Resources
Stay informed with our curated collection of security podcasts, news feeds, frameworks, and voices worth following. These are the sources our team relies on to stay ahead of the latest threats and trends.
Listen & Learn
Security Now
In-depth weekly coverage of security news, vulnerabilities, and technology with Steve Gibson and Leo Laporte.
Smashing Security
A helpful and hilarious take on the week in computer security, privacy, and online crime.
CISO Series Podcast
Exploring the vendor-CISO relationship with actionable insights for security leaders.
Risky Business
Weekly information security news and interviews with industry luminaries. Essential listening for security professionals.
Darknet Diaries
True stories from the dark side of the internet — breaches, hackers, and cybercrime told in compelling narrative form.
The CyberWire Daily
A concise daily briefing on the cybersecurity news that matters, distilled from hundreds of sources.
News & Analysis
Krebs on Security
Brian Krebs' investigative reporting on cybercrime, security breaches, and online threats.
Dark Reading
Comprehensive security news, analysis, and expert commentary for IT professionals.
The Hacker News
Up-to-the-minute cybersecurity news covering breaches, vulnerabilities, and emerging threats.
Bleeping Computer
Practical security and tech news with detailed technical breakdowns of malware, ransomware, and vulnerabilities.
Graham Cluley
Award-winning security blog covering the latest threats with clarity and wit.
Schneier on Security
Bruce Schneier's authoritative commentary on security, technology, and society.
SANS Internet Stormcast
Daily threat intelligence and vulnerability analysis from the SANS Internet Storm Center.
Ars Technica Security
In-depth technology and security reporting with rigorous analysis and research.
Build on Solid Ground
The foundational frameworks and standards that inform sound security program design.
NIST Cybersecurity Framework
FrameworkThe gold-standard voluntary framework for managing and reducing cybersecurity risk. Widely adopted across industries.
CIS Controls
ControlsPrioritized, prescriptive safeguards developed by security experts. An excellent starting point for building a security program.
SOC 2 Overview (AICPA)
ComplianceThe definitive resource for understanding SOC 2 trust service criteria — critical for SaaS companies handling customer data.
ISO/IEC 27001
StandardThe international standard for information security management systems. Foundational for enterprise security governance.
MITRE ATT&CK
IntelligenceA globally-accessible knowledge base of adversary tactics and techniques, grounded in real-world observations.
OWASP Top 10
AppSecThe standard awareness document for web application security risks. Required reading for engineering and security teams.
Voices Worth Hearing
Security practitioners and thinkers whose perspectives we respect and recommend.
Hadas Cassorla
LinkedInSecurity leadership insights and practical CISO perspective from an experienced practitioner.
Bruce Schneier
LinkedInRenowned security technologist and author. Influential voice on security policy, privacy, and the intersection of technology and society.
Troy Hunt
BlogCreator of Have I Been Pwned. Trusted voice on data breaches, password security, and web security fundamentals.
Kelly Shortridge
LinkedInSecurity economics and resilience thinking. Challenges conventional security wisdom with data-driven, systems-level analysis.
Katie Moussouris
LinkedInPioneer of bug bounty programs and vulnerability disclosure policy. Expert on coordinated vulnerability disclosure.
Daniel Miessler
BlogSecurity professional and thinker writing about security, technology, and AI. Unsupervised Learning newsletter is widely followed.