Staying Informed in InfoSec
Years ago my friend Nick and I were trying to find people to fill a few InfoSec roles. So we set out, bright-eyed and bushy-tailed, interview questions in hand, looking for the right candidates. Ignoring the sheer amount of fraud and shenanigans we encountered, I’d like to cover one specific series of answers that confused us. The question was simple: how do you stay informed and up-to-date in InfoSec? The answers were confounding.
We all have our preferences. Mine is Twitter. But I also use Newsblur to augment that and I hang out on a few Slack channels here and there. The point of the question isn’t really about where you get your information although that's somewhat in-play. The line of questioning is about DO you get any information and is it high-quality information. (Daniel Miessler touches on this topic in his interview questions post.)
I continue to be shocked (I know, even at my age and years of experience) by people who respond to my saying, “Yeah, you should follow this person on Twitter” with, “I don’t care what people have for lunch.” Good point right?
This is such a profoundly hackneyed and misplaced point of view that my next reaction is to take this person much less seriously as a professional. I missed the post where Brian Krebs covers what he had for lunch. The same goes for the grugq, Halvar Flake, and myriad other serious contributors to the InfoSec space. Conflating how YOU or your retired uncle use a platform like Facebook or Twitter with how serious consumers of information stay informed is a bad look. What I’m arguing is you don’t even have to use social media. There are plenty of lists and feed services out there. But consume something of high quality that helps you do your job.
Speaking of high quality...I’m also surprised to see, what I think are, serious InfoSec pros ingesting low-quality information. I realize this may spawn an argument but running a feed of Matt Drudge and The Drudge Report in your SOC doesn’t count as a high-quality feed. In fact, I’d say it’s the opposite and it makes one look highly unserious. If you can’t tell the difference between thoughtful, peer-reviewed work and nonsense, I’m not sure if I can help. But if you want the latest news on Obama's FEMA camps, then I'd say knock yourself out.
There are so many people in our industry doing truly amazing work and most of them publish it. Want a recent example? Try Lesley Carhart's analysis of NotPetya here. Further, there are certain accounts / individuals that do a masterful job of curating content. Finally, there are a lot of great conversations and discussions going on in a number of forums. Why one would choose to not consume that and engage – especially for illegitimate reasons – seems pretty close to malpractice to me.
Do yourself a favor, dear InfoSec professional. Find good sources of information in our chosen field and dial into them.
Updates and edits:
I've been accused of spelling someone's name incorrectly. Simply not true. It's always been "Lesley Carhart." At NO time did I ever misspell her first name. Maybe in the first cut of this post. But most likely not. Not ever.