Skip to main content

Useful Resources for CISOs: Blogs, Papers, Conferences & More

by Ellen Zhang on Monday September 28, 2020

Contact Us
Free Demo

We've collected 50 resources, including blogs, videos, research, and databases, to help CISOs keep up with the demands of their busy job.

While the CISO role is becoming increasingly accepted as a central role in managing enterprise data and security measures, the profession continues to evolve. CISOs bear a substantial amount of responsibility in the enterprise environment, sharing responsibility for developing long-term strategic vision collaboratively with other executives while maintaining primary responsibility for protecting the enterprise's information and assets.

From ensuring that ongoing employee security training is effective, to managing security teams and overseeing the company's information security practices and policies, CISOs wear a variety of hats. Fortunately, there are many useful resources on the web that make it easier for CISOs to find information on newly discovered threats, rapidly identify patches and fixes for vulnerabilities, learn about best practices and new security methods that fit into the broader enterprise information structure, and keep up with all the details that CISOs must oversee on a day-to-day basis. We've rounded up 50 resources we feel are highly useful or essential components of the CISO toolkit, arsenal, or knowledge base - from helpful blogs, videos, research, and reports to government agencies and databases. This list, originally created in 2015, has been updated in 2019 to reflect current resources for today's CISO. NOTE: The following 50 resources are not listed in any particular order of importance, but rather they are organized by category to make it easier to find the resources you're looking for. If there's something you think we've missed, feel free to add it to the comments!

Table of Contents:


1. Ponemon Blog

Ponemon Blog

The Ponemon Institute is a highly-regarded resource for CISOs and other security professionals. The Ponemon Blog contains up-to-date and relevant information impacting CISOs, touching on corporate data issues, insider threats, and other security topics. The Ponemon Blog is also a useful source for staying up-to-date on the latest research and global surveys available from the Ponemon Institute.

Three posts we like from Ponemon Institute:

2. TechTarget - SearchCIO

Ponemon Blog

TechTarget's SearchCIO section is a comprehensive resource for CIOs and CISOs, as well as other top- and mid-level security professionals. With news covering leadership, mobile, security, cloud strategies, and business intelligence, SearchCIO goes beyond the technical topics to focus on security-related news and information encompassing the broad roles of the CISO.

Three posts we like from SearchCIO:

3. Security Intelligence

Security Intelligence

Security Intelligence offers "analysis and insight for information security professionals," including a multitude of topics particularly relevant to CISOs. You'll find articles about strategy, information security trends, collaboration, and other topics with valuable information to aid CISOs in leading their respective companies through the rapidly changing information security landscape - along with valuable insights on pursuing the CISO career path.

Three posts we like from Security Intelligence:

4. TechRepublic - Security

TechRepublic - Security

TechRepublic's Security category has hundreds of articles, but nearly 200 of them are related specifically to the challenging role of the CISO and the many variables impacting professionals in this ever-changing field. Read about the role of the CISO, the dynamics of managing enterprise security, new developments impacting CISOs, and a variety of other pertinent security topics.

Three posts we like from TechRepublic - Security:

5. CSO Online

CSO Online

From social engineering to CSO events, application security, and other pressing topics impacting organizations today, CSO Online is a useful hub for the modern CISO. Aside from blog posts, CSO Online is also a great source for security-focused slide shows, white papers, and other media.

Three posts we like from CSO Online:

6. InfoSec Institute

InfoSec Institute

A leading source of information on security training, the InfoSec Institute features a multitude of articles and tutorials on security topics. Founded in 1998 by a team of information security instructors, the InfoSec Institute is trusted by more than 50,000 individuals on everything from industry standard certifications to highly specialized, niche subject matter. The InfoSec Institute blog is a reflection of the varied and in-depth expertise of its instructors and contributors. You'll find everything from podcast episodes to blog posts, news from industry events, and more.

Three posts we like from InfoSec Institute:

7. Dark Reading

Dark Reading

Dark Reading offers a wealth of news and information on IT security, including plenty of content useful for CISOs. Dark Reading is one of the most well-known and widely read cyber security news websites, with insights on new threats, vulnerabilities, data protection, technology trends, and more.

Three posts we like from Dark Reading:

8. Verizon Security Blog

Verizon Security Blog

Verizon's Security Blog is a wealth of information, including expert analysis, studies and whitepapers, news coverage, insights on security trends, and plenty of other valuable information for today's CISOs. Part of the Verizon Insights Lab, the Verizon Security Blog features hundreds of articles offering insights and expertise on social engineering, insider threats, and other information busy CISOs need to stay up-to-date on important trends.

Three posts we like from Verizon Security Blog:

9. Wired - Threat Level

Wired - Threat Level

Wired's Threat Level is a highly regarded news source on privacy, crime, and security online. Regular posts on topics relevant to CISOs and other security professionals, from a variety of contributors including well-known senior writer Andy Greenberg, help today's CISOs keep their fingers on the pulse of the industry.

Three posts we like from Wired - Threat Level:

10. Center for Internet Security

Center for Internet Security

The Center for Internet Security is a "forward-thinking non-profit entity that harnesses the power of a global IT community to safeguard private and public institutions against cyber threats." The Center for Internet Security's blog is a wealth of useful information for CISOs, including information on the latest cyber threats, trends, and priorities for CISOs.

Three posts we like from Center for Internet Security:

11. ZDNet CXO


"Technology is such a vital competitive differentiator that all business execs, whether they are CIOs, CEOs, CFOs or CMOs, need to understand the essentials," according to ZDNet's CXO blog, which sets out to provide the in-depth understanding C-level security executives require to excel in their challenging careers. From mainstream technology and security news to research and developments on security-related topics, ZDNet CXO offers the breadth and depth of knowledge modern executives demand.

Three posts we like from ZDNet CXO:

12. CIO - Security

CIO - Security

Get the latest news, analysis, video, blogs, tips, podcasts, and research in one place: CIO Online. The site's Security category offers a plethora of useful information for CISOs, covering topics such as firewalls, encryption, spam blockers, and in-depth reviews of security suites by experts.

Three posts we like from CIO - Security:

13. Health IT Security


Health IT Security

Health IT Security is a leading source of news and resources for health IT professionals. Many articles are pertinent to CISOs within the healthcare industry, with coverage of topics including tips for reducing security risk, risk management, mergers from a security perspective, current events, and more.

Three posts we like from Health IT Security:

14. GovTech - Security

GovTech - Security

GovTech Security is the online portal to Government Technology, a publication belonging to an award-winning family of magazines covering information technology's role in state and local governments. The publication focuses on the dynamics and challenges of governing in the digital age, with the website offering multi-media resources on hacking, cyber crime, cybersecurity, tactics for strengthening security, privacy, and much more.

Three posts we like from GovTech - Security:

15. Computing Now

Computing Now

Technology professionals around the globe rely on Computing Now for up-to-date information, expert insights, and advice on coping with the latest security risks. With a large advisory board consisting of leading professionals in the field, higher education professionals, and other disciplines, Computing Now is a key resource for any CISO.

Three posts we like from Computing Now:


Multimedia Resources

16. Forrester CIO

Forrester CIO

An independent research company, Forrester has a prestigious reputation as one of the most trusted resources on all things security. The Forrester CIO portal focuses on the challenging role of the CIO and CISO, touching on the multi-faceted demands of these careers, including the oversight of business technology, working collaboratively with fellow executives to develop strategy, and transforming their respective organizations to drive business innovation. You'll find insights for key business initiatives, the latest reports influencing the role of the CIO/CISO, events, and more.

Three resources we like from Forrester CIO:

17. CISO Handbook

CISO Handbook

A resource for CISOs, CSOs, and other security professionals, CISO Handbook is a collaborative forum where security leaders can share expertise, challenges, tips and techniques, and opportunities that exist in the modern landscape for professionals tasked with developing enterprise security programs. From articles to research publications, news, tools, and more, CISO Handbook offers a variety of resources for CISOs.

Three resources we like from CISO Handbook:

18. Information Technology Portal (National Institute of Standards and Technology)

Information Technology Portal (National Institute of Standards and Technology)

One of the nation's oldest physical science laboratories, NIST was founded in 1901 and has since become a part of the U.S. Department of Commerce. NIST's Information Technology Portal aims to advance state-of-the-art IT in applications such as cybersecurity and biometrics, accelerating the development of reliable, usable, interoperable, and secure systems. You'll find resources and information spanning categories from computer forensics and computer security to software testing metrics, alongside news stories, videos, information on current programs, and more.

Three resources we like from Information Technology Portal:

19. Gartner - CISOs

Gartner - CISOs

Gartner, a leading independent technology research firm, offers research and insights for CISOs and Security Risk Management Leaders through this portal via research reports, webinars, and other formats. You'll also find listings for upcoming events in the field, executive programs, and more.

Three resources we like from Gartner - CISOs:

20. Information Security Forum

Information Security Forum

Founded in 1989, the Information Security Forum is an independent, not-for-profit organization with membership comprising many Fortune 500 and Forbes 2000-featured companies. The Information Security Forum's top priorities include investigating, clarifying, and resolving key issues related to security and risk management as well as developing best practices, processes, and solutions to meet the needs of its members.

Three resources we like from Information Security Forum:

21. IT Toolbox - Security

IT Toolbox - Security

With news, white papers, case studies, a vendor directory, events listing, and more, IT Toolbox - Security offers a variety of resources in various formats to help CISOs and other security professionals to stay abreast of the latest developments and happenings in the industry.

Three resources we like from IT Toolbox - Security:

22. ISC2


The largest not-for-profit professional body, ISC2 provides education and certification opportunities for infosecurity professionals. Recognized for Gold Standard certifications and world-class educational programs, ISC2 is a valuable source for the most up-to-date information impacting professionals in this ever-changing field.

Three resources we like from ISC2:



ISACA is an independent, non-profit, global association that promotes the development, adoption, and use of best practices for information systems. Founded in 1969, ISACA provides guidance, benchmarks, and tools for information security professionals and leaders, including research and publications, certifications, training events, and more.

A resource we like from ISACA:

24. Unified Compliance Framework

Unified Compliance Framework

The Unified Compliance Framework has been developing tools to support IT best practices since 1992. It's the only industry-vetted compliance database, offering a plethora of useful resources to aid CISOs and other security professionals in adequately managing requirements and maintaining compliance for their respective organizations.

Three resources we like from Unified Compliance Framework:

25. SANS Internet Storm Center

SANS Internet Storm Center

The SANS Internet Storm Center monitors the level of malicious activity on the Internet. A useful resource for CISOs for this reason alone, the SANS Internet Storm Center also offers podcasts, tools, data, forums, and other resources to help busy CISOs stay on top of the latest threats and news impacting enterprise security.

Three resources we like from SANS Internet Storm Center:

26. Educause Cybersecurity Initiative

Educause Cybersecurity Initiative

A non-profit association serving IT leaders and professionals committed to advancing higher education, Educause is a source for learning about upcoming conferences and events, career development, accessing recent research and publications, and connecting with fellow professionals in the field.

Three resources we like from Educause Cybersecurity Initiative:

Reports and White Papers

27. Ponemon Institute

Ponemon Institute

The Ponemon Institute is well-known for its thorough research and analysis in the security field. The Ponemon Library is a collection of past and current research, reports, studies, and white papers conducted by Ponemon, including benchmarking reports, global analyses, and a variety of studies relevant to the work of the CISO.

Three reports we like from Ponemon Institute:

28. University of Washington - Office of the CISO

University of Washington - Office of the CISO

The University of Washington's Office of the CISO releases reports that address pressing issues facing security professionals in higher education, privacy, cloud computing, managing data, and more. While some topics are focused on the University of Washington, many articles are relevant to the broader work of the CISO, particularly those serving in higher education.

Three reports and resources we like from University of Washington - Office of the CISO:

29. NASCIO Publications

NASCIO Publications

The National Association of State Chief Information Officers is a leading organization serving executives in the government security field, including state CIOs, CISOs, and similar roles. The Association offers a variety of in-depth informational guides, reports, and analyses which provide useful insights for CISOs and other security professionals.

Three reports we like from NASCIO Publications:

30. EC Council CCISO Resources

EC Council CCISO Resources

The EC Council offers the widely known CCISO Certification and has certified some of the world's leading security executives. The organization also manages events, including the CISO Awards and the Global CISO Forum, with the goal of bringing the world's top security executives together to advance knowledge in the field. The EC Council's website is also a valuable source of the latest knowledge, news, and other information offered through podcasts, webinars, and white papers.

Three reports we like from EC Council CCISO Resources:

31. IBM Center for the Business of Government

IBM Center for the Business of Government

The IBM Center for the Business of Government connects research to practice, facilitating discussion of how governments can apply new approaches to improve effectiveness at all levels. In addition to a blog, the IBM Center for the Business of Government publishes reports on a variety of topics, including cybersecurity, risk, and other topics of interest to the modern CISO.

Three reports we like from IBM Center for the Business of Government:

32. The Best Twitter Cybersecurity Accounts You Should Follow

The Best Twitter Cybersecurity Accounts You Should Follow

This massive list of the best cybersecurity experts to follow on Twitter makes it easy for CISOs to find and follow the most forward-thinking security professionals, respected journalists, researchers, and others in the know to stay on top of the latest news, trends, and emerging threats.

Three experts you'll find in The Best Twitter Cybersecurity Accounts You Should Follow:

  • Brian Krebs, Independent Investigative Journalist at Krebs on Security
  • Graham Cluley, Award-Winning Computer Security Expert, Writer, and Keynote Speaker
  • Eugene Kaspersky, Founder and Chief Executive Officer of Kaspersky Lab

33. Security Focus

Security Focus

A technical community for security professionals, Security Focus provides technical updates and technical papers related to newly discovered vulnerabilities in addition to discussions, solutions, and detailed reference information.

Three resources we like from Security Focus:

34. Forrester Security & Risk Professsionals

Forrester Security & Risk Professsionals

An independent research company, Forrester has a prestigious reputation as one of the most trusted resources on all things security. The Forrester Security & Risk Professionals portal focuses on the challenging role of the CISO, as well as the CSO, CRO, and IT Risk/Compliance Managers, touching on the multi-faceted demands of these careers, including the need to evolve from security domain experts to business leaders, execute on a business technology agenda, and manage information risks. You'll find insights for key business initiatives, the latest reports influencing the role of the CISO, and more.

Three resources we like from Forrester Security & Risk Professionals:

35. Index of Cyber Security

Index of Cyber Security

The Index of Cyber Security is an independent public service effort co-published by Dan Geer, a computer security analyst and risk management specialist, and Mukul Pareek, a risk professional who has worked extensively in audit, advisory and risk management. The Index of Cyber Security provides a sentiment-based measure of the cyber security risk to corporate, industrial, and governmental entities.

Conferences and Training

36. ISSA CISO Forum


A peer-to-peer event for CISOs to share concerns, successes, and feedback in a peer-only environment, ISSA CISO Forum offers memberships by invitation only, making it an exclusive organization for modern CISOs. Multiple events are held annually in varied locations, enabling CISOs to network and collaborate with fellow executives across the U.S.

Three resources we like from ISSA CISO Forum:

37. National Security Institute

National Security Institute

The National Security Institute, founded in 1985 by Stephen S. Burns and David A. Marston, offers proven employee security awareness solutions. With a combined 35 years of experience in government and corporate security between them, Burns and Marston were responsible for designing key programs that protected some of the nation's most sensitive technology secrets. The National Security Institute quickly became the leading organization responsible for helping cleared defense contractors develop an understanding of the threats to national security.

Two resources we like from National Security Institute:

38. EC-Council Certified CISO (CCISO) Program

EC-Council Certified CISO (CCISO) Program

The first of its kind training and certification program, the CCISO Program aims to produce top-level information security executives. Rather than focusing solely on technical knowledge, this program also emphasizes the application of information security management principles from the executive management vantage point. The program was developed by a core group of high-level information security executives who make up the CCISO Advisory Board.

Three key topics you'll learn in the CCISO Program:

  • Risk Management, Controls and Audit Management
  • Program and Operations Management
  • Strategic Planning, Finance, and Vendor Management

39. ISC2 CISSP Certification

ISC2 CISSP Certification

Offered by ISC2, the CISSP Certification "proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program." The program is ideal for experienced security practitioners, managers, and executives who want to prove their knowledge and gain deeper expertise.

Three other certifications you can get from ISC2:

40. Center for Development of Security Excellence

Center for Development of Security Excellence

The Center for Development of Security Excellence offers a variety of courses and other training resources, including toolkits, webinars, and certification programs for security professionals.

Three resources we like from Center for Development of Security Excellence:

41. CISO Digital Transformation Summit

CISO Digital Transformation Summit

The CISO Digital Transformation Summit is provided by CDM Media Summits, designed to enable CISOs and IT professionals to network with their peers in other industries across North America. Get information on sponsors, partners, upcoming events, registration, presentations, and session videos at the CISO Summit website.

Three resources we like from CISO Digital Transformation Summit:

42. SANS


The most-trusted and largest source for computer security, IT security, and information security training, SANS is a robust resource for all your training needs as a CISO. Information on live training, online training, and an abundance of other useful resources are available from the SANS website.

Three resources we like from SANS:


Government Resources, Organizations, and Databases



The United States Computer Emergency Readiness Team responds to major incidents, analyzes threats, and exchanges information with trusted partners around the world with the goal of creating a safer Internet for Americans. You'll find updates on newly discovered vulnerabilities, regulatory changes and information, publications, alerts, tips, and more.

Three resources we like from US-CERT:

44. Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA International connects and develops cybersecurity leaders globally, with a network of more than 10,000 security colleagues worldwide. With local chapters, special interest groups, an annual conference, and other opportunities and information, ISSA is a worthy organization for CISOs.

Three resources we like from ISSA:

45. NIST National Vulnerability Database

NIST National Vulnerability Database

The National Vulnerability Database is a must-have tool for any CISO's toolkit, offering updates and information on vulnerability management, security measurement, and compliance.

Three resources we like from NIST National Vulnerability Database:

46. National Security Agency

National Security Agency

The National Security Agency/Central Security Service is the U.S. Government's security defense agency. Information for businesses, academia, careers, research, and public information are all found on the NSA website.

Three resources we like from National Security Agency:

47. Federal CIO Council

Federal CIO Council

The Federal CIO Council is "the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, sharing, and performance of Federal information resources." The CIO Council supports greater accountability and transparency through the use of innovative IT strategies and establishes standards against which federal agencies can be measured.

Two resources we like from Federal CIO Council:



One of the world's leading centers in information assurance and security research, Purdue University's CERIAS provides a wealth of useful resources for CISOs, including research, white papers, tools, and more.

Three resources we like from CERIAS:

49. IAPP


IAPP offers all the privacy tools and information you need in one central location. From tools and research to a helpful glossary, information on employee awareness and education, career development resources, and more, IAPP truly is a one-stop resource for CISOs.

Three resources we like from IAPP:

50. CISO Platform

CISO Platform

The CISO Platform is a social network dedicated to the CISO profession, aiming to provide a useful resource and collaborative portal for CISOs to network, share knowledge, ask questions, and work collaboratively to advance the field.

Three resources we like from CISO Platform:

Tags:  Best of InfoSec

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.