The 50 Best InfoSec Blogs
The information security landscape is always evolving. With new products consistently coming onto the market—and new breaches and vulnerabilities constantly being discovered—staying on top of current infosec news and best practices is more important than ever.
We’ve compiled a list of the top 50 information security blogs you should follow to stay abreast of the industry’s latest trends and developments. From industry-leading experts and infosec news sites to trusted corporate blogs and weekly podcasts, these tools will keep you updated so you can keep your data safe.
Former Washington Post investigative reporter Brian Krebs runs Krebs on Security as a full-time endeavor. Krebs’ blog focuses on cybercrime, web fraud and computer security—topics he covered during his time at the Post. In addition to authoring over a thousand articles for the Security Fix blog, Krebs is credited for breaking the infamous Target hacking story. On his blog, you’ll find commentary on the latest issues facing internet security and cybercrime.
Most shared post: Online Cheating Site AshleyMadison Hacked
Written by renowned security expert Bruce Schneier, Schneier on Security draws upon Schneier’s extensive experience in the infosec industry to bring you articles on security best practices, current industry news, general security issues and the latest threats. The blog also includes insight into Schneier’s thoughts on the issues facing the security industry today, including privacy, hacking and cybercrime.
Most shared post: Someone Is Learning How to Take Down the Internet
Influential industry expert Elie Bursztein runs Elie.net. In addition to currently leading Google’s anti-abuse research, Bursztein previously helped redesign Google’s CAPTCHA and is credited with finding the first SHA-1 collision. On his blog, Elie focuses on web technologies, video games, anti-abuse, hacking and web security.
Most shared post: Full(Er) House: Exposing High-End Poker Cheating Devices
Information security and IT professional Gary Hinson runs Notice Bored, a security awareness service that sends subscribers materials covering different information security topics each month. The Notice Bored blog updates regularly with posts on general information security topics with an emphasis on security awareness.
Most shared post: NIST SP800-53 Draft v5
British security blogger Graham Cluley is an established professional within the information security industry. Cluley, who was inducted into the Infosecurity Europe Hall of Fame in 2011, is especially well-known for writing the first version of Dr. Solomon’s Antivirus Toolkit for Windows.
Formerly employed by Sophos and McAfee, Cluley now runs his self-titled blog full-time, offering news coverage of events in the infosec industry, as well as insights and tips. Cluley’s blog has won several blogging awards, including for the Best IT Security Blog in the 2017 SysAdmin Blog Awards.
WhiteHat Security founder Jeremiah Grossman has revealed vulnerabilities in the systems of numerous high-profile companies, including Microsoft, Mozilla, Google and Facebook. Today, he serves as the chief of security strategy at SentinelOne. Drawing up his extensive experience with professional hacking and core vulnerability scanning, he blogs about hacking and the information security industry.
Most shared post: 7 Tips to Get the Absolute Best Price From Security Vendors
Known as the “Yoda” of malware by his students at the SANS Institute, Lenny Zeltser is the current VP of products and Minerva Labs, where he designs and builds anti-malware products. Zeltser on Information Security covers three main categories: fighting malware, growing information security businesses and advancing information security.
Most shared post: Tunneling Data and Commands Over DNS to Bypass Firewalls
Police detective and information security consultant Nick Selby specializes in law enforcement technology, data loss, vulnerability assessment, anti-fraud and security. A cybersecurity incident responder, Selby leads a team of security consultants at Secure Ideas Response Team, where he serves as CEO. On his blog, Selby covers data in law enforcement and general topics of cyber security.
Most shared post: By ‘Secure’, We Didn’t Mean…
Run by security expert and penetration tester Raj Chandel, Hacking Articles is a comprehensive source on everything to do with information security, penetration testing and vulnerability assessment. On the site, you’ll find extensive resources on ethical hacking and cybersecurity, including an eBook on Facebook hacking.
Most shared post: Beginner Guide to Understand Cookies and Session Management
Former military intelligence officer and current strategist Richard Bejtlich blogs at TaoSecurity, where he covers digital security, strategic thought and military history.
Most shared post: Cybersecurity Domains Mind Map
Roger McClinton is a former security administrator with an MS in computer science and extensive experience with day-to-day computer security operations including vulnerability scanning, patch management, desktop encryption, desktop endpoint protection and more. Founded in 2004, Roger’s Information Security Blog is a go-to source for accessible information regarding current infosec news, as well as McClinton’s reviews and thoughts.
Most shared post: Wanna Get Away – Generals Password
Run by Russ McRee, a senior security analyst and current principal group program manager at Microsoft, Holistic Infosec advocates a holistic approach to information security. On the blog, you’ll find information security content and resources presented in a clear, concise manner.
Most shared post: Toolsmith: Malware Analysis with REMnux Docker Containers
Sucuri co-founder Tony Perez shares his personal thoughts and opinions on PerezBox, where you’ll find accessible articles covering a mix of security and business issues that draw from Perez’s extensive experience as a business owner in the infosec industry.
Most shared post: The Lessons Learned: My 120 Pound Journey
Troy Hunt, the creator of a well-known data breach aggregation service, runs an infosec blog that covers general topics in security, as well as Hunt’s upcoming conferences and speaking engagements. Hunt’s blog includes timely updates and weekly roundups, and is perfect for information security junkies of all levels.
Most shared post: The Dropbox Hack Is Real
A self-proclaimed “security enthusiast,” freelance security consultant Xavier Mertens believes in protecting assets by applying offensive (penetration testing) and defensive (incident handling, forensics, log management) security practices. On Mertens’ personal blog he shares his thoughts and opinions about a variety of security topics.
Most shared post: Incident Handling with Docker Containers
A news site and online community of security professionals, Dark Reading provides coverage of current cyber threats, vulnerabilities and technology trends.
The website encompasses ten communities: attaches and breaches; application security; cloud security; data leaks and insider threats; endpoint security and privacy; mobile security, network security and perimeter security; risk management and compliance; security management and analytics; and vulnerabilities and threats. Each community is run by editors and subject matter experts who help lead members in discussions.
Most shared post: Our Governments Are Making Us More Vulnerable
Published by the Information Security Media Group, Data Breach Today is a multimedia news website that specializes in providing news, insights and educational materials on data breaches.
Most shared post: ‘Can You Hear Me?’ Scam Hooks Victims With a Single Word
IT Security Guru compiles the latest IT security news stories first thing in the morning. Although primarily a news aggregation site, the website also includes opinion, analysis and original content from other “gurus,” IT security professionals from around the globe.
An independent aggregation site, Information Security Buzz brings together breaking news, blog posts and opinion pieces from security experts and industry leaders. Main topics of coverage include breaches, cloud security, mobile security, network security, application security and IoT. In addition to breaking news and expert analysis, the site features downloadable resources.
Most shared post: Hacktivists vs Faketivists: Fancy Bears in Disguise
An award-winning online magazine covering the information security industry, Infosecurity Magazine delivers coverage of up-to-date industry trends as well as in-depth news analysis and opinion. On the site, you’ll find free education content including webinars, white papers and virtual conferences.
Most shared post: Why You Need Private Browsing
Founded by Dave Lewis, current global security advocate at Akamai, the LiquidMatrix Security Digest is a source for infosec security news and insight with tailored commentary by contributors.
Most shared post: RSA’s Move to Ban Booth Babes
Originally a subset of PCMag, Security Watch became its own blog in 2007. Designed for the everyday user, Security Watch’s mission is to keep you safe by providing you with the most up-to-date information regarding malware, viruses, hacks and privacy exploits. Reporting includes reviews of products, how-to articles, tips and more.
Most shared post: Black Hat: Don’t Plug Your Phone Into a Charger You Don’t Own
SC Media is an industry leader in providing information security news, with over 40 industry awards for editorial excellence, design and online presence, including magazine of the year from the American Society of Business Publication Editors. Topics include cybercrime, network security, in-depth features and product reviews.
An independent security news website, The Security Ledger provides original reporting, breaking news and opinions about information security topics, including recent threats. In addition to articles, the website includes whitepapers, ebooks, long-form reports and podcasts.
Most shared post: New Clues in Sony Hack Point to Insiders, Away From DPRK
The security blog of popular tech magazine Wired, Threat Level provides in-depth coverage of topics in information security, cybersecurity, IT security and more. Selected by Time’s First Annual Blog Index as one of the internet’s best blogs in 2007, it is currently updated by Wired senior writer Andy Greenberg.
Most shared post: Robert Mueller Chooses His Investigatory Dream Team
Winner of the Best Corporate Blog at RSA 2017, Bitdefender’s blog provides the insights and analysis into the latest in business information security news. In addition to articles on a range of security topics, the site contains a comprehensive resources section that includes white papers, case studies, solution briefs, industry reports and eBooks.
Created by IT and networking leader Cisco, the Cisco Security Blog is updated by senior members of the company’s team and covers information security and current threat research. Suited for the everyday user as well as information security professionals, popular topics include online safety, network security and in-depth threat analysis.
Most shared post: Security Drives Major Transition in the Network and Data Center
Started in 2007, Google’s security blog offers the latest news and insights from the company, with a focus on web security and safety. Posts, which are written by members of Google’s vast security, privacy, engineering and product teams, focus largely on features, projects and initiatives undertaken by Google in the pursuit of better web security.
Most shared post: Announcing the First SHA1 Collision
Run by anti-malware company Malwarebytes, the corporate blog of the same name covers the latest news in the infosec industry, including a weekly security roundup that compiles notable news stories and security-related happenings from the previous week.
Most shared post: How to Beat Ransomware: Prevent, Don’t React
Antivirus and security solutions company Sophos runs Naked Security, covering computer security news, opinion and advice. The blog, founded by Graham Cluley during his time at the company, is a leading source for the industry and has won distinctive awards including for the Most Educational Blog at RSA 2017.
Most shared post: Want to See Who Has Viewed Your Facebook Profile? Take Care..
Leading antivirus company McAfee runs Securing Tomorrow, which covers information security topics with a focus on business and consumers. Covering a range of subjects, the blog is a go-to source for everything from articles on securing business vulnerabilities to tips for keeping everyday tech safe.
Most shared post: An Analysis of the WannaCry Ransomware Outbreak
Security Intelligence, the corporate blog of industry leader IBM, provides timely industry news, analysis and security insights designed for cybersecurity professionals and individual users. Contributors include IBM’s leaders as well as professionals from throughout the industry.
Industry leading software company Symantec runs Security Watch, a corporate blog focused around providing coverage and analysis of the latest security threats and vulnerabilities.
Most shared post: Regin: Top-Tier Espionage Tool Enables Stealthy Surveillance
Founded in 2004, BH Consulting is an independent advisory firm that specializes in information security consulting, cybersecurity, risk assessment, security training and more. The company’s corporate blog, SecurityWatch, provides up-to-date information news as well as insights and opinions from the BH Consulting team.
Most shared post: BH Consulting to Feature in RTÉ TV Documentary About Cybercrime
The corporate blog of security software company SentinelOne covers a variety of security topics, including information security research, reported threats, network security and ransomware, along with general cybersecurity news.
Most shared post: Turns out Ransomware Variants Aren’t That Unique After All
The State of Security, the corporate blog of leading software and security company Tripwire, features breaking news, opinion pieces and resources on all things cybersecurity. Popular areas of coverage include current security threats and vulnerabilities, as well as regulatory and compliance news. In addition to contributions from Tripwire’s team, the blog often features posts by infosec journalists, analysts and experts.
Run by Kaspersky Labs, ThreatPost provides information and updates about IT and business security. An authoritative source in the industry, ThreatPost has been referenced by outlets including the New York Times, the Wall Street Journal and NPR. Coverage includes security news, videos, in-depth reporting and original commentary.
Most shared post: FBI Vacate’s Today’s Apple Hearing
Run by security professionals Alexander Sotirov and Dan Guido, Trail of Bits is an infosec consulting firm dedicated to keeping organizations and products secure from threats. The Trail of Bits blog provides educational content that focuses on vulnerabilities, malware, program analysis and more.
Most shared post: Apple Can Comply With the FBI Court Order
Updated daily, Veracode’s corporate blog covers a range of topics including security news, customer news, secure development and various subsets of application security, including testing and best practices.
Most shared post: The History of Programming Languages Infographic
Defensive Security, hosted by Jerry Bell and Andrew Kalat, highlights recent breaches with the intent of applying them to real-life situations, organizations and clients. In addition to covering timely hacks and general security news, the site features a comprehensive list of resources on vulnerabilities, malware analysis, incident response and best practices.
Most shared podcast: Defensive Security Podcast Episode 200
Hosted by Rafal Los, James Jardine and Michael Santarcangelo, Down the Security Rabbithole covers current news, offering analysis and featuring expert guests to give opinions on their area of expertise.
Most shared podcast: DtSR Episode 146 – State of Enterprise Incident Response
Hosted by Dave Lewis, James Arlen, Matt Johansen, Ben Sapiro and other members of the LiquidMatrix team, the LiquidMatrix Security Digest podcast is an extension of the LiquidMatrix blog, offering timely news and information with entertaining, opinionated commentary.
Most shared podcast: Liquidmatrix Security Digest Podcast – Episode 50
Hosted by Josh Bressers and Kurt Seifried, the Open Source Security podcast covers a wide range of information security, including security challenges and information security news—with an open source twist.
Most shared podcast: Episode 18 – The Security of Santa
A five-time winner of the RSA Social Security Awards for Best Security Podcast, Paul’s Security Weekly is primarily hosted by its founder Paul Asadoorian, with contributions from other security industry professionals. The podcast can run as long as two hours and covers a variety of security topics, including the latest infosec headlines, breaches, exploits, vulnerabilities and more.
Most shared podcast: Hack Naked TV: OSCP Review
Launched in 2007 and hosted by award-winning journalist Patrick Gray, Risky Business is a weekly information security podcast that covers the industry’s latest headlines and often features in-depth interviews with industry experts.
Most shared podcast: Risky Biz Snake Oilers: Roll up Roll Up! We’ve Got a Fix for What Ails Ya!
Run by the SANS Internet Storm Center, a global internet security monitoring and alert system, stormcasts are designed to update the user with only the most relevant and timely threats; each is 5–10 minutes long.
Most shared post: ISC StormCast for Friday, April 17th 2015
Steve Gibson and Leo Laporte’s weekly podcast Security Now! discusses pertinent issues involving personal computer security, including long-standing concerns and solutions. Each episode runs approximately two hours long and is designed to help and inform the everyday user about personal web safety.
Most shared podcast: Episode #256: LastPass
Started in 2010, Southern Fried Security is a bi-monthly podcast hosted by Martin Fisher, Andy Willingham, Steve Ragan, Yvette Johnson and Joseph Sokoly. The podcast covers a range of subjects in information security and information security news.
Most shared podcast: Episode 174 – Doing Threat Intelligence Smartly
The CyberWire calls itself a “community-driven cybersecurity news service.” The website aggregates infosec podcasts from across the industry. Additionally, the CyberWire posts a “daily briefing” podcast each weekday afternoon, which distills the day’s critical cybersecurity news into one brief podcast.
Most shared podcast: Star Wars Rogue One – A Phish Story
Hosted by information security professional Daniel Miessler, Unsupervised Learning is a brief podcast that aims to catch up listeners on current events and offer interest analysis in a quick, digestible format.
Most shared podcast: Unsupervised Learning: Episode 46