Keeping up in Information Security is a Red Queen's race. Personally, I follow hundreds of blogs through RSS, and hundreds of "securitytwits" on Twitter, just to keep up.

There were many interesting articles in 2009.  I have gone through the ones that I've shared on Google Reader (an interesting walk down memory lane) and created a list of my ten favorite must-read InfoSec articles from 2009.  These are articles that either changed or solidified my thinking on a particular area of InfoSec.  They are listed below in no particular order:

• Verizon Data Breach Investigations Report and Supplemental Report
• Microsoft Security Intelligence Report (SIR)
• SANS Twenty Critical Controls for Effective Cyber Defense: Consensus Audit
• NIST Security Content Automation Protocol (SCAP)
• Cloud Security Alliance Guidance
• Marcus Ranum "The Anatomy of Security Disasters"
• Richard Bejtlich "Protect the Data Idiot!"
• Richard Bejtlich "The Problem with Automated Defenses"
• Richard Bejtlich "Defender's Dilemma vs Intruder's Dilemma"
• Ian Charters "Could the Titanic Have Changed Course?"

Wishing you a happy, productive, and safe New Year,

Christopher