If 2010 is anything to go by, I can see 2011 being hard to handle. No, no, I don’t mean that! I mean information overload. There’s just so much information (both good and bad) flowing around that it’s hard to take it all in without spending all your time reading, researching and taking things in. For some of us who are blessed with insomnia, or bosses who think information is king, this isn’t a problem. For the rest of us though, it’s a different story. We need to pick and choose our information sources well, otherwise we as security professionals will quickly find ourselves outdated, replaced with small shell scripts that do the same job, but moan about it less often!
As anybody who follows me on Twitter is probably aware, I’m not a big fan of the #FF (Follow Friday) culture of just pasting in 10 people’s names and saying “follow them”. Although I’m happy to see when people put my name in the list, I’m not sure being bombarded every Friday with a hundred names is the best way to do things. So, with that in mind I’ve been keeping my #FF until today…. my grand #F2010 list (I’m sure that’ll hit it off on the Twitters!).
This list is in no particular order, and for obvious reasons is slanted towards what I’m interested in… penetration testing, security research, and good security knowledge. I’ve tried to steer clear of the “you must follow this guy because everybody else does” list, so sorry if your names not on the list. I wouldn’t even put my mother on the list (hi Mom! /me waves) if she didn’t provide good content…
Xavier Martens – @xme
Xavier is one of the most active bloggers around and always has something up his sleeve. A great source of information on a range of security subjects, both attack and defence. Plus, he’s a great supporter of the @eurotrashsec podcast!
Tom Eston – @agent0x0
Tom is the uncrowned king of Social Media… if you’re looking to keep up to date on the latest in Social Media Security, Tom is your man! Just don’t accept a Facebook friend request from him or Kevin Johnson!
HD is the mastermind behind Metasploit and needs no introduction here… if you’re at all interested in penetration testing, security audit or exploitation in general, then you need to be following HD! While you’re at it, and so not to load this list with Metasploit developers…. make sure to follow @Carlos_Perez @egyp7 @carnal0wnage and @jabra as well 😉
As well as being the founder and head of Ireland’s CSIRT, Brian is also a great source of information on a whole range of organisational and compliance issues. He wrote the book on ISO27001… no really, he did!
Didier, as well as being very European, is also the unchallenged master of PDFs. Lots of good stuff came from him in 2010, and I expect no shortage of cool things in 2011!
Rob Fuller – @Mubix
Rob has recently joined the crew at Rapid7, but has been one of my main resources of information for a long time… Some of his stuff on HAK.5 are classics! Checkout some of his RSS feeds for some great information sources too!
Wim is one of the co-hosts of the Eurotrash Security Podcast (along with myself, @daleapearson, and @craigbalding). Wim is an expert when it comes to SIEM and isn’t scared to speak his mind…
Most “news” sources tend to be nothing but FUD machines™ . Churning out the latest press releases without reading or understanding…. Help Net Security isn’t one of those sources. If you want real opinions on the newsworthy events and technologies of the day, this is a great source. Make sure to checkout their (in)secure magazine as well!
* List is in no particular order… as this isn’t a popularity contest!
Well, that’s it for my list… there are a lot of other users who I’d love to put on the list… but I like to leave em wanting more 😉 Have a great Christmas and a wonderful new year!
I think you should ALWAYS listen to your mother!!!!!