by Steven Gilbert
Cybersecurity has never been more important. Here’s how you can keep up.
The past few months have been some of the most substantial in cybersecurity history:
- WikiLeaks released their Vault7 collection of CIA hacks
- The WannaCry ransomware has infected hundreds of thousands of computers.
- The FBI is investigating Russia hacking that may have meddled in the U.S. presidential election.
- Congress voted on a resolution to roll back Federal Communications Commission privacy protections that kept Internet Service Providers from selling your data to third-parties (and opening the door for ISPs to use your data in other creepy ways).
- And the open web is under threat from mega-corporations who may use deep packet inspection to turn it into a locked-down Chinese-style internet.
It would be an understatement to say that issues surrounding cybersecurity and digital privacy are “in the news.” Because these issues are a lot closer to home.
In fact they’re in your home, literally. In your computers, your smart phones, your smart-home devices, and maybe even your TVs.
Which means you might be interested in learning more about the field of cybersecurity, because it’s certainly affecting you. Privacy, security, digital rights, free expression, the open web — these are all raging issues that trace back to the fundamental mechanics of networks.
I’m invested in diving deeper into this world. I work as a consultant at Crypho, a Norwegian security software company that builds private and secure communication tools for organizations. And I’m currently in deferral at UC Berkeley Law, where I plan to learn more about digital privacy and security law.
And, in order to stay on top of the issues, I subscribe to the following free email newsletters:
#1: Electronic Frontier Foundation (EFF)
Email newsletter sign up: EFFector List
From the EFF website:
“The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.”
And the EFF is the organization behind a gold mine of tips, tools and how-to’s for safer online communications. This treasure trove includes Surveillance Self-Defense, “EFF’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.”
And the EFF is behind much more in the form of amicus briefs, blog posts, whitepapers and of course EFFector List, their nearly-weekly email newsletter.
Email newsletter sign up: US-CERT
CERT stands for Computer Emergency Readiness Team. And so US-CERT is the Computer Emergency Readiness Team of the United States of America.
US-CERT is an organization within the Department of Homeland Security, and it’s responsible for “responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”
And the US-CERT newsletter keeps you in the know about all things cybersecurity-related, which include:
- Cybersecurity alerts, like the recent WannaCry Ransomware
- Announcements, like FTC’s Privacy Awareness Week
- Tips, like Securing Home and Small Business Routers
- Security Updates, like Mozilla Releases Security Updates
- Bulletin of software vulnerabilities, like Vulnerability Summary for the Week of May 8, 2017
Note that many countries have their own CERT, and as such you might be interested in following those as well. You can find a list of CERTs here.
#3: Schneier on Security
Email newsletter sign up: Crypto-Gram Newsletter
Bruce Schneier is an influential security technologist. He keeps a blog called Schneier on Security where he discusses security issues. And also a free monthly e-mail called Crypto-Gram, which is a digest of his blog posts.
More about Schneier here.
#4: O’Reilly Security Newsletter
Email newsletter sign up: O’Reilly Security Newsletter
O’Reilly is a media company founded by Tim O’Reilly that publishes a ton of quality books and content on software and computer technology. They organize popular tech conferences like Velocity and OSCON. And put out a number of email newsletters, including one dedicated to digital security.
#5: UC Berkeley Center for Long-Term Cybersecurity (CLTC)
Email newsletter sign up: CLTC
The Center for Long-Term Cybersecurity (CLTC) is a research and collaboration hub at the University of California, Berkeley, whose aim is as follows:
“Housed in the School of Information (I School), the Center will create an effective dialogue among industry, academia, policy, and practitioners, with an aim to foster research programs, technologies, and recommendations. CLTC’s work is founded on a future-oriented conceptualization of cybersecurity — what it could imply and mean for human beings, machines, and the societies that will depend on both.”
If you’re located in the Bay Area, the CLTC might be of particular interest to you because of the events and talks they organize. If you’re not, you still might find value in the CLTC newsletter as it covers cybersecurity news, internships and jobs, and more.
Email newsletter signup: freeCodeCamp
freeCodeCamp is an open-source community committed to helping you learn to code. And as part of that effort, freeCodeCamp maintains a popular tech publication on Medium, where it publishes stories about development, design, data science, the open web, among other tech topics.
And while it’s not the exclusive focus of freeCodeCamp’s publication, you will often find informative articles on matters relating to cybersecurity and digital privacy and security, like this one on VPNs and this one on end-to-end encryption and this one on encrypting your digital life.
Which means it’s worth to keep an eye on freeCodeCamp’s email newsletter, which you can subscribe to by following the publication here on Medium and opting to “Receive Letters in your inbox.”
Email newsletter signup: OWASP mailing lists
The Open Web Application Security Project commonly referred to as OWASP is “an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.”
As such OWASP is behind a number of resources and projects that aim to improve application security and bring visibility to software security in general. One such project is the important and oft-cited Top Ten Project, OWASP’s list of the 10 most critical web application security risks.
Some bonus cybersecurity mailing lists
If you follow and read all of those email newsletters, you’ll probably know more about the world of cybersecurity than 95% of the population.
And if those don’t fill your appetite, a few others to be mindful of include:
- Jigsaw, an incubator within Alphabet (aka Google) “that builds technology to tackle some of the toughest global security challenges facing the world today — from thwarting online censorship to mitigating the threats from digital attacks to countering violent extremism to protecting people from online harassment.”
- The US Federal Communications Commission RSS feeds and email updates
- Mozilla, which occasionally covers security-related issues.
- Citizen Lab, based at the University of Toronto
And last, because I’ve been living in Latin America, I also follow organizations involved in digital privacy and security in this region of the world. So if you’re a Spanish speaker, you might want to check out Fundación Karisma (Colombia) and Derechos Digitales (Chile) and TEDIC (Paraguay), as they’re doing incredible work.