Data breaches and cybersecurity controversies might dominate the news, but the information the headlines offer a professional is limited.
The most effective cybersecurity professionals track events as they occur but also track the trends each event represents. Keeping up with events is important, but understanding the wider context requires analyzing how companies respond, what effect data exposures actually have, and what financial losses or firings result.
Look for experts who provide coverage and analysis. The ideal cybersecurity expert tweets when a data breach is exposed, posts an article analyzing why it happened, and contextualizes each event as a part of wider trends.
We’re sharing a list of the best cybersecurity experts, podcasts, blogs, communities, and newsletters that will keep you informed but also enable you to dig deep.
Following experts on social media is one of the best ways to keep up with the industry at large and each expert's thoughts in particular. Twitter is especially useful because you can make a list of your favorite experts and scroll through a feed that consists entirely of relevant musings and links whenever you're ready to learn.
Brian Krebs is one of the most well-known cybersecurity experts out there. He regularly breaks big data breach news on his Twitter feed and blog. If you want to hear the news before everyone else starts reporting on it, follow him.
Troy Hunt is a cybersecurity blogger, teacher, and Microsoft Regional Director. He’s most well known for creating Have I Been Pwned, a website that lets users know if their email addresses have been part of a data breach. Follow him to keep up with the latest data breaches and the best ways to track them.
Rachel Tobac is CEO of Social Proof Security, a company that offers social engineering training as well as assessments and penetration tests. She has won second place in social engineering hacking competitions at DEF CON three years in a row.
Marcus J Carey
Marcus J. Carey is the author of Tribe of Hackers and CEO of Threatcare. Tribe of Hackers is a collection of insights from 70 cybersecurity experts and Threatcare provides breach and attack simulation software. Follow him to learn more about breaches and find ways to get better involved in the cybersecurity community.
- Twitter: @marcusjcarey
Zack Whittaker is the security editor for TechCrunch, and tweets about cybersecurity news, especially the political context surrounding it. He also produces a cybersecurity newsletter that summarizes each week’s news.
- Twitter: @zackwhittaker
Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation, a nonprofit organization focused on human rights in the digital world. She combines her knowledge of politics and technology to study privacy and security, especially as it relates to the world’s most vulnerable people. Follow her to learn more about the societal ramifications of technology and cybersecurity.
- Twitter: @evacide
Graham Cluley is an independent computer security analyst who's been working in the computer industry since the 1990s. He's worked at companies like Sophos and McAfee and is now an independent blogger and podcaster. He tweets about cybersecurity news and any useful content he finds.
Theresa Payton is CEO at Fortalice Solutions and appears as a guest on numerous podcasts. Follow her to keep up with her insights on cybersecurity for SMBs, enterprises, and nations.
- Twitter: @TrackerPayton
There's no better person to learn about hacking from than a hacker. Kevin Mitnick has the bonafides to back up his hacking fame, having at one point earned a spot on the FBI's Most Wanted List after hacking 40 major corporations. Mitnick now writes books, speaks about cybersecurity, and offers security consulting services. Follow him for news about his appearances and oftentimes blunt analyses about the state of cybersecurity.
Adam Levin is a cybersecurity expert who calls on over 40 years of intensive security experience across privacy, real estate, and government service. Currently, he's the chairman and founder of CyberScout, an identity and data services provider, and co-founder of Credit.com, a site that provides free credit checks. Follow him on Twitter to keep up-to-date with cybersecurity news and to see his unique insights into identity theft education.
John Bambenek is the founder of Bambenek Consulting, a consulting firm that investigates criminal threats, and a regular contributor to Dark Reading. Follow him on Twitter to see his blunt reactions to the latest cybersecurity news.
Dr. Magda Chelly, founder of Women in Cyber, holds a Ph.D. in Telecommunication Engineering and a specialization in cybersecurity, making her one of the most educated cybersecurity experts you can add to your feed. She works as a “CISO on-demand” for companies around the world—from SMBs to enterprises.
Richard Stiennon is the author of There Will Be Cyberwar, a book about the U.S. military's shift to network-centric warfare and what that portends for cyberwar. Follow him on Twitter to keep up with his interviews and articles on a host of cybersecurity topics.
- Twitter: @stiennon
Joseph Steinberg is a speaker and advisor on emerging technologies and their cybersecurity implications. If you're curious about edge technologies like blockchain, Steinberg is an essential addition to your feed.
Dr. Alissa Abdullah
Dr. Alissa Abdullah is the CISO for Xerox and former Deputy CIO for the White House. The Huffington Post rated her one of the best CIOs active on social media. Follow her to learn more cybersecurity news and get her insights into the latest data breaches.
- Twitter: @dralissajay
Marc Goodman is a global security adviser and best-selling author of Future Crimes: Inside the Digital Underground and the Battle for Our Connected World. He has particular expertise in international cybercrime and terrorism, having worked with organizations like INTERPOL and NATO. Follow him to better understand the political ramifications and consequences of cybersecurity threats.
Katie Moussouris is the founder and CEO of Luta Security, a company that helps organizations build better processes for vulnerability disclosures. Follow her to learn from her years of experience as a hacker and pentester, and to learn more about bug bounty programs.
- Twitter: @k8em0
Podcasts are a great way to keep learning during your commute or while you do the dishes. With your eyes and hands busy, you can listen to some of the best cybersecurity experts cover the issues of the day and offer insightful analyses.
Cybersecurity isn't all doom and gloom. Smashing Security provides humorous commentary each week on the latest hacking, privacy, and cybercrime cases. Graham Cluley, security blogger, and Carole Theriault, founder of Sophos Naked Security, offer insight into a range of stories, from the latest data breach blunder to the next wave of SIM card swaps.
Down the Security Rabbithole
Down The Security Rabbithole provides a business perspective on information security. Each week, the hosts—Rafal Los and James Jardine—provide interviews or news analyses that discuss how security professionals have to balance the difficult tension between usability and security.
Website: Podcast feed
Brakeing Down Security
Brakeing Down Security, hosted by Bryan Brake, Brian Boettcher, and Amanda Berlin, covers security, privacy, compliance, and regulations as they relate to the workplace. The hosts are honest about their experiences and their knowledge, which you can see in an episode where one of them tells the story of how they were nearly phished.
The Shared Security Podcast
Scott Wright, cybersecurity auditor, and Tom Eston, ethical hacker, host The Shared Security Podcast. They cover cybersecurity, privacy, the Internet of Things, mobile devices and apps, and social media—and all the nuances in between.
Matt Stephenson, who heads the Security Technology team at Cylance—a company that develops preventative anti-virus software—hosts the Insecurity Podcast. This podcast focuses less on the technology of cybersecurity and more on the as yet untold stories of people in the industry. In one episode, he interviews security writer Kim Crawley and discusses her professional experiences with IoT and her personal experiences with autism.
Website: Podcast feed
Cybersecurity blogs and publications
Blogs and publications offer a refuge from social media feeds that sometimes provide more noise than signal. When cybersecurity experts write at length, they can provide analyses that rise above the daily fray.
FireEye Threat Research
FireEye, a threat intelligence company, publishes regular blog posts with original threat research. These technical articles focus on exploits, vulnerabilities, and advanced kinds of cyber attacks.
- Website: Threat Research
Schneier on Security
Bruce Schneier is one of the most famous cybersecurity experts in the world and has written over a dozen books as well as hundreds of articles and essays. His influential blog contains detailed essays, summaries of articles and studies, and numerous links to interesting cybersecurity tidbits across the web.
- Website: Schneier.com
Privacy and Cybersecurity Solutions
Spencer Fane, a law firm representing numerous fields and interests, maintains an informative blog on cybersecurity and privacy. While other cybersecurity experts focus on the latest threats and the newest technologies, Spencer Fane provides a unique, legal perspective that can complement your knowledge base.
- Website: Privacy and Cybersecurity Solutions Blog_ _
The CyberWire Daily Briefing
The cybersecurity industry never stops moving, and The CyberWire Daily Briefing is committed to keeping you up-to-date. With new posts every weekday, this blog gives you useful snapshots of cybersecurity trends, policies, and research.
- Website: The CyberWire Daily Briefing
MIT Technology Review
The MIT Technology Review covers topics beyond cybersecurity; it provides essential context for how technology is developing. If you're interested in the technology industry as a whole, and cybersecurity's role in it, the MIT Technology Review is a worthwhile addition to your reading list.
- Website: TechnologyReview.com
The Register is another publication that covers a range of technology topics, but their security section reports on cybersecurity issues multiple times a day, often breaking news before other sites.
- Website: The Register security section
Dark Reading focuses on building a cybersecurity community and tries to be the go-to place for cybersecurity professionals. Dark Reading splits its coverage into 13 communities, including Application Security, Careers and People, Endpoint, and Cloud Security. No matter your cybersecurity interests, Dark Reading will have something to offer you.
- Website: Darkreading.com
Cyber Security Hub
Cyber Security Hub provides news and analyses for cybersecurity professionals and technology executives. It offers a free membership that includes weekly newsletters and access to case studies and webinars.
- Website: CSHub.com
Our blog focuses on the technology, business, and cybersecurity implications of authentication and identity. We have technical content for developers looking to upgrade their skills and a wide range of articles that analyze the process for building secure, high-growth businesses, predict the future of payment technology, and provide tips for SMBs that want to prioritize cybersecurity.
- Website: Auth0 Blog
"Stay up-to-date with the ever-changing cybersecurity industry by reading these blogs and publications."
There are many more cybersecurity experts out there than the ones represented by popular blogs or feeds. Sometimes, it’s best to turn to the expertise of the crowd. With these communities, you can get a variety of perspectives on different issues, and find people you can learn and grow with.
Reddit communities—or subreddits, denoted with “r/”—provide places for people interested in niche topics to gather, discuss, and share. r/cybersecurity is over 50,000 members strong and has new content daily. Participating, and even just reading, gives you the chance to discuss important issues with members of your field and learn from different approaches and perspectives. The occasional meme also provides some much-needed levity.
- Website: r/cybersecurity
r/technology, another subreddit, is much larger than r/cybersecurity at 7.8 million members. Whereas r/cybersecurity hosts users interested in a specific field, r/technology is much more wide-ranging. Posts can be on anything from the latest phone release to social media controversies.
- Website: r/technology
If you're a beginner, Quora is a great place to get clear answers about fundamental cybersecurity issues—often from real experts in the field. Quora is a social media site that allows you to ask questions on any topic you can think of. The best answers get voted to the top. Even if you don't have a question, you can search through previous ones to learn a lot in a short time.
- Website: Quora.com
NetSec Focus is a Slack community for cybersecurity and IT professionals. It features a range of professional channels on subjects such as cryptocurrency, hardware, and programming as well as more casual channels about entertainment, politics, and work-life.
- Website: NetSec Focus Guidelines
SANS, a research and education organization for security professionals, provides semiweekly newsletters with summaries of important cybersecurity articles. Each edition provides a useful, concise summary and a link to the original source if you want to learn more. In just a few minutes a week, you can get an overview of some of the most important topics circulating through the cybersecurity community.
- Website: SANS newsletters
The Cybersecurity 202
The Cybersecurity 202 is a daily cybersecurity newsletter produced by Washington Post reporter Joseph Marks. The Cybersecurity 202 focuses on the policies and politics that affect cybersecurity, so it's a good addition to better understanding the context around any particular cybersecurity issue.
- Website: The Cybersecurity 202
Today's Cybersecurity Leader
If you're looking to better understand the business of cybersecurity, Security Magazine publishes a monthly newsletter called Today's CyberSecurity Leader. Topics include cultivating cybersecurity talent and tips for hiring a CISO.
- Website: Today's CyberSecurity Leader
Daniel Miessler is a CISO and cybersecurity expert. He spends hours every week reading books and articles, so you don't have to. His newsletter provides his favorite highlights and links to learn more.
Cyber Daily, provided by Recorded Future, is another daily cybersecurity newsletter that focuses on threat intelligence. Their goal is to scour the web for any indications of new vulnerabilities so that you can keep track of emerging threats and targeted industries.
- Website: Cyber Daily
Cybersecurity experts in your corner
An effective knowledge base is a career amplifier. When you know who to turn to for expertise, you can stay informed while keeping your eye on larger cybersecurity trends. The more information you have, the more you’re able to move from being reactive to proactive—an essential skill for a cybersecurity leader.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding more than 4.5 billion login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.