Navigating the World Wide Warren
A while back, this blog made it onto Feedspot's top 100 infosec blogs. Today, I finally got around to displaying our medal. Thanks Feedspot. I'm honored to be listed among such awesome company!
A couple of times lately, I've been asked how I manage to keep up with the field for our security awareness and consultancy services. Good question!
Blogs are an excellent source of information and inspiration. I track a bunch of blogs routinely through Blogger - roughly 40 on my reading list at the moment although some of those are in fact feeds aggregating or streaming an unknown number of individual blogs, and some relate to my hobbies and interests outside infosec. Yes, I have a life! The trick with blogs is to find and track the more creative bloggers who consistently generate good stuff, discarding those who only ever re-post other people's efforts, adding little if any value. [Yes, there are blogs in Feedspot's top-100 that I ought to be following: systematically checking them out and adding the best to my reading list is another task on my to-do list.]
I browse a few favourite magazine sites from time to time, such as The Register. Well-connected journalists come up with interesting stories. I most enjoy articles that take different angles and scratch below the surface, pulling together facts and opinions from various sources that I would otherwise have missed. [A decade or more ago, magazines and newspapers were also good for actual news, but these days social media outpace them most of the time.]
I enjoy well-written books and maintain a decent office library. In contrast to the other sources, most books go deep, requiring more effort and concentration ... but the reward is a deeper appreciation of a topic area, including conceptual frameworks.
I enjoy well-written books and maintain a decent office library. In contrast to the other sources, most books go deep, requiring more effort and concentration ... but the reward is a deeper appreciation of a topic area, including conceptual frameworks.
Talking of gossip, I enjoy being part of various online discussion forums and professional/industry groups. Mostly it's a slog, though, with the vast majority of participants contributing nothing at all - it's just take take take for them. Aside from the few who actively post and discuss stuff, the rest somehow seem to suck the life out with their deafening silence.
RISKS-LIST is a remarkable resource, thanks to the tireless efforts of its moderator since the dawn of time, as much as the contributors. I doubt there has been a single issue that didn't contain at least one item worth exploring further.
RISKS-LIST is a remarkable resource, thanks to the tireless efforts of its moderator since the dawn of time, as much as the contributors. I doubt there has been a single issue that didn't contain at least one item worth exploring further.
Linkedin is another occasional source, specifically a handful of infosec-related groups and postings by my connections. However, the deluge of marketing tripe is a serious problem - far too many 'social media marketing experts' putting the din in Linkedin. The abysmally low signal-to-noise ratio means a lot of wasted time, distractions and annoyances. I blame the apparent lack of moderation, coupled with a preponderance of vacuous advertisements spewing forth in the guise of news, like so many home-shopping channels on speed.
Personally I'm not into Twitter, Facebook and the like. I just don't have the time and patience for such trivia. [Hint: I don't like cats.]
Google rocks! The search engine is awesome, albeit a little annoying and inconsistent at times. The intense focus on whichever web pages make it to the top of the search results is a concern since there are bound to be more innovative nuggets buried further down the list. Perhaps Google ought to give us the option promote a few matching sites at random into the search results we see? Meanwhile, I make good use of the search options and syntax to dig out what's new. [Blogger is a Google service so this very blog would be off-the-air without Google.]
Lastly of course, there's the World Wide Web, without which we'd still be stuck in the Dark Ages. All those blogs, groups, journalistic pieces and search results are basically just pointers to the gold, not the gold itself. Original research papers, surveys and articles are how I really find out about infosec. Industry journals such as ISSA and ISACA's Journals often publish meaty, worthwhile, peer-reviewed content with traditional references to their sources ... leading me down deep dark rabbit warrens that I first learnt to navigate when doing my PhD way back in the 80's.
So that's how I keep up with the state of the art. Almost anyone can do it: all it takes is about 12 hours of intense concentration per day, a lifetime's interest in scientific research ... and a million rabbits.