Technology is wonderful!  I love to explore new gadgets and applications to see what they can do.  My initial reaction to a new device is frequently, “cool new toy!”  Sometimes they don’t even have to do anything useful to capture my attention.  That’s the fun part of my job.  The challenge is when new technology is introduced into the business.  We have to consider the risks along with the “cool” factor and make sure users and the technology tools they employ to do their jobs are protected from today’s threats.  Those tools can be anything from servers and workstations to personal cell phones and Internet-connected devices like security cameras, merchandise scanners, and point-of-sale systems.  The IoT (Internet of Things) movement is constantly introducing new gadgets.

The devices and software that make all of those things work are often under attack.  Threats are constantly mutating and technology environments are changing at a rapid pace.  Security best practices of the past may no longer be adequate and new ones are often recommended that are a better fit with new technology.  Information system security is such a large realm that experts tend to specialize in one or two areas, so it can be challenging to keep up, especially if you wear a lot of hats.  It helps to follow a few of those experts who regularly publish blogs on current threats and provide options for mitigating them.

Here are a few of my favorite blogs for keeping tabs on what the “bad guys” are up to:

Brian Krebs at

The blog contains well-written, timely articles on topics including malware, social engineering, hardware vulnerabilities, attacks on websites, and other security issues.

Stu Sjouwerman at

KnowBe4 specializes in security awareness training. Stu writes about current social engineering events and zero-day attacks.  He offers “freebies” in the form of paragraphs that you can share with users to inform them about the latest attack and what to do about it.   Articles are a quick-read and often provide links to more technical blogs for those who want to dig deeper.

Malwarebytes Labs at

Malwarebytes Labs does in-depth research and analysis into malware to determine exactly what it does, and how it does it, and how to mitigate its effects. There is something for everyone on their blog site, from the casual interest reader to the IT professional looking for technical details.  They cover many topics including security basics, cybercrime and threat analysis.  My favorite is the Threat Analysis section where articles provide step-by-step explanation of what an exploit does, including screen prints and code snippets.

There is so much information on the Internet that it can be overwhelming.  Filtering down to a handful of reliable sources makes it easier for busy IT professionals to stay informed. In addition to these great blogs on IT systems security, subscribe to our email list below to get articles like these direct to your inbox.

About the Author

Dara Doak is the Network Administrator and Technology Manager for Rattan Consulting. Dara joined our crew in 2006 and consults with our clients about server upgrades, disaster recovery planning, network security, database management and outage resolution.

Recently from Rattan - Subscribe to get insight direct to your inbox.