Periodically, friends, colleagues, and clients ask me for recommendations on resources to keep up with the happenings in the security world. Even though I am focused on Drupal, I find it important to view security through a wide-angle lens.

I thought it would be fun to share some of my favorite podcasts, blogs, and other security-related resources. I have stumbled on some of these over the years and others were directly recommended by friends and coworkers. I have selected 10 of my favorite resources for your RSS reader, podcatcher, and browser!

  1. Krebs on Security- Blog format
  2. Schneier on Security - Blog format
  3. Security Now - Podcast
  4. Threatpost | The first stop for security news- Blog format
  5. Google Online Security Blog  - Blog format
  6. The Hacker News — Cyber Security, Hacking News - Blog format
  7. SANS Internet Storm Center Daily Stormcast - Podcast
  8. Dark Reading - Blog format
  9. The Southern Fried Security Podcast - Podcast
  10. OWASP- Resource

What I like most about this list is the variety. It is easy for genre-based news to become echo chambers. The OWASP link is a door to so much fantastic security research and information, including the OWASP Top 10 lists and practical tools and guides for performing audits. OWASP also open sources some applications to aid in audits and learn about web security.

When it comes to podcasts, I find the depth and variety provided by Steve Gibson’s “Security Now” to be a lot of fun. He covers a wide range of interesting topic and makes sure to address the details of current security news that I hear about in the weekly news feeds. Those details help me understand the impact of security issues. The “SANS Internet Storm Center Daily Stormcast” give me a curated 6 minute brief on the most important security news. I find this to be a quick way to keep up when I may not have time to do as much new reading. Lastly, “The Southern Fried Security Podcast” has a nice bunch of hosts who focus on one main topic and relate topics to personal experience as security professionals.

The remaining items are the list are written word based content. Krebs and Schneier provide in-depth security news and information. I really like that Krebs releases details and news before other outlets. The other blog format items provide me with a lot of daily headline security news. I scan these topics and dive in deeper based on interest.

My hope is that you will find something valuable out of this list to add to your weekly reading or podcast listening time. If you have favorite security-related resources to share please leave links to them in the comments of this post. I would love to have more to add to my weekly reading and listening.

Additional Resources
Evaluating the Security of Drupal Contrib Modules | Blog
How to Prepare Your Website for Drupal 8 | Blog
Security Talks at DrupalCon New Orleans 2016 | Blog

Tags
security
Open Source Security
Podcasts
Blog
Related Content
CMO’s Guide to Open Source Security