Protect your organization. Cybersecurity is a dynamic field where new threats, vulnerabilities, and technologies change, evolve, and emerge. Commit to continuous learning and skill development. Stay informed about the latest security trends, best practices, and tools.
Resources for Staying Current:
Vendor-Specific Security Advisories:
Stay informed about security updates and patches from major technology companies.
- Microsoft Security Advisories: https://msrc.microsoft.com/update-guide
- Cisco Security Advisories: https://tools.cisco.com/security/center/publicationListing.x
- Oracle Critical Patch Updates and Security Alerts: https://www.oracle.com/security-alerts/
- Apple Security Updates: https://support.apple.com/en-us/HT201222
- Intel Security Center: https://www.intel.com/content/www/us/en/security-center/default.html
- Amazon Security Bulletins: https://aws.amazon.com/security/security-bulletins/
- Amazon Web Services (AWS) Security Bulletins: https://aws.amazon.com/security/security-bulletins/
- Alibaba Cloud Security Bulletins: https://www.alibabacloud.com/solutions/security
- Google Cloud Platform Security Bulletins: https://cloud.google.com/support/bulletins
- Microsoft Azure Security Advisories: https://learn.microsoft.com/en-us/azure/service-health/stay-informed-security
- Oracle Cloud Security Advisories: https://www.oracle.com/security-alerts/
Government and Non-Profit Security Organizations:
Follow updates from organizations for authoritative guidance and best practices.
- CISA: https://www.cisa.gov/about/contact-us/subscribe-updates-cisa
- NIST: https://www.nist.gov/cybersecurity
- US-CERT: https://www.us-cert.gov/ | https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?qsp=CODE_RED
- CVE & MITRE: https://www.cve.org, https://cve.mitre.org
Cybersecurity News and Blogs:
Stay informed about the latest security incidents, trends, and analysis through popular blogs and news sites.
- Krebs on Security: https://krebsonsecurity.com/
- DarkReading: https://www.darkreading.com/
- SecurityWeek: https://www.securityweek.com/
- The Register: https://www.theregister.com/security/
- The Hacker News: https://thehackernews.com/
- CSO Online: https://www.csoonline.com/
- Threat Post: https://threatpost.com/
- Graham Cluley: https://www.grahamcluley.com/
Security Mailing Lists & Vulnerability Databases:
Subscribe to mailing lists to receive timely information about new vulnerabilities and exploits. You can do this to regularly check vulnerability databases to stay informed about newly discovered vulnerabilities and their potential impact.
- Full Disclosure: http://seclists.org/fulldisclosure/
- National Vulnerability Database (NVD): https://nvd.nist.gov/general/email-list
- Exploit-DB: https://www.exploit-db.com/
- Openwall: https://www.openwall.com/lists/
Security Conferences:
Attend conferences to learn from industry experts, network with peers, and stay updated on the latest research and trends. Also check out the YouTube channels for each of these to see what talks have been recently published.
- BlackHat: https://www.blackhat.com/
- DEF CON: https://defcon.org/
- RSA Conference: https://www.rsaconference.com/
- SANS Institute Cyber Security Conferences: https://www.sans.org/cyber-security-training-events/
- Infosecurity Europe: https://www.infosecurityeurope.com/
- BSides (Various locations): http://www.securitybsides.com/
Online Security Communities:
Engage with online communities to learn from others, ask questions, and contribute to discussions.
- Reddit r/netsec: https://www.reddit.com/r/netsec/
- Reddit r/cybersecurity: https://www.reddit.com/r/cybersecurity/
- Information Security Stack Exchange: https://security.stackexchange.com/
- SANS Internet Storm Center: https://isc.sans.edu/
- OWASP (Open Web Application Security Project): https://owasp.org/
Again, this isn't a complete, all-inclusive list of resources. Not even close. The objective is to provide exposure to options and importance. Other media I find to be helpful includes YouTube, Claude and other AI chat, and audiobooks.
Continuous learning is essential. Make the choice to stay current, relevant, and effective. Yes, it's hard sometimes. It takes intentionality - and a little goes a long way. You can do it...! There are many, many more than just these sources. The purpose is to develop a comprehensive approach to continuous learning that combines staying informed about the latest security news, following best practices, and engaging with the cybersecurity community.