Cybersecurity is a high-stakes field where time may be the most valuable currency. The longer a cyberattack, data breach, or software vulnerability goes unnoticed, the more severe the consequences can become. Conversely, the quicker information about these problems can spread, the quicker it can be collaboratively solved. A cybersecurity professional needs reputable and detailed news at their fingertips 24 hours a day.
But where do they get it? Mainstream media outlets like the New York Times and BBC have their own cybersecurity pages, but these act more as buckets for content that’s already been created, and the number of staff specifically dedicated to the topic is low. Furthermore, the cybersecurity content from mainstream outlets is created to satisfy a more layman demographic, making it of little use to industry vets who are chasing down ways to circumvent the latest vulnerability or data breach. Cybersecurity professionals need news that’s produced with the speed and quality of a major newsroom but reinforced by the expert industry knowledge of boutique outfits.
Finding reputable and reliable news is always tricky, and in a vast yet niche area like cybersecurity, it can be doubly difficult. Many cybersecurity news sites are merely shills for second-rate cybersecurity products and the watered-down articles they post are little more than bait in a borderline phishing attempt. But other sites are actively calling on investigative journalists and industry experts to dive deeply into the who, what, when, where, why, and how of cybersecurity’s most pressing issues.
Below you’ll find news outlets that use a variety of mediums: podcasts and videos, long-form and short-form articles, aggregated and original content. Some sites focus on threat detection, while others focus on discovered vulnerabilities. But in each instance, you’ll find quality reporting and relevant content for cybersecurity professionals. Get that new bookmark folder ready.
The CyberWire started in 2012 as a daily briefing for the staff of CyberPoint International, a cybersecurity company. From those early beginnings as a summary outpost of key cybersecurity developments, The CyberWire has grown into an independent news organization that reaches thousands of readers and listeners across the globe. Though The CyberWire was spun-off as an independent company in 2016, it’s maintained its industry connections and used them to drive top-caliber content. Partners include Booz Allen Hamilton; Accenture Security; Cylance; and the Johns Hopkins Whiting School of Engineering.
The meat and potatoes of The CyberWire is still its daily briefing, but the accouterments are just as tasty: a daily podcast, featured stories, community events, and a library of archived videos. In addition to the daily podcast, The CyberWire hosts several others: Research Saturday; Hacking Humans; Special Edition; and CyberWire-X. Each caters to a different niche: multi-part series, one-off issues, interviews, social engineering, or academic research. And while The CyberWire is based in Maryland and benefits from the Baltimore tech community, the news outlet maintains a commitment to covering global cybersecurity issues.
Whether you’re working in a startup or serving as a CISO, Threatpost is one of your first stops for cybersecurity news. Primarily focused on new threats and vulnerabilities, Threatpost produces industry-critical content that can be the first line of defense against a breach. And this isn’t just your daily rag: content gets pushed out in the form of videos, podcasts, articles, whitepapers, and aggregated reports. A previous association with Kaspersky Labs raises some questions about how independent Threatpost truly is, but it also lends serious (and corporate) heft to the expertise of its content creators.
Threatpost is often quoted by the mainstream media as an authoritative source on cybersecurity issues. A lot of that has to do with their editorial staff, who have long histories in the industry and numerous awards to show for it. While the internet is teeming with article aggregators, the staff at Threatpost don’t merely repost what they see; they frame it with expert analysis. And, more often than not, they’re not reposting at all because they’re the ones posting it first.
Cybersecurity moves fast, but you can’t just read tweets and 500-word articles. To get the bigger picture, you have to go deeper. That’s when you turn to Brian Krebs, an investigative journalist who focuses on major hacks and data breaches. While the mainstream media will boil cybersecurity stories down to a thin broth that is palpable to the lowest common denominator, Brian Krebs writes with the authority and knowledge of a longstanding expert. A former writer for The Washington Post, Krebs is a veteran front-page reporter. He’s self-taught when it comes to issues of information security, but has still won the buy-in of the cybersecurity intelligentsia.
While the other news sources are giving you headlines and sound-bytes, Krebs is giving you the full and complex saga of major cybersecurity cases. He breaks stories himself and goes deep into the industry-relevant specifics. While Krebs doesn’t have the nonstop content that more watered-down websites do, he’s surprisingly consistent for a one-man show, producing long-form pieces, breaking news, and detailed updates at a cadence of about one post a week.
The comments section here is refreshingly high-brow. Another upside of that methodical style is that many of Krebs’s posts are evergreen: even if the news they reference has passed, the analysis stands as a prudent case study (or autopsy) on an issue of cybersecurity. The archives can keep you busy—and learning—for a long time.
For the last 12 years, Security Boulevard has aimed to be the one-stop-shop of cybersecurity news. Home to the Security Bloggers Network, which aggregates over 300 blogs, Security Boulevard demands its content be vendor-neutral—no shills allowed. Even with rigorous content standards in place, SB is still home to over 4,500 posts and growing. To sort out the signals from all that noise, readers are offered categorizing tags in the following categories: analytics, appsec, CISO, cloud, devops, GRC, identity, incident response, IOT/ICS, threats/breaches, blockchain, social engineering, and cyberlaw.
For further diversification, and aggregation-of-aggregation, there’s a weekly recap video, entitled “This Week at MediaOps.” To go deeper, readers can access a downloadable library of high-level security reports. For community involvement, readers can pitch their own articles, submit their blog as a contributor, sit in on webinars, and participate in cybersecurity meetups and blogger award ceremonies. And if all those options get too overwhelming, you can always head over to the SB funny pages.
When you get tired of skimming through bricks of text, Security Weekly has you covered. While they do maintain a blog that posts relevant updates in cybersecurity news, the main site acts as a launchpad for more multimedia-based offerings. This isn’t aggregation, it’s original content. Contributors at Security Weekly include security consultants, infosec analysts, researchers, professors, CISOs, and vice-presidents.
Security Weekly hosts seven podcasts, which are streamed live and available on-demand in video and audio format. They include Application Security Weekly; Paul’s Security Weekly; Hack Naked News; Enterprise Security Weekly; Business Security Weekly; Secure Digital Life; and Tradecraft Security Weekly. Most of these podcasts aren’t lectures, they’re discussions.
The spotlight show, Paul’s Security Weekly, typically runs to two hours in length, involving extremely technical dives into topics like malware analysis, application attacks, active directory defense, and open-source security tools. Download a few episodes to your phone and that downtime on your commute to work just became professional development.
Naked Security is the threat newsroom of Sophos, an IT security company with over 30 years of industry tenure. Don’t let the corporate sponsorship dissuade you from the news posted here: Naked Security has won over a dozen awards for its cybersecurity reporting in the last nine years. While the stock-photo icons for the articles may have you thinking of other aggregator sites, the writing here is remarkably crisp and it pays acute attention to how each story relates to others in the cybersecurity ecosystem. Video content and podcasts are also available.
With over two-dozen veteran contributors—one being award-winning security blogger Graham Cluley—Naked Security isn’t a small-time operation. Their Facebook group boasts nearly a quarter-million members. The content is quick, plentiful, and relevant. And the corporate connection with Sophos allows the Naked Security producers to focus on what they do best, rather than pander to click-bait titles and third-party advertisers.
What was once one of the most widely-read cybersecurity news pages is now also one of the most trusted online communities for security professionals. Dark Reading is a multifaceted, multimedia source for all cybersecurity issues, including dedicated sections for analytics, appsec, attacks, breaches, careers, cloud, IoT, mobile, operations, perimeter, risk, threat intelligence, and vulnerabilities. The community includes CISOs, cybersecurity thought leaders, infosec researchers, and technology specialists.
In addition to timely and relevant news articles, Dark Reading hosts slideshows, videos, whitepapers, podcasts, webinars, and conferences. Their digital library compiles downloadable versions of security reports, academic research, case studies, and webcasts. To connect, readers can browse the website, sign up for the newsletter, or simply jump on Twitter, where Dark Reading has over 200,000 followers.
Cybersecurity news is, by nature, an extremely technical field. While security professionals may seek out deeply specific information on industry news, those who are merely interested in catching up on the conversation may need something a little less dense. If you’re curious about developments in cybersecurity but don’t want to have to pull out a glossary to do so, then check out some of the cybersecurity sites below. They may not be as obsessively updated, but they’ll provide a sketch of the territory.
Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.
Data science, as described by University of California, Berkeley, involves the analysis and management of large quantities of data. The discipline requires professionals who can ask the right questions, chart out what information is needed, collect the data, and analyze it effectively.
Meet several leading professors of computer science, and learn more about what makes them standout educators and innovators.
Software powers a large part of today’s world. From hailing taxi cabs to ordering food, there is an app for everything. As a result, there is a growing demand for software engineers to develop new applications and websites.
In a world largely powered by software, there is a high demand for those trained in web development. A bachelor's degree in web development can allow students to gain a fundamental understanding of software as a whole and confidently launch their career in this exciting field.