Nothing is more dangerous than a cybersecurity pro who thinks they know everything. Constantly and continuously learning is key to staying prepared for the next threat and mitigating new hacking methods with confidence. To keep you on your toes and give you a solid starting point, here are 20 sources we recommend you follow. 

1. Krebs on Security

What it’s all about: Brian Krebs is an award-winning investigative journalist, New York Times bestselling author and a leading authority on cybercrime. Krebs, former security and tech reporter for The Washington Post, knows a thing or two about the cyber world. He shares his opinion on anything and everything security-related with a monthly readership of over 1 million. 

Update frequency: At least once a week. 

Twitter: @briankrebs

2. ZDNet

What it’s all about: ZDNet is a business technology news website published by CBS Interactive in collaboration with TechRepublic. It offers tech news and opinion items by professional writers and field experts. Whether you want to follow hot topics or emerging trends or keep up to date with the latest news and events, ZDNet is the destination for professionals seeking to research technology-related issues and solve business technology problems. Security is not the only topic, but it’s a prominent one nonetheless. 

Update frequency: Multiple times a day, every day. 

Twitter: @ZDNet

3. Help Net Security

What it’s all about: Help Net Security is an independent site that has been a prime resource for information security news since 1998. This is a security-focused website with a unique “experts corner” in which industry leaders share their views. Many of their contributors are industry pros, renowned for their management, technical and hands-on experience.

Update frequency: Multiple times a day. 

Twitter: @helpnetsecurity

4. Data Breach Today

What it’s all about: The name says it all. This website is focused on the many aspects of data breach detection, notification, and prevention, and features the latest and most exciting news. Through daily news, interviews, and education, it showcases efforts to assess risks, prevent breaches and respond to incidents in compliance with regulatory and legal needs.

Update frequency: Multiple times a day.


5. Flashpoint

What it’s all about: This blog by Intel is dedicated to business risk intelligence, and even though the marketing aspect of its content is quite prominent, it features interesting and detailed articles. The Flashpoint team has extensive experience working with law enforcement and national defense agencies, and therefore offers information about global security concerns and extremist threats, to keep the world a safer place.

Update frequency: Almost every day.  

Twitter: @FlashpointIntel

6. Security Week

What it’s all about: This blog features cybersecurity news and is focused on enterprise security, mainly in the US market. It covers internet security war stories and real situations that organizations have encountered. Posts are written by internet security experts who live and breathe IT security environments on a daily basis.

Update frequency: Multiple times a day. 

Twitter: @SecurityWeek

7. Naked Security by Sophos

What it’s all about: Sophos are cybersecurity veterans, involved in the industry since 1985. Sophos provides endpoint security solutions, and this company blog is heavily focused on that, offering an expert point of view (with a clear marketing agenda). It’s a very interesting read, one to keep you on top of what’s going on across the cyber threat landscape.

Update frequency: Multiple times a day.


8. Dark Reading 

What it’s all about: Dark reading is a magazine-style blog covering a wide spectrum of cybersecurity topics. If you’re ready to dive into the dark side, you’ll enjoy reading this blog, which features some interesting black hat security news items. It also offers excellent advisory posts from security professionals that give you references for your own challenges.

Update frequency: Multiple times a day.

Twitter: @DarkReading

9. SC Magazine 

What it’s all about: SC Magazine is a long-standing cybersecurity industry-standard magazine that offers in-depth breach analysis alongside industry news, events and industry awards. The magazine breaks headline news and has a number of regular columns. This one has a little bit of everything, really.   

Update frequency: Multiple times a day.

Twitter: @SCMagazine

10. IT Security Guru

What it’s all about: This site is run by security experts and often features guest contributions from the IT security community. You’ll find lots of IT news created for IT pros, by IT pros. Watch the Top Ten Stories section to keep up to date with industry events.

Update frequency: Several times a week. 

Twitter: @IT_SecGuru

11. Fifth Domain Cyber

What it’s all about: This is quite a unique security blog that includes government and army security news from an insider’s perspective. You’ll find here up-to-the-minute posts on breaking cybersecurity incidents and related items.

Update frequency: Almost daily. 

Twitter: @theFifthDomain

12. The Cyber Feed 

What it’s all about: This company blog belongs to Cyberint and is focused on threat detection and proactive defense. It covers a mix of news items on cybersecurity as well as great advisories on a wide variety of topics. 

Update frequency: A few times a month. 

Twitter: @cyber_int

13. The Register

What it’s all about:  Founded in 1994, this very techie, yet down-to-earth science and tech site, has plenty of information, news, and opinions on practically everything. You can find items that cover hardware, software, AI, tech services and more, but you can also find “off-duty” articles on science, tech culture, planes, trains, bridges and other feats of engineering.

Update frequency: Multiple times a day.

Twitter: @TheRegister

14. Threatpost 

What it’s all about: Once again, the name is a bit of a spoiler. Its specialties are cybersecurity, privacy, vulnerabilities, and breaches. This blog is all about the many different aspects of cyber threats, with unique and high-impact content including security news, videos, feature reports and more. 

Update frequency: Multiple times a day.

Twitter: @threatpost

15. eWeek

What it’s all about: A versatile tech blog that covers many fields: enterprise tech news, reviews, and analysis, including (but not only) security, and it’s been doing so since 1984. It also offers an in-depth analysis of enterprise IT trends and reviews of new products. Originally it was called PC Week and was one of the first to provide perspectives on the tech industry.

Update frequency: Almost daily. 

Twitter: @eWEEKNews

16. InfoSecurity Magazine

What it’s all about: A security-oriented blog that delivers the latest industry news, alongside podcasts, webinars, opinion pieces, and more. You’ll also find a comprehensive directory of security companies. 

Update frequency: A few times a day. 

Twitter: @InfosecurityMag

17. The Hacker News 

What it’s all about: The topics in this security-oriented blog stay true to its name, and present different types of threats. The blog also has a “Deals” section, where you’ll find attractive offers that can help protect your business from these very threats. 

Update frequency: At least once a day. 


18. HackRead

What it’s all about: In addition to the regular sections that deal with security threats and present the latest news, this blog has a How-To section with detailed steps to solving every security problem you can think of, and features sections dealing with security issues related to gaming, science, and more. 

Update frequency: Multiple times a day.

Twitter: @HackRead

19. ITWire

What it’s all about: What’s interesting about this Australian blog is the fact that different sections are based on specific companies, like Apple or Samsung. You’ll also find more security news from Australia, mate. 

Update frequency: Multiple times a day.

Twitter: @iTWire

20. CSO Online

What it’s all about: This industry blog is owned by International Data Group (IDG) and provides news, analysis, and research on security and risk management. It is intended for security professionals and includes, in addition to security news, career advice and very techie product reviews. 

Update frequency: Almost daily. 

Twitter: @CSOonline

We hope that this list will keep you informed and captivated by the challenging professional field you’ve chosen, and invite you to visit our blog and learn even more. Think something’s missing from our list? We’d love to hear about other must-follow resources. After all, we practice what we preach and always try to educate ourselves a bit more. Share your recommended resources, including your very own blog, in the comments and we’ll be sure to check them out! 

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.