Janis Cruze
asked on
knows IT security sites, for info
I was asked on an interview, where do you get IT security info regarding IT security. I drew a blank since the only know a couple of CVE websites. What would be a proper answer and where should I be looking?
Adam Brown
Center for Internet Security has good hardening guides and standards, SANs Institute's Internet Storm Center monitors CVEs and other important information, FireEye's Cyber Threat Map (or any of the threat maps out there. There are a number of them. SANS has one, too), there are various informational sites out there that keep track of things like TOR exit nodes and other important facts and figures. Those are just off the top of my head. Probably a bunch more that I can't remember at the moment.
context of what you do is important, network related. system related, etc.
and depending which aspect
cert.org, nist.gov,
and depending which aspect
cert.org, nist.gov,
My response would be: "The question is overly broad for a proper and specific answer. 'Security' is a very broad field and takes in a lot of ground. Asking me 'Where do I find out about security?' is like asking me 'Where should I go to get information about cars?' without telling me whether you want to air up your tires, disable the Onstar GPS tracking, change the oil filter, replace the transmission, fix a problem in the gel coat, or shop for a new one. If you can give me a specific situation I can give you a specific answer."
That should fix 'em unless you're dealing with somebody in the department you're hiring on with, as Personnel people will have no idea how to follow that up with something demanding a real answer.
Of course, the best answer is "I go to Experts Exchange."
That should fix 'em unless you're dealing with somebody in the department you're hiring on with, as Personnel people will have no idea how to follow that up with something demanding a real answer.
Of course, the best answer is "I go to Experts Exchange."
Few sites I use
https://www.fireeye.com/blog/
Krebs On Security Vlog
Security affairs Blog
The Hacker News
https://security.googleblog.com/?m=1
And for learning about attack types Hacker101.
Plyrasight courses or look at
https://deals.thehackernews.com
For some courses to learn about hacking methods
It depends what you looking for. If you want general news about new threads the something like Krebs on Security, Cnet Security, Security Affairs will help.
If you want do read about full reports how a vulnerability works then you would look at blogs froms security researchers.
Because if the amount of information you will get on daily basis it's worth to use a RSS News Content app like Feedly, as each site will bring different facts on a specific global issue or will have information quicker then the competition.
https://www.fireeye.com/blog/
Krebs On Security Vlog
Security affairs Blog
The Hacker News
https://security.googleblog.com/?m=1
And for learning about attack types Hacker101.
Plyrasight courses or look at
https://deals.thehackernews.com
For some courses to learn about hacking methods
It depends what you looking for. If you want general news about new threads the something like Krebs on Security, Cnet Security, Security Affairs will help.
If you want do read about full reports how a vulnerability works then you would look at blogs froms security researchers.
Because if the amount of information you will get on daily basis it's worth to use a RSS News Content app like Feedly, as each site will bring different facts on a specific global issue or will have information quicker then the competition.
For benchmark and standards, NIST (US), NCSC (UK) and CIS are the go to.
For training and certification, SANS, (ISC)2 and ISACA. They have blogs too and if you are member, you have access to written article contributed by the community.
For security news, SANs Newsletters, Securityweek, Helpnetsecurity, ThreatPost, The Hacker News, KnowBe4, Kerbsonsecurity and Bruce Scheiner blogs.
For incident management, cvedetails, FIRST, MITRE (TTP), CERT US, various AV and OS bulletin of security analysis and releases.
For conference, RSA, DEFCON, BlackHat, HITB, SANSFire, FIRST, ...
Indeed the security material would be wide and you need to tailor it to your needs and not get into fatigue.
For training and certification, SANS, (ISC)2 and ISACA. They have blogs too and if you are member, you have access to written article contributed by the community.
For security news, SANs Newsletters, Securityweek, Helpnetsecurity, ThreatPost, The Hacker News, KnowBe4, Kerbsonsecurity and Bruce Scheiner blogs.
For incident management, cvedetails, FIRST, MITRE (TTP), CERT US, various AV and OS bulletin of security analysis and releases.
For conference, RSA, DEFCON, BlackHat, HITB, SANSFire, FIRST, ...
Indeed the security material would be wide and you need to tailor it to your needs and not get into fatigue.
@btan
Exactly it's very wide and it takes time to find favourite sources which fits everyone needs.
Thanks to that question I also started to thing how I could expand my Library with security sites and maybe following lists will help also as a start
https://onlinedegrees.sandiego.edu/top-cyber-security-blogs-websites/
https://securityscorecard.com/blog/top-10-information-security-websites-to-follow
https://heimdalsecurity.com/blog/best-internet-security-blogs/
Exactly it's very wide and it takes time to find favourite sources which fits everyone needs.
Thanks to that question I also started to thing how I could expand my Library with security sites and maybe following lists will help also as a start
https://onlinedegrees.sandiego.edu/top-cyber-security-blogs-websites/
https://securityscorecard.com/blog/top-10-information-security-websites-to-follow
https://heimdalsecurity.com/blog/best-internet-security-blogs/
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.