- Securing Things Newsletter
- Posts
- Top IT, OT/ICS & AI Cybersecurity Newsletters - You can't go without
Top IT, OT/ICS & AI Cybersecurity Newsletters - You can't go without
[Securing Things by M. Yousuf Faisal]
M. Yousuf Faisal
September 16, 2024
In partnership with
Disclaimer: All views presented here, in this newsletter, are my own.
Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.
version 2: Updated on 26-09-2024. Few newsletter authors responses added.
Table of Contents
Hi Securing Things Community,
A common question and concern that comes up often in conversations with tech and cybersec professionals is:
"How to stay up-to-date with what's happening in the world of cybersecurity?"
In this newsletter edition, I’ll be covering my top IT, OT/ICS, & AI Cybersecurity newsletters - You can’t go without - especially if you are in or related to cybersecurity industry. In addition some updates, some of my most viewed social media posts (in case you’ve not seen), sponsors message and my asks.
Special Message:
Before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care and keep me motivated to publish more. Thanks!
Note: remember to validate your email address to ensure that you don’t miss any future newsletter editions.
In today’s fast-paced digital world, staying on top of cybersecurity trends is no longer optional—it’s essential. With threats and innovations evolving daily, having up-to-the-minute insights can keep you ahead and your organization secure. A well-curated cybersecurity newsletter is your go-to resource for staying informed.
But with so many newsletters and blogs out there, how do you know which ones are truly worth your time? I’ve curated a list of top newsletters that stand out for their quality, relevance, and impact—perfect for both seasoned pros and those just starting their cybersecurity journey.
Here’s a list of my top IT, OT/ICS & AI Cybersecurity newsletters (per category) along with their description of what they are about and relevant authors:
Cybersecurity Ventures | Investments | Industry | Strategy
In this category am including few top newsletters I find it very interesting that covers cybersecurity ventures, investments, industry, products and strategy:
Newsletter Name | Newsletter Brief | Newsletter Author(s) |
|---|---|---|
Strategy of Security strategyofsecurity.com | Shape the cybersecurity industry. Combines cybersecurity's most valuable stories, ideas, and data to find insights that help you win. | Cole Grolmus |
The Software Analyst softwareanalyst.substack.com | A newsletter focused on the analysis of software companies within cybersecurity and data infrastructure (AI/ML). | Francis Odum |
The Cybersecurity Pulse (TCP) www.cybersecuritypulse.net | The go-to source for the latest in security product innovation. | Darwin Salazar |
Return on Security returnonsecurity.com | Save hours of research with a weekly review of the cybersecurity market & the economics behind it in 5 minutes. | |
The Security Industry stiennon.substack.com | All things cyber security. Researching 3,753+ vendors. | Richard Stiennon |
Venture in Security ventureinsecurity.com | Helping security practitioners, entrepreneurs, investors & executives build future of cybersecurity. | Ross Haleliuk |
Checkout Securing Things newsletter editions —> specific to Getting started in IT & OT and Industry experience and insights.
IT / AI Cybersecurity - Misc. Topics
In this category am including few top newsletters I find it very interesting that covers misc. IT (App Sec, Cloud, DevSecOps) and AI Cybersecurity topics (in no particular order):
Newsletter Name | Newsletter Brief | Newsletter Author(s) |
|---|---|---|
Resilient Cyber resilientcyber.io | Cybersecurity, Appsec, DevSecOps, Cloud, & Software Supply Chain Security. | Chris Hughes |
Unsupervised Learning danielmiessler.com | SECURITY | AI | MEANING: One security-minded AI builder's continuous stream of original ideas, analysis, tools, & mental models on how to build a successful & meaningful life in a world full of AI. | Daniel Miessler |
tl;dr sec tldrsec.com | Best tools, blog posts, talks, & resources for free every Thursday. | Clint Gibler |
Latio latio.tech | Help organizations find best security tools. | James Berthoty |
The Weekend Byte weekendbyte.com | Your weekly cybersecurity & AI round up. | Jason Rebholz |
Cyberviser www.cybervizer.com | Globally Ranked Thought Leader for Security & AI. | Mark Lynd |
Deploy Securely blog.stackaware.com | A source for actionable tips for managing risk related to Cybersecurity, Compliance, and Privacy, when leveraging AI. | Walter Haydock |
Checkout Securing Things Newsletter editions —> specific to Misc. IT & AI Cybersecurity topics.
OT/ICS or Industrial Cybersecurity - Misc. Topics
In this category am including few top newsletters I find it very interesting that covers OT/ICS or industrial cybersecurity specific topics, news, notes etc.:
Newsletter Name | Newsletter Brief | Newsletter Author(s) |
|---|---|---|
My ICS Security: Friday News & Notes friday.dale-peterson.com/signup | Gathers the most interesting & important ICS security items from past weeks, adds a few comments every Friday. | Dale Peterson |
Guarding the Gears utilsec.ck.page | A weekly newsletter with a few practical items from the previous week. Items include my top post, my favourite video or podcast and article. | Mike Holcomb |
Checkout Securing Things Newsletter editions —> specific OT/ICS or industrial cybersecurity.
I reached out to all authors (some I can’t reach), I got few generous replies (and few declined understandably) on the following questions. This is what the authors have to say about their newsletter journey.
1. How has Return on Security evolved?
The initial vision of Return on Security was to solve a problem I personally faced—keeping track of cybersecurity companies coming out of stealth, raising funds, and getting acquired. I wanted a better understanding of the cybersecurity landscape, and there just wasn't a concise, digestible resource available (free or otherwise), especially from the perspective of someone actively working in cybersecurity. Over time, Return on Security evolved based on subscriber feedback and my interests. While it started as a resource for cybersecurity leaders, I soon realized that founders, investment bankers, marketers, and VCs also needed this information. So, I expanded it to cover the entire 'cybersecurity economy.' A big moment for me was when two much larger newsletters shared my work, and that’s when the growth really took off. Hitting 1,000 subscribers took over a year, but the unprompted sharing was validation that I was offering real value.
2. What is your current focus?
Right now, I'm still laser-focused on being the go-to resource for tracking economic activity and industry news in cybersecurity. Over the years, I’ve built up a deep understanding of what resonates with my readers, and that’s what drives me to keep improving. While I’ve seen others try to replicate what I do, I’ve learned that my consistency and ability to bring real depth to the content help set me apart. This motivates me to keep refining the newsletter and adding more of my personal perspective to every issue.
3. Why should people check out Return on Security?
Return on Security offers something unique — free, situational cybersecurity market intelligence from a practitioner who understands the industry's pain points and challenges. My background isn’t in investing, marketing, or recruitment; it's in the actual work of cybersecurity. Each week, I spend 20-30 hours researching, analysing, and condensing insights into an actionable summary that cybersecurity leaders, founders, and investors can actually use.
4. What is in store for your subscribers in the near future?
Looking ahead, I’m excited to experiment with new ways to present both data and content and exploring more video formats. My goal has always been to continue evolving the newsletter based on what resonates most with subscribers while keeping the same high-quality, concise updates they rely on. I see Return on Security as a public utility for the cybersecurity community and take that responsibility seriously. It’s about continually adding value and delivering the things that matter most to the community.
The Security Industry is my outlet for research on the entire cybersecurity industry. It is an abject demonstration of what you can do with data derived from the IT-Harvest Dashboard. Upcoming research will dig into the 50+ AI Security companies that have cropped up over the last two years.
1 - How it has evolved?
I've included more quick summaries about the latest ICS/OT cyber security news from the week and try to add a bit more of my own humour as well.
2 - What is your current focus?
My current focus is helping people learn more about ICS/OT cyber security in order to better protect the world at large. Whether they are new to the field, existing practitioners or asset owners/operators.
3 - Why people should check out?
People that are looking for a quick recap of the ICS/OT news of the week, and a practical learning topic where I highlight a recent video or podcast I saw, would find it of interest.
4 - What is in store for your subscribers in near future?
More of the same, I hope. Overall most people seem to have really liked it and I get some great feedback from readers. My focus is always to keep it clean, quick and practical - something that I would want to read myself.
ByteByteGo blogbytebytego.com | Explain complex systems with simple terms, from the authors of the best-selling system design book series. Note: this is probably the only non-security specific newsletter among this list. Though their focus is not on security (its on systems designs), however, the information provides visually, basic concepts of how systems / apps works (sometimes security as well). | Alex Xu and Sahn Lam |
Vulnerable U - www.vulnu.com | Infosec's favourite weekly newsletter for news, tools, and tips. | Matt Johansen |
Schneier on Security Crypto-Gram www.schneier.com/crypto-gram | Crypto-Gram is a free monthly e-mail digest of Misc. Cybersecurity posts. | Bruce Schneier |
CISO Series cisoseries.com | The Cybersecurity headlines. Stories from the world of information security. | David Spark |
Other community writers driven newsletters that I enjoy - in no particular order:
Industrial Cybersecurity Pulse - www.industrialcybersecuritypulse.com
Industrial Cyber - industrialcyber.co
ISA Global Security Alliance - gca.isa.org/blog
ICS4ICS Newsletter - www.ics4ics.org/events-and-newsletter
Bleeping Computer - bleepingcomputer.com
Security Week - securityweek.com
SANS Newsletters - www.sans.org/newsletters
CSO Online - www.csoonline.com/newsletters/signup/
Dark Reading - www.darkreading.com
Infosecurity Magazine - www.infosecurity-magazine.com
Help Net - www.helpnetsecurity.com
The Hacker News - thehackernews.com
Kerbs On Security - krebsonsecurity.com
This Week in 4N6 - thisweekin4n6.com
Detection Engineering Weekly - www.detectionengineering.net
Risky Business - news.risky.biz
Zero Day - www.zetter-zeroday.com.
There are many other letters that I subscribe to besides these on productivity, leadership, start-ups, entrepreneurs, and other categories.
Interested in getting that list?
Drop me a note in the comments below - “More Newsletters” for a better you
and I’ll be more than glad to publish that.
Comment below to add any other great newsletters that I have perhaps missed.
Do subscribe to ensure that you don’t miss out future posts.
|
Did you find anything interesting / new / which other great newsletters I’ve missed?
(Sponsor)
Want SOC 2 compliance without the Security Theater?
Question 🤔 does your SOC 2 program feel like Security Theater? Just checking pointless boxes, not actually building security?
In an industry filled with security theater vendors, Oneleet is the only security-first compliance platform that provides an “all in one” solution for SOC 2.
We’ll build you a real-world Security Program, perform the Penetration Test, integrate with a 3rd Party Auditor, and provide the Compliance Software … all within one platform.
My Recent Most Viewed Posts:
In case you’ve missed - here are some of my recent most viewed social posts.
CIOs / CTOs / CxOs Guide to IT & OT/ICS Cyber Resilience Strategy & transformation Program.
CISO’s Guide to AI - 12 Steps, CISOs should take to address AI related cybersecurity risks.
Defending OT with ATT&CK - provides a customized collection of MITRE ATT&CK® techniques tailored to the attack surface and threat model for OT environments.
Assessment Slips to Discovery - 3rd in series - Chronicles of Cybersecurity Consulting.
Use of AI in Cybersecurity - insights, guidance, news, certain cybersecurity tools and all. To be updated further in future.
Poll on Crowdstrike / Microsoft BSOD incident causing widespread disruption to businesses worldwide on 19th July 2024.
Getting started in IT & OT Cybersecurity - a blueprint / framework to 2x / 5x / 10x your cybersecurity career. Links in comments of the above post.
Ways in which I can help?
Whenever you are ready - I can help you / your organizations’ or your customers’, secure digital transformation journey through:
vCISO / fractional CISO or CISO security advisor services, GRC, Assessments / Reviews / Gap Analysis, Advisory, Strategy, Security / AI Policy or standards development, ISO 27001, PCI DSS and other frameworks, architectural reviews, configuration hardening for IT & OT cybersecurity engagements.
(few examples - IT & OT Cybersecurity - Strategy, Program, Execution and Management, for SME manufacturers - OT Cybersecurity Best Practices Requirements Specification OTCBPRS Toolkit, 3 step process for evaluating & implementing OT IDS / Anomaly detection / network security monitoring solutions → here; OT Cybersecurity Management System → OT CSMS and Cybersecurity SMB toolkits includes ISO 27001, etc.).
B - IT & OT Cybersecurity Trainings & Education
General Security Awareness Training & Phishing Awareness Portal for SMBs. Start your cybersecurity journey with a free cyber heath check / questionnaire based review that would help in building a cybersecurity roadmap and security awareness program.
Securing Things Academy (STA) - Training, Coaching and digital downloads for IT & OT Practitioners - pre-launch coming soon.
Securing Things Newsletter - providing insights and educational content on IT / OT / IOT / IIOT cyber-physical and AI security.
Reach out at info[at]securingthings[dot].com or DM me via LinkedIn.
My Asks
I invite #SecuringThings community to share their feedback.
Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society. Thank you for your trust and continued support.
Do register, validate your email, and request login link to submit poll to be able to enter a chance to win a future course giveaway.
Also let me know
Rate the newsletter contentDid you find the content valuable? |
Thanks for reading - until next edition!
It’s a Great Day to Start Securing Things for a Smart & Safer Society.
Take care and Best Regards,
M. Yousuf Faisal.
Follow: #securingthings on LinkedIn | @securingthings on X/Twitter & YouTube.
The Newsletter Platform Built for Growth
When starting a newsletter, there are plenty of choices. But there’s only one publishing tool built to help you grow your publications as quickly and sustainably as possible.
Beehiiv was founded by some of the earliest employees of the Morning Brew, and they know what it takes to grow a newsletter from zero to millions.
The all-in-one publishing suite comes with built-in growth tools, customization, and best-in-class analytics that actually move the needle - all in an easy-to-use interface.
Not to mention—responsive audience polls, a custom referral program, SEO-optimized webpage’s, and so much more.
If you’ve considered starting a newsletter, there’s no better place to get started and no better time than now.
Reply