If only a Top InfoSec Blogs list could stand the test of time… Unfortunately even the best blogs come and go. We’re here to help keep you current, with an updated list of our favorite cloud and security blogs from 2015. We looked for blogs that not only post well-researched and in-depth articles, but also publish regularly so you can rely on their expertise to keep you up to date with the latest news.

The top 20 list covers the whole gamut of cybersecurity roles and experience. The authors range in profession from researchers to enterprise practitioners. Some make complex topics relatable and easy to understand, and others cater to experienced technical professionals. All, however, provide cogent information on timely topics in the industry. Following any number of them will keep you informed on the latest developments in InfoSec.

Without further ado, here are the top cybersecurity blogs of 2015 that regularly address cloud security:

Down the Security Rabbithole

The hosts on this podcast take a business-first perspective on the world of information security, mixing color commentary with spot-on technical analysis. The topics range from current events in InfoSec to deep dives on specific programs like cyber insurance and boardroom presentations.

The Cloudcast

This award-winning podcast features frequent guest appearances from security practitioners to add thought-provoking input. The hosts focus on subjects like AWS, DevOps, SaaS, and SDN.

Krebs on Security

The source for breaking news on data breaches and vulnerabilities, Brian Krebs’ site publishes world-class investigative journalism on cybersecurity. Krebs dives into the dark underbelly of cyber crime, exposing hackers and irresponsible enterprise security alike.

Schneier on Security

Bruce Schneier made his name as a cryptographer and has become one of the authoritative voices on encryption and its modern application. He is not limited to encryption, however, having branched out to discuss the future of information technology, security education, and regulatory policy around sensitive data.

Security Weekly

Paul Asadoorian’s blog is a one-stop shop for catching up the latest news in cybersecurity. Not only does he publish a news show at least once a week, but he also features an all-star cast of security researchers as guests.

Troy Hunt

Troy runs a service called “Have I been pwned?”, in which users can submit their username to cross reference with (as of writing) 254,850,240 compromised accounts. He’s also a security education enthusiast, having authored a catalogue of course work on ethical hacking and securing applications. His blog offers the best of both worlds from the security architect and hands-on hacker perspectives.

Securosis Blog

Rich Mogull is rightfully one of the preeminent names in enterprise security, with twenty years and counting in the business. Most importantly, he never hesitates to go against conventional wisdom or dispel FUD. His no-nonsense approach is especially prescient on emerging technologies and industry evolution.

Roger’s Information Security Blog

If you want to avoid falling victim to a phishing attempt taking the form of a LinkedIn private message or similarly ingenious maneuvers, keep up with Roger’s blog. He shares tips on everything from AWS to everyday workplace security on what may be the longest tenured blog on this list – active since 2004!


Xavier is your man on the ground for unfolding storylines like the yearly Black Hat conference and the age-old clash between developers and security professionals. He provides line-by-line steps for enforcing security policies, including a post on how to keep an eye on Windows administrators, an often-ignored but crucial area of securing data in business applications.


An international perspective can help security professionals better understand the global threat landscape, and it is absolutely essential for global organizations with offices on both sides of the Atlantic. Brian Honan leads a team out of Ireland writing on what they see as the top security trends facing organizations.

Dan Kaminsky’s Blog

Dan is well-respected security researcher with over a decade of experience, which includes stints advising several Fortune 500 companies. His blog features extremely in-depth coverage of the vulnerabilities in technologies that we use on a daily basis. His status as a researcher gives him access to exclusive interviewees from organizations such as the NSA.


This blog focuses on security awareness – the best way to help your users help you improve organizational security. Expect practical advice on recognizing phishing attempts, guides to regulatory requirements, and best practices for selecting a password.

Emergent Chaos

This blog eschews any tendency for dry InfoSec writing, with a concerted effort to explain cybersecurity principles through metaphor. “The Security Principles of Saltzer and Schroeder,” explained through Star Wars analogies, is a great place to start.

Security Thinking Cap

What holiday gift guide offers advice for selecting both the perfect monitor display and method of cloud deployment? Eric Vanderburg offers cogent analysis on top of mind challenges for IT staff.

All Things Distributed

Amazon CTO Werner Vogels needs no introduction. The cloud computing visionary takes to his blog to share thoughts on the industry and updates on the latest innovations from Amazon’s public cloud business, AWS.


EMC VP of Technology Randy Bias is a prolific speaker on cloud and IT infrastructure, and his reputed thoughts are available to all on his blog. He posts generic commentary on cloud computing, as well as vendor-specific analysis.


With a career in IT security in the financial services industry behind her, Sarah Clarke now focuses on educating the security community. Infospectives is rare in specifically calling out governance, risk, and compliance (GRC) as a topic, with coverage of third-party security and risk management.


A frequently asked questions section for cybersecurity sounds too good to be true. Lee Munson’s UK-based blog delivers highly-relatable yet thorough material, making it the perfect blog to share with employees.

Privacy Professor

Security and privacy expert Rebecca Herold posts on wonderfully specific topics, from insider threat to keeping sensitive healthcare data secure. Her focus on privacy will only become more relevant in the security world as companies move to address EU data regulations.

Idoneous Security

Having led enterprise security research at 451 Research for four years until joining the Retail Cyber Intelligence Sharing Center in 2015, Wendy Nather’s blog is particularly aligned with the security challenges that large organizations are worried about. Think risk management and compliance. At the same time, Wendy’s writing can be hilarious: you won’t find the phrase “Depasaurus Rex” in every cybersecurity blog.

Vendor Blogs

With unique data, research, and insights into the industry, these vendor blogs rival those of top security experts.

Naked Security by Sophos

This blog has something for every security fanatic’s taste with its prolific output. Not only does the blog cover high-level topics, but also specific nuanced elements of InfoSec risk, like the Europol vs. Ramnit botnet and the terms and conditions of social media services.

Simply Security by Trend Micro

Simply Security covers breaking news, practical security guides, and everything in between. It’s also the only security blog to illustrate threats with canine actors in their “PAWtector” series.

Open DNS Blog

Original research and interesting interviews of security practitioners make OpenDNS’s blog an excellent resource. This is a perfect blog for the data enthusiast, with a post on applying sound wave technology to security data science. Every security professional will appreciate their “CONprehensive Guide to the World of Security Events.”

Malwarebytes Unpacked

Malwarebytes keeps you up to date on the latest malware and phishing techniques. Readers get an exclusive insight in how malicious software affect companies, celebrities, and software. They also publish a weekly digest of security news, so you won’t miss a headline.

The Art of Data Protection by SafeNet

Thoroughness is the hallmark of this blog focused on data security in the enterprise. They take on the difficult topics in securing users, like supporting BYOD and limiting damage from compromised credentials. “The Art of Data Protection” is a helpful asset for those struggling with the day-to-day challenges of implementing security.

Cloud Adoption & Risk Report

Based on usage data from over 23 million users, the definitive resource on cloud usage trends and risks.

Download Now