Expert tips: How to follow cybersecurity
For those who are interested in keeping up-to-date on various goings-on in the cybersecurity realm, here’s a non-exhaustive list of interesting resources.
Best Defense guest columnist
For those who are interested in keeping up-to-date on various goings-on in the cybersecurity realm, here’s a non-exhaustive list of interesting resources. Please post additional outlets in the comments, as I and many others are always looking for new sources.
- Everyone needs a network:
Crucially important are the 1-on-1s that span from industry, government and other establishment sources, to activists, hackers, and whistleblowers.
Listservs — from public (e.g.: Libtech, CyberTelecom, Baller-Herbst List, Benton Headlines, cryptography@randombit, messaging@moderncrypto, Full Disclosure) to private groups (often composed of a heterogeneous users and participants of off-the-record convenings, initiatives and response groups, etc.), and the more personal heads-up from trusted friends and allies (not to mention their blogs and suggested resources — from Bruce Schneier (https://www.schneier.com) to Marcy Wheeler (https://www.emptywheel.net) and locales like https://www.imperialviolet.org/, http://golang.org/, and https://en.greatfire.org/, the cypherpunks list, gsmmap.org, the CCC weblog, etc. Whatever other folks say is breaking as a new resource — I probably add 1-2/month and remove a group every few months.
- Tech media & trade press:
Ars Technica » Risk Assessment, WIRED » Threat Level, PopSci, Al Jazeera, TechCrunch, GigaOm, techdirt, lifehacker.com, mashable, theverge, recode, passcode, Politico morning tech, Hackernews, BoingBoing, The Register – Security, SANS Internet Storm Center, InfoCON: green Ars Technica » Law & Disorder, Krebs on Security, Light Blue Touchpaper, Threatpost, Dark Reading,
Darknet – The Darkside, Bristol Cryptography Blog, F-Secure Antivirus Research Weblog, Packet Storm, The Tor Blog, The Citizen Lab, SANS Penetration Testing, SANS Computer Forensics and e-Discovery, Security Awareness Blog, The Privacy Blog, TaoSecurity, Danger Room, Global Guerrillas, Google Online Security Blog, Red Team Journal, Open Whisper Systems Blog, Moxie Marlinspike’s Blog, bunnie’s blog, A Few Thoughts on Cryptographic, https://ssd.eff.org/, https://eff.org/sms, as well as old standbys like Slashdot and Hacker News.
- IRC (Internet Relay Chat): Circumvention tech projects like Commotion, Tor, FreedomBox, etc. Hanging with developers often helps interconnect resources (for the projects) and incredibly timely information (for example, when security flaws are first uncovered).
- Government proceedings & funding: FCC, FTC, DoE, NIST — and looking at the project pages for initiatives that are currently being funded by the Open Technology Fund, State Department, DARPA, NSF, etc.
- Deconstructing what’s new (from Etsy to BitTorrent’s Maelstrom — see: http://blog.bittorrent.com/2014/12/10/project-maelstrom-the-internet-we-build-next/) to allies working on Circumvention Tech), which often has huge implications for current/upcoming tech policy debates.
- Advance proofs of books/articles — which often yield in-depth analyses and leads far before other folks see it. Make friends with authors and researchers!
- Convenings: Expert workshops, off-the-record discussions (not the public ones — which are useful as synopses of info you already know something about and good canaries so you know when you’re falling behind).
- Social media: Twitter/Facebook/Google+/Ello/LinkedIn — whenever something of interest pops up, finding out who’s already been in the muck before it became “a thing” is but a few quick searches away. Social media also often provides both real-time updates as well as the best contacts on any given breaking issue and blows the doors off most mainstream media real-time coverage.
- Your own “contactability” — often these are niche spaces; making yourself and your interest known, being easily contactable, building a reputation for supporting inquiries and interconnecting interested parties, all help create a magnet for useful information. And above all, be responsive — there’s nothing wrong with connecting folks to other experts when you don’t have the capacity to help directly, but being known as helpful is hugely important.
- Investors: VC, futurists and forecasters, social entrepreneurs, impact investors, and anyone else who invests money or time in the high-tech start-up space. They often hear about new trends/products while they’re still in the formative stages.
What’s not on my list? Here are my top three gigantic wastes of time (that are rarely worthwhile information sources):
- Standard reports/synopses (which are behind the times).
- Journal articles/published books (which are *way* behind the times).
- Foundations/Government Officials (excluding trusted engineers/technologists)/Politicians — who are mostly useful for how people are interpreting what you already knew 12 months ago.
Sascha Meinrath is the director of X-Lab, a tech tank focusing on bold policy interventions, privacy-conscious technology development, and novel business models. He is also the founder of the Open Technology Institute . http://www.newamerica.org/experts/sascha-meinrath/