1. …And you will know me by the trail of bits: Dino Dai Zovi has 9+ years of information security experience under his belt. He is a regular at conferences, speaking on what he knows best: “red teaming, penetration testing and software security assessments.” His claim to fame? Dino discovered and wrote the exploit that won him the first PWN2OWN contest at CanSecWest in 2007; not to mention being named one of eWeek’s 15 Most Influential People in Security.
2. Application Security: Perspective from the field: Michael Coates, leader of web security at Mozilla, blogs here about all things security, from application security, security codes, and penetration assessment. I especially enjoyed this piece about a flaw he found in Black Hat’s video stream a few months ago: The Irony – Black Hat Video Stream Hack.
3. /dev/random: Written by a security consultant in Belgium, this blog provides general information and theory on IT security down to minute instructions for integrating blacklisting in your own DNS server.
4. Tao Security: Richard Bejtlich, Director of Incident Response at General Electric, blogs about “digital security and the practices of network security monitoring, incident response, and forensics.” He also reviews products and provides insight into daily industry and popular tech news.
5. Infamous Agenda: Matthew Hackling (great name for a security guy, right?) runs a security consultancy and writes about information security management, with “a keen interest in infrastructure and web application security.” He’s funny and informative, an essential mix when writing about IT. Check out this useful checklist for avoiding shelfware – ISMS implementation tips. [More great security blogs after the jump.]
6. CyberCrime & Doing Time: “A blog about cyber crime and related justice issues,” Gary Warner’s blog covers the latest spam and malware attacks from an analytic and preventive perspective.
7. Catch22 (in)security: Not all of Chris Riley’s 14+ years in IT have been dedicated to security, but since he discovered his affinity and interest in the subject, he’s done his share of studying. His qualifications include Security+, CEH, ECSA, and MCSE 2003: Security. He blogs about learning opportunities in the security field, conferences, and other security-related topics relevant to his personal experience and the blogosphere.
8. Amrit Williams’ Blog: His 18+ years in information technology, security and risk management have made him an entertaining and authoritative voice on the subject. His path to CTO at BigFix included research director on Information Security and Risk Research Practice at Gartner, Inc.
9. Accuvant Insight: The members of the Accuvant LABS team’s primary goal is “to provide interesting, informative and insightful information to the IT security community…from the industry’s best assessors, consultants and researchers.”
10. Securosis: The team at Securosis, “an information security research and advisory firm,” blogs about the business and technical sides of security, providing detailed and informative angles in each of their stories.
For more security-related blogs, check out the Security Bloggers Network. Don’t see your favorite security blog listed here? Let us know in the comments section or via email.