Blogs From Akamai's InfoSec Team (Updated)

Blog Post created by B-C-METOYX Employee on Dec 18, 2014

Akamai's InfoSec team does a lot of blogging, both on the company site and in personal, security-oriented blogs where they offer opinions that are theirs and not always their employer's. What follows is a directory of who is blogging and where. I'll update the list as more examples come to my attention, but for now I hope you'll check out these sites. In a future post, I'll point you to InfoSec staff on Twitter and other social networks.


"Liquid Matrix" is overseen by Akamai Security Evangelist Dave Lewis. A cast of talented security professionals contribute podcasts, features, etc.


"The Security Penguin," written by George, the Penguin of Awesomeness and spokesman for Akamai InfoSec.
"Andy Ellis > Protecting a Better Internet," written by Akamai's chief security officer. His most recent post dealt with the complexities of DNS reflection defense.


"Zen of security," by John Ellis, Akamai's enterprise security director for Asia Pacific and Japan. He also blogs forCSO.http://www.cso.com.au/blog/cso-bloggers/2013/05/31/dude-your-firewall-slowing-me-down-part-i/

http://www.cso.com.au/blog/cso-bloggers/2013/05/31/dude-your-firewall-slowing-me-down-part-i/"The Guerilla CISO," by Akamai CSIRT Director Michael Smith, known in the blog as "rybolov." This is a group blog he is in charge of. Topics range from the strategic (cyberwar, pending legislation, and public policy) through the operational (NISTs Framework for FISMA) to the tactical (penetration testing, forensics, vulnerability scanning, and security engineering).


Akamai Security Evangelist Martin McKeay has two sites that rose to popularity long before he joined the team. There's the page for his "Network Security Podcast" and his "Network Security Blog."


Akamai Chief Security Architect Brian Sniffen has a site called "Sniffen Packets," which extends beyond security into such topics as travel and religion.


Akamai Senior Systems Engineer Larry Cashdollar has a site called "Vapid Labs Security Research." It's not necessarily a blog. In fact, the page takes you to a stream of code. Larry explains: "I wrote the web server running there in C when I was experimenting with 'attack aware' ideas in the late 90's.  Embedded in the fake public pgp block are links to security vulnerability advisories I've written and exploits. If you try hitting a link likehttp://vapid.dhs.org/;id>/tmp/p; it will log it as an attack and display a funny message."


Then there's the blog of Akamai security researcher Christian Ternus, "Adversarial Thinking." He'll soon be writing in the Akamai Blog as well, and his latest post about InfoSec's "jerk" problem is a must read.


I'll end for now with my own blog, The OCD Diaries. It's not a security blog, but I do occasionally cover issues affecting the InfoSec community -- including job-induced depression and how we humans talk to each other, for better or worse.