The information security landscape is constantly evolving, which is why it's so important to stay up to date with the latest trends, threats, and advancements.
Given that a Google search for cybersecurity websites produces millions of results, we thought we thought we'd compile a list of the best.
1. Adam Shostack & friends
Adam Shostack & friends is a group blog on security, liberty, privacy, and economics.
The site focuses on papers relevant to the field of cybersecurity, as well as a few less relevant but still interesting posts. The blog itself is grouped into categories which makes it easy to find the information you care about.
Adam Shostack is the author of Threat Modeling: Designing for Security, a jargon-free, accessible, and proven framework for using threat modeling in the security development lifecyle and the overall software and systems design processes.
Other authors on the site include Chandler Howell, one of the first information security bloggers, Alex Hutton, who has been working in InfoSec since 1994, David Mortman, CSO-in-Residence for Echelon One, and Brooke Paul, a former Fortune 500 SVP and Chief Information Security Officer.
CIO is an online magazine geared towards enterprise CIOs and business technology executives. It focuses on providing insights into career development, including certifications, hiring practices, and skills development, alongside content geared toward helping C-Suite executives confront the cybersecurity challenges faced by their organizations.
Its content covers all security disciplines from risk management to network security to fraud and data loss prevention, offering depth and insight to support key decisions and investments for IT security professionals.
CSO also features independent research, such as its annual state of cybercrime report, and national security conferences that bring together thought leaders in the field.
4. Cybersecurity Insiders
Cybersecurity Insiders is a comprehensive source for everything related to cybersecurity. They have reports, webinars, courses, and events that are constantly updated.
They also have a newsletter and list out their most popular articles, so it's easy to know where to start.
5. Daniel Miessler
Daniel Miessler is an experienced cybersecurity expert, consultant, and writer with more than 20 years of experience in information security. His experience ranges from technical assessment and implementation to executive-level advisory services consulting, to building and running industry-leading security programs.
His blog is updated several times a week and you can find everything from posts about malicious advertising to examples of bad cybersecurity metrics.
His newsletter, The Unsupervised Learning, reaches more than 35,000 people each week. And if you prefer audio, be sure to check out his podcast.
6. Dark Reading
Dark Reading is one of the most widely-read cybersecurity news sites and is a trusted community of cybersecurity professionals. According to Dark Reading, “This is where enterprise security staffers and decision-makers come to learn about new cyber threats, vulnerabilities, and technology trends.”
The website covers 13 communities: Analytics, Attacks & Breaches, Application Security, Careers and People, Cloud Security, Endpoint, IoT, Mobile, Operations, Perimeter, Risk, Threat Intelligence, and Vulnerabilities and Threats.
Each community is led by editors and subject matter experts who collaborate with security researchers, technology specialists, industry analysts, and other Dark Reading members to provide timely, accurate, and informative articles that lead to spirited discussions.
7. Errata Security
Errata Security is run by Robert Graham and David Maynor, two security researchers with decades of experience. Their security blog is opinionated, takes a long-term perspective, and offers insights into widely-reported issues.
They often combine high-level technical analysis with their unique points of view.
8. Graham Cluley
Graham Cluley is a public speaker and independent cybersecurity analyst. He aggregates news on data breaches, hacks, enterprise security, and the cybersecurity industry itself.
9. Infosecurity Magazine
Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry. Its multiple award-winning editorial content provides compelling features online and in print that focus on the latest trends, in-depth news analysis, and opinion columns from CISOs and industry experts.
10. IT Security Guru
IT Security Guru offers a daily digest of the latest news on IT security. They offer articles, videos, webinars, analysis, case studies, and even have a section devoted to the latest cybersecurity scams where they spotlight recent hacks.
11. Krebs on Security
Brian Krebs is an investigative journalist and reporter who worked for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, and hundreds of stories for washingtonpost.com and The Washington Post newspaper, including eight front-page stories in the newspaper edition and a Post Magazine cover piece on botnet operators.
His experience allows him to find angles in the latest trends and stories that most publications miss, and his attention to detail ensures every aspect of the attack from motive to technique is covered.
He is also the author of Spam Nation and has been profiled in The New York Times, Business Week, and Poynter.org.
12. Naked Security
Naked Security is Sophos' award-winning threat newsroom that gives news, opinion, advice, and research on computer security issues and security threats.
While owned by Sophos, it runs like an independent newsroom, publishing daily articles on the latest threats that may affect organizations and their cyber defense strategy, and the important news of the week.
13. Schneier on Security
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of over one dozen books--including his latest, Click Here to Kill Everybody--as well as hundreds of articles, essays, and academic papers. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org.
14. Security Bloggers Network
The Security Bloggers Network is an aggregation of hundreds of information security blogs and podcasts that cover a range of topics including ransomware, malware, phishing, data protection, DDOS attacks, open-source tools, and tutorials.
15. Security Weekly
Security Weekly is an award-winning security podcast network that has been distributing free podcasts and media since 2005.
The Security Weekly mission is to provide free content within the subject matter of IT security news, vulnerabilities (like those listed on CVE), hacking, and research.
They have a number of popular shows: Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, Security & Compliance Weekly, Security Weekly News, Tradecraft Security Weekly, and Secure Digital Life.
16. Signal Magazine
Founded in 1946, SIGNAL Magazine covers the latest trends and techniques in topics that include C4ISR, information security, intelligence, electronics, homeland security, cyber technologies, cloud computing, and all the programs or solutions that build on these and related disciplines.
TaoSecurity by Richard Bejtlich has been around since 2003 and has received more than 15 million views since 2011. He covers digital security, strategic thought, and military history with a focus on Chinese cybercriminals.
18. The Akamai Blog
The Akamai Blog includes news, insight, and perspectives on living and working in a hyperconnected world. With regular contributions from Akamai strategists, technologists, and product and industry specialists, the Akamai Blog is a forum to discuss, share, and reflect on the trends that are driving today's businesses online. Among the topics we will address are... optimizing the cloud, reaching connected devices, ensuring online security, and the business impact of delivering personalized online experiences and high-quality video.
19. The Hacker News
The Hacker News is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts.
Its key areas of focus include data breaches, cyber-attacks, vulnerabilities, and malware.
20. The Last Watchdog on Privacy & Security
The Last Watchdog is written by Byron Achohido, a Pulitzer Prize-winning journalist, teacher, and cybersecurity and privacy expert. His blog is video heavy and includes many interview-style posts as well as guest blog posts.
21. The Security Ledger
The Security Ledger is an independent security news website that explores the intersection of cybersecurity with business, commerce, politics, and everyday life. They focus on the Internet of Things (IoT) as well as external threats from malware to cyber-terrorism.
22. The State of Security
The State of Security is an award-winning blog featuring the latest news, trends, and insights on current information security issues, including risk, compliance, incident detection, and vulnerability research.
Threatpost is an independent news site that is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.
Their award-winning editorial team produces unique and high-impact content including security news, videos, feature reports, and more. They break important original stories, offer expert commentary on high-priority news aggregated from other sources, and engage with readers to discuss how and why these events matter.
24. Troy Hunt
Troy Hunt is an Australian cybersecurity thought leader, Microsoft Regional Director, and Most Valued Professional (MVP) who specializes in online security and cloud development.
He is also the creator of Have I Been Pwned (HIBP), a free service that aggregates data breaches and helps people understand if they've been impacted by malicious activity on the web.
UpGuard's risk management and cybersecurity blog is updated four times a week and covers topics ranging from third-party risk management to first-party attack surface management.
We also do first-party data breach and data leak research and have uncovered some of the biggest and most important breaches in the last five years. You can read our breach reports here.
WeLiveSecurity is an award-winning blog published by IT security firm ESET that features security news and insights from its researchers and security experts from around the world.
They focus on internet security news, views, and insight, covering breaking news, alongside video tutorials, in-depth features, and podcasts.
Wired is a popular news website that covers an array of topics from business and culture to design, gear science, security, and transportation.
Of particular interest to security professionals is its Security section which covers cybersecurity news, hacks, privacy, and national security.
How UpGuard can improve your cybersecurity
Companies like Intercontinental Exchange, Taylor Fry, The New York Stock Exchange, IAG, First State Super, Akamai, Morningstar, and NASA use UpGuard's security ratings to protect their data, prevent data breaches and assess their security operations.
For the assessment of your information security controls, UpGuard BreachSight can monitor your organization for 70+ security controls providing a simple, easy-to-understand cyber security rating and automatically detect leaked credentials and data exposures in S3 buckets, Rsync servers, GitHub repos, and more.
This includes open ports and other services that are exposed to the public Internet. Our platform explicitly checks for nearly 200 services running across thousands of ports, and reports on any services we can't identify, as well as any open ports with no services detected.
UpGuard Vendor Risk can minimize the amount of time your organization spends assessing related and third-party information security controls by automating vendor questionnaires and providing vendor questionnaire templates.
We can also help you instantly benchmark your current and potential vendors against their industry, so you can see how they stack up.
You can read more about what our customers are saying on Gartner reviews.
If you'd like to see your organization's security rating, click here to request your free Cyber Security Rating.