“What are some good materials you would recommend on InfoSec?” -Kenneth Reavis
This is such a great question and one I thought worth a post. My short answer is podcasts, blogs, and videos. These are what I use to help improve and stay relevant in the information security field. I listen to podcasts on my ride into work. I read Feedly to stay up with news events and people in the industry. I watch YouTube and Pluralsight when I need to pick up a complicated concept or technical topic.
I love podcasts. I love them so much that I produce my own. Security Weekly is the first podcast I started to listen to when I got in the field. Each episode contains a news, interview, and demo segment. I found the interview segment to be the most useful. This is a good first podcast to start with. The show has been around for years. It has a lot of good content and it’s a good crash course to the hacker culture of the field.
Risky Business is the best podcast in the infosec field. The production quality and content are top notch. The show starts with a news segment. That leads into two interview segments. The first usually deals with a current topic being discussed in the field. The other is a sponsor interview, which is usually just as useful as the other interview. The show is usually 50-65 minutes long.
Peerlyst has a long list of podcasts. Look for a few that are of interest. Give the podcast about three episodes before making a decision. Podcasters do sometimes have “off” shows. Here are some of the other podcasts with good content.
Down the Security Rabbit Hole - Leadership and business
Defensive Security podcast - Blue team focused
Data Driven Security - Data scientist focused
DevelopSec - Application security focused
On my ride home I listen to hobby and interest focused podcasts. I found that when I listened to infosec podcasts both ways I started to get burned out on podcasts. I now listen to infosec or business related podcast on my drive in. This helps me get focused. On the ride home I listen to hobby podcasts. This helps me transition from work to home much easier.
My last recommendation is to pick up podcasts that don’t have an infosec lean but focus on improving the self. I listen to both Manager and Career Tools for business etiquette guidance. I also listen to the Art of Charm for relationship building and self-improvement guidance. Both have helped tremendously in my day-to-day interactions at work.
I use Feedly to collect RSS feeds from the sites and blogs I have an interest in. I follow ars-technica for news. Their articles are both informative and usually a quick read. I also follow Steve Ragan at CSO for news.
I work in the application security field. Troy Hunt is one of the bigger names in the field that produces content regularly. He also runs Have I Been Pwned which is a very useful tool for incidents involving a breach.
Brian Krebs is the man when it comes to reporting on breaches and criminal activities involving digital technology and ATMs.
Bruce Schneier is one of the top names in the cryptography and encryption field. He also tends to focus on the bigger picture and ramifications of security in society.
I add and prune my feed pretty regularly. If I get too far behind on my feed I’ll look to simplify it and get rid of the blogs. I look for blogs that aren’t providing as much value or report on stories I see from other feeds.
Get an RSS reader setup (it doesn’t have to be Feedly). Start adding to it and adjust if necessary. Feeds are also good for keeping up with alerts and vulnerability databases.
I am a visual learner. The two resources I use extensively are YouTube and Pluralsight. I add a lot of conference talks to my Watch Later list. That list has 48 videos as of this writing. I don’t get on YouTube as much as I would like, but it’s still a useful tool for research. And every once and a while I'll create a playlist. It’s a valuable resource for better understanding a technology or infosec technique. Pluralsight requires a subscription. The content is top notch and provides a more indepth look at technology or security topics. It's $300 a year. I've had my place of employment pay for the last few years. It's usually an easy sell.
Those are the resources I use on a daily basis to learn and keep up with information security. There are a lot of other great resources out there. I just haven't found them or don't get as much value out of it. There are a lot of great digital forensics and incident response resources. I just don't work in that field. Find what gives the most value. If it's giving very little, ditch it.
Blogs allow me to keep up with daily news and read interesting new content. I have several hobby feeds setup in there so I get a nice mix throughout the day (I sometimes need a break from infosec). I listen to podcasts almost daily. There are general podcasts and more focused podcasts. Some have varying degrees of quality, but most have really good content. Finally, videos provide a visual opportunity to learn and research topics. I don’t use these on a daily basis. Instead I use them when I need to dig deeper into a topic.
There are a lot of great resources out there. Ask around. Find what type of medium you prefer and fits best into your lifestyle. Try something. If it provides value, great! If not, get rid of it. I just realized I didn't even touch on boxes. I may save that for another post.