ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

The ProPrivacy Awards 2019: 55 Essential Infosec Blogs

ProPrivacy Awards: 55 Essential Infosec Blogs for 2019

A vast majority (91%) of US adults recently agreed or strongly agreed that consumers have lost control over corporate collecting and mishandling of their sensitive personal data, according to a Pew Research study. With that useful research in mind, we at compiled our Awards list of the Top 60 Essential Information Security Blogs For 2019. These are the blogs we feel can best potentially assuage, or, at least, shed some light on, the dominant thought models of fear and ignorance when it comes to web security.

Our 2019 ProPrivacy Awards list is in no particular ranking order, reflecting no value judgments on our part, other than every entry is worthy – for differing reasons explained per entry. This merit-based list simply reflects the blogs we thought were most useful to our readership. While the number of worthwhile infosec blogs online in the thousands (if not higher), we’ve put together our awards with the best of the diverse collective.

Our choices were based on relevance, accessibility to all levels of technical expertise, and our overall impressions of the blog in question. While some entries posted more frequently, or at a higher volume than others – the thread of shared commitment to open discourse around web security unifies each of the disparate recipients.

Sound good? Let’s get down to business.

55 Blogs To Keep Your Eye(s) On

01 Elie

From the French Expat head of Google’s anti-abuse research team (protecting laypeople from cyberthreats of all types), and the same fellow who redesigned Google’s Captcha, Eli Burszstein’s Blog is full of security nuggets of all shapes and sizes. But what else would you expect from a guy who helped implement more secure cryptography on Google Chrome? Spare us the Bernstein Bear puns, and take a gander through Elie’s blog for some can’t-miss tips and tricks.

How email in transit can be intercepted using DNS hijacking

250 250 72 Dpi 01

02 Graham Cluley

It would be remiss of us not to mention both Graham Cluley’s blog and his guest writing work for "The State of Security,” which falls under the umbrella of security firm Tripwire. Based in the UK, Cluley has been busy researching, speaking, and blogging about his work for nigh on two decades, backed up by his stellar work for industry titans including Sophos and McAfee, in addition to numerous experiences helping law enforcement to combat cybercriminals. Mr. Cluley has been an alumnus of the InfoSecurity Europe Hall of Fame since 2011 and is one of only 26 total honorees since the award’s inception in 2009.

The Upcoming Death of the Java Plugin has been Announced. 

05 01

03 Cybercrime & Doing Time

Gary Warner’s wittily named blog focuses on security through a judicial lens, as you might expect, considering his work as a Task Force Officer with the FBI Cyber Crimes Task Force. He’s a distinguished faculty member at the University of Alabama and, after years spent protecting the public, he’s now working to educate the next generation of computer science professionals.

Vovnenko / Fly / MUXACC1 pleads guilty

Cybercrime 01 01

04 Malwarebytes

The team behind the Malwarebytes security software manages this frequently updated site, offering easily-digestible news, tips, and practical solutions to being compromised online, as well as preemptive measures to avoid security breaches in the first place. Encouragingly, there appears to be a down-to-earth approach taken both in dealing with technical issues and presenting findings to their readers. It’s well worth taking at least a periodic look at Malwarebytes.

Elaborate iCloud Phish Used To Activate Stolen iPhones

Malware 01 01

05 Ars Technica

It would definitely be surprising if you hadn’t at least heard of thought-leading security website Ars Technica – about as odd as not placing them on this awards list. As one of the most influential online publications on all things tech-related, the security analysis proffered in their articles is some of the  most in-depth and well researched around. Additionally, you can also find convenient product reviews and news. With Ars Technica, bigger just means more varied superb content – not just some filler crow-talk.

NSA, GCHQ used open source software to spy on Israeli, Syrian drones
Ars 01

06 TechCrunch

While at first glance not as overtly focused on the twin pillars that many of the blogs featured here concern themselves with, Tech Crunch provides such a plethora of breaking industry news that it would be wrong to leave the site out. The rip-roaring success of several popular expos, such as Tech Crunch Disrupt, put on by the team behind the website further entrenched our conclusion that TC deserves a place on our exclusive list (Kevin Spacey’s interview at Davos is highly recommended).

Inside Parlio: Egyptian Activist Wael Ghonim’s New Platform For Social Change
Tech 01 01

07 The Guardian-Tech

Known for its excellent all-round investigative journalism, the Guardian’s Technology corner is a necessary presence in this roundup and is on the front lines of the war against repression in all its nefarious iterations. Playing what might well be considered the pivotal role in disseminating the Snowden leaks neatly sums up the Guardian’s importance.

White House denies clearance to tech researcher with links to Snowden
Guardian 01 01

08 Wired

Another industry mainstay with serious clout, Wired’s Security corner is anything but an afterthought. Consistent updates and top-notch presentation make Wired essential reading, as do exclusive interviews with leaders or former greats in the security field (the profile on virus protection mogul turned gun-toting playboy lives long in the memory).

NSA Hacker Chief Explains How to Keep Him Out of Your System
Wired 01

09 Engadget

While widely respected for its product reviews (and quite appropriately so), Engadget is no Mary Sue when it comes to security. The weekly ‘B@d P@ssw0rd’ column is dedicated to infosec news, and the entire site is salt & peppered with the subject matter as part of a push to make their second decade of existence not just about reviews (although they are useful!), but also an examination of the relationship between us and our technology – how we are co-opted into a cycle of creation and consumption.

Why the war on VPNs is one Netflix can’t win
Engaged 01 01

10 Cnet

A leading comparison site in its field (much like we are with VPNs!), Cnet has long been the go-to resource for people from all over the world. While there is no clear ‘security section’ delineated on the site, Cnet does a solid job of covering infosec matters where appropriate, without overwhelming the less ideologically based areas of the site, keeping things as light as possible.

Hackers try to con the wrong mom. Knitting circle not the same
Cnet 01 01

11 Vice Motherboard

A prominent member of the online thought-o-sphere with decided anti-establishmentarian leanings (not that we mind!). The Motherboard adds a humanistic touch to the sometimes dreary, though still crucial, matters of privacy and online security. It’s not uncommon to see an article about NSA snooping next to a piece on poaching in East Asia – perfectly illustrating the depth of content and holistic outlook that more than qualifies Motherboard for our awards.

Pssst, Your PGP Is Leaking

Motherworld02 01 01

12 The Intercept

Billed as ‘fearless, adversarial journalism,’ it’s not as if the folks behind The Intercept shy away from controversy, or being recognized for doing things differently. Helping to publish the Snowden leaks, and providing further informative coverage of other whistleblowing campaigns, The Intercept marries true substance with a seemingly contrarian though no less conscientious attitude.

Spies In The Sky, Isreali Drone Feeds Hacked By British And American Intelligence

Intercept 01 01

13 Krebs On Security

After over a decade reporting for the Washington Post, Brian Krebs is now a freelance investigative journalist mainly covering cybercrime. He’s widely respected across the industry for his outspokenness and commitment to thorough research, and it isn’t tough to see why: "The world has no room for cowards. I wish more people had the courage to fail, to be wrong, to be ridiculed, and to stick by their guns.”

A Look Inside Cybercriminal Call Centers

Krebs02 01 01

14 Robert M. Lee

A fast-rising star in the infosec community, Robert M. Lee lives and breathes security when he has time to take a break from his PhD courses and numerous other engagements all over the globe. From groundbreaking work with the US Air Force to his inclusion in the Forbes 2016 30 Under 30: Enterprise Tech list, we’re keeping a close eye on Robert’s blog and his company, Dragos Security.

No, Norse is Not a Bellwether of the Threat Intel Industry but Does Hold Lessons Learned

Robertmlee 01 01

15 Tao Security

For the past 13 years (and counting), Tao Security has provided some of the most unique and profound cyberthreat-focused content around, thanks at least in part to owner Richard Bejtlich’s background in the military and private sectors. While balancing speaking, writing, and researching in addition to his role as Chief Strategist at security firm FireEye, Richard is also pursuing a PhD in Philosophy from King’s College in London. Posting is sometimes infrequent, but more than made up for by the depth and breadth of the analysis provided – and you can find more of Richard’s content via his Twitter account.

Seven Tips for Personal Online Security

Taosec 01

16 Google’s Online Security Blog

Google’s security blog makes it to our list because, well, it’s Google. On a more serious note, it makes little sense to ignore the security rumblings of a mass web monolith, not to mention one of the most influential companies that’s ever existed.

Google Security Rewards – 2019 Year in Review

Google 01 01

17 F-Secure

F-Secure Lab’s blog is run by the Finnish Security firm’s research team. Content is focused on both theory and practical application, with educational materials thrown in for good measure. While it might be a bit techy for some, there’s a reason F-Secure garner the respect they have in the community. Take a look at our review of their VPN service, or check out their site.

Crash Safari Goes Viral… But Why Not On Android

Fsecure 01 01

18 HD Moore

As one of the most famous ‘White Hat‘ hackers out there, HD Moore brings his love of ethical network penetration to the masses through his blog. The number of posts is relatively small and on the more technical side, but anyone interested even tenuously in hacking should keep tabs on Mr. Moore if they haven’t already.

Hdmoor 01 01

19 White Hat Security

White Hat Security’s blog is a smorgasbord of resources for ethical hackers. From appsec to infosec, think-pieces to whitepapers, extensive solutions are presented concisely with professionals in mind. Have a look for yourself, just don’t use the information you find with dark purposes in mind.

Whitehat 01 01

20 Dark Reading

One of the most-referenced infosec blogs in existence, Dark Reading appeals to working professionals industry-wide, though whether that’s on account of their breaking news content or their credo is up for debate. What’s clear, however, is that Dark Reading does a bang-up job of threading the needle between (in their words) ‘data protection and user access.’

Darkreading 01 01

21 Threatpost

An informative blog on the latest news and trends in security run by the crack team at Kaspersky Labs, Threatpost is a go-to source for all things relating to cybersecurity and privacy. When the NYT, NPR, WSJ, and a host of other publications reference articles repeatedly, it’s a safe bet to follow the people behind the content.

Java Serialization Bug Crops Up At PayPal

Threatpost 01 01

22 Securosis

Securosis take a refreshingly laid-back approach to presentation in a tech world marked by at times overwhelming snootiness. The site eschews hyperbolic statements aimed as pandering clickbait – instead focusing on a core business model of transparency from all angles of the digital privacy paradigm – whether that be on the professional or consumer side of matters.

Security is Changing. So is Securosis.

Securosis 01 01

23 Schneier On Security

A must-read for security professionals and those with a passing interest alike, Bruce Schneier disseminates information about privacy, cryptography, and state institutions, using an intersectional lens to view happenings on a macro level. As the inventor of the Blowfish cryptographic algorithm (since replaced by stronger options, such as AES), Mr. Schneier is an expert on both solving security vulnerabilities, and preemptively avoiding them altogether. In addition to writing blogs for publications such as CNN, Mr. Schneier is also a Harvard Law School fellow and a board member of the EFF.

Integrity and Availability Threats

Schneiersecurity 01 01

24 Darknet

It seems obvious that any blog with the motto: "don’t learn to hack, hack to learn,” is a valuable infosec resource – something that’s especially true for this cracking, hacking treasure-trove. The site is still going strong with a vibrant community of ‘ethical hackers’ looking to test and improve, rather than sadistically exploit, potential computer vulnerabilities.

MITMf – Man-In-The-Middle Attack Framework

Darkside 01 01

25 Errata Security

The team behind Errata Security bring their collective experience of penetrative network testing to bear in a quality resource. The blog is aesthetically spartan, but the dynamite infosec content is hard to match when it’s delivered in such a nuanced fashion.

How not to be a better programmer

Errata 01 01

26 Malware Don’t Need Coffee

Another one of the more techie customers in our 60 Infosec Blog Awards pantheon (forgive the obvious oxymoron), Malware Don’t Need Coffee is a no-frills affair primarily aimed towards coders. Laypeople might find the subject matter a bit too technical, and the site doesn’t do many favors for the design-minded, but posts are frequent and well-detailed.

CVE-2015-8651 (Flash up to and Exploit Kits

Kafeine 01 01

27 PerezBox

Tony Perez’s self-christened PerezBox blog merits inclusion on our list for its hard to pull off tripwire act – balancing weighty topics with personal weight-loss journeys, and everything in between. With that ethos in mind, it’s no wonder Tony manages to tailor his message to be relatable, even to the average user.


Perezbox 01 01

28 TrustedSec

David Kennedy’s security outfit is based on his idea that infosec should be accessible for everyone – with emphasis on consumers, not just security pros. Trusted Sec’s blog (get your mind out of that gutter), falls right in spirit with the company’s mission by conveniently rolling out posts in both blog format on their site, and via podcast in iTunes.

Security Podcast Episode 32 – LastPass, AdBlock Blocked, RSO, FireEye, MSN, AMX, Spam
Trsutedsec 01 01

29 Security Weekly

Security Weekly aims to encourage an interest in IT security as a free resource. Their appealing, to-the-point discourse on complex infosec material falls right in line with founder Paul Asadoorian’s emphasis on tempering heavy subject matter with entertainment.

Security Weekly #448 – The Vulnerability Management Maturity Curve
Securityweekly 01 01

30 Red Seal

The security blog over at Red Seal checks all of the important boxes – research, application, preemption – and makes the most of the company’s involvement with over 200 of the Global 2000 organizations. Red Seal counts the US DoD as a client and has been referenced in the Huffington Post as well as multiple other publications with content ranging from lifestyle advice to security.

2015 Alamo AFCEA Chapter Event (ACE) Speakers Focus on Solving Root Causes of Cybersecurity
Redseal 01 01

31 Naked Security

Sophos’ security blog is highly regarded in both the professional and public spheres, consistently winning awards. It’s not hard to see why, with comprehensive coverage of all things security-related and a neat, appealing format. Naked Security is only perceivable as naked if you interpret that as lifting the veil off complicated topics with anything but trite insight.

Adblocker blockers move to a whole new level
Ns 01 01

32 Safe & Savvy

Another superb offering from the aces behind F-Secure, the Safe and Savvy blog makes the theoretical digestible to the less technically-minded among us. Expect plenty of security tips, privacy developments, and cloud storage news, in addition to a nifty PrivacyChecker tool. This gives visitors a peek into their digital footprint, along with the expected plug for F-Secure’s own FreedomePrivacy tool. This feels useful rather than gimmicky, however, prioritizing education over whether a visitor uses their products.

Saceandsavy 01 01

33 Electronic Frontier Foundation

EFF provides an activist-centric blog with updates surrounding the fight for digital rights. Applying a further critical lens is applied to the quest by many netizens for open access, by carefully looking at the bumping of heads between activists and the lawmakers and enforcers desire for control and restriction (often prescribed by the very nature of the office they happen to hold, as opposed to common sense).

Stand with Diego. Support Open Access.
Eff 01 01

34 Securelist

Billed as a place for Kaspersky Lab experts to share their findings and opinions, Securelist is a more technical take on matters than the aforementioned ThreatPost (also run by Kaspersky Labs). As a result, Securelist is more focused on professionals and should be considered as such.

From Linux to Windows – New Family of Cross-Platform Desktop Backdoors Discovered
Securelist 01 01

35 Spider Labs

Trustwave’s lab security blog echoes the organization’s international presence, which includes an impressive collection of close to 50 patents. This 26-year-old data protection establishment hasn’t lasted this long by accident – rather as a product of know-how and application, and a satisfied clientele list that keeps the company humming.

About CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation
Sp 01

36 HOT for Security

Bitdefender’s blog includes posts from other notable members of the2016 ProPrivacy awards list, including Graham Cluley. HFS is also one of the most visually appealing blogs we came across, with layout and design making the information you need easy to find, and keeping casual browsing engaging without the need to scroll down a long page endlessly.

Four in 10 employees share job passwords with family members
Hotforsec 01 01

37 Zero Day

An offshoot of CNET, ZDNet provides intelligence and news to IT pros and savvy consumers, regardless of what stage in the purchasing cycle the latter find themselves. ZDNet’s Zero Day security blog skips the product reviews offered by its sister-site, instead opting for emerging news and trending topics, with heavy doses of pertinent analysis from South Africa to Scandinavia – and everywhere in between.

EU, US Strike New data-sharing pact in effort to allay surveillance concerns
Zdnet 01 01

38 CIO

CIO’s blog is a glut of current infosec developments with a very inclusive view of security. Operating in an overstuffed, alarmist realm often plagued with doomsday predictions, the CIO blog is pleasantly pragmatic – you’re just as likely to find a piece on STEMdegree value as a write-up of the latest malvertising schemes.

Startup mimics security analyst’s decision making, learns from humans
Cio 01 01

39 Simply Security

The Simply Security Blog from TrendMicro is an excellent example of a properly maintained company security blog, with regular updates and topics that range from the Cloud to IoT, encryption to financial services. Simply Security also has built-in website translation for over 15 countries – a sometimes overlooked, yet no less impressive, feature.

So You Want to be a Cybercrime Superstar?
Trendmicro 01 01

40 VeraCode

VeraCode’s blog brings to light thoughts and opinions from some of the best in the appsec field. Partnerships with Fortune 100 companies in addition to other security agencies mirror the forward-gazing approaches that dominate their posts, with a philosophy that values futurism over complacency. Happy birthday and here’s to another ten years, VeraCode!

How AppSec Fits into an Information Security Program
Ver 01

41 Akamai

Yet another global player on the security scene, this cloud provider’s blog is a solid lead for all things infosec. Those interested in Cloud security should definitely add this offering to their bookmarks and browse through the regular, informative postings.

Changing the Rules of the Game
Acamai 01

42 Carbon Black

The endpoint security specialists at Carbon Black run their blog with aplomb, from design to execution – perhaps explaining why they’re partnered with everyone from Nissan to Major League Baseball. Particularly worth a look is its superb vlogs and security news roundups from the wider community.

#BENVLOG 2.0: How to Actually Use "Visibility”
Carbonblack 01

43 FireEye

From a leader in the threat prevention business, FireEye’s security blogs offer over and above the usual fare (there’s three of them, for starters). The blog-hydra is conveniently subdivided into ThreatResearch, Products and Services, and Executive perspectives; each of which is updated with the same care, illustrating the firm’s equal respect for consumers, professionals, and infosec nerds alike.

For State and Local Governments, Cyber Compliance Doesn’t Guarantee Security
Fireeye 01 01

44 flyingpenguin

Poetry and infosec aren’t normally terms you’d group together, but FlyingPenguin shows that security can in fact serve the same role for IT that poems do for language. Once you’ve taken a step back to consider that function without regard for form is somehow hollow, and that many people view poetry with the same yawning blasé-tude that they do security, it does sound, erm, rather poetic.

US Restitution for Wartime Internment of Japanese-American Civilians

Flyingpinguin 01 01

45 Securing The Human

The SANS blog is an expansion of their status as one of the world’s largest security certification bodies. With SANS, training is a constant process, not one that stops with the smiles and a piece of paper (online cert). Their expert coaches also recognize that limitations on learning are necessarily time-induced and, therefore, require constant prompting and updating to perform optimally – like a computer, no?

A Primer on Risk and Security Awareness
Secthehuman 01 01

46 Social Engineer

SE is the topic du jour every day at the Human Hacker blog. While updating isn’t as routine as some of our other awards entries, the clever approach of combining human roles in order to determine to what extent security works (or doesn’t work), warrants giving HumanHacker a spot.

Hello Barbie. The doll that REALLY listens
Humanhacker 01 01

47 HolisticInfoSec

Russ McCree’s approach to infosec is certainly broad, and though some novice users might be overwhelmed, there’s a reason he’s won awards. Never afraid to get into weighty detail on weighty topics such as ‘how to use IT tools like a boss,’ it’s little surprise that his page garners such high esteem and ample views. Keep up the great work!

toolsmith #112: Red vs Blue – PowerSploit vs PowerForensics
Holistic 01 01

48 Carnal 0wnage

If the title above didn’t scream (gamer!) at you, it’s likely you don’t indulge in the popular thumb workout that’s taken the past several generations by storm (yes, motion sensor and VR tech exists, but be real and admit it won’t replace controllers for a year or two, at least). Hardcore gamers and enthusiasts with an interest in attack and defense protocols down to the detail should definitely head here.

Thoughts on the skills shortage

Carnal 01

49 Southern Fried Security Podcast

It might be more of a podcast than a blog in the strictest sense, but the SFSP crew brings the heat every time. The facetious title aside, the podcast hopes to bridge the divide between ivory tower infosec and common understanding.

Episode 172 – Security Awareness Deep Dive
Southern 01 01

50 WikidBlog

Wikid is a firm providing 2FA solutions and general security news, as well as password-centric analysis pieces and company updates. The Georgia firm has been one of the best in the 2FA business for a splendid near decade-and-a-half.

End of Life for McAffee one-time password
Wikid 01 01


The security blog over at Red Seal checks all of the important boxes – research, application, preemption – and makes the most of the company’s involvement with over 200 of the Global 2000 organizations. Red Seal counts the US DoD as a client and has been referenced in the Huffington Post as well as multiple other publications with content ranging from lifestyle advice to security.

Risky Business #395 — Alex Stamos on Juniper-gate, SHA-1 and NSA surveillance
Riskybusiness 01 01

52 Hogan Lovells LLP

A merger between a major British law firm and its American counterpart, Hogan Lovells is among the top legal avenues for cybersecurity needs. Their transatlantic partners have been honored with prestigious Chambers Guides Awards and numerous cases for clients such as HSBC, Future of Privacy Forum, and the US Chamber of Commerce.

"Recent Updates to DFARS Cybersecurity Rule .”
Hogan 01 01

53 Morrison Foerster

Our second featured law firm is also ranked highly in Chambers for cybersecurity, and it isn’t a stretch to say that the self-professedly techie law firm would be top-of-the-line litigators when it comes to who the tech industry behemoths like Adobe, CVS, and LexisNexis want to hire. Four Californian offices, with one in D.C.and one in NYC, show MoFo’s marked focus on tech litigation beyond privacy – from patent law to Venture Capital.
Mofo 01 01

54 Lucius On Security

Indian Security Guru Lucius Lobo shares his knowledge from years spent serving clients of all different backgrounds throughout the world for TechMahindra. Besides the usual (and highly important)infosec information you’d expect to find, Mr. Lobo has a dedicated page for child-safety tutorials – an issue which the entire infosec community should be paying more attention.

Swatting airports helpdesks diverts the attention of anti-terror forces on the Indian Republic Day

Lucius 01

55 Security Bloggers Network

The Security Bloggers Network is essentially a portal to many of the blogs listed in our ProPrivacy awards, but still worth a browse if you’re looking for some further reading – perhaps for some blogs that didn’t make it onto our list. A convenient way to peruse new content, the SBN feed pulls posts from other infosec blogs into one concise RSS feed. The best part isn’t even live (but should be rolled-out soon) – sub-feeds will aggregate security news even more conveniently, by categorizing posts into a tidy list of sub-feeds: news, malware, hacking, corporate security, independent blogger. SBN is a promising enterprise, and we’re excited to see what the balance of this year brings for this final entry – as well as the other 54 before it.

A final caveat: this blog was intentionally placed in the rearguard, but solely on account of its scale and function. Fair, but where’s the post you guys enjoyed? This was supposed to be ProPrivacy’s 55 inimitable, unparalleled, splendiferous, better-than-the 'other' infosec blog awards list, with a recommended post for each? 

Well, since SBN is more of a portal than a content producer, it seemed logical to include it in our Privacy Guide (warning: it’s quite long, almost 13,000 words) - for a solid example of our company’s unwavering support for online privacy and security. Go ahead, it’s only three times the size of this article!

Anything you disagreed with? Perhaps we missed an entry, or (internet-gods forbid) misrepresented something, anything! It's by no means our wish to insult or offend any blog owner, writer, overseer, or otherwise, in any way. Please let us know of any mistakes in the comments section below, and happy reading-till-your-eyes-can't-focus and the floaty white things appear in your field of vision, in which case it might be time to take a well-deserved screen break.

(Well done! You made it through the post! Phew!)

Secbloggersnetwork 01


Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 


There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service