Knowing your environment (yourself) is half the way. You should know your enemy as well. One way of keeping in touch with what is happening on the Dark Side is keeping updated with information security news. And keeping a list of RSS feeds is no longer relevant – where keeping yourself updated once or twice per day was OK in 1999, it is no longer acceptable. News dashboards updated in real time from Twitter and CERT teams around the world are a must.
Missing security news even for an hour could have devastating consequences for your and your organization (well, the company will survive, but will you keep your job for letting the bad guys in because you missed a critical exploit in the wild?)
Doing your due diligence is your and your company’s insurance.
You might get away with just following popular infosec people, but how are you going to know which ones to follow? Hashtags (##) to the rescue!
In the Twitter search box, type #infosec, #InformationSecurity, #Malware, #Vulnerability (many emotional tweets might sneak into this search, but still), #dfir (Digital Forensics and Incident Response related tweets).
The users I highly recommend following: @USCERT_gov, @QatarCERT, @enisa_eu, @xorred (me, of course!) –you can find the others while browsing tweets from the aforementioned hashtag searches.
Twitter on Steroids – TweetDeck!
Now comes the interesting part. After you’ve mastered Twitter, you should create your first real-time infosec news dashboard, and I will show you how.
Go to https://tweetdeck.twitter.com/ – sign up if you have to, authorize the app – and click on the big Plus (+) sign, which says “Add column” when hovering over it. From there, click on “Search”:
Then enter the following settings:
In the Engagement settings, enter at least 1 retweets and at least 1 favorite. This way you will get rid of most of the spam on these hashtags. Additional blocking / muting on TweetDeck of spammy users is necessary, even after these tweaks – but you will get much less spam that way. Tweak to your liking.
You can rinse and repeat the same for hashtags or usernames – US Cert is one which I always keep on there.
The end result should look something like this:
You don’t need to refresh the page – it auto-scrolls newer entries for you. It can’t get more user-friendly and optimized than that.
Note: be careful to spot the twitter and other social accounts of people and ‘organizations’ which might become or are your cyber enemies and devise a way to monitor them anonymously, with a set of separate, unrelated social accounts.
Websites with cyber security news you can add to your refresh list:
- http://www.rootsecure.net/?p=secnews_rss_feeds – if you still are into RSS, this is your website, dinosaurs!
- http://www.reddit.com/r/netsec – Reddit is an awesome community of like-minded people. You can also find a job or hire the right person (really, cool people gather around cool people) in the infosec hiring threads there. The power of this platform is the voting mechanism, instantly pushing important and valuable material to the top – a very democratic society which optimizes your reading experience if you value your time.
- https://www.us-cert.gov/ncas/current-activity – one of the most advanced CERT teams in the world. Certainly worth to monitor the whole website, not just that link.
- http://cert.europa.eu/cert/filteredition/en/CERT-LatestNews.html – similar, but European.
You will often find mentions of new open-source tools to optimize your infosec work on the aforementioned twitter feeds and on reddit, too. As soon as an author releases a new tool they usually post it with the right hashtag (#infosec, for example). By following the right people and reviewing the suggestions by Twitter you will never be behind in your situational awareness.