At a recent training that Mark and I did for the NHLA Paralibrarians section, we were ask a question about how to stay current on computer security topics. This can be quite a challenge, especially for busy librarians with a lot of other things to keep track of. The easy answer is that you do it the same way that you keep current on anything else. However, I thought it might be useful to share some of the specific ways that I keep on top of things. Please note, that I don’t read every article from every one of these sources. However, by combining all of them, I feel like I have a reasonable idea of what is going on.
There are many technology oriented news sites. The can be general purpose such as Wired and Ars Technica or more security specific such as the Internet Storm Center, Linux Security, or Hacker News. There is a lot of news that comes through these sites, so please don’t try to read everything. Generally I use these sites to find out more about issues that I am interested in rather than or finding out about issues, but some people browse them every day.
Blogs are a great source of news. People who are heavily involved in the security industry do the hard work of keeping track of the news for you. Two blogs that I would recommend are Brian Kreb’s blog and Bruce Schneier’s Blog. Both of these are excellent blogs written by extremely well respected security researchers. I follow a lot of blogs, but do not read them all every day. I will typically subscribe to their rss feed using Thunderbird. When a new blog is published, it shows up in my email client just like a new email does. This lets me quickly browse the titles of blogs to see if it is of interest to me.
I have been listening to podcasts more and more. I download them onto my phone and will listen to them while driving to work or mowing the lawn. Good security related podcasts that I have listened to are Security Now and TechSNAP. Like blogs, podcasts act as news aggregators that tell me about a broad range of topics. I can then follow up on anything especially interesting. Good podcasts will also publish show notes with links to stories so you can easily find out more. There may be other great security related podcasts out there, these are just two that I happen to like.
Although I use social media very little, it can be a good way to stay on top of things. Reddit is a good site for finding interesting news articles. There are subreddits dedicated to security such as the r/Information_Security and r/security. People post interesting links on these subreddits. Reddit is one place where it is often worth reading the comments on a post.
I know lots of people who use twitter to keep up on news, but can’t personally recommend anyone since I don’t use twitter. I do know that both Krebs and Schneier are active on twitter so that may be a good starting point if twitter is you cup of tea.
This is just a quick overview of some on the resources that I find helpful. Just adding one or two security focussed sources can significantly improve your ability to keep up with the news. Don’t get stressed out if you don’t understand everything that is said. Like anything else, there is jargon that is used in the security industry. You’ll get used to it.