A couple weeks ago at the monthly meeting of the National Information Security Group (NAISG) in Waltham, Mass., I gave a couple of PowerPoint presentations when the scheduled speaker hit some travel snags and couldn’t make it. I’m on the NAISG board of directors and it was my turn to take one for the team.
One of the presentations was about how SearchSecurity.com and Information Security magazine is focused like the proverbial laser beam on the security challenges of IT professionals. My goal was to make the point that it’s crucial for us to talk to IT admins on a regular basis to get the best sense of what their challenges are and what kind of information we can put in our stories to help them do their jobs better.
Whenever I finish this presentation and start taking questions from the audience, the conversation always shifts to which Web sites and blogs I visit each day to find the latest news and analysis. The vast majority of what I look at each day is more in the form of technical advisories and security dashboards fitted with the various threat level boxes kept by Symantec, IBM ISS and many other security vendors.
But the blogosphere is becoming an increasingly important source of news and analysis, and while I wouldn’t think of giving away all of my source material, I think it’s useful for me to flag some blogs you can all get some use from. Some are straight roundups of the news of the day, others are more opinionated summaries of the news and then there are blogs offering a bit of both.
And so here is a list of some blogs that have become favorite stopping points during my so-called morning scan, the daily ritual where I fire up the laptop at 5 a.m., coffee in hand, and browse cyberspace in search of breaking news that may require our fast attention:
Liquidmatrix: This is the site of IT security professional Dave Lewis, where he offers, among other things, a daily “Security Briefing” of whatever the big news of the morning may be. It’s set up to read like a scan of the morning newspapers.
The Daily Incite: This is another daily morning roundup — but with a heavier dose of attitude and analysis — from Mike Rothman, president and principal analyst of Security Incite. Once in awhile Mike will take issue with something written by me or one of my colleagues, but he offers a lot of fair analysis on the daily news that can be helpful when you’re trying to make quick sense of whatever has just happened.
Donna’s Security Flash: She keeps meticulous track of daily news items, summarizing and linking to various news stories of note.
The Breach Blog: This one reads like the typical advisory for software vulnerabilities, only the focus is on the latest reported data security breaches. Entries include the date an incident is reported, how many people affected and a summary of what specifically happened.
Techdirt: OK, this blog isn’t security-specific. It’s more of a wide-angle overview of technology news. But they include a ton of security news, helpful links and attitude that makes for interesting reading.
PogoWasRight.org: This is another daily roundup of security breaches and other privacy-related news such as legislative developments, linking to various news stories around the Web. One of the most impressive aspects of this blog is how up to date it is. You’ll usually find fresh data breach reports milliseconds after the news has broken.
About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what’s got the information security community buzzing. In this column he lists the weekly highlights. If you’d like to comment on the column or bring new security blogs to his attention, contact him at firstname.lastname@example.org.