Three Ways to Keep Up with Cybersecurity News
It’s Monday morning. The beginning of a bright new work week. You’re well rested, and had a fantastic couple of days off to catch up on the latest Netflix releases. You’re just coming into the office when you get pulled aside by your supervisor.
A major vulnerability was abruptly released to the world this weekend, bypassed any responsible disclosure process, given the name of a James Bond villain with a spiffy marketing logo, and is already being reported as actively exploited in the wild. As a result, your manager wants you to analyze your organization’s overall exposure for a debrief to the C-suite before lunchtime.
You nod your head up and down, utter something along the lines of “yeah I know, crazy right?”, and pretend to know what they are talking about until you have the chance to whip out your smartphone and frantically search for details on what the hell is going on.
This is an industry where you will fall asleep one night, and wake up the next morning to one of those fancy, expensive bits of technology suddenly becoming a window into your network. Your schedule for the week inevitably gets flipped-turned upside down (to quote the Fresh Prince) and late-night emergency firmware updates are back on the table. So much for the gym this week…
Do you remember last summer when you thought the design of WPA2 was safe to all but offline hash cracking, or the exploitation of something as low-level as speculative execution was nowhere on your radar? Can it be that it was all so simple then?
For many of us, this is why we are here. The constant change of pace keeps our adrenaline going and fuels our desire to learn and adapt. We work the best under pressure, especially when the stakes are high. I think it goes without saying that staying on top of what is going on in the industry is an absolute must for cybersecurity professionals, or any individual who handles IT security tasks at their organization.
Unfortunately, it can be daunting to take in all of this information, as the industry is over-saturated with cybersecurity “news”. Cuts have to be made. Questions get raised, such as “which sources are the most reliable?”, “Which ones are clickbait that only scratch the surface?”, “What about those ones that start off strong, but bait-and-switch you at the end with a sales pitch?”.
It’s going to take some strategy, fine-tuning, and personalization. If you don’t know where to start, keep reading. Hopefully my process will give you some sparks of inspiration.
Real-Time Notifications — r/netsec & IFTTT
As it stands right now, the subreddit r/netsec is the most carefully curated and unbiased aggregate of cybersecurity-related news and information. Whenever something is posted to the subreddit, it receives high scrutiny from the subscriber community and either fizzles into nothingness, or takes off into the stratosphere. This is excellent considering this industry is chock-full of fear mongering and sales pieces.
Combine this with IFTTT, and receive alerts to your phone when something gets traction with a simple recipe. This may be a bit much for some, but I personally prefer more information to less. With muted alerts, I can simply get the headlines in the taskbar of my phone and read into anything that piques my interest.
Daily Rundown — RSS with Feedly
I am a firm believer that information should come to me, and not the other way around. It’s 2018, right? I shouldn’t have to go digging for relevant, quality news anymore.
I am also a firm believer that social media sites are ripe for inserting bias into what you see in your news feed, and therefore cannot be trusted as a source of news. Considering the recent Facebook fiasco, I don’t think this is too hard to believe.
Because of this, the old trusty RSS feed is my preferred tool to do my ‘daily rundown’ of cybersecurity news. My personal choice is Feedly. It will take a little bit of time to get it set up to your liking, but it’s definitely worth the effort.
Oh, and it is free (with premium features).
Using the content from r/netsec in conjunction with suggestions from Feedly via keyword searches, I have created a personal and tailored news feed to which I can keep up on the latest articles, blog posts, advisories, etc.
A handful of my most-frequented sources of news come from the following sites, and are aggregated in my feed:
- SANS Internet Storm Center — If you are interested in DFIR, their diary posts contain some no-frills details on malware analysis techniques and threat intelligence. Quick, but interesting, reads.
- KitPloit — It seems like every day there are new tools designed to expedite the penetration testing process… or another tool for script-kiddies to misuse. Either way, I am interested. This site keeps up with the releases and provides some quick details to help keep on top of the game (if pentesting is your thing).
- ThreatPost — This news site is more technically-minded, which is great for us who don’t mind getting in the weeds.
- SecurityAffairs — Another site for getting dirty with recent exploits, among numerous other topics within cybersecurity.
- Dark Reading — If your job is at any advisory capacity, you will need to take in the broad strokes. I enjoy their journalistic efforts, and most of their articles are worthwhile for tackling larger topics and ideas.
Weekly Recap — Podcasts
As someone who commutes via subway every morning, podcasts are a great way to be productive in a confined space. This is especially true during rush hour when just keeping your arms in front of your face to read something can be a luxury. Unfortunately, through trial and error I have observed that the “cybersecurity podcast” as a genre consists of way too many marketing adverts and sales-pitch-style-interviews to be worth the time.
Fortunately, there are a handful of great podcasts out there if you look hard enough. Right now, my go-to is TWiT Security Now with Steve Gibson and Leo Laporte. If you have Google Play Music or use iTunes, I highly suggest giving them a subscribe and listen. Every episode has intriguing discussion that is easy to absorb for individuals in most facets of the industry, and they keep the advertisements to a minimum. The typical run-time is around 2 hours, to which I break up across the week on my way to work.
If this is too much of an investment, check out the SANS ISC Stormcast. Similar to the diary posts, this podcast is a no-nonsense daily update on what is trending out in the wild.
Do you have a method which works best for you? What are your go-to sources of cybersecurity news? Feel free to leave a comment below.
As always, thanks for reading! The goal here is to help organizations of all sizes tackle complex IT security challenges, and bridge cybersecurity policy into operations. I am always open to comments or critiques. Reach me on LinkedIn , Twitter, or email at jeremy.trinka[at]gmail[dot]com.