Our collection of the most insightful and informative InfoSec blogs from the industry’s foremost thought leaders.

There are hundreds of InfoSec blogs in the webosphere. Some are clear leaders in the industry, widely regarded as thought leaders and earning recognition from just about everyone in the security field as being among the best of the best. Some started out strong but fizzled out after a few short months, while others have compiled hundreds – thousands, even – of in-depth perspectives on a variety of security topics (from general cyber security to specific topics like data loss prevention (DLP)) over the course of nearly a decade.

We scoured the far corners of the web to dig up some of the best, most insightful and informative InfoSec blogs in existence for our newly-updated list for 2018. Not only the blogs you’ve seen named time and time again in best-InfoSec-blogger lists, but also some hidden gems you may not have known existed but will be glad you’ve finally discovered. These blogs provide deep insights from some of the leading information security professionals; in-the-trenches viewpoints from security experts who have spent decades working in the field and consulting with the world’s largest enterprises, universities, the U.S. Government, startups, and other entities.

These bloggers tackle major security news, InfoSec hacks, tricks, and discoveries, offer tutorials and solutions for problems they’ve encountered in their day-to-day work, and sometimes bring a little humor to the fascinatingly complex world of information security. Note: These blogs are categorized, and listed alphabetically within each category – they aren’t ranked or rated in any other way.



Adam Shostack and Friends


Adam Shostack and Friends

Formerly Emergent Chaos, Adam Shostack and Friends is a blog that’s been covering security, privacy, and economics (among other unrelated topics) since 2005. Shostack is also the author of author of Threat Modeling: Designing for Security and co-author of The New School of Information Security.

Three posts we like from Adam Shostack and Friends:

Andrew Hay


Andrew Hay

Andrew Hay is the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, where he’s responsible for driving of the strategic vision for the company, as well as the development and delivery of the company’s cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence. Hay has held roles for companies such as 451 Research, DataGravity, and Open DNS, where he served as Senior Security Research Lead & Evangelist. He’s often approached to provide expert commentary on security-industry events in the media, including both mainstream publications such as USA Today and niche publications such as TechTarget and Network World. We also have a podcast episode with Hay discussing the rise of the virtual CISO. You can access Hay’s insights directly at his personal blog, where he covers topics he hand-picks based on personal interest and importance to the field.

Three posts we like from Andrew Hay:

Byron Acohido’s Last Watchdog on Privacy & Security


Byron Acohido's Last Watchdog on Privacy & Security

A Pulitzer prize-winning journalist, Byron Acohido is the founder and executive editor of The Last Watchdog on Privacy & Security. Cybersecurity first gained Acohido’s attention in 2000 when he joined the Money section of USA TODAY to cover Microsoft. Since that time, Acohido has authored several books and covered the cybersecurity space through articles, podcasts, and videos, all of which you can access at The Last Watchdog.

Three posts we like from The Last Watchdog:

Dan Kaminsky’s Blog


Dan Kaminsky's Blog

Dan Kaminsky has advised Fortune 500 companies like Cisco, Avaya, and Microsoft, and he’s been a well-known security researcher for more than a decade. His blog, formerly known as DoxPara Research, features in-depth posts with insights on the most pressing security issues facing the industry, such as Heartbleed. It’s kind of like picking Kaminsky’s brain from the comfort of your desk.

Three posts we like from Dan Kaminsky’s Blog:

Elie Bursztein


Elie Bursztein

Elie Bursztein leads Google’s anti-abuse research efforts, sharing his insights on topics relevant to the world of InfoSec on his personal blog. Bursztein has some impressive achievements under his belt, such as the re-design of Google’s CAPTCHA to make it easier (an effort much-appreciated by Internet users everywhere), implementing faster cryptography to make Chrome safer, and identifying and reporting more than 100 security vulnerabilities to companies like Apple, Microsoft, Twitter, and Facebook.

Three posts we like from Elie Bursztein:

Graham Cluley


Graham Cluley

Graham Cluley has more than 70,000 followers on Twitter alone, and it’s no surprise given his impressive coverage of InfoSec news and developments. He’s an independent computer security analyst who’s been working in the field since the 1990’s, giving him plenty of background and expertise to offer expert commentary on the latest happenings in information security and related topics. In addition to Cluley’s expertise, you can gain insights from a panel of regular contributors featuring several highly-regarded experts in the field. You’ll find plenty of tips for everyday users, along with deep insights into critical security developments.

Three posts we like from Graham Cluley:

Hacking Articles


Hacking Articles

Founded and authored by Raj Chandel, Hacking Articles is a comprehensive source of information on cyber security, ethical hacking, penetration testing, and other topics of interest to information security professionals. Chandel’s primary interests lie in system exploitation and vulnerability research, but you’ll find tools, resources, and tutorials on everything from social engineering to footprinting, Google hacking, and more.

Three posts we like from Hacking Articles:

Holistic InfoSec


Holistic InfoSec

Russ McRee has spoken at leading security conferences, such as Defcon, BlackHat, RSA, and others, and he leads the Blue Team for Microsoft’s Windows and Devices Group (WDG). He also writes toolsmith, a monthly column in ISSA Journal, but shares many of his views and perspectives on his belief in a holistic approach to information security at Holistic InfoSec.

Three posts from Holistic InfoSec:

Jeff Soh on NetSec


Jeff Soh on NetSec

Jeff Soh began blogging in 2007, and continues to share suggestions for intrusion analysts and other miscellaneous news on information security. Soh also offers book recommendations, product recommendations, and useful tips for information security professionals and everyday users.

Three posts we like from JeffSoh on NetSec:

Krebs on Security


Krebs on Security

Brian Krebs is a household name in information security, and his blog is among the most well known and respected in the space. An investigative reporter at heart, Krebs comes from a journalist background and has honed his self-taught expertise through over a decade of dedicated interest in security. He is credited with discovering the Target data breach a few years ago and being the first to report on the Stuxnet worm in 2010.

Three posts we like from Krebs on Security: