The Best Security Resources

Building a "Second Security Brain" requires some good resources. Here are the best people, books, Youtube channels, and resources I've found over the last years.

A Guide to the Best Security Resources Out There

Building a information knowledge base is foundational to becoming good at any craft. I spent some years trying to find the best podcasts, security people and resources out there. Over the years, I've sifted through countless resources, from podcasts to YouTube channels, to curate a list of the ✨crème de la crème✨ in security resources.

💭Follow the Thought Leaders💭

One of the best ways to stay updated in the ever-evolving world of cybersecurity is by following the experts. Here are some of the brightest minds in the field:

• Black Hills: These folks are so cool. They put out content that could have easily been charged thousands of dollars for. They have so many good free webinars and workshops. Everything from phishing to Log4J.

• Daniel Miessler: Daniel covers the intersection between technology, humans and security. He also has some really good articles with career advice, that still holds true today. Daniel has moved his focus towards AI recently, but holds a security perspective towards it, which is refreshing.

• Matt from Vuln U: Matt Johansen is the Pricinpal Security Architect at Reddit. Just recently started following him. Really like his newsletter format!

• TLDR; Security by Clint Gibler: The best application security/DevSecOps newsletter out there, in my humble opinion.

• TCM Security: Comprehensive and in-depth. - What the cool people at TCM Security does for a living, is what I want to strive for in my career. They make educational content and they make it affordable. Quality stuff and really cool people!

📰The Best News Sources📰

• Wired: Has a lot of good articles on Security and Privacy.

• The Hacker News: Really good on attacks, vulnerabilities and threats in Cyber Security.

• Tech Crunch - Security: Reports on the business side of Cyber Security.

• Schneider: Bruce Schneier has reported on Cyber Security for a really long time. He holds

• Krebs on Security: Krebs is another one that gives in-depth security news.

🎙Tune into the Best Security Podcasts🎙

Podcasts are a fantastic way to absorb knowledge on the go. Here are some that stand out:

• Risky Business: Delving deep into the intricacies of cybersecurity.

• Darknet Diaries: Riveting tales from the dark underbelly of the internet.

• Cloud Security Podcast: I’m personally biased here, since I was a early bird on this podcast, but love the work Ash and Shillipi are doing.

📕Some of my favorite Books for Cyber Security 📕

• Security Engineering: Has the foundational principles covered, e.g least privilege, Defense in Depth, fail securely etc.

• Secrets of a Security Architect: A lot of wisdom in this book. Main idea is around threat modelling being central to securing IT.

• Human Hacking by Chris Hadnagy: Beyond just a book, it's a lesson in human psychology. Chris is also the force behind the Innocent Lives Foundation.

• Hacker vs. the State: A riveting exploration of cybersecurity in geopolitics. It's a reminder that in cyberspace, friends can quickly turn foes.
  

📹YouTube Channels📹

• Blackhills & TCM: Both channels offer a wealth of knowledge, they could easily charge 2000 USD+ for.

• zSecurity: A lot of great contetnt on ethichal hacking, IT infrastructure and privacy.

• David Bombal: One of the best IT-Security Youtubers out there.

• NetworkChuck: Really like the editing style that Chuck presents with. Makes it fun, even after work! He has a bunch cool takes on certifications as well.

• NTFAQGuy: For all things Azure, John has you covered. Has a bunch of crash courses for Azure Certs.
  

👩🏻‍💻Training Platforms 👩🏻‍💻

• Tryhackme: TryHackMe has a bunch of free resources to learn Cyber Security. Both with virtual training boxes and educational material.

• Hackthebox: Similar to TryHackMe, but with cooler GUI.

• Securecodewarrior: This is a enterprise tool to learn coding securely. The tool has obviosly improved over the years, but is pricey and a bit static in my humble opinion. Just added it for perspective.

• Microsoft Learn has a bunch of free courses

• Google Cloud Skill Boost - Similar to Microsoft Learn, with a bunch cloud labs in GCP.

• PortSwigger’s - Web Security Academy - Really

• OWASP Juiceshop: An excellent free resource to get hands-on experience. I really like juiceshop, because it’s an excellent way to learn about web application security! It is also really nice for workshops or hacking night :-)
  

😎 Other really cool resources 😎

• Personal Security Checklist and Awesome Privacy - Lizzy93 has some super user friendly lists!

• Awesome Security - Similar to the list above, a bunch of tools, lists, documents.

• CISA's Known Exploited Vulnerabilities Catalog - A list of activly exploited vulnerabillities. In case you want to prioritize your vulnerabilitties in a more pragmatic way than CVSS Scores. -

• SANS Posters and Cheat Sheets - SANS has some really cool posters and cheat sheets

• OWASP Cheat Sheet Series: A must-have for every security professional.

• OWASP Check list for application security

In conclusion, while this list is extensive, it's by no means exhaustive. The field of cybersecurity is vast and ever-evolving. However, these resources provide a solid foundation.

---

I'm not affiliated with any of these entities; these are purely my recommendations based on experience and research.