On Substack, publications run by cybersecurity professionals and journalists with expertise in cybersecurity can help practitioners keep pace with developments in security operations and many other areas of cybersecurity.
Here's our curated list of 10 Substacks for anyone looking to stay up to date in the fast-changing field of cybersecurity.
Venture in Security (Ross Haleliuk)
Venture in Security, by Ross Haleliuk, is a popular newsletter that delves into cybersecurity trends, key players, business models, venture capital, and other topics within the industry. Haleliuk founded the Venture in Security Angel Syndicate to invest in early-stage cybersecurity startups, offering investors exposure at the pre-seed and seed stages. He also wrote Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup, a book providing guidance for founders, practitioners, investors, and others involved in building cybersecurity companies.
Notable stories include “Most of the security teams’ work has nothing to do with chasing advanced adversaries," which explores the misconception that security teams primarily deal with advanced adversaries and delves into the day-to-day tasks of security teams. Another is “Most security startups are tackling problems that are too small for the VC model.”
Aphinia - Your CISO Wire Update (Misha Sobolev)
Aphinia - Your CISO Wire Update is a weekly Substack curated by Misha Sobolev that is designed to keep CISOs and cybersecurity professionals informed and connected. It covers recent CISO appointments and promotions, in part to foster networking opportunities by introducing new members to the Aphinia community. The newsletter features insights and advice from guest CISOs and cybersecurity leaders through interviews and conversations, promotes upcoming cybersecurity events, and covers major cybersecurity incidents, data breaches, and arrests related to cybercrime.
Notable stories include an interview with Chris Brown, CEO of New Cyber Executive, on managing job stress as a CISO, and a discussion with Mike Mestrovich, CISO of Rubrik, on emerging cyberthreats and best practices.
Detection at Scale (Jack Naglieri)
Detection at Scale is a weekly publication curated by Jack Naglieri that is dedicated to scaling security information and event management (SIEM) tools, as well as detection engineering practices. Naglieri is the founder and CTO of Panther and has over 10 years of experience as a security practitioner in the industry.
Notable stories include “The Snowflake, Live Nation, and Santander Quick Hits,” which delves into the implications of Snowflake-related incidents; “An Introduction to Cyber Threat Intelligence (CTI),” which discusses how to effectively use indicators of compromise and TTPs in SIEM; and “The Five Layers of Incident Response,” which outlines the different layers necessary for effective incident response: presentation, enrichment, detection, investigation, and response.
The Cybersecurity Pulse (Security Product News)
The Cybersecurity Pulse is a Substack newsletter written by Darwin Salazar that offers comprehensive coverage and analysis of the latest developments in the cybersecurity industry. It provides insights into emerging technologies, products, and strategies shaping the cybersecurity landscape and is recognized for its in-depth exploration of key topics such as application security posture management (ASPM), the cybersecurity investment landscape, and the intersection of AI and cybersecurity.
By collaborating with industry experts, it delivers valuable information on innovative solutions and future trends, making it a crucial resource for professionals and enthusiasts alike. Notable stories include extensive coverage of ASPM and its role in providing a comprehensive view of an application's security posture throughout its lifecycle, tracking venture capital and merger and acquisition (M&A) activities, and analyzing the impact of AI on cybersecurity.
The Security Industry (Richard Stiennon)
The Security Industry, by Richard Stiennon, who has researched and documented the evolving landscape of cybersecurity vendors and trends for 15 years, offers comprehensive coverage of the cybersecurity sector. His publication addresses crucial areas such as cybersecurity education and careers, emphasizing the importance of practical vocational training over traditional four-year STEM degrees and advocating for certifications from major security vendors as a quicker route to employment.
Additionally, Stiennon highlights the contributions of pioneering companies and individuals, detailing the histories and achievements of figures such as Gil Shwed of Check Point Software, Eva Chen of Trend Micro, and Barry Schrager, who played a pivotal role in commercializing access control concepts. The Substack also delves into industry critiques and analyses, offering critical insights into major players and trends.
Blockchain Threat Intelligence (Peter Kacherginsky)
Blockchain Threat Intelligence, curated by Peter Kacherginsky (iphelix), is a weekly newsletter offering comprehensive coverage of the latest security news, tools, events, vulnerabilities, and threats in the cryptocurrency realm. It provides independent and expert analysis on hacks, vulnerabilities, security tools, and significant events related to blockchain, decentralized finance (DeFi), and cryptocurrency exchanges.
Noteworthy stories include detailed examinations of high-profile hacks, such as the Ronin Network incident involving the theft of over $600 million from the Ethereum sidechain, as well as thorough breakdowns of critical vulnerabilities in popular DeFi protocols and blockchain platforms. The newsletter also provides insights into emerging threats and attack vectors targeting the cryptocurrency ecosystem, such as flash loan attacks, oracle manipulation, and rug pulls.
The Cloud Security Guy (Taimur Ijlal)
The Cloud Security Guy, a Substack newsletter by Taimur Ijlal, a cybersecurity expert and writer, is dedicated to offering insights and guidance on cloud security, cybersecurity careers, and the implications of AI. Notable content includes advice on crafting effective cybersecurity resumes and avoiding common mistakes, analysis of emerging trends in cloud and AI security, career guidance for professionals, and discussions on the risks posed by AI advancement.
Leveraging his expertise, Ijlal aims to provide valuable content through the Cloud Security Guy. The newsletter seeks to inform cybersecurity enthusiasts, enhance their skills, and help them navigate the dynamic landscape of cloud security and AI-related risks. With a focus on staying ahead in the field, it offers strategies for professionals to prepare for and mitigate the challenges posed by rapid technological advancements.
Packt SecPro
Packt SecPro is a weekly cybersecurity newsletter written by various security professionals that delivers actionable insights sourced from over 70,000 working security practitioners actively combating contemporary threats. Covering a broad spectrum of cybersecurity topics, including the latest threats, vulnerabilities, and best practices for defense, it serves as a vital resource for professionals in the field.
Additionally, the newsletter provides coverage of the Packt Cybersecurity Podcast, offering valuable insights from interviews with leading security professionals who share their expertise and perspectives on various cybersecurity challenges. With the goal of equipping security professionals with practical knowledge and strategies to proactively navigate emerging threats, the Packt SecPro newsletter plays a crucial role in empowering practitioners to safeguard
The Cyber Why (Daniel Kelley)
The Cyber Why, curated by Daniel Kelley, provides a broad spectrum of topics including news, analysis, research, tools, and best practices. Noteworthy subjects include emerging threats, technical analysis of attack methodologies, insights from industry experts and thought leaders, reviews and recommendations for cybersecurity tools and resources, and summaries of cybersecurity conferences and events. The newsletter is dedicated to furnishing professionals with a meticulously curated compilation of the latest and most pertinent information in the cybersecurity realm, aiding them in staying abreast of the swiftly changing landscape of cyber threats and defense strategies.
Ransomware (Allan Liska)
Ransomware is a Substack by Allan Liska that offers insights and analysis on the latest developments in the ransomware landscape. Liska, a renowned threat intelligence analyst at Recorded Future, aims to educate readers on the evolving tactics, techniques, and trends employed by ransomware groups. One notable story covered by Liska is the alarming increase in ransomware attacks against local governments in the United States. He noted that while 54 attacks were publicly reported, the actual number of victims could be much higher, since many incidents go unreported, raising concerns about the potential impact on critical infrastructure and services provided by local governments.
Liska also discussed the "de-RaaSing" of ransomware, referring to the shift away from the ransomware-as-a-service model. He analyzed how some ransomware groups are moving toward more centralized operations, moving away from recruiting affiliates to distribute ransomware. Additionally, Liska's Substack covers other important developments in the ransomware landscape, such as the effort to prosecute REvil associates, and the potential impact of private individuals naming and shaming alleged cybercriminals.
