Useful Links
SANS
SANS Institute (“SysAdmin, Audit, Network and Security”) provides training and information, white papers and information, most of which is free, I can highly recommend their newsletters, especially @RISK, which will give you clear unbiased, non-sensationalised information about emerging threats and cyber risks.
https://www.sans.org/newsletters/
CISA
The US Cybersecurity and Infrastructure Security Agency. The website is full of useful information about how to keep your business safe, and they publish weekly bulletins on their National Cyber Awareness System.
https://www.cisa.gov/uscert/ncas/bulletins
Krebs On Security
Brian Krebs is an American Cybersecurity Journalist. While perhaps this website is written from more of a journalist point of view, it complements the above two by giving a different perspective.
Schnier on Security
Bruce Schnier is a lecturer at the Harvard Kenedy school, his insights help us understand the “intersection of security, technology, and people.”
Podcasts
I listen to these regularly. My interest mainly focuses on the human element of cybersecurity, throughout my research I have noticed that the weakest link in any security chain is the human. Almost all breaches begin with a lapse in human security, and whilst we will never “fix” the human, we can at least understand how humans are used to infiltrate, and use this information to focus our defence resources, to make them more effective.
I like to fill my commute to work with Cybersecurity, so I get to work ready to work.
Hacking Humans
Released by The Cyberwire, this podcast focuses on the weakest link in Cybercrime, the human factor. It’s well worth a listen, it’s not only entertaining, but informative, and helps keep you aware of the Social Engineering scams that are currently being used.
https://thecyberwire.com/podcasts/hacking-humans
8th Layer Insights
Another excellent podcast from The Cyberwire focussing on how human nature effect security and risk, this time, looking at things from a psychology perspective.
https://thecyberwire.com/podcasts/8th-layer-insights
Down the Security Rabbithole
This is a more informative discussion on various areas of security aimed at security and technology leaders.
http://podcast.wh1t3rabbit.net/
The Social-Engineer Podcast
This podcast again focuses on Social Engineering, discussing human aspects of cybersecurity, and how to get the message across within your organisation.
https://www.social-engineer.org/podcasts/
Malicious Life
More of a storytelling approach to Cybersecurity, telling the stories from the perspective of hackers, allowing us to understand their motivations.
Darknet Diaries
Darknet Diaries again takes more of a storytelling approach, interviewing and discussing hackers, breaches, shadow government, and other areas that are not usually exposed.
Books
I’ve found the following books interesting reads:
Thinking in Systems – A Primer
Donella H. Meadows
All cybersecurity programs are an inherent part of the business and also with the external world of cyber threats. This book will help you to start to understand systems thinking, and as a result, gives a cybersecurity professional an understanding of how a cyber security program is a pat of a system, and is a system in itself.
https://www.goodreads.com/book/show/3828902-thinking-in-systems
Tracers in the Dark
Andy Greenberg
How the Blockchain has been deanonymised and how IRS agents are now chasing down illegal transactions and undertaking research that has resulted in multiple arrests worldwide.
https://www.goodreads.com/book/show/60462182-tracers-in-the-dark
Start With Why
Simon Sinek
Why are some people and organizations more innovative, more influential, and more profitable than others? Why do some command greater loyalty from customers and employees alike? Even among the successful, why are so few able to repeat their success over and over?
https://www.goodreads.com/book/show/7108725-start-with-why
Noise
Daniel Kahneman, Olivier Sibony, Cass R. Sunstein
An exploration of why people make bad judgments and how to make better ones
https://www.goodreads.com/book/show/55339408-noise
Human Hacking
Christopher Hadnagy
From the presenter of the Social Engineer podcast, this is an interesting insight into how psychology can play a part in influence.
https://www.goodreads.com/book/show/50622186-human-hacking
Transformational Security Awareness
Perry Carpenter
A deep dive into creating a more effective security awareness program for your enterprise.
https://www.goodreads.com/book/show/45589091-transformational-security-awareness
Influence: The Psychology of Persuasion
Robert B. Cialdini
Understanding the means by which we can be persuaded is a number 1 tool for a successful leader, in Cybersecurity or out.
https://www.goodreads.com/book/show/56419468-influence-new-and-expanded
The Art of Deception: Controlling the Human Element of Security
Kevin Mitnick
Kevin Mitnick is the self-declared “world’s most infamous hacker”. Nevertheless, understanding things from a hackers perspective is essential for finding and patching weaknesses in our cybersecurity processes.
https://www.goodreads.com/book/show/18160.The_Art_of_Deception
Sandworm
Andy Greenberg
Telling the story of nation-state actors and how they have waged secret wars to disrupt entire nations.
https://www.goodreads.com/book/show/41436213-sandworm
The Phoenix Project
Gene Kim, Kevin Behr, George Spafford
A fictitious story to help us understand how to marry IT Operations, DevOps and Security operations successfully.
https://www.goodreads.com/book/show/17255186-the-phoenix-project
Predictably Irrational
Dan Ariely
A look into how decision making can be influenced by our environment without our knowledge.
https://www.goodreads.com/book/show/1713426.Predictably_Irrational
Thinking Fast and Slow
Daniel Kahneman
A look at our different modes of thinking are employed (System 1 thinking – Fast thinking based on assumptions, is how breaches occur. I’m interested in how we can slow our thinking down to System 2 thinking at the times we need to, to prevent breaches – Even seasoned cybersecurity professionals are guilty of employing system 1 thinking during their work. Looking for short cuts to get the work done faster.)
https://www.goodreads.com/book/show/11468377-thinking-fast-and-slow
And many more…..