevant worldwide, with some BH Consulting-specific news and updates and stories of relevance to the company’s native Ireland.
Three posts we like from BH Consulting IT Security Watch:
- Android Set To Feature Out-Of-The-Box Encryption
- Digital Piracy Can Kindle Grief Of Amazonian Proportion
- Facebook’s Exploding Posts: Mission Impossible vs. Robin Of Sherwood
Liquidmatrix is committed to providing long-form articles and in-depth coverage of information security news and information, rebelling against the trend towards superficial coverage without added value. The brainchild of Dave Lewis, a self-professed “jack of all trades and master of none” who holds a day job at Akamai and has been working in the InfoSec field for two decades, Liquidmatrix has been up and running since 1998, making it one of the oldest, established InfoSec blogs remaining current.
Three posts we like from Liquidmatrix Security Digest:
- Data Breach Victims or Enablers?
- 5 Things a Revere, MA Upbringing Taught Me About InfoSec
- The Stupid, It Burns
Adrian Hayter is a CHECK Team Leader and Senior Penetration Tester at CNS Hut3 and blogger behind Cryptogasm, where he covers pretty much everything of interest to the InfoSec community, including privacy and ethical hacking. He takes the approach of explaining complex security concepts in layman’s terms in effort to make his blog a fun and interesting read. Cryptogasm began back in December 2010.
Three posts we like from Cryptogasm:
- A Change of Direction (Penetration Testing Tutorials)
- Hut3 Cardiac Arrest – Disclaimer
- What’s Worse than Heartbleed? Bugs in Heartbleed Detection Scripts
Dr. Eric Cole’s Computer Security Specialist blog is a source of news and information related to expert witness services. A leading, industry-recognized computer security expert, Cole has more than 20 years of experience working on complex security challenges, founding and building new companies, products, and services, in addition to his role as a network security expert. Cole has more than 20 patents in technology and cyber security and has been awarded numerous industry honors and recognitions. Currently, he performs leading-edge security consulting and works in research and development as a security expert “to advance the state of the art in information systems security.” His blog provides insights based on his wealth of experience in the field.
Three posts we like from Dr. Eric Cole:
Andrew Hay leads research efforts for Open DNS, where he serves as Senior Security Research Lead & Evangelist. He’s often approached to provide expert commentary on security-industry events in the media, including both mainstream publications such as USA Today and niche publications such as TechTarget and Network World. But you can access Hay’s insights directly at his personal blog, where he covers topics he hand-picks based on personal interest and importance to the field.
Three posts we like from Andrew Hay:
Wesley McGrew is an assistant research professor at Mississippi State University in the Department of Computer Science and Engineering. His blog, McGrew Security, is a reflection of his research interests as well as other information security news and events, including vulnerability analysis, reverse engineering, offensive cyber operations, digital forensics, and other topics of interest to security professionals.
Three posts we like from McGrew Security:
- An Incident in Georgia Weidman’s Training (or, Don’t Mess With My Students)
- On the Importance of Originality and Citation
- RE Class: Experiences With Malware Term Projects
Bruce Schneier’s blog is another one of those must-haves for a list like this. Schneier on Security is in its 10th year of information security thought leadership, focusing on topics like cryptography, privacy, and government. A renowned cryptography expert, Bruce is also a leading author and speaker in the space.
Three posts we like from Schneier on Security:
Gary Hinson is the blogger behind NoticeBored, where he covers information security topics that catch his eye. Hinson was born and studied in the U.K., and worked in London, Swindon, Bristol, and Brussels before moving to New Zealand in 2005. Hinson covers topics of interest to both consumers and security professionals, with a casual style that allows him to talk about complex security happenings in language everyone can understand.
Three posts we like from NoticeBored:
- Corporate culture: emergent or directed?
- 7 awareness lessons care of Ponemon & NIST
- Say that again – in English this time
Run by a group of expert contributors, Emergent Chaos focuses on security, privacy, liberty, economics, and similar topics. The blog was founded by Adam Shostack, author of Threat Modeling: Designing for Security and co-author of The New School of Information Security. Started back in 2004, Emergent Chaos is home to hundreds of insightful posts with insights on just about everything pertaining to security and privacy, along with some random musings, all making for an informative and entertaining read.
Three posts we like from Emergent Chaos:
- P0wned! Don’t make the same mistake I did
- What Price Privacy, Paying For Apps edition
- 3D-printed guns and the crypto wars
Davi Ottenheimer, David Willson, Matthew Wallace, and Bryan Zimmer comprise the team behind security consultancy flyingpenguin. Davi Ottenheimer is the chief blogger behind the flyingpenguin blog, offering in-depth analysis of information security news, events, and developments.
Three posts we like from flyingpenguin:
- How the NSA Can Tell if You Are a Foreigner
- 2014 Things Expo: New Security Models for the Internet of Things
- #Hotmailgate: Where Don’t You Want to Go Today?
Elie Bursztein leads Google’s anti-abuse research efforts, sharing his insights on topics relevant to the world of InfoSec on his personal blog. Bursztein has some impressive achievements under his belt, such as the re-design of Google’s CAPTCHA to make it easier (an effort much-appreciated by Internet users everywhere), implementing faster cryptography to make Chrome safer, and identifying and reporting more than 100 security vulnerabilities to companies like Apple, Microsoft, Twitter, and Facebook.
Three posts we like from Elie Bursztein:
- I am a legend: Hacking Hearthstone with machine learning Defcon talk wrap-up
- How we broke the NuCaptcha video scheme and what we propose to fix it
- Predicting Hearthstone opponent deck using machine learning
Graham Cluley has more than 30,000 followers on Twitter alone, and it’s no surprise given his impressive coverage of InfoSec news and developments. He’s an independent computer security analyst who’s been working in the field since the 1990’s, giving him plenty of background and expertise to offer expert commentary on the latest happenings in information security and related topics. But it’s not just Cluley’s expertise you can gain here, but insights from a panel of regular contributors featuring several highly-regarded experts in the field. You’ll find plenty of tips for everyday users, along with deep insights into critical security developments.
Three posts we like from Graham Cluley:
- Hacking into someone’s webcam isn’t funny [VIDEO]
- Doom-playing Canon printer raises security concerns about Internet of Things
- This simple iPhone case can be used to steal ATM PINs
Tony Perez was introduced to information security back in 2009 in his role as Defense Contractor for the Marine Corps and Army headquarters, as a technical architect for small and large-scale enterprise applications and tools. Today, he’s the CEO of Sucuri, although he prefers to call himself a Chief Evangelist, a company he runs with Daniel Cid, also known as the Founder of the OSSEC project – Host Intrusion Detection System (HIDS). At Tony on Security, he aims to express his thoughts and perspectives on a multitude of subjects, with a particular focus in his areas of interest and expertise.
Three posts we like from Tony on Security:
- Importance of Updates in Website Security – WordPress, Joomla, Drupal and CMS’s
- Secure Your Traffic on Public WiFi’s
- WordPress Security – Learning From Hacks
eLearn Security is a leading provider of IT security and penetration testing courses for IT professionals. Naturally, the company’s blog is a valuable resource of information on security news, with coverage of major security breaches impacting enterprises and consumers, such as the Home Depot breach, leak of Gmail login credentials, and similar events, along with useful tutorials for security hacks and solutions for common challenges.
Three posts we like from eLearn Security:
- 5 Million Gmail Usernames and Passwords Leaked Online
- Home Depot Involved in Major Security Breach
- From XSS to Domain Admin – Solutions
Russ McRee has spoken at leading security conferences, such as Defcon, BlackHat, RSA, and others, and he works for Microsoft’s Online Services Security & Compliance team. He also writes toolsmith, a monthly column in ISSA Journal, but shares many of his views and perspectives on his belief in a holistic approach to information security at Holistic InfoSec.
Three posts from Holistic InfoSec:
- toolsmith – Jay and Bob Strike Back: Data-Driven Security
- toolsmith – Threats & Indicators: A Security Intelligence Lifecycle
- toolsmith: Microsoft Threat Modeling Tool 2014 – Identify & Mitigate
Founded and authored by Raj Chandel, Hacking Articles is a comprehensive source of information on cyber security, ethical hacking, penetration testing, and other topics of interest to information security professionals. Chandel’s primary interests lie in system exploitation and vulnerability research, but you’ll find tools, resources, and tutorials on everything from social engineering to footprinting, Google hacking, and more.
Three posts we like from Hacking Articles:
- Best of Post Exploitation Exploits & Tricks
- How to Know when people open your email with Google Analytics
- HackPack – Collection of Hacking Scripts
Started back in August 2008, SkullSecurity is home to hundreds of articles about security, data breaches, and general insights from the trenches based on blogger Ron Bowes’ professional experience. Bowes’ posts are equally as entertaining as they are informative, making this blog an intriguing read.
Three posts we like from SkullSecurity:
- Epic “cnot” Writeup (highest value level from PlaidCTF)
- Padding oracle attacks: in depth
- Everything you need to know about hash length extension attacks
A free learning resource from Social-Engineer, Inc., Security Through Education focuses on the blend of science, psychology and art that is social engineering – and how it’s used by penetration testers and security enthusiasts. It’s all brought to you by a team of leading professional social engineers, psychologists, researchers, scientists and security enthusiasts. In addition to the blog, you’ll find a newsletter, podcast, and much more to ensure that you’re always in the know, entertained, and never out of consumable security media.
Three posts we like from Security Through Education:
- The Social-Engineer Polygraph Challenge
- Celebrity Hacking – Was iCloud the culprit?
- Identity Marketing: Toeing the Line with Influence
A Facebook engineer, privacy advocate, and web app hacker, Joey Tyson is the blogger behind The Harmony Guy, where he covers privacy, security, and random geekery, with a particular focus on social networking. He began writing in 2007, using the pseudonym “The Harmony Guy” after discovering some simple vulnerabilities on popular websites. In addition to his own content, he often shares interesting stories he discovers around the web, sometimes in response to vulnerabilities he’s discovered and reported.
Three posts we like from The Harmony Guy:
- You Are Not the Product
- Inside Google’s Plan to Build a Catalog of Every Single Thing, Ever
- Etsy has been one of the best companies I’ve reported holes to.
Jeff Soh began blogging in 2007, and continues to share suggestions on the new intrusion analyst and other miscellaneous news on information security. Soh also offers book recommendations, product recommendations, and useful tips for information security professionals and everyday users.
Three posts we like from JeffSoh on NetSec:
Lucius Lobo is a security evangelist and author of StaySafe Cybercitizen. Professionally, Lobo heads an India-based specialized security services business unit for TechMahindra. At Lucius on Security, he writes about issues and risks affecting Internet users, including cybercrime, impersonation, privacy, and security, while he works to reduce cybercrime to some of the world’s largest companies. His posts provide valuable tips for parents, kids, and anyone using the web.
Three posts we like from Lucius on Security:
- Four ways your password is hacked by criminals and your best friend
- How Do You Know if Your Child is Safe Online?
- Changing lifestyles makes kids increasing vulnerable online
Sophos’ Naked Security blog is a near one-stop shop for security news. The blog features content from a wide range of security experts with a focus on malware, consumer privacy, social media security, and more.
Three posts we like from Naked Security:
- FBI Director James Comey says Apple and Google go “too far” with default encryption
- iSpy? Researcher exposes backdoor in iPhones and iPads
- US Attorney General calls for unified data breach notification laws
Matt Flynn is an information security and identity management specialist who works at Oracle. His personal blog, which reflects his own opinions and not those of Oracle, covers identity management and security, software, services, processes, and analyses. He’s been blogging since 2006 and has built an impressive collection of posts and perspectives over the years on topics impacting information security professionals.
Three posts we like from Matt Flynn’s Identity Management Blog:
A computer scientist researcher with an intensive hacking background, Marco Ramilli has an impressive background working with the U.S. Government and several leading universities on new security paradigms, penetration testing methodologies and electronic voting systems’ security, and Malware. His blog, which he started back in 2007, is a reflection of his many experiences in the security field in his many roles. Ramilli, self-described on his LinkedIn profile as an expert in ethical hacking, advanced targeted attacks, and malware evasion, has earned multiple honors and awards for his work.
Three posts we like from Marco Ramilli’s Blog:
- Nice Way To Evade Dynamic Analysis
- Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks
- Malware Writers.
WiKID is a two-factor authentication solution, and the company’s blog is a valuable source of information on authentication, security, major industry news, and other information. You’ll find tips and tutorials, insights about risks, resources, security news about Google and social media, and other relevant information.
Three posts we like from WiKID Blog:
- Two-factor authentication for twitter
- Local governments adopting two-factor authentication, but at what cost?
- 11 Top tips for two-factor authentication
Rational Survivability is run by Chris Hoff, who brings more than 20 years of experience in “high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.” His current role is VP of Strategy and Planning at Juniper Networks, where he formerly served as the company’s Chief Security Architect. Hoff has been blogging since June 2006, and has accumulated hundreds of posts on everything from risk management to virtualization, intrusion detection and prevention, the consumerization of IT, and much more.
Three posts we like from Rational Survivability:
- NGFW = No Good For Workloads…
- Maslow’s Hierarchy Of Security Product Needs & Vendor Selection…
- Video Of My ’12 Microsoft Bluehat Talk: Sh*t My Cloud Evangelist Says
The Robert Penz Blog covers information about Linux and open source in general, along with tips, tricks, small scripts, and IT security. Robert became interested in IT security when he was a student, and his master thesis was related to the field also; much of the blog is related to Information security as a result.
Three posts we like from Robert Penz Blog:
- US-CERT releases virtual appliance for MitM attacks
- Start securing your debit cards and why you should do it
- How to configure SNMPv3 securely on Extreme Networks XOS
A blog from Smoothwall, a “specialist developer and provider of Internet security and content filtering solutions,” the Smoothwall Blog provides a space for those in the industry to share their insights, observations, interests, and more. The posts cover everything from web content filtering to passwords, and it is a great resource for InfoSec.
Three posts we like from The Smoothwall Blog:
- Passwords – At it again?
- Web Filtering Is Not Glamorous, but You May Still Make the Paper
- For an Internet of Things, We Are Going to Need Better Things
The Security Ledger is run by Paul Roberts, former ThreatPost editor and analyst at 451 Research and Kaspersky Lab. The independent blog focuses on cybersecurity, bringing insight to subjects such as the internet of things, malware, government policy, and consumer security.
Three posts we like from The Security Ledger:
- Is IoT Innovation Outpacing our Ability to Keep it Safe?
- White House Cyber Chief: JP Morgan Underscores Critical Infrastructure Risk
- Obama Uses Executive Order to Push Chip and Pin
InfoSec Island aims to provide a place for IT and network professionals to go to find help and information quickly and easily, by combining an online community, infosec portal, and a social network. Infosec Island’s blog features several contributors and includes information about the Cloud, malware, cyberattacks, and more topics related to information security.
Three posts we like from Infosec Island:
- A Fresh Approach to Building an Application Security Program
- Poisoning the Well: Why Malvertising is an Enterprise Security Problem
- Security and the Cloud: Closing the Gap as the Market Grows
Dedicated to advancing information security and fighting malware, Lenny Zeltser is a business and tech leader with years of experience in information technology and security. Lenny writes often about information security, including a book he co-authored, chapters he has contributed to other projects, articles for various publications, and his daily information security blog.
Three posts we like from Lenny Zeltser on Information security:
- Morse-Style Tap Codes for Mobile Authentication
- Internet Noise and Malicious Requests to a New Web Server
- Attackers Rely on Social Engineering to Activate Macros in Malicious Office Documents
The Open Security Foundation is responsible for DataLossDB, which looks for new and old data breaches by scouring news feeds, blogs, and websites daily. They compile the breaches in various places and get the information out to members of their mailing list, on Twitter, and in their Primary Sources Archive to get deeper insight into data loss and to discover incidents that were missed by the media. DataLossDB provides links to incidents by month, latest and largest incidents, and posts from the Blotter to provide as many details about information security as possible.
Three posts we like from DataLossDB:
- Hacking Exposed 78% Of All Records Compromised In First Half of 2014
- First Quarter 2014 Exposes 176 Million Records
- SQL Injection Leads to BigMoneyJobs.com Leak
WTFuzz is the blog of Rishi Narang, a consultant, writer, and researcher who focuses on cyber security and threat intelligence. WTFuzz offers information about cyber attacks, ads, cookies, and more subjects in information security.
Three posts we like from WTFuzz:
The Dr. InfoSec blog is curated by Christophe Veltsos, PhD, who teaches about information security and information warfare. Dr. Veltsos seeks to “diagnose and treat everyday information security problems” with the blog, which covers risk, cybersecurity, and other topics important to information security. Many of the posts contain links to original sources, including videos and articles.
Three posts we like from Dr. InfoSec:
- QOTD – DHS on CyberSecurity & Risk
- QOTD – Ex-NSA Deputy Director on Managing Privileged Users
- Snowden on Smart Phones
The Tech Wreck InfoSec Blog is run by an Information Assurance Engineer, covering a variety of topics pertaining to information security and related news and information. The blog provides articles of use to both consumers and security professionals.
Three posts we like from Tech Wreck InfoSec Blog:
- 20 Critical Controls for Effective Cyber Defense Helper Kit – Version 2.3
- New Blog from Tech-Wreck focusing on just Emerging Cyber Security Threats
- IoT Survival Guide
Uncommon Sense Security is the blog of Tenable Network Security Strategist and Security BSides co-founder Jack Daniel. While Jack’s updates are not as frequent as they once were, his blog still serves as a trove of infosec knowledge on topics such as vulnerabilities, small business infosec, data breaches, the infosec community, and more. A self-described “infosec curmudgeon,” Jack’s insights, opinions, and humorous writing style are always worth a read.
Three posts we like from Uncommon Sense Security:
- Missing the (opportunity of) Target
- Target and PCI: Talking About the 800 lb. Gorilla
- ThreadFix, and Open Source tool for software vulnerability management
TaoSecurity is FireEye Chief Security Strategist Richard Bejtlich’s blog. For over a decade, TaoSecurity has been a source of expertise on cybersecurity, hacking, security strategy, threats, and more. Richard is a recognized security author and his blog contains a great amount of educational security resources.
Three posts we like from TaoSecurity:
- We Need More than Penetration Testing
- A Brief History of Network Security Monitoring
- President Obama is Right on US-China Hacking
…And You Will Know Us by the Trail of Bits is the official blog of Trail of Bits, an enterprise infosec consulting firm founded by Dan Guido and Alexander Sotirov. The blog offers expert infosec advice based on consulting experience at some of the world’s most advanced security programs. The blog provides excellent educational content focused on vulnerabilities, exploits, malware, and more.
Three posts we like from …And You Will Know us by the Trail of Bits:
- Enabling Two-Factor Authentication (2FA) for Apple ID and DropBox
- Using Static Analysis and Clang to Find Heartbleed
- ReMASTering Applications by Obfuscating during Compilation
Application security firm Veracode’s blog has grown into one of the leading sources for appsec news and insights. With regular contributions from security experts such as Chris Wysopal, Chris Eng, Melissa Elliot, and Mark Kriegsman, the blog offers informed commentary on the latest security issues. Favorite topics include application security testing, software vulnerabilities, hacking, mobile security, and more.
Three posts we like from the Veracode Blog:
- App Testing (and Retesting): When Are You Secure Enough to Launch?
- HIPAA Compliance and the Healthcare Supply Chain: Broken Links?
- Want a Powerful Culture of Security? Communicate “the Why”!
The F-Secure Weblog by F-Secure’s Mikko Hypponen and Sean Sullivan. The blog is research-heavy, with lots of educational content covering the latest findings from F-Secure Labs. Focal points include vulnerability discoveries, software patches, mobile security, and more.
Three posts we like from the F-Secure Weblog:
- One Doesn’t Simply Analyze Moudoor
- Bob and Alice Discover a Mac OPSEC Issue
- Are Maleware Authors Targeting People via Marketing Services?
Daniel Miessler is an information security professional, and he uses his blog as “a means of organizing everything I have learned and want to learn, and then as a way to share that same content with others.” With information and posts beginning as early as 1999, Daniel provides a robust site and blog for anyone interested in technology and information security
Three posts we like from Observations on InfoSec:
- How to Build a Successful Information Security Career
- A Guide to Information Security Certifications
- Applying Fundamentals to Health and Information Security