Security Awareness & Training Resource Center

Actionable strategies to patch your cyber talent pipeline in a post-pandemic world.

Cybersecurity Awareness Month is approaching fast! We’re here to help you launchyour most successful awareness campaign yet.

Ready for Cybersecurity Awareness Month? Get everything you need to jumpstart awareness at your organization and instill secure habits.

See the data on the most overlooked variable in security and learn how to measure your organization's cybersecurity culture.

Join the CISA team as they discuss the state of ransomware, prevention guidance and free tools to help you reduce risk.

More than 300,000 organizations will be affected by the new CMMC Framework. Learn how your organization will be affected.

Learn how Infosec IQ can help educate and empower your employees to be one of your greatest cybersecurity assets in this instant demo.

Learn how Infosec Skills can help close your organization’s cybersecurity skills gap in this instant demo.

Infosec Skills keeps your team's security skills fresh year-round with hundreds of courses mapped to the NICE Cybersecurity Workforce Framework.

Download our free calculator, input your organization's costs and measure your return on security awareness training.

On today’s podcast Infosec Skills author Chrys Thorsen talks about founding IT Without Borders, a humanitarian organization built to empower underserved communities through capacity building information and communications technology (ICT) skills and information access. She’s also a consultant and educator. And, for our purpose, she is the author of several learning paths on our Infosec Skills platform. She has written course paths for Writing Secure Code in Android and Writing Secure Code in iOS, as well as a forthcoming CertNexus Cyber Secure Coder path.

0:00 - Intro
2:43 - Thorsen’s origin story in cybersecurity
4:53 - Gaining about 40 certifications
6:20 - Cross certification knowledge
7:25 - Great certification combos
8:45 - How useful are certifications?
11:12 - Collecting certifications
13:01 - Changing training landscape
14:20 - How teaching changed
16:36 - In-demand cybersecurity skills
17:48 - What is secure coding?
19:34 - Secure coders versus coders
20:31 - Secure coding in iOS versus Android
22:39 - CertNexus secure coder certification
24:13 - Secure coding before coding
24:42 - Secure coding curriculum
26:27 - Recommended studies post secure coding
26:50 - Benefits to skills-based education
27:43 - Tips for lifelong learning
29:29 - Cybersecurity education’s future
30:54 - IT Without Borders
33:38 - Outro

The MITRE ATT&CK® enterprise matrix outlines how real-world adversaries operate. Use it to help develop your team's cybersecurity skills.

On today’s podcast Jasmine Jackson takes us through how you can get noticed on your resume, how Linux basics can set you up for learning other aspects of cybersecurity, and how capture the flag (CTF) activities are crucial to enriching your work skills. Jackson has over 10 years of information security experience and shares her passion for cybersecurity by presenting and teaching workshops, including new courses now available in Infosec Skills. She is currently the Jeopardy-style CTF coach for the inaugural U.S. Cyber Games and works as a senior application security engineer for a Fortune 500 company.

0:00 - Intro
3:08 - Jasmine Jackson’s origin story
4:25 - Winning a computer
6:22 - Jackson’s career path
13:46 - Thoughts on certifications
19:10 - Ideal job description
21:01 - Most important cybersecurity skills
22:54 - Linux fundamentals class
25:07 - What does knowing Linux do for you?
26:35 - How to build upon a Linux foundation
28:51 - Benefits to skills training
29:50 - Tips for lifelong learning
31:30 - Coaching in the U.S. Cyber Games
34:26 - How are team members chosen for the games?
37:47 - An intriguing CTF puzzle
41:43 - Where is cybersecurity education heading?
43:36 - Learn more about Jackson
46:33 - Outro

Learn the basics of setting up a network firewall, including stateful vs. stateless firewalls, setting up access control lists and more.

CompTIA's PenTest+ certification is being updated to align with the most up-to-date penetration testing skills requested by employers in 2021.

CompTIA's popular CASP+ certification is getting an overhaul heading into 2022 to ensure it validates the most relevant and in-demand skills.

DevSecOps is about adding security into every aspect of the software development lifecycle. Learn who should be doing this, and how, in this on-demand webcast.

Command line utilities are useful in a variety of scenarios. Learn how, and when, you can use Ping, Netstat, Traceroute and ARP.

CompTIA's Network+ certification is getting an update in September 2021. Learn how the new exam is changing, and why, from CompTIA's Randall Edwards.

PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.

In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays!

To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH.

Huge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!

0:00 - Intro
0:42 - Monthly challenges and $1,000 in prizes!
1:30 - Cyber Work Podcast origins
2:32 - First episode with Leighton Johnson
3:16 - Finding our first guests
3:46 - Keatron Evans on incident response
6:54 - Susan Morrow on two-factor authentication
8:54 - Susan Morrow on GDPR
11:03 - Susan Morrow on "booth babes" and speaking up
13:20 - Alissa Knight on getting arrested for hacking at 17
16:39 - Alissa Knight on API security
19:14 - Ron Gula on cybersecurity challenges
23:23 - Amber Schroader on the real work of digital forensics
26:19 - Theme of the Cyber Work Podcast
27:01 - Jeff Williams on creating the OWASP Top Ten
31:23 - David Balcar on the biggest APTs
33:46 - Elie Bursztein on breaking into cybersecurity
37:37 - Sam King on AppSec frameworks and analysis
41:17 - Gary DeMercurio on getting arrested for red teaming
47:19 - Eric Milam on the BAHAMUT threat group
53:39 - Feedback from Cyber Work Podcast listeners
55:16 - Alyssa Miller on finding your career path
57:24 - Amber Schroader on computer forensics tasks
59:07 - Richard Ford on malware analyst careers
1:02:02 - Career action you can take today
1:02:19 - Rita Gurevich on reading and learning
1:03:20 - Snehal Antani on transitioning careers
1:04:26 - Promoting underrepresented voices
1:05:09 - Mari Galloway on women in cybersecurity
1:05:31 - Alyssa Miller on diversity "dog whistles"
1:10:11 - Christine Izuakor on creating role models
1:10:52 - We want to hear your story
1:11:40 - Monthly challenges and outro

What's on your network, or someone else's? Use free network scanning tools like Nmap, Zenmap and advanced port scanner and find out.

Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.

0:00 - Intro
5:26 - Becoming a world-class pentester
13:55 - 2004 pentesting versus now
17:25 - Early years of pentesting
19:30 - Natural skills to be a pentester
23:12 - Advice for aspiring pentesting
25:50 - Working in pentesting
27:50 - Red teaming
31:08 - How to be a great pentester
33:04 - Learn about CREST
36:13 - What should be on my resume?
37:45 - Cyberis Limited
40:25 - Diversity and inclusion
43:42 - The human cost of social engineering
50:06 - Training staff positively
52:54 - Current projects
54:20 - Outro

Ning Wang of Offensive Security talks to us about her role as CEO of Offensive Security. In her role she is responsible for the company culture, vision, strategy and execution. We talk about Wang’s cybersecurity journey, her direction at OffSec and the ways that white hat hackers can be recruited into the industry, possibly riding the interest of big news-story hacking events like the Colonial Pipeline hack to do so.

0:00 - Intro
2:21 - Origin story
5:31 - Changing careers
7:46 - Skills learned throughout Wang’s career
11:46 - Taking a chance on a new career
12:50 - What is Offensive Security?
16:19 - Try harder mindset
19:42 - Offensive Security certification
23:02 - Recruiting ethical hackers
28:12 - Civic responsibility
33:10 - Ethical hacking job specialties
36:49 - Tips for ethical hacking learners
40:09 - Women in cybersecurity
43:56 - Offensive Security’s future
46:35 - Feedback from students
48:11 - Learn more about Wang OS
48:48 - Outro

Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump. Then try it yourself!