Akamai Diversity

The Akamai Blog

Blogs From Akamai's InfoSec Team (Updated)

Akamai's InfoSec team does a lot of blogging, both on the company site and in personal, security-oriented blogs where they offer opinions that are theirs and not always their employer's. What follows is a directory of who is blogging and where. I'll update the list as more examples come to my attention, but for now I hope you'll check out these sites. In a future post, I'll point you to InfoSec staff on Twitter and other social networks.

"Liquid Matrix" is overseen by Akamai Security Evangelist Dave Lewis. A cast of talented security professionals contribute podcasts, features, etc.

"The Security Penguin," written by George, the Penguin of Awesomeness and spokesman for Akamai InfoSec.

"Andy Ellis > Protecting a Better Internet," written by Akamai's chief security officer. His most recent post dealt with the complexities of DNS reflection defense.

"Zen of security," by John Ellis, Akamai's enterprise security director for Asia Pacific and Japan. He also blogs for CSO.

"The Guerilla CISO," by Akamai CSIRT Director Michael Smith, known in the blog as "rybolov." This is a group blog he is in charge of. Topics range from the strategic (cyberwar, pending legislation, and public policy) through the operational (NISTs Framework for FISMA) to the tactical (penetration testing, forensics, vulnerability scanning, and security engineering). 

Akamai Security Evangelist Martin McKeay has two sites that rose to popularity long before he joined the team. There's the page for his "Network Security Podcast" and his "Network Security Blog."

Akamai Chief Security Architect Brian Sniffen has a site called "Sniffen Packets," which extends beyond security into such topics as travel and religion.

Akamai Senior Systems Engineer Larry Cashdollar has a site called "Vapid Labs Security Research." It's not necessarily a blog. In fact, the page takes you to a stream of code. Larry explains: "I wrote the web server running there in C when I was experimenting with 'attack aware' ideas in the late 90's.  Embedded in the fake public pgp block are links to security vulnerability advisories I've written and exploits. If you try hitting a link like http://vapid.dhs.org/;id>/tmp/p; it will log it as an attack and display a funny message."

Josh Corman, our director of security intelligence, has one called "Cognitive Dissidents." Josh takes the philosophical approach here, tackling issues of consequence that are often poorly understood and/or obfuscated by FUD. One of the standouts for me was a series of posts he authored with Brian Martin of Attrition.org on "building a better Anonymous."

Then there's the blog of Akamai security researcher Christian Ternus, "Adversarial Thinking." He'll soon be writing in the Akamai Blog as well, and his latest post about InfoSec's "jerk" problem is a must read.

I'll end for now with my own blog, The OCD Diaries. It's not a security blog, but I do occasionally cover issues affecting the InfoSec community -- including job-induced depression and how we humans talk to each other, for better or worse.

5 Comments

That's a comprehensive list, thanks for compiling it. I'll use this post every time I am asked which blogs to follow! :)

Topics range from the strategic (cyberwar, pending legislation, and public policy) through the operational (NISTs Framework for FISMA) to the tactical (penetration testing, forensics, vulnerability

. I'll update the list as more examples come to my attention, but for now I hope you'll check out these sites.

"I wrote the web server running there in C when I was experimenting with 'attack aware' ideas in the late 90's. Embedded in the fake public pgp

. Topics range from the strategic (cyberwar, pending legislation, and public policy) through the operational

Leave a comment