Top 10 information security bloggers in 2014

If you want to stay on top of cybersecurity / information security news and insights, here are the blogs that I found the most useful.

I listed here only the blogs written by independent authors (blogs that were not edited by an editorial team), and I listed them in alphabetical order. Enjoy the reading!

Top 10 information security bloggers in 2014 - 27001Academy

A Few Thoughts on Cryptographic Engineering by Matthew Green

This is a very narrowly focused blog on cryptography; however, Matthew has written a surprisingly large number of articles on this topic. Although very technical and very in-depth, he writes in such a way that someone with moderate knowledge of IT security can understand it.

One of his most popular posts in 2014 was What’s the matter with PGP? – more than 70 comments.

Top 10 information security bloggers in 2014 - 27001Academy

CyberCrime & Doing Time by Gary Warner

As the name suggests, Gary’s blog focuses on cybercrime and related legal issues – what’s good about his blog is that he takes examples of real attacks and analyzes how they have been performed and what to do about them.

One of his most popular posts in 2014 was on how GameOver Zeus uses encryption to bypass perimeter security.



Top 10 information security bloggers in 2014 - 27001Academy

Graham Cluley by Graham Cluley

Graham writes about various security issues, ranging from industry news, reviews, and alerts all the way to hacking, malware, spam, threats, etc. He is very prolific – at least one article per day, and targets currently hot security topics; this is very good blog for someone who wants to get an overall picture of what’s going on.

One of his most popular posts in 2014 was about a video scam that has spread on Facebook – more than 5,000 Facebook shares.

Top 10 information security bloggers in 2014 - 27001Academy

Krebs on Security by Brian Krebs

Definitely one of the most popular infosec blogs, it focuses on online crime investigations, latest threats, security updates, data breaches, and cyber justice. I like it because it is very well written – you can see that Brian is a professional journalist (he was working for The Washington Post) – all the topics are very well researched and explained.

One of his most popular blog posts in 2014 was about a credit card breach at Home Depot – more than 300 comments.

Top 10 information security bloggers in 2014 - 27001Academy

Lenny Zeltser on Information Security by Lenny Zeltser

This is a very interesting blog on incident response, malicious software, risk management, and security technology. What’s good about it is that Lenny provides deep explanation on various security subjects so that you can learn quite a lot when reading his articles.

One of his most popular posts was about the new release of REMnux Linux Distro for malware analysis – 150 Facebook likes.

Top 10 information security bloggers in 2014 - 27001Academy

Schneier on Security by Bruce Schneier

One of those security blogs you cannot afford to avoid, it focuses on wide range of subjects, and one of the most common topics in 2014 was the NSA and Edward Snowden affair. I like this blog because Bruce doesn’t publish only his articles: he also comments on various other security news and publications, so you can use it as a kind of a portal to a wider picture of the security world.

One of his most popular post was on the Heartbleed bug – almost 300 comments there.

Top 10 information security bloggers in 2014 - 27001Academy

Security Affairs by Pierluigi Paganini

Probably the most productive information security blogger, Pierluigi publishes at least one, and sometimes even two or three articles per day, and covers a wide range of security topics including cyber warfare, cybercrime, and hacking. If you want to get security news on a daily level, this blog is a very good choice.

One of his most popular posts in 2014 was on two 14-year-old students who hacked an ATM – almost 600 Facebook likes.

Top 10 information security bloggers in 2014 - 27001Academy

TaoSecurity by Richard Bejtlich

Unlike other security bloggers, Richard offers a more conversational style in his writing – he covers different security topics, with focus on incident detection, response for targeted threats, digital security, etc. You’ll notice that Richard always provides his personal view on the topic he covers, so his articles are really enjoyable to read.

One of his most popular posts in 2014 was about Russian information warfare.

Top 10 information security bloggers in 2014 - 27001Academy

Terry Zink: Security Talk by Terry Zink

Terry covers IT security topics like spam, hacking, malware, botnets, etc., but he also interviews prominent people from the security world so that readers can gain insight into other security expert opinions. Since he works at Microsoft on IT security issues, he provides detailed security guidelines that will surely appeal to readers interested in protection of IT systems.

One of his most popular posts in 2014 was about why spam and phishing get through Office 365.

Top 10 information security bloggers in 2014 - 27001Academy

troyhunt.com by Troy Hunt

Troy focuses on one segment of the security arena that is probably growing the most: web security and cloud security. What’s good about his blog is that he speaks about real-life security problems and very often provides very detailed explanation through videos and images on how to resolve them.

One of his most popular posts in 2014 was Everything you need to know about the Shellshock Bash bug – more than 9,000 Facebook likes and 200 comments.

–  –  –

And this is it – hope you’ll find this list useful. I know there are also some other good information security blogs on the Internet, but I tried to focus only on those that regularly post new articles.

Now you have something to read on your holidays 🙂

Advisera Dejan Kosutic
Author
Dejan Kosutic
Leading expert on cybersecurity & information security and the author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become compliant with EU regulations and ISO standards. He believes that making complex frameworks easy to understand and simple to use creates a competitive advantage for Advisera's clients, and that AI technology is crucial for achieving this.

As an ISO 27001, NIS 2, and DORA expert, Dejan helps companies find the best path to compliance by eliminating overhead and adapting the implementation to their size and industry specifics.