Enterprise IT Watch Blog

Sep 14 2010   6:09AM GMT

The Security Soapbox: Our 10 Favorite Information Security Blogs

Melanie Yarbrough Profile: MelanieYarbrough

To keep from falling asleep on the job (figuratively and literally), keep your mind sharp with the musings, analysis and tips from these information security pros:

1. …And you will know me by the trail of bits: Dino Dai Zovi has 9+ years of information security experience under his belt. He is a regular at conferences, speaking on what he knows best: “red teaming, penetration testing and software security assessments.” His claim to fame? Dino discovered and wrote the exploit that won him the first PWN2OWN contest at CanSecWest in 2007; not to mention being named one of eWeek’s 15 Most Influential People in Security.

2. Application Security: Perspective from the field: Michael Coates, leader of web security at Mozilla, blogs here about all things security, from application security, security codes, and penetration assessment. I especially enjoyed this piece about a flaw he found in Black Hat’s video stream a few months ago: The Irony – Black Hat Video Stream Hack.

3. /dev/random: Written by a security consultant in Belgium, this blog provides general information and theory on IT security down to minute instructions for integrating blacklisting in your own DNS server.

4. Tao Security: Richard Bejtlich, Director of Incident Response at General Electric, blogs about “digital security and the practices of network security monitoring, incident response, and forensics.” He also reviews products and provides insight into daily industry and popular tech news.

5. Infamous Agenda: Matthew Hackling (great name for a security guy, right?) runs a security consultancy and writes about information security management, with “a keen interest in infrastructure and web application security.” He’s funny and informative, an essential mix when writing about IT. Check out this useful checklist for avoiding shelfware – ISMS implementation tips. [More great security blogs after the jump.]

6. CyberCrime & Doing Time: “A blog about cyber crime and related justice issues,” Gary Warner’s blog covers the latest spam and malware attacks from an analytic and preventive perspective.

7. Catch22 (in)security: Not all of Chris Riley’s 14+ years in IT have been dedicated to security, but since he discovered his affinity and interest in the subject, he’s done his share of studying. His qualifications include Security+, CEH, ECSA, and MCSE 2003: Security. He blogs about learning opportunities in the security field, conferences, and other security-related topics relevant to his personal experience and the blogosphere.

8. Amrit Williams’ Blog: His 18+ years in information technology, security and risk management have made him an entertaining and authoritative voice on the subject. His path to CTO at BigFix included research director on Information Security and Risk Research Practice at Gartner, Inc.

9. Accuvant Insight: The members of the Accuvant LABS team’s primary goal is “to provide interesting, informative and insightful information to the IT security community…from the industry’s best assessors, consultants and researchers.”

10. Securosis: The team at Securosis, “an information security research and advisory firm,” blogs about the business and technical sides of security, providing detailed and informative angles in each of their stories.

For more security-related blogs, check out the Security Bloggers Network. Don’t see your favorite security blog listed here? Let us know in the comments section or via email.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

5  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Information Security In Research And Business | Weather Proof Security Cameras
    [...] Th&#1077 Security Soapbox: O&#965r 10 Favorite Information Security Blogs – Enterprise IT Watc... [...]
    0 pointsBadges:
  • What does it take to get out of state tickets cleared from my record? | Uncategorized | Information about Careers
    [...] The Security Soapbox: Our 10 Favorite Information Security Blogs – Enterprise IT Watch Blog [...]
    0 pointsBadges:
  • CompTIA Security +? Is that worthwhile itself? | Uncategorized | Information about Careers
    [...] The Security Soapbox: Our 10 Favorite Information Security Blogs – Enterprise IT Watch Blog [...]
    0 pointsBadges:
  • Incite 9/22/2010: The Place That Time Forgot | Portable Digital Video Recorder
    [...] also want to send thanks to IT Knowledge Exchange, who listed our little blog here as one of their 10 Favorite Information Security Blogs. We’re in some pretty good company, except that Amrit guy. Does he even still have a [...]
    0 pointsBadges:
  • How do i take scratches off of a metal watch? | Swiss brand watches
    [...] The Security Soapbox: Our 10 Favorite Information Security Blogs – Enterprise IT Watch Blog [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: