Keeping Up-to-date
https://www.flickr.com/photos/helloitsjustus/4901215717/

Keeping Up-to-date

One of my favourite questions to ask an interviewee is "How do you keep on top of all the security news?" Sure, it's not a technical question, it's not even really much of a cultural question. But given 1 or 2 minutes, I think this is a quick and interesting way to get an insight into how an individual seeks out information, and how this may influence their problem-solving. Yes, it's often that candidates will describe similar methods, but you'll always be surprised by the occasional different technique, or even perhaps hearing of something new.

So, how would I answer this question? Easy.

First, is twitter. Yes - there is low signal to noise in the platform, especially if you follow a lot of accounts (like I do), but there are a few ways to manage this. I use a handful of private lists which I use to refine the accounts that I will generally check each day. These are broken into 'favs', which I absolutely can't miss. Then down into topics, such as Linux, or web app sec and so on. I've setup an IFTTT rule to email me all the tweets I Star (or <3). Once in email, I generally tag with a handful of labels, such as #ctf or #testing or #burp and so on. This provides a quick and easy way to see all the tweets in a specific category. This expands a relatively simple twitter feature into more of a database.

First (and a half), hearing people talking about things at work!

Second, I read a bunch of blog articles. These used to ENTIRELY reside in Google Reader (RIP). But now I find these are cross-posted on twitter, fav'd, once in my inbox, they remain there until I've had a chance to read them. Only once read do I archive the email. I also fairly regularly then redistribute this information out through more tweets, and through internal and external slack channels.

Third, Slack. I'm in 5 instances (a few more that I'm not active in) on the desktop version of Slack (yep, that's why I need all the RAMs). I often star posts or topics that people share.

Fourth, conferences - or conference recordings / PDFs etc. Often these will be seeded from when people start to tweet about their availability. Even if I attend sessions, I'm usually there to be entertained (i.e. the InfoSec Style or Presentation).

Fifth, emails. Or, email distributions. The only two that I really pay attention to are @DanielMiessler's Unsupervised Learning, and the Team Cymru Dragon News Bytes. Bonus points for Warren Ellis' Orbital Operations. This is the only email that I regularly look forward to and general read from top to bottom.

[Cross posted from https://un-excogitate.org/keeping-up-to-date]

Nice. Thanks for sharing Christian

Steven Atcheson

SOC | Director | IT Security

7 年

Good share. Like you my #1 goto is Twitter and likewise use lists. I find it extremely powerful with a screen running TweetDeck with numerous columns assigned to lists like dfir, certs, malware etc.

要查看或添加评论,请登录

Christian Frichot的更多文章

  • Exploring the Latest Updates to hcltm: Optimising Threat Modelling for DevOps Teams

    Exploring the Latest Updates to hcltm: Optimising Threat Modelling for DevOps Teams

    A new version of hcltm, the threat modelling utility designed for DevOps teams, is now available. Let's have a look at…

  • Aligning your purpose to your work

    Aligning your purpose to your work

    If I’ve learnt anything over my diverse and multi-faceted career, it’s that aligning autonomy, mastery and purpose in…

    6 条评论
  • Cruise @ BSidesSF 2018

    Cruise @ BSidesSF 2018

    If you had the opportunity to make it to BSidesSF 2018 you may have wandered past a quaint little table decorated with…

  • What was it like enabling Google Advanced Protection?

    What was it like enabling Google Advanced Protection?

    tldr; Boring..

  • Of hackers and musicians

    Of hackers and musicians

    What qualities do you look for when you're hiring information security professionals, and in particular ‘hackers'? I…

    20 条评论
  • The Craft of Code Review

    The Craft of Code Review

    I really enjoy watching how other people approach their craft. You can see it in chefs, designers, artists, musicians…

    19 条评论
  • 2015 Reflections and life at LinkedIn

    2015 Reflections and life at LinkedIn

    If I were to capture 2015 with a single word it would be: transform. The family and I had started the year celebrating…

    6 条评论
  • Facebook iOS App Scrapes Your Clipboard?

    Facebook iOS App Scrapes Your Clipboard?

    I noticed yesterday that the Facebook iOS app appears to scrape your clipboard for URLs, offering to paste the URL into…

    6 条评论

社区洞察

其他会员也浏览了