Keeping up to date in any field can be challenging, but this ethos might not ring more true than in cybersecurity. The dynamic nature of the industry requires SOC analysts to always be on their toes with new and emerging threats across a constantly expanding attack surface.
New threats and vulnerabilities can pop up on a nearly daily basis. Don’t let this discourage you because this is also what can make the role so satisfying! There are numerous content channels, communities, and networking opportunities out there that will help you stay on top of your game. Here are a few recommendations to help you get started.
All the Right Content
Blogs and newsletters from cybersecurity thought leaders and expert organizations dive deep into specific areas of the industry and enable you to become a true expert in your area. Because these channels publish frequently around industry news and events, you are often learning about the latest threat intelligence and the most up-to-date tips for keeping your organization safe.
Popular cybersecurity blogs and newsletters we like:
- The Hacker News (sign up for their newsletter on the home page)
- Cisco
- Symantec
- Unit 42
- Fortinet
- The Cloud Security Reading List
- CyberSecNewsWeekly
These publications also often provide opinions and thought-provoking pieces that you can use as discussion pieces within your team.
Beyond blogs and newsletters, check in on well-known outlets such as SecurityWeek, Dark Reading, and KrebsOnSecurity. These news organizations provide commentary and insight that will help you stay ahead of the curve.
There are also plenty of cybersecurity-focused podcasts if that is your preferred way to consume content. The CyberWire, BluePrint, and Malicious Life are just a few that discuss the latest news and issues across the industry.
Get Social
It’s also worth engaging with other security professionals on platforms like Reddit, LinkedIn, and Twitter. These platforms host active cybersecurity communities that provide real-time updates, insights, and discussions on emerging threats and trends. Note: there has been a bit of an exodus in the infosec community space away from Twitter over the past year. If you find someone who hasn’t been active on Twitter for a while, see if they post on other channels before counting them out.
A few thought leaders in the space worth following:
- @wendynather: Wendy Nather is the Head of Advisory CISOs at DUO Security and used to work for the NSA.
- @briankrebs: Brian Krebs is the author of the blog Krebs on Security (references above)
- @k8em0: Kate Moussouris created the bug bounty program at Microsoft
There are many, many more so take some time and explore others who may be more niche or relevant to you.
Attend Industry Conferences
Don’t underestimate the value of industry conferences. By attending these events, you can discover the latest tech trends, meet industry experts, and share ideas with colleagues. Black Hat, RSA Conference, DEF CON, and Innovate are some of the best-known annual conferences and attract knowledgeable keynote speakers and panelists.
You also may want to become a member of groups like InfraGard or industry-specific ISAC groups, which offer invaluable insights and trends. Many companies provide professional development stipends or reserve portions of their budget for attending these various events. It never hurts to ask, and it demonstrates your willingness to learn more about your craft.
The cybersecurity landscape never stands still. For SOC analysts, this represents both a challenge and an opportunity. By consistently reading and engaging with the right outlets and thought leaders and attending relevant industry conferences, it’s possible to keep up with—and even stay ahead of—evolving security environments.
Ready to SOC and roll? Check out our new career guide for more insights and advice.
Frequently Asked Questions
- The Hacker News: The Hacker News is a leading cybersecurity news platform that covers the latest security breaches, vulnerabilities, and hacking news.
- Krebs on Security: This blog, authored by Brian Krebs, is known for its investigative journalism on cybercrime and cybersecurity issues.
- Infosecurity Magazine: Infosecurity Magazine has been delivering cybersecurity content to readers for over a decade with both a print and online edition
- Dark Reading: Dark Reading offers insight across a variety of topics from analytics and application security to mobile and cloud security, IoT and more.
- Bleeping Computer: Bleeping Computer® is an information security and technology news publication created in 2004 by Lawrence Abrams. Millions of visitors come to BleepingComputer.com every month to learn about the latest security threats, technology news, ways to stay protected online, and how to use their computers more efficiently.
- Unsupervised Learning: Daniel Miessler, an experienced cybersecurity expert offers a newsletter, blog, and podcast that covers a variety of topics that focus on security and artificial intelligence.
- Graham Cluley: A cybersecurity expert and speaker offers videos of his speaking sessions and podcasts
- CyberWire: The CyberWire cybersecurity news outlet delivers daily briefings, podcasts, and analysis on the latest threats, trends, and policy developments.
- CSO Online: CSO provides news, analysis, and research on a broad range of security and risk management topics
- ThreatPost: ThreatPost is an independent news site that is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.
- Follow Cybersecurity Influencers on Social Media: Follow thought leaders and experts on platforms like Twitter and LinkedIn for real-time updates and insights.
- Subscribe to Cybersecurity Newsletters: Many cybersecurity organizations and publications offer newsletters that deliver the latest news and trends directly to your inbox.
- Participate in Cybersecurity Communities: Engage with other professionals in online forums and communities to discuss current issues and learn from shared experiences.
- Attend Cybersecurity Conferences and Webinars: Conferences and webinars offer opportunities to learn about emerging trends, network with peers, and hear from industry experts.
- Black Hat USA: A renowned cybersecurity event featuring technical training, briefings, and a business hall.
- RSA Conference: A leading cybersecurity conference covering a wide range of topics, including cloud security, threat intelligence, and data security.
- DEF CON: One of the world’s largest hacker conventions, focusing on technical talks, demonstrations, and contests.
- Infosecurity Europe: A major cybersecurity event in Europe, showcasing the latest security solutions and offering educational sessions.