Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

We live in an age of information overload – with the internet being a far larger place than could ever be explored. As cyber security moves increasingly into the focus of the public mind, with news of serious compromises and global-scale attacks ever-more frequent, the question raises itself: where to go for good-quality cyber security advice?
Below we list ten sites which, for various reasons, we consider to be worthwhile destinations for cyber security information, knowledge and news.
 
Threatpost
Coming from the famous Russian security software company Kaspersky, this is primarily a security news site which is especially good for posting rapidly on the latest developments. However, in addition to specifically topical news issues, the site does also post security articles of a more general nature.
For those not wishing to spend long periods of time reading, the site also features a good range of podcasts, with a new one being published every three or four days on average.
Don’t be put off by this site being run by a software vendor, this is a solid news site and not simply a disguised advert for Kaspersky’s software!
Cisco Blogs
Another offering from a famous infotech company, Cisco Blogs contains numerous security-related information, with each post being tagged, allowing the website user to easily find similar content. While this site also features topical “news” posts, there are a large number of more general postings, some of which are on broader matters which, while security-related, may not pertain directly to the technologies used but rather to issues such as diversity in the industry and respecting customer privacy.
YouTube
YouTube plays host to a vast number of security-related channels, some of which are of extremely high-quality. The Hak5 channel is one of the best, with over 1000 videos and content ranging from visits to security conventions and trade shows, to practical hacking tips (often focussing a video on a particular piece of software) to other IT matters such as setting up the Raspberry Pi or Arduino.
Another good YouTube channel is The New Boston. This channel is presented very informally and features a number of diagrams that the presenter draws in order to illustrate core concepts. These diagrams are often a huge aid in explaining matters which require a visualisation of the subject, where a verbal explanation alone may not be as effective. The informal nature of this channel makes it a strong one for beginners, as the presenter does not assume too much knowledge from his viewers and is always quick to explain any new concepts which arise.
A third good channel is Vivek Ramachandran’s Pentest Academy, which has a wide range of content at various levels, presented in a professional but friendly manner.
There are literally hundreds of similar channels on YouTube, and our best advice is to search for "pentesting tutorial” and try out a couple of channels to find one with the right level of expertise for you.
Krebs on Security
Brian Krebs is a well-known information security researcher with the somewhat unusual background of having originally been an investigative journalist. Combined with over a decade of interest in the world of cyber security, this journalistic approach has been successful, and Krebs is credited with being the first to report on the Stuxnet worm’s attack on Iran’s nuclear program in 2010, as well as the Target data breach of 2016.
As may be expected from someone with a journalistic background, Krebs often interviews leading names in the info security field and is quick to report on new developments in the industry.
Offensive Security
As the authors of Kali Linux, the preferred Linux distribution for penetration testers, as well as the respected Offensive Security Certified Professional certification, OffSec are leaders in the world of information security. While their blog is not updated very regularly, their website has an informative section on the various projects that Offensive Security are involved with. In addition to the Kali Linux distribution already mentioned, OffSec have released a free hacking course which covers the basic usage of the Metasploit framework – a popular hacking environment – and they also host and maintain both the Google Hacking Database and the Exploit Database (now actually combined into the Exploit Database), two useful tools for finding public exploits.
For anyone wishing to start a career in penetration testing, the Offensive Security Certified Professional certification is a key qualification to have and full details are available on OffSec’s site.
Slashdot
Veteran science and technology site Slashdot deserves a mention in our list, as it is both well-known and has an innovative angle to its content: comments on articles are moderated by other users, and users whose comments have generally received positive moderation from others receive “karma” points.
Additionally, Slashdot “articles” are actually user-shared content from other websites. This approach by Slashdot allows a casual user to see content from multiple sources, in a similar manner to websites such as Reddit or Digg.
10 Steps to Cyber Security – UK National Cyber Security Centre
As the title may suggest, this is comprised of official UK government advice on how organisations can best protect themselves from info-security risks and attacks. This is not casual reading but is invaluable for any UK business with an online presence.
Topics include network security, user-privilege management, malware prevention, and more. In addition to a wealth of critical information being supplied directly, the site also features numerous links to other resources should the reader want or need to go into further detail on these subjects.
Dark Reading
Dark Reading, InformationWeek’s security publication, is another news site popular in the info-security industry. As the site combines topical cyber security news with articles by prestigious, leading names in security, Dark Reading is one of the web’s best cyber security resources.
The site itself is divided up into categories such as IoT (Internet of Things) and Mobile, which allows you to simply norrow down your reading to focussed areas of interest.
NoticeBored
UK-born New Zealand blogger Gary Hinson is the driving force behind NoticeBored. Keeping the style casual (almost ‘chatty’) and accessible, this great security blog covers topics of interest to both the consumer as well as the security professional.
The site also offers a number of ‘freebies’ such as white papers, mainly covering security awareness, a topic that is central to the website’s philosophy.
Security Through Education
Unlike the other examples on our list, this site focusses on social engineering which could be described as “people hacking”. This is an important subject because no matter how hardened an organisation’s technology is, if the staff aren’t trained in detecting such attacks as phishing attempts and tailgating, a location can still be compromised.
As well as a blog, the site features regular podcasts and the “Social Engineering Framework”, a searchable information resource for anyone wishing to learn about this particular subsection of information security. There is also a “resources” section featuring numerous videos from security conventions.
Also of interest is the site’s content on Artificial Intelligence and how it could potentially be used maliciously.
 
We hope you check out our ten top security information sources. Of course, there are thousands of websites covering these topics, some of them of excellent quality, and these are just a sample, but browsing these ten should give you a good grounding in the basics of security and in breaking news items in the industry.