Keeping Up-to-date
One of my favourite questions to ask an interviewee is "How do you keep on top of all the security news?" Sure, it's not a technical question, it's not even really much of a cultural question. But given 1 or 2 minutes, I think this is a quick and interesting way to get an insight into how an individual seeks out information, and how this may influence their problem-solving. Yes, it's often that candidates will describe similar methods, but you'll always be surprised by the occasional different technique, or even perhaps hearing of something new.
So, how would I answer this question? Easy.
First, is twitter. Yes - there is low signal to noise in the platform, especially if you follow a lot of accounts (like I do), but there are a few ways to manage this. I use a handful of private lists which I use to refine the accounts that I will generally check each day. These are broken into 'favs', which I absolutely can't miss. Then down into topics, such as Linux, or web app sec and so on. I've setup an IFTTT rule to email me all the tweets I Star (or <3). Once in email, I generally tag with a handful of labels, such as #ctf or #testing or #burp and so on. This provides a quick and easy way to see all the tweets in a specific category. This expands a relatively simple twitter feature into more of a database.
First (and a half), hearing people talking about things at work!
Second, I read a bunch of blog articles. These used to ENTIRELY reside in Google Reader (RIP). But now I find these are cross-posted on twitter, fav'd, once in my inbox, they remain there until I've had a chance to read them. Only once read do I archive the email. I also fairly regularly then redistribute this information out through more tweets, and through internal and external slack channels.
Third, Slack. I'm in 5 instances (a few more that I'm not active in) on the desktop version of Slack (yep, that's why I need all the RAMs). I often star posts or topics that people share.
Fourth, conferences - or conference recordings / PDFs etc. Often these will be seeded from when people start to tweet about their availability. Even if I attend sessions, I'm usually there to be entertained (i.e. the InfoSec Style or Presentation).
Fifth, emails. Or, email distributions. The only two that I really pay attention to are @DanielMiessler's Unsupervised Learning, and the Team Cymru Dragon News Bytes. Bonus points for Warren Ellis' Orbital Operations. This is the only email that I regularly look forward to and general read from top to bottom.
[Cross posted from https://un-excogitate.org/keeping-up-to-date]
Nice. Thanks for sharing Christian
SOC | Director | IT Security
7 年Good share. Like you my #1 goto is Twitter and likewise use lists. I find it extremely powerful with a screen running TweetDeck with numerous columns assigned to lists like dfir, certs, malware etc.