In no particular order, here are the sites I consider must-haves for anyone who wants to stay up to date on IT security issues.\n\tF-Secure: Unlike other industries I\u2019ve covered (cough, cough banking cough, cough) security company blogs tend to be reliable and hugely informative. F-Secure is just one of many great examples of this. They put a premium on sharing code \u2013 so this is a site for alpha geeks and not just casual readers. Irrelevant side note: F-Secure is a Finnish company \u2013 don\u2019t worry, the site is fluent in English \u2013 and Finnish is one of the strangest languages in the world. My son just took an intro to it and told me, \u201cIt has 16 cases (Google Grammatic Cases if you don't know what I'm talking about). One of those is the Partitive "OHGODWHY" case which changes a word based on when the word entered the language.\u201d\n\tInternet Storm Center: Ummm, do I really have to say anything about this one?\n\tSchneier On Security: He is very smart and willing to call B.S. when he spots it. That by itself makes this blog a jewel. The fact that he actually knows how to write is not to be sneered at either. This and his monthly Crypto-Gram email newsletter are must reads for both casual observers and hardcore code types.\n\tThreat Post: From Kaspersky Labs, it has a very good news feed. The real reason to go here though are its three great expert bloggers: Dennis Fisher, Paul Roberts and Robert Lemos. Their blogs are deep and frequently unexpected looks at threats and issues.\n\tNetwork World: At the risk of sounding like a homer, I find the feed on security issues to be a great way to keep up on breaking news.\n\tNaked Security: This site from Sophos Labs is basically a news organization of and for IT security experts. I frequently run into companies that want to position themselves as \u201cthought leaders\u201d when what they mean is soft-sell marketing. This is not that. This is the goods.\n\tSlashDot: Still good after all these years. You have to wade through a lot of posts on other topics (which are usually pretty damn interesting) but it\u2019s always worth it.\n\tThe Register: It has good information and but I don\u2019t know why its security feed has such a lousy noise-to-signal ratio: Way too much irrelevant stuff in it.\n\tInfoSec Island: Another blog from a security company, InfoSec tends to have white paper type posts along with a pretty good news feed.\n\tI've undoubtedly missed some other good ones. All suggestions welcomed.