If you work in cybersecurity, you already know about the ongoing talent shortage. According to YahooNews, the US has over 714,500 job openings for information security professionals. 39,000 cybersecurity jobs go unfilled each month.
Whether you're a career changer, currently working in cybersecurity, or an aspiring CSO/CIO, you have the leverage over prospective employers. You could potentially demand up to a six-figure salary from your employer.
But what if you are not landing the jobs you are interviewing for? Or what if you have a cybersecurity job but don't have the time for continuing education? To make those big bucks, and to stay sharp in your career, you have to stay current with competitive cybersecurity skills.
To help you develop your skills, we have rounded up some of the best-of-the-best in cybersecurity podcasts, blogs, and social media accounts. These cybersecurity resources will not only help you upskill, but they are also free for the taking.
Overview of the Cybersecurity Skills Gaps
Cybersecurity industry jobs saw 350% growth between 2013 and 2021. And there are over 1 million cybersecurity professionals in the US. Yet, many professionals struggle to find a job— what gives?
Employers have become pickier than ever before. They want more up-to-date skillsets, out-of-the-box thinking, and unexpected yet intriguing work experience.
All this has resulted in a strange world where tons of jobs are open, yet no one seems to be hiring. That is, you may not find a job unless you have the following highly-desirable cybersecurity skills.
Do you have a niche information security skillset? Have you worked on a unique project that your peers have not? If you answered 'yes' to both of these questions, you probably work in cybersecurity already.
Cybersecurity industry recruiters are not just looking for run-of-the-mill professionals anymore. The industry landscape is constantly shifting. And employers want workers who stand out in their ability to shift with it.
Having a Bachelor's degree is no longer enough if you want to land the best cybersecurity jobs. Even a graduate degree may not be enough these days. That is because employers value certifications now more than ever.
For example, people looking to fill the most in-demand roles with the highest earning potential must have a CISSP certification. This globally-recognized credential shows prospective employers that you have the skills and hands-on experience necessary to succeed and thrive.
IIT jobs used to be the ultimate haven for introverts. You could go an entire day without speaking to a human. So, why would you ever need to work on your people skills?
These days, cybersecurity professionals need these soft skills. Soft skills like communication and presentation skills are particularly important for career changers and individuals who hope to become executive leaders.
The Best Cybersecurity Podcasts
By now, you may be wondering: 'how exactly do I obtain the above skills? Do I have to go back to school? Do I have to undergo some expensive and time-consuming cybersecurity boot camp?
The answer to the latter two questions is no. You can gain most of the skills you need for free. You just need to know where to look.
For example, cybersecurity podcasts contain a wealth of knowledge from industry experts and information security employers. Here are the top 10 (plus two honorable mentions) that you should be listening to.
Risky Business (styled as Risky.Biz or just Risky Biz) is the oldest cybersecurity podcast around and one of the oldest podcasts, period. Founder and host Patrick Gray leads the weekly hour-long episodes.
This is the podcast for you if you want daily information security and hacking news, interviews with industry professionals, and commentary on industry trends.
Getting Into Infosec
Getting Into Infosec is the podcast for cybersecurity career changers. Hosted by cybersecurity entrepreneur Ayman Elsawah, this podcast exclusively features interviews with real-life individuals who made a career pivot into the cybersecurity industry.
7 Minute Security
7 Minute Security is a weekly podcast that Brian Johnson hosts. Johnson has 15 years of experience in the IT and cybersecurity industry.
This podcast helps listers learn everything from landing jobs to building cybersecurity careers. Especially great for niche experts, this podcast gives special focus to penetration testing and blue teaming.
Every Monday, Unsupervised Learning puts out a bite-sized 15-minute long podcast perfect for busy listeners. This podcast is worth tuning into just for the host himself, Daniel Miessler. Miessler is one of the most well-known cybersecurity experts in the world.
Unsupervised Learning mostly covers news and major hacking stories. But Miessler also infuses episodes with his in-depth industry experience and research to predict trends and the future of Infosec.
CyberWire posts episodes every weekday. The Host, Dave Bittner, is a former media professional who pivoted into cybersecurity in 2015. Also, in 2015, he founded CyberWire, which is now the #1 cybersecurity podcast in the world.
One of the reasons we think you will love this podcast is that it includes interviews with industry experts and researchers. It also offers a global perspective, perfect for professionals looking for work outside of the US.
Down the Security Rabbit Hole
Down the Security Rabbit Hole comes out every Tuesday. Host Rafal Los (of GE, HP, Optiv, and Lightstream) and co-host James Jardine discuss cybersecurity issues in healthcare, cybersecurity regulations, and SMB vulnerabilities.
This podcast was designed to listen to while you work, so you will not have to worry about NSFW content.
BarCode is the after-work podcast you need for your drive home. These once-weekly 45-minute episodes feature host Chris Glanden casually talking about the industry with his bartender.
Technovation is a 25-minute bi-weekly podcast brought to you by former Forbes columnist Peter High. High has over 20 years of experience at Metis Strategy, a consultancy firm connecting tech leaders to businesses.
This podcast is particularly excellent for spring CTO/CIO/CSOs. High conducts interviews and has conversations with the industry's top executive leaders, in which they talk about tech trends and how to be more innovative.
Dr. Johannes Ullrich of SANS Technology Institute is also the founder of the SANS Internet Storm Center and DShield. His podcast is unique because its sole purpose is to keep you abreast of cybersecurity networking events.
Trust Me, I'm Certified
Another SANS Institute veteran, Jason Nickola founded 'Trust Me, I'm Certified' in 2017. This podcast is also unique because it focuses on the mental side of IT work, including overcoming imposter syndrome.
Hosted by Neal Bridges, CISO of Query.AI, Cyber Insecurity is a weekly livestream dedicated to all things cybersecurity.
Honorable Mention: Malicious Life
Malicious Life is a once-weekly, half-hour podcast produced by Cybereason and hosted by Ran Levi.
The reason this podcast made our honorable mentions is that it is light on the tips but very heavy on the cybersecurity history.
Honorable Mention: Smashing Security
Smashing Security is on every infosec professional's list of favorite podcasts. It airs every Wednesday for about an hour. Hosts Graham Cluley and Carole Theriault entertain listeners with humorous takes on the latest industry news.
This podcast is great for industry newbies, but vets may find the topics a bit surface-level and mundane.
The Best Cybersecurity Blogs
Podcasts are a great way to fit educational content into your busy schedule. But the limited airtime means hosts can not always fit in everything they want to talk about. That is where blog articles come in.
Have a little extra time on your hand? Then here are ten cybersecurity blogs you need to add to your daily reading list.
We Live Security
We Live Security provides cybersecurity news and research insights. Plus, the blog has a forum section where industry professionals share opinions, findings, and tips.
Signal Magazine is the official publication of the AFCEA. The online blog features articles on cybersecurity, defense, homeland security, and more. This blog is especially great for military/defense cybersecurity professionals.
Troy Hunt's Blog
Troy Hunt is Microsoft's Most Valuable Professional. He has made a career out of training technology professionals. Now, teaches online and cloud security as well as cloud development via his personal blog.
Daniel Miessler's Blog
You may also recognize Daniel Miessler as the host of the Unsupervised Learning podcast. His blog is another excellent resource for aspiring and current information security professionals.
IT Security Guru
IT Security Guru offers daily and breaking news articles. It also features case studies, research and industry analyses, and free online webinars.
Infosecurity Magazine's blog has the cutting-edge cybersecurity content industry professionals need to stay up-to-date. This website also has free webinars, whitepapers, and online conferences.
CSO Online is a blog covering all things security and risk management. The writers of the blog target IT management professionals, making this resource ideal for current and aspiring leaders.
Sophos' Naked Security is repeatedly named on lists of the best IT security blogs. The UK-based company publishes news about system bugs, updates, breach events, and much more.
Dark Reading is one of the most popular blogs for cybersecurity industry professionals. It shares industry trends, threats, tech vulnerabilities, and scary stories that will keep any cybersecurity professional up at night.
Another great resource for tech/security leaders, CIO Magazine's blog looks at cybersecurity from a business standpoint. You will also find future-looking trend roundups as well as the latest on the industry's talent war.
Honorary Mention: The Hacker News
The Hacker News features the latest industry updates and future trend reports. It is a bit light on the practical advice. Yet, with 8 million readers per month, this blog is clearly doing something right.
The Best Cybersecurity Twitter Accounts
So, you do not have enough time on your hands to listen to a full podcast or read an entire article. Who does these days? That is why Twitter's bite-sized posts are so popular.
Follow these cybersecurity social media accounts for the latest cybersecurity tips and IT industry news in 280 characters or less.
Maddie Stone is a Google Project Zero security researcher. Catch her on Twitter, dropping education on bugs and zero-day discoveries.
Florian Roths' Twitter account is a gold mine of both re-tweeted and original gems. Topics on his feed include cyber threats news as well as threat detection tips and cybersecurity tools.
Catalin Cimpanu previously worked as a cybersecurity reporter. Now, she writes the newsletter for Risky Business, which you may recognize as one of the podcasts we referenced above.
On her Twitter, Cimpanu provides learnings from the latest breaches around the world.
Kostas is a DFIR Report analyst. He publishes recent threat reports and detection tips on his highly entertaining and educational Twitter feed.
Thomas Rid's Twitter is a great place to be for government cybersecurity professionals. After all, Rid is the founding director of and a professor at Johns Hopkins University's Cybersecurity Studies institute.
As an expert on political cyber attacks, disinformation, and cybernetics, Rid is constantly dropping niche nuggets of knowledge through his account.
Peerlyst is a website that hosts a forum where cybersecurity experts drop knowledge and advice. For a curated roundup of forum posts, follow Peerlyst's Twitter account.
This is the Twitter account of the website malware-traffic-analysis.net. It is the account to follow if you are looking for deep insights into the malware space.
Kaspersky Lab does research and analysis in the cybercrime space. On its Twitter account, the Lab constantly drops new findings that no industry professional wants to miss.
This is the Twitter account of Pierluigi Paganini, who is the founder of the Security Affairs blog and website. You will love this account because Paganini tends to post meaty content that is chock full of education, tips, and insider tricks.
Honorable Mention: @FedScoop
FedScoop is a magazine offering news on US cybersecurity regulations. You can find the best of their headlines on their Twitter feed.
Subscribe to Our Newsletter
Honing your cybersecurity skills is essential to winning the cybersecurity industry talent war. Keep this guide handy next time you are looking for a free way to up your information security skillset.
Looking for more educational resources to help boost your cybersecurity career prospects? At BitLyft, we specialize in training the world's next infosec leaders.
Sign up for our newsletter to receive all the latest in all things cybersecurity.