3

Possible Duplicate:
What security resources should a white-hat developer follow these days?

A colleague of mine already has some understanding of security fundamentals but still needs "get in sync" with what is happening in the international security scene today. What online resources should I suggest?

My suggestions so far have been:

  • Follow developing stories by regularly reading something like SANS Newsbytes, Cryptogram etc.

  • Follow a number of "Security Rock Stars" at their blogs or on twitter.

  • Attend security conferences (preferably ones short on marketing, generous on technical presentations)

  • Check the questions at this site to see trends. Read technical papers, explore technologies to gain a deeper understanding, as needed

I'd be grateful to hear your suggestions too. Which are the really good mailing lists? Any security blogger/twitterer one should not miss? Other approaches?

Community
  • 1
George
  • 2,813
  • 2
  • 23
  • 39
  • 4
    i don't like the terminology, "security rock stars" – atdre Jun 27 '11 at 12:46
  • 1
    @atdre - me neither; there may be some that are high value, but some are merely good at PR. – Rory Alsop Jun 27 '11 at 13:00
  • 1
    [Bruce Schneier, Rock Star](http://gorrie.org/wp-content/uploads/2007/12/schneier-tshirt-show.jpg) – John C Jun 27 '11 at 13:01
  • The quotes are there for a reason :-) I was referring to any security writer that not only offers good instruction but also manages to capture the attention of the public. If not so many can do it well, then how else should such a person be called? – George Jun 27 '11 at 13:08
  • As I also commented elsewhere, these are just my suggestions. Any other ideas would be highly appreciated. Thanks! – George Jun 27 '11 at 13:16
  • @Georgios, I sense a disconnect in the assumption behind the question... It seemed to me that you're saying, on the one hand your colleague has "some understanding of fundamentals", but on the other hand "still needs to get in sync". If it's a question of enriching his security knowledge, and bringing it up to date - that's not necessarily best served with "what is happening in the scene today". – AviD Jun 27 '11 at 20:49
  • 1
    As Rory's answer notes, this is a duplicate question. – nealmcb Jun 27 '11 at 22:35
  • I agree with @nealmcb. @Gerogios, if you want to edit your question to focus on an area that was not covered in the previous question(s), we can reopen. – AviD Jun 28 '11 at 09:31

2 Answers2

3

From looking in the right hand column for "Related" posts for this question, I have the following:

These have some good value links.

I tend to add the best ones to my RSS feed and read them in Google Reader while on the train commute.

Community
  • 1
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • Thanks! I had seen the article on the resources to learn about security but I was looking for something in the direction of "getting up to date" and staying informed. On the other hand I had also hoped to see how other people approach the same question (perhaps add more ideas than just blogs, conferences, podcasts etc?) – George Jun 27 '11 at 13:14
  • @Georgios - if you aren't a researcher and providing the lead in this area, you pretty much have to follow others, and these days, twitter, blogs and podcasts are the tool of choice for disseminating info. Sure, stuff gets to the media, but it can be very skewed, late or just plain wrong :-) – Rory Alsop Jun 27 '11 at 13:34
  • Thanks @Rory, actually the incomplete coverage of security events by the mainstream media was one of my reasons for asking ;-) – George Jun 27 '11 at 21:58
  • I currently have 24 Security blogs and 11 Security news sites on my RSS feed, and they keep me up to date on the areas I have a core interest in. – Rory Alsop Jun 28 '11 at 08:02
3

Information security is becoming very specialized these days, hence there are a lot of different strands that its becoming nigh impossible to keep on top of everything that is going on.

It would be very easy to list out a whole set of rss feeds, twitter accounts etc to follow but it may be unrealistic for the person to follow them all on a consistent basis.

It could be best to pick out just one or two podcasts for them to follow such as

And some generic websites such as

In that way they may not feel overawed by the amount info needed to be read.

Mark McDonagh
  • 421
  • 3
  • 4