Given the wealth of useful and not-so-useful content we find on the internet, it comes down to selection and filtering to find out exactly what you are interested in, preferably, in the fastest/convenient way possible.
Setting the goals
My goals for informing myself in the field of InfoSec are all about the :
- latest major corporate data breaches – one must keep up to date with the latest data breaches to understand how the breach happened and how did the company react, what were the financial/legal and business implications of it
- another key aspect about major data breaches is to understand if one or more relevant accounts that you administer are in danger of compromise. One might prefer to get notified of such things, through services like HaveIbeenPwned, instead of constantly being on the watch for major data breaches.
- latest software vulnerabilities – very useful if you can track vulnerabilities specific to the software you are relying on ; news about major vulnerabilities are still useful, as they tend to affect software components in various areas
- vulnerabilities are posted in many locations and the most convenient way to track them is to follow a vulnerability news aggregator like Vulners.
- latest security related technologies
- various ways of approaching Security issues – it’s of no use to reinvent the wheel everytime, so why not get inspired by other professionals in the field and their work ?
- latest news about my employer or relevant companies – if there is a political/security/legal/business concern related to your employer, it is useful to find out about it as soon as possible, especially if you are working with Security. Preferably, you get to find out about it internally, before it hits any article.
- easily achieve through search engine alerts, social media feeds
- latest news about oneself – in case you are mentioned in the media, or one of your accounts got compromised
- easily done through search engine alerts, social media feeds, paste websites
The motivations behind the above goals are pretty clear
- keep relevant in your industry – the fundamentals will always apply, but you still need to be up-to-date with the latest events, tech and discoveries to be relevant in your work and do your job better
- get awareness material – it’s pretty hard to convince non-tech people in a fast way that Security threats are real and can cause great impact. Keeping up to date with the latest news gives you many examples
- protect yourself – that awareness material is not necessary for your employees, managers or customers. It’s first and foremost for you
Planning for the goals
I initially started by following domain authorities and their publications but then I’ve noticed you can dig deeper than that. I’ve ended up with the following list of category of sources :
- field and domain authorities – like Bruce Schneier and KrebsOnSecurity
- various blogs from major corporation, independent researchers – like FireEye , or MalwareTech.
- news aggregators – Google News , flipboard
- social media – various hashtags combinations like “#infosec” combined with “#data leak”
- blogging platforms – wordpress.com, medium
- commenting platforms – disqus
- discussion boards and forums – security related subreddits on reddit and if you get lucky to find a board/subchan on 4chan where stuff get leaked from time to time
- questions and answers communities – quora, stackexchange
- paste websites – leaked data content ends on websites like Pastebin and many people started automatically crawling these for interesting info – a defunct example for this is leakedin
- search engine alerts – get notified about any new entry related to a certain keyword, with services like google alerts
Another website that combines several of the categories above into one bundle is InfoSecIndustry Alerts. Load time is pretty bad but it has a good list of sources.
Now it comes down to gathering all the sources in a centralized location. I’m relying on an RSS feed reader for this, as most online content mentioned in the sources above can be retrieved via RSS.
My RSS feed reader of choice is Inoreader, after switching from Feedly and running it from Thunderbird. The difference was the limitation in the free versions and Inoreader offers more flexibility.
The requirements for such a reader are the following :
- cross-platform / platform agnostic – needs to be usable on a PC (preferably in a browser) and a smartphone
- integrations with various news sources – like social media feeds
- community backing – finding out what is trending and finding out fast is a major plus
- simple, not-flashy design – i want to get informed, not to stare at pictures, reason why I opted for a minimal list-view :
Some sources cannot be added directly and one must obtain an RSS feed link for them.
- QueryFeed for social media feeds
- talkwalker for search engine alerts, in case you have a limitation in the reader (happened initially with Feedly)
Getting drowned in content
Adding as many sources as possible doesn’t necessary cover your needs but can act against them. Too much content can make it harder to grasp the real important news for the day, especially in situations where you use this more for quick skimming during a break.
Avoiding 2nd and 3rd day news websites like TheHackerNews and other only-for-profit publications can ease the pain but does not solve the issue entirely.