Cyber Learning - Who to Follow Part 3
This is Part 3 of a little series of posts on the topic of good people and organizations to follow in the cybersecurity space. In the cybersecurity field we should always be trying to increase our knowledge and our skills. This is not unique to cybersecurity, but it is as essential as it is in any profession, and maybe even more so given the constantly changing in real-time aspect of this space.
So I’ll get right to it; below is another short list of great people and organizations to follow to level up your cyber knowledge and skills. Part 1 and Part 2 of this series are linked at the end of the post.
TaoSecurity: And its creator, Richard Bejtlich - one of THE best resources for learning about network security monitoring. There’s a website, a TaoSecurity blog, a full length book, and my personal favorite - a series of “The Best of TaoSecurity Blog” books.
OffSec: Formerly know as Offensive Security. The home of the legendary Kali Linux penetration testing framework, and a wealth of high level training courses covering penetration testing, security operations (SOC), web application testing, and more.
Schneier on Security: Bruce Schneier’s intro to his site is far better than any words I could come up with, but I’ll add that I know him best for his “We Have Root” book, his writing on all things cryptography, and more recently his thoughtful articles on AI and its potential impact in cybersecurity, elections, and more.
Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of over one dozen books—including his latest, A Hacker’s Mind—as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress …
Kim Zetter: One of the most interesting cybersecurity journalists to follow. I like and subscribe to her Zero Trust Substack publication. She posts often on Twitter/X as well.
Andy Greenberg: Author of “Sandworm” - the most riveting, can’t put it down book on cyber warfare - specifically Russia’s attacks against the electric grid in Ukraine - I’ve come across. The Amazon description does it more justice:
A chilling, globe-spanning detective story, Sandworm considers the danger this force poses to our national security and stability. As the Kremlin's role in foreign government manipulation comes into greater focus, Sandworm exposes the realities not just of Russia's global digital offensive, but of an era where warfare ceases to be waged on the battlefield. It reveals how the lines between digital and physical conflict, between wartime and peacetime, have begun to blur …
S4 Events: Sandworm is the perfect segueway into a couple of great Industrial Control Systems (ICS) Security organizations. This area covers critical infrastructure - like the Ukraine’s power grid - where cyber attacks can have impact on the physical world. S4 is run by Dale Peterson, who I believe has been talking about ICS Security since before that was even a term. S4 Events videos have been pure gold for me in my efforts to ramp up my ICS Security knowledge for years now.
S4 is the world's largest and most advanced ICS Security / SCADA Security and Operations Technology Event. The best in world, the influencers …
Dragos: One of the world’s leading firms in the ICS Security space, providing services in threat intelligence, incident response, (ICS) network security monitoring, and more. Dragos’ reports, whitepapers, webinars, and a week of Dragos live online training have been another goldmine of knowledge building for me. Rob Lee, Dragos’ founder, is a hugely knowledgeable, experienced, and just fun speaker on critical infrastructure security.
If you’ve enjoyed this post, I hope you may want to take a look at the previous two in this series: