Voice

Expert tips: How to follow cybersecurity

Expert tips: How to follow cybersecurity

Best Defense is in summer re-runs. This item originally appeared on March 13, 2015.

By Sascha Meinrath

Best Defense guest columnist

For those who are interested in keeping up-to-date on various goings-on in the cybersecurity realm, here’s a non-exhaustive list of interesting resources. Please post additional outlets in the comments, as I and many others are always looking for new sources.

  1. Everyone needs a network: Crucially important are the 1-on-1s that span from industry, government and other establishment sources, to activists, hackers, and whistleblowers. Listservs — from public (e.g.: Libtech, CyberTelecom, Baller-Herbst List, Benton Headlines, cryptography@randombit, messaging@moderncrypto, Full Disclosure) to private groups (often composed of a heterogeneous users and participants of off-the-record convenings, initiatives and response groups, etc.), and the more personal heads-up from trusted friends and allies (not to mention their blogs and suggested resources — from Bruce Schneier (https://www.schneier.com) to Marcy Wheeler (https://www.emptywheel.net) and locales like https://www.imperialviolet.org/, http://golang.org/, and https://en.greatfire.org/, the cypherpunks list, gsmmap.org, the CCC weblog, etc. Whatever other folks say is breaking as a new resource — I probably add 1-2/month and remove a group every few months.
  1. Tech media & trade press: Ars Technica » Risk Assessment, WIRED » Threat Level, PopSci, Al Jazeera, TechCrunch, GigaOm, techdirt, lifehacker.com, mashable, theverge, recode, passcode, Politico morning tech, Hackernews, BoingBoing, The Register – Security, SANS Internet Storm Center, InfoCON: green Ars Technica » Law & Disorder, Krebs on Security, Light Blue Touchpaper, Threatpost, Dark Reading, Darknet – The Darkside, Bristol Cryptography Blog, F-Secure Antivirus Research Weblog, Packet Storm, The Tor Blog, The Citizen Lab, SANS Penetration Testing, SANS Computer Forensics and e-Discovery, Security Awareness Blog, The Privacy Blog, TaoSecurity, Danger Room, Global Guerrillas, Google Online Security Blog, Red Team Journal, Open Whisper Systems Blog, Moxie Marlinspike’s Blog, bunnie’s blog, A Few Thoughts on Cryptographic, https://ssd.eff.org/, https://eff.org/sms, as well as old standbys like Slashdot and Hacker News.
  1. IRC (Internet Relay Chat): Circumvention tech projects like Commotion, Tor, FreedomBox, etc. Hanging with developers often helps interconnect resources (for the projects) and incredibly timely information (for example, when security flaws are first uncovered).
  1. Government proceedings & funding: FCC, FTC, DoE, NIST — and looking at the project pages for initiatives that are currently being funded by the Open Technology Fund, State Department, DARPA, NSF, etc.
  1. Deconstructing what’s new (from Etsy to BitTorrent’s Maelstrom — see: http://blog.bittorrent.com/2014/12/10/project-maelstrom-the-internet-we-build-next/) to allies working on Circumvention Tech), which often has huge implications for current/upcoming tech policy debates.
  1. Advance proofs of books/articles — which often yield in-depth analyses and leads far before other folks see it. Make friends with authors and researchers!
  1. Convenings: Expert workshops, off-the-record discussions (not the public ones — which are useful as synopses of info you already know something about and good canaries so you know when you’re falling behind).
  1. Social media: Twitter/Facebook/Google+/Ello/LinkedIn — whenever something of interest pops up, finding out who’s already been in the muck before it became “a thing” is but a few quick searches away. Social media also often provides both real-time updates as well as the best contacts on any given breaking issue and blows the doors off most mainstream media real-time coverage.
  1. Your own “contactability” — often these are niche spaces; making yourself and your interest known, being easily contactable, building a reputation for supporting inquiries and interconnecting interested parties, all help create a magnet for useful information. And above all, be responsive — there’s nothing wrong with connecting folks to other experts when you don’t have the capacity to help directly, but being known as helpful is hugely important.
  1. Investors: VC, futurists and forecasters, social entrepreneurs, impact investors, and anyone else who invests money or time in the high-tech start-up space. They often hear about new trends/products while they’re still in the formative stages.

What’s not on my list? Here are my top three gigantic wastes of time (that are rarely worthwhile information sources):

  1. Standard reports/synopses (which are behind the times).
  1. Journal articles/published books (which are *way* behind the times).
  1. Foundations/Government Officials (excluding trusted engineers/technologists)/Politicians — who are mostly useful for how people are interpreting what you already knew 12 months ago.

​Sascha Meinrath is the director of X-Lab, a tech tank focusing on bold policy interventions, privacy-conscious technology development, and novel business models. He is also the founder of the Open Technology Institute . http://www.newamerica.org/experts/sascha-meinrath/

Wikimedia Commons