I published the first Downclimb a little over a year ago so I want to take a moment to explain why I do it and what it is. For a year and a half prior to the first Downclimb, I had been writing something similar internally for the company I worked at. The purpose then, and now, has been to summarize the week’s infosec news to help people keep informed of trends, advances, and tools to help them do their jobs.
There is no automated algorithm for this. I use the old-fashioned technique of “read everything and choose what to keep.” I scour RSS feeds, Twitter, and a few other sources, like word of mouth. A lot of infosec news goes to Twitter, which is actually a big game that many people play, where the objective is to get as much signal as possible, without being flooded by drama and drivel. I’ve been playing for years and am still losing. That’s why Downclimb exists. That’s why I was paid to do this previously and why I do it now as an attempt at giving back to the community, because it’s time consuming trying to read everything and not miss anything, and I know my readers’ time is valuable.
My goal with Downclimb is to keep it as focused as possible. I cut through all the marketing and try to extract out what is important from stories. I try to fact check stories and give enough back-story to help people understand the value of the articles I link to. I try keep it unbiased, but inevitably I’m not entirely impartial. I focus on stories that interest me, which tends to lean more towards helping enterpise defenders.
The hardest part is deciding what to cut out. There is a lot of great research, but sometimes it’s so focused that I don’t think it will apply to my general readership and the readers that are interested in that niche will come across that specific research through other means.
Downclimb is ordered with the top stories at the start. In the middle is some business, conference materials, and tools sections, and a catch-all section at the bottom. There is also a “newspaper news” section which is news that I often don’t think is important, but people in infosec should know about.
Although reading material, filtering it, and writing Downclimb each week takes time, it’s not nearly as much time and effort as all the great researchers and developers have put into the original content that I pull from. Thank you to all of them.
For those curious, the name “Downclimb” is a mountaineering term which often ends up meaning simply to climb down whatever mountain you just climbed up, so it’s like going back the way you came and remembering all the things you passed by. It also sounds like “downtime”, so you should read Downclimb over your Monday morning coffee or Sunday evening.