10 Security Blogs You Should Be Reading

Posted by David Jevans in Blogsecurity on January 22, 2014 

With security the top IT concern for companies, it’s critical that professionals stay current with breaking security news. Any business that leverages technology should understand what it can do to prevent attacks since data breaches cost companies  $5.4 million on average. But with hundreds of security blogs it’s difficult to knowing which to follow?
We analyzed the top security blogs, ranging from frequency of posts, quality of posts, and the leader behind the blog to build this list. Some are corporate blogs with frequent postings, while others are only a few times per month coming from the smartest security experts – many of whom are in our 100 Security Experts to Follow on Twitter.

Top Security Blogs

#1 – Naked Security

  • Why You Should Follow: Naked Security is the award-winning blog of security company SOPHOS, containing news, research, advice, and opinion. Categories range from mobile security threats, to operating systems, to malware, to highlighting specific companies. Naked Security is updated multiple times per day and receives around 1.5 million pageviews per month. It has won numerous awards dubbing it the best current security blog on the web.
  • Must-Read Article: Anatomy of a Password Disaster – Adobe’s Giant-Sized Cryptographic Blunder
  • Update Frequency: Multiple times per day
  • Leader: SOPHOS (company); Graham Cluley was previous editor-in-chief

#2 – Threatpost

  • Why You Should Follow: Threatpost is an independent news website, self-proclaimed as “first stop for security news.” They’re the leading news service behind multi-national security company – The Kaspersky Lab. Their editorial team frequently breaks important stories, aggregates relevant security news from other sources, and engages readers to discuss importance of emerging events. They’ve been highlighted by The New York Times, The Wall Street Journal, MSNBC, USA Today, and NPR as a leading source for security news.
  • Must-Read ArticleApple iMessage Open to Man in the Middle, Spoofing Attacks
  • Update Frequency: Multiple times per day 
  • Leader: The Kapersky Lab (company)

#3 – Krebs on Security

  • Why You Should Follow: Brian Krebs, the voice behind Krebs on Security, has ushered in more than 14 years as a reporter for The Washington Post, produced over 1,300 blog posts for the Security Fix blog, and wrote hundreds of stories for washingtonpost.com and The Washington post newspaper. Although he doesn’t come from a traditional background, Brian Krebs is an innovative leader covering in-depth security news and investigation.
  • Must-Read ArticleAdobe breach Impacted at Least 38 Million Users
  • Update Frequency: Once per day
  • Leader: Brian Krebs

#4 – Bruce Schneier Blog

  • Why You Should Follow: Bruce Schneier is an internationally renowned security technologist and author, called a “security guru” by The Economist, whose blog and newsletter is read by over 250,000 people. Schneier has wrote hundreds of articles, essays, and academic papers, while also the author of 12 books. He has testified before Congress, frequently quoted in the press, and is a frequent guest on television and radio. He doesn’t post every day, but when he does, you can expect the utmost quality and thought leadership expected from one of the best in the world.
  • Must-Read Article: Our Newfound Fear of Risk
  • Update Frequency: Few times per week
  • Leader: Bruce Schneier

#5 – Tao Security

  • Why You Should Follow: TaoSecurity is the run by Richard Bejtlich, author of numerous security books (such as The Tao of Network Security, Real Digital Forensics, Extrusion Detection and The Practice of Network Security Monitoring) and CSO of Mandiant. He has over 15 years experience with enterprise-level intrusion working with Fortune 100 companies and the federal government. His blog specializes in Chinese hackers, as an alarming number of malicious network attacks are currently coming from China.
  • Must-Read Article: Mozilla Lightbeam Add-On Shows Risk of Third Party Sites
  • Update Frequency: Once per month
  • Leader: Richard Bejtlich

#6 – Paul’s Security Weekly

  • Why You Should Follow: Paul Asadoorian, founder of Paul’s Security Weekly, highlights subject matter of IT security news, hacking, vulnerabilities, and research. His website is highly recognized for the award-winning podcast, Security Weekly. He is also the product evangelist for Tenable Network Security where he showcases vulnerability scanning and management through blogs, podcasts and videos.
  • Must-Read ArticleSafely Dumping Hashes From Live Domain Controllers
  • Update Frequency: Few times per month
  • Leader: Paul Asadoorian

#7 – Uncommon Sense Security

  • Why You Should Follow: Uncommon Sense Security is ran by security expert Jack Daniel. Although he’s frequently mistaken for the lead singer of ZZ Top, we can assure you that’s not him. He’s an outspoken, atypical security expert who isn’t afraid to call someone out with his “no b.s.” attitude. Jack Daniel isn’t afraid to speak his mind and boasts many passionate followers because of his atypical demeanor.
  • Must-Read ArticleCan You Trust Them?
  • Update Frequency: Few times per month
  • Leader: Jack Daniel

#8 – Securosis

  • Why You Should Follow: Securosis is a no-nonsense blog, frequently pushing out unique articles with purpose, rather than fluffy commentary or re-posts. Clearly stated in their self-description, they don’t have a marketing department and focus purely on helping others improve their practice of information security. They also have a vast research library section for those just getting started, or if you’ve exhausted old articles from the blog.
  • Must-Read ArticleRSA Breached: SecurID Affected
  • Update Frequency: Multiple times per month
  • Leader: Rich Mogull

#9 – Network Security Blog

  • Why You Should Follow: Martin McKeay, a security evangelist in California, runs a security blog whose topics range from network security news, tips on poor security methods, and links to other useful resources. His blog has been around since 2003 and holds over 1,000 posts to rumamge through despite his haphazard post schedule. Everything from Martin McKeay conveys the principal of quality over quantity.
  • Must-Read ArticleCuring the Credit Card Cancer
  • Update Frequency: Few times per week, to few times per month
  • Leader: Martin McKeay

#10 – Security Bloggers Network

  • Why You Should Follow: Security Bloggers Network is, as you may have guessed, a massive network of security bloggers. This is the only blog on our list not ran by an individual or small team, as it’s an RSS feed that delivers an overload of high-quality security news in real time. This allows readers to subscribe to the RSS feed, without having to find individual blogs. Beyond the onslaught of fantastic news, it’s a great way to discover new security bloggers.
  • Must-Read Article(none on domain, is an RSS feed)
  • Update Frequency: Multiple times per day
  • Leader: None; a collection of bloggers
Although we believe this list is strong, by no means do we believe it’s perfect. What security blogs do you follow? Leave us a comment and we’ll consider adding it to our list in the future.
Shopping Cart
Scroll to Top