To keep things simple, each annotated link is alphabetically arranged in broad categories. If you’re looking for pages to bookmark, start with Useful Websites. It contains links to tools, scholarship opportunities and sites like the Internet Storm Center (ISC).
News & Opinion
- Ars Technica – Risk Assessment
Reporters for the security section of Ars Technica tackle a wide variety of stories, including articles on the latest data breaches, the cost of cyber crime and cyber spying.
- CIO Security
CIO’s security section is a repository of up-to-date articles on data breaches, hacks, attacks, new research and international developments.
- CSO Online
Slideshows, blogs, news articles, white papers – there’s a rich olio of security and risk management resources on CSO’s site.
- Dark Reading
Brought to you by InformationWeek, Dark Reading covers top stories in information security. Topics include attacks/breaches, app sec, mobile and threats.
- Guardian Information Security Hub
One of the largest newspapers in Britain, The Guardian offers the latest on information and cyber security. Articles are usually targeted towards the layperson.
- Homeland Security News Wire – Cybersecurity
Cyber security merits its own extensive section in this online publication. A wide variety of topics that affect homeland security are covered.
- Infosecurity Magazine
A one-stop-source for the information security industry. The magazine contains news articles, white papers, a list of upcoming events & conferences and a lot of webinars.
- Naked Security
Naked Security is the newsroom of Sophos, the well-known developer of computer security products. Lots of useful security news, opinions, advice and research.
- SC Magazine
SC supplies information security professionals with a wide range of business and technical information resources. You’ll discover news articles, product reviews, white papers, videos and more.
Funded by Kaspersky Lab – the Russian developer of secure content and threat management systems – SecureList is a heaving mass of info on viruses, hackers and spam.
PCMag’s security section deals with a whole host of trending topics, including malware, mobile, threats, vulnerabilities and hacks.
- Threat Level
Wired’s section on privacy, crime and security online is packed with articles and resources. Many of the stories have a national/international flavor.
Like SecureList, ThreatPost is a news site working under the aegis of Kaspersky Lab. Here you’ll find news, videos and feature reports on every aspect of cyber security.
- Google Online Security Blog
The folks on Google’s Security Team regularly cover pressing security and risk management topics.
- InfoSec Resources
InfoSec Institute offers information security training, and their blog is jam-packed with mini-courses, ebooks, and hands-on tutorials for students interested in cyber security.
- Krebs on Security
Brian Krebs earned his spurs as an investigative reporter for the Washington Post. Now he writes extensively on cyber crime, Internet security and the latest news. You’ll hear his name a lot.
- Microsoft Malware Protection Center Blog
Microsoft has other TechNet blogs, but for security alerts and news, this is the one you’ll probably want to follow.
- Schneier on Security
Bruce Schneier, aka the “security guru”, has been blogging about security issues since 2004. He’s the CTO at Co3 Systems, Inc., author of 12 books and a fellow at Harvard’s Berkman Center.
- Security Bloggers Network
Security Bloggers Network collects almost 300 blogs and podcasts from information security experts around the world and collates them into a single feed.
This enjoyable book review blog is penned by Rick Howard, CSO at Palo Alto Networks. In the course of his readings, Howard decided there should be a Cyber Canon, a list of “must-read” cyber security books (fiction and non-fiction).
- Threat Track Security Labs Blog
Threat Track Security Labs partners with businesses to combat Advanced Persistent Threats (APTs), targeted attacks and sophisticated malware. Though the blog is company-focused, it covers a lot of security ground.
- Veracode Blog
Run by the team at Veracode – a company focused on cloud-based application security – this blog is a hot spot for application security research and news.
- Zero Day Blog
ZDNet’s blog covers the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
- Breaking In to Information Security
By Josh More and Anthony Stieber. This practical guide to starting a cyber security career includes a “level-up” gaming framework for career progression, with a “Learn, Do, Teach” approach through three tiers of InfoSec jobs. You’ll also find examples of specific roles and career paths in each job tier so you can identify and max out skills for the role you want.
- CISSP All-In-One Exam Guide
By Shon Harris. The go-to resource for CISSP exam prep. Constantly updated, the guide includes everything you will need to prepare – exam tips, practice questions, training module, in-depth explanations – and covers all 10 CISSP domains. Available in digital and print formats.
- Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power
By David E. Sanger. An insider’s account of the Obama administration’s foreign policy process, Confront and Conceal reveals important details about Operation Olympic Games, the U.S.’s covert cyber attack on Iran’s nuclear facilities, and the government’s thinking on cyber weapons. Named one of the Top 20 in Rick Howard’s Cyber Canon.
- Cryptography Engineering: Design Principles and Practical Applications
By Niels Ferguson, Bruce Schneier and Tadayoshi Kohno. A good foundational guide for those interested in practical cryptography. The authors cover many of the fundamentals – e.g. ciphers, message digests, key exchange, mathematics basics – and take a close look at the hardware, software and human issues involved in cryptography engineering. Advanced cryptographers will want to dig deeper.
- Cyber War: The Next Threat to National Security and What to Do About It
By Richard Clarke and Robert K. Knake. First published in 2010, Clarke and Knake’s book is a broadside against complacency in cyber defense. Clarke is the former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, and has much to say about cyber warfare, cyber terrorism and government policy. Named one of the Top 20 in Rick Howard’s Cyber Canon.
- Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
By Kevin Poulsen. Kingpin is the “made for Hollywood” story of Max Butler, a misfit and hacker who ended up gaining access to more than 1.8 million credit card accounts. A former hacker himself (he served 5 years in prison), Poulsen knows of what he speaks. Named one of the Top 20 in Rick Howard’s Cyber Canon.
- No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State
By Glenn Greenwald. As Howard notes in his review, No Place to Hide is “part exposé, part autobiography, and part screed ‘against the man.'” Greenwald is a columnist for The Guardian and was one of Snowden’s key contacts in the leaking of classified U.S. government secrets. Named one of the Top 20 in Rick Howard’s Cyber Canon.
- The Practice of Network Security Monitoring: Understanding Incident Detection and Response
By Richard Bejtlich. A great technical primer with step-by-step instructions on how to deploy, build and run an NSM operation using open source software and vendor-neutral tools. Many reviewers comment on how readable it is compared to other books. Named one of the Top 20 in Rick Howard’s Cyber Canon.
- Secrets and Lies
By Bruce Schneier. Although it was first published in 2004, Schneier’s warnings are still relevant today. “Security is a process, not a product,” he reminds us, and people are invariably the weakest link. Do we have to sacrifice privacy for better security? Read Schneier’s book to find out. Named one of the Top 20 in Rick Howard’s Cyber Canon.
- Security Engineering: A Guide to Building Dependable Distributed Systems
By Ross J. Anderson. A massive guide (900+ pages) that’s worth every word. As one of the top security experts in the world, Ross Anderson has seen it all. His book covers everything from high-level policy to specialized protection mechanisms to technical engineering basics. New security engineers will especially appreciate the real world case studies of success and failure. First published in 2001 and updated in 2008.
- Security Metrics: Replacing Fear, Uncertainty, and Doubt
By Andrew Jaquith. It is what it says – a book about how to quantify, classify and measure information security operations in modern enterprise environments. But, as Rick Howard points out in his review, it will also “help you unshackle yourself from the chains of probabilistic risk assessments. It will turn you away from the dark side and toward a more meaningful process to assess your enterprise’s security.” Named one of the Top 20 in Rick Howard’s Cyber Canon.
- Spam Nation: The Inside Story of Organized Cybercrime – from Global Epidemic to Your Front Door
By Brian Krebs. An entertaining and detailed look at the seamy world of organized cybercrime. Krebs focuses on the period between 2007-2013 – the rise of the Russians, the development of the spam “ecosystem” and the proliferation of botnet engines, fast-flux obfuscation and underground forums. Read Rick Howard’s review.
- Where Wizards Stay Up Late
By Katie Hafner and Matthew Lyon. One for the history buffs. Hafner and Lyon’s chronicle of the origins of the Internet includes interviews with some of the brilliant and eccentric minds responsible. If you don’t know the story about ARPANET and other post-WWII projects, you should. Named one of the Top 20 in Rick Howard’s Cyber Canon. Read Bob Clark’s review.
- UTPA Center of Excellence in STEM Education
The U.S. Department of Defense awarded the University of Texas – Pan American $3.7 million to establish the Center of Excellence in STEM Education. The Center focuses on challenge-based instruction, and has excellent resources for students of all ages. For example, they hold a STEM summer camp, award scholarships, hold pre-college programs for young adults, and much more.
- CERIAS: Tools and Resources
You’ll find a variety of helpful resources on Purdue’s Center for Education and Research in Information Assurance and Security website. These include an online collection of reports and papers, training products, an FTP archive and the Cassandra Vulnerability Tracking System.
- CVE: Common Vulnerabilities and Exposures
CVE is a widely used dictionary of common identifiers for publicly known information security vulnerabilities and exposures. MITRE Corporation handles the system, with funding from the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.
- Information Security Stack Exchange
Information Security Stack Exchange (a.k.a. Security Stack Exchange) is a free question & answer/message board site for information security professionals. Here you can find answers to questions like: “What does working in cyber security look like?” and “What are the career paths in the computer security field?“
- Infotec Pro
Founded in 1988, Infotec Pro supplies IT training in subjects such as Microsoft, Cisco, Citrix, PMP, wireless and VMware. It provides both instructor-led and e-learning courses in CompTIA Network+ and CompTIA Security+, as well as a wide variety of security certification classes (e.g. CISSP, CEH, CCNA Security, etc.).
- ISC: Internet Storm Center
Created in response to the Li0n worm event in 2001, ISC is an all-volunteer effort dedicated to providing a free analysis and warning system to Internet users. To identify threats, every day ISC assembles millions of intrusion detection log entries from sensors covering over 500,000 IP addresses in over 50 countries. Its work is bankrolled by The SANS Institute.
- National Centers of Academic Excellence (CAE) in Information Assurance (IA)/Cyber Defense (CD)
Once you get past the acronyms, the NSA’s CAE IA/CD designation is a critical one to know. On this webpage, you’ll find a list of academic institutions that have distinguished themselves in cyber security education. Look for this designation when you’re comparing schools.
- OVAL: Open Vulnerability and Assessment Language
OVAL is a community-developed language for determining vulnerability and configuration issues. Its goal is to standardize how to assess and report upon the machine state of computer systems throughout the world. Like CVE, OVAL is administered by the MITRE Corporation and funded by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.
- Scholarship Opportunities
NICCS hosts an up-to-date database of cyber security scholarships offered by the government, colleges, and many corporations and non-profit organizations. You can search by level, deadline, amount and keyword.
Short for U.S. Computer Emergency Readiness Team, US-CERT is the 24/7 operational arm of the Department of Homeland Security’s NCCIC. It broadcasts vulnerability and threat information through the National Cyber Awareness System (NCAS), and operates a Vulnerability Notes Database.
- U.S. Department of Homeland Security – Cybersecurity
The DHS’s section on cyber security includes the latest security testimonies from the House and Senate and a resource directory that includes statements and analytic reports.
- ACM SIGSAC: Special Interest Group on Security, Audit and Control
SIGSAC’s mission is to foster the information security profession by sponsoring high-quality research conferences and workshops.
- ASIS International
Established in 1955, the venerable ASIS offers a wide variety of educational programs, certifications and materials on security topics. ASIS also advocates the value of security management to business, the media, government entities and the public.
- CSA: Cloud Security Alliance
CSA is a non-profit organization focused on best practices for security assurance within Cloud computing and education on using the Cloud to help secure all other forms of computing.
- DC3: Defense Cyber Crime Center
DC3 is a U.S. Department of Defense agency that supplies digital forensics, cyber investigative services and cyber analysis capabilities to the DoD and law enforcement agencies.
- HTCIA: High Technology Crime Investigation Association
Founded in 1989, HTCIA is a global non-profit organization dedicated to promoting education and collaboration for the prevention and investigation of high tech crimes.
- ISF: Information Security Forum
Headquartered in London, ISF is a global non-profit organization focused on investigating, clarifying and resolving key issues in information security and risk management.
- ISSA: Information Systems Security Association
ISSA is an international non-profit organization of IT security professionals and practitioners. It provides educational forums, publications and a wide variety of networking opportunities.
- NICCS: National Initiative for Cybersecurity Careers and Studies
Run under the auspices of the DHS’s Office of Cybersecurity and Communications, NICCS is a useful one-stop-shop for info on cyber security careers and study. It has extensive listings of scholarship and internship opportunities, training options, competitions and much, much more.
- NSI: National Security Institute
Founded in 1985, the NSI was created to protect some of the nation’s most sensitive technology and business secrets. It is now the leading organization dedicated to assisting cleared defense contractors in understanding threats to national security.
- NW3C: National White Collar Crime Center
NW3C is a non-profit U.S. organization committed to supporting the efforts of state and local law enforcement to prevent, investigate and prosecute economic and high-tech crime.
- OWASP: Open Web Application Security Project
OWASP is a global not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible and inform individuals and organizations about software security risks.
The SANS Institute was established in 1989 as a cooperative research and education organization for IT security professionals. It provides information security training and security certification, maintains a free library of research documents and operates the Internet Storm Center.
- Science of Security Virtual Organization
The Science of Security Virtual Organization is dedicated to creating a “science of security,” meaning developing the first principles and the fundamental building blocks for system security. The group offers a number of helpful resources, including a survey of current research, online networking, news and events, and much more.
- Damn Vulnerable Web Application (DVWA)
DVWA is a PHP/MySQL web application that is, you guessed it, vulnerable. It’s designed as a teaching aid for security professionals, web developers and educators.
- Evolve Security Academy
Evolve Security Academy is a cyber security bootcamp that helps students break into the field. The immersive training includes direct work with not-for-profit companies, helping students to gain real world experience.
- HackThisSite (HTS)
HTS is an online hacking and security website with a user base of over 1.8 million. Here you can tackle basic and advanced hacking challenges in a legal environment.
This virtual machine is an intentionally vulnerable version of Ubuntu Linux designed to be hacked by metasploit and other hacking tools.
Mutillidae is a free, open source web application that you can use to pen-test and hack a vulnerable web app.
Created by OverTheWire, NATAS is a wargame intended to teach the basics of serverside web-security.
- National Institute of Building Sciences
The National Institute of Building Sciences offers monthly cybersecurity workshops for building owners and managers. Current workshops include Introduction to Cybersecuring Building Control Systems and Advanced Cybersecuring Building Control Systems.
SlaveHack is a virtual hack simulation game. Defend your virtual PC against intruders while trying to hack as many other players and webservers as possible.
Local Security Groups
- AFCEA Chapters
AFCEA is concerned with cyber security as it relates to defense, homeland security and intelligence communities. Chapters are spread throughout the world, but, as you might expect, there are a lot of groups in the Virginia and Maryland regions.
- CSA Chapters
As CSA puts it, members are usually composed of a credible group of cloud security experts for the region. Chapters are located around the globe and must have a minimum of 20 CSA members.
- IEEE Technical Chapters
Focused on the advancement of technology, IEEE Technical Chapters contain members from one or more IEEE Societies/Technical Councils who share technical interests and geographical proximity. Chapter events include guest speakers, workshops, seminars and social functions.
- InfraGard Local Chapters
InfraGard is a non-profit, public-private partnership between U.S. businesses and the FBI. The idea is to share intelligence to prevent hostile acts against the country. Members of local chapters meet to exchange info on the latest threats and listen to talks from security experts.
- ISACA Local Chapters
ISACA is one of the biggest networking organizations, with 200+ chapters worldwide. Chapters sponsor local educational seminars and workshops, conduct IT research projects and provide members with a number of leadership training opportunities.
- (ISC)² Chapter Program
(ISC)² puts a lot of effort into its program. Chapter members can receive special discounts on (ISC)² products and programs, earn CPEs by participating in professional activities and participate in local community outreach projects (e.g. cyber security education).
- ISSA Chapter Directory
Like ISACA and (ISC)², ISSA has a strong chapter network. In addition to regular chapter activities, ISSA has created a Chapter Leaders Summit and a number of Special Interest Groups (Women in Security, Security Awareness and Healthcare).
- OWASP Chapters Program
Unlike other programs which require membership, OWASP chapters are free, open to all and managed by a set of universal guidelines. Many OWASP presentations are available for everyone to use at meetings. OWASP Community Members can request funding for a variety of chapter initiatives on the Funding page.
- CSAW Capture the Flag (CTF)
Sponsored by the Information Systems and Internet Security (ISIS) lab of NYU, CSAW CTF is a competition for undergraduates hoping to break into the cyber security field. Contestants are hit with a series of real-world situations modeling all types of computer security problems.
- DEF CON Contests
The annual DEF CON conference has a truckload of contests for all levels of expertise. These include hacking, lockpicking, scavenger hunts and its banner Capture the Flag (CTF) competition. Be prepared for anything.
- ESC: Embedded Security Challenge
Billed as the only hardware security competition in the world, ESC is a team-based contest in which experts from the NYU Polytechnic School of Engineering compete with participating universities to attack the weaknesses of the target system and defend their own side.
- NCCDC: National Collegiate Cyber Defense Competition
The Collegiate Cyber Defense Competition system is the largest college-level cyber defense competition in the U.S. NCCDC focuses on the operational aspects of protecting corporate network infrastructures and business information systems. A variety of regional groups organize qualifying events.
- NCL: National Cyber League
Founded in 2011, the NCL provides a virtual training ground for collegiate students to develop and practice their cyber security skills using next-generation simulated environments. It’s a year-round endeavor with regular seasonal events.
Created by the NCCDC, Panoply is a network security contest where teams are challenged to capture multiple targets and secure them from other teams in order to win. Teams accumulate points for controlling and operating critical services such as SMTP, DNS, HTTP, HTTPS, SSH, etc.
Run by Carnegie Mellon University, Pitcoctf bills itself as the world’s largest computer security competition for middle and high school students. Contestants have to complete a series of engineering, hacking and decryption challenges to win money prizes.
Administered by HP’s Zero Day Initiative, this hacking contest challenges security researchers to demonstrate flaws in popular consumer and enterprise software platforms. Prizes of over $100,000 are offered for the most challenging exploits. It usually takes place at the annual CanSecWest conference.
Google’s Pwnium competition is typically held in tandem with HP’s Pwn2Own contest at the CanSecWest conference. It invites white hat hackers to do their best at finding vulnerabilities in Chrome OS. In 2014, it put up $2.7 million in potential prize money.
- SANS NetWars
SANS has a whole host of interactive training contests, including a simulated CyberCity, where you can test your skills in real-world scenarios. SANS also hosts a Tournament of Champions at its annual CDI conference, in which past security challenge and NetWars winners are invited to face off.
- U.S. Cyber Challenge
The goal is to find 10,000 of America’s best and brightest cyber security professionals. The method is a series of competitions, including an online Cyber Quest contest and a Capture the Flag battle at the annual USCC Summer Camp.
- ACM CCS: ACM Conference on Computer and Communications Security
This popular annual conference is the flagship event of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM).
- ACSAC: Annual Computer Security Applications Conference
Founded in 1984, ACSAC is the oldest information security conference in the U.S. It brings together security professionals from academia, government and industry who are interested in applied security.
Sponsored by the International Association for Cryptologic Research, these annual conferences cover all aspects of cryptology.
- Black Hat
Launched in 1997 by Jeff Moss (the founder of DEF CON), Black Hat has morphed from a single conference in Las Vegas to an extensive series of annual information security events and training camps in the U.S., Europe and Asia.
Billed as the “conference by the community for the community”, BSides events are more intimate affairs than DEF CON or Blackhat. They’re also usually free. BSides are held in many cities – San Francisco is a popular venue.
Held in Canada, CanSecWest is a popular three-day conference focusing on applied digital security. It’s the original host of Pwn2Own, a computer hacking contest with prizes of over $100,000.
- CSAW: Cyber Security Awareness Week Conference
Managed by students of the Information Systems and Internet Security (ISIS) Laboratory at the NYU Polytechnic School of Engineering, CSAW is currently the largest student-run cyber security event in the U.S. There are talks, events and contests.
DeepSec is an annual European conference on computer, network and application security that takes place in Vienna, Austria.
- DEF CON
Held annually in Las Vegas, DEF CON is one of the largest and most notorious hacking conferences in the world. In addition to talks, there are a huge variety of social events and contests.
Founded in 2011, DerbyCon is an annual hacker conference based in Louisville, Kentucky. You’ll find talks, workshops, games (e.g. scavenger hunts, hardware hacking, capture the flag) and more than a few parties.
- EICAR Conference
This European conference attracts experts from industry, government, military, law enforcement, academia, research and end-users to examine and discuss new research and development in all aspects of IT security.
Held in Luxembourg, this annual convention/conference addresses computer security, privacy, information technology and its implication on society.
- Hacker Halted
Hacker Halted is a global series of IT security conferences presented by EC-Council, the International Council of Electronic Commerce Consultants.
- The Hackers Conference
Held in India, this conference brings together industry leaders, government representatives, academics and underground black-hat hackers to share leading-edge ideas about information security.
- Hackito Ergo Sum
Paris in the springtime – Hackito is an annual open conference for hacking and security research.
- HITBSecConf: Hack In The Box Security Conference
Held in Kuala Lumpur, Malaysia and Amsterdam, HITBSecConf provides an annual platform for security researchers and IT professionals to discuss next generation computer security issues.
- ICMC: International Cryptographic Module Conference
ICMC brings together experts from around the world to discuss cryptographic modules, with emphasis on their secure design, implementation, assurance, and use. Held annually in the U.S.
- IEEE Symposium on Security and Privacy
Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy, in cooperation with the International Association for Cryptologic Research, this annual symposium addresses the latest issues in computer security and electronic privacy.
- NDSS (Network and Distributed System Security) Symposium
The annual NDSS Symposium is a three-day conference bringing together researchers and professionals who design, develop, exploit and deploy technologies that define network and distributed system security.
- NSPW: New Security Paradigms Workshop
NSPW is a small, invitation-only workshop for researchers in information security and related disciplines. Proceedings are published by the ACM.
Founded in 2010, Nullcon provides a platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Held annually in Delhi and Goa.
- RSA Security Conference
Founded by RSA in 1991, this conference is intended to serve as a forum for cryptographers to share the latest knowledge and advancements in the area of Internet security. Annual industry events in the U.S., Europe and Asia.
- SANS CDI: Cyber Defense Initiative
Thanks to SANS’s position as one of the biggest players in information security training and certification, the CDI conference draws a healthy crowd. This is where the Netwars Tournament of Champions takes place.
- S4: SCADA Security Scientific Symposium
Hosted by Digital Bond, S4 addresses advanced ICS security topics. It’s a technical event geared towards thought-leaders in the ICS security community.
- Secure 360
The banner child for the Midwest, Secure 360 is an educational conference for the information risk management and security industry. It is held annually in St. Paul, Minnesota.
- SecureWorld Expo
Held in New England, SecureWorld Expo is an annual conference providing globally relevant education, training and networking for cyber security professionals.
Based on the East Coast, ShmooCon is a popular hacker convention organized by a non-profit security think tank. It annually attracts 1000+ attendees interested in computer security and cryptography.
- SIN: International Conference on Security of Information and Networks
Founded in 2007, SIN Conf is a well-respected international forum for the presentation of research and applications of security in information and networks.
- SOURCE Conference
Hosted in Boston, Dublin and Seattle, this annual computer security conference attracts technology security experts, analysts, hackers, educators and business professionals.
- Swiss Cyber Storm
Held annually in Lucerne, Swiss Cyber Storm is an international IT security conference attended by researchers from around the world.
Chicago’s single-day hacking conference is held at a different top secret location every year. There are talks, workshops and live mixed hacker music.
- TROOPERS IT Security Conference
TROOPERS is an IT security conference held annually in Germany. Leading IT security experts and professionals present their latest research and findings.
- USENIX Security Symposium
The Advanced Computing Systems Association hosts this popular annual event in a variety of U.S. and Canadian cities. Researchers, practitioners, system administrators, system programmers and others interested in the latest advances in the security and privacy of computer systems and networks are invited to attend.
- VB: Virus Bulletin Conference
Sponsored by the publication Virus Bulletin, the VB conference has been in operation since 1990. The program caters for both technical and corporate audiences, covering a wide range of security-related subjects.