Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every month!

View Results
Filter Results
Whitepaper & report

2021 IT & Security Talent Pipeline Study

Professional development, Best practices
Actionable strategies to patch your cyber talent pipeline in a post-pandemic world.
Webinar & video

CSAM 2021 — Your Guide to the Perfect Awareness Campaign

Security awareness, Best practices
Cybersecurity Awareness Month is approaching fast! We’re here to help you launchyour most successful awareness campaign yet.
Watch now
Poster, infographic & tool

Cybersecurity Awareness Month Toolkit

Phishing, Security awareness
Ready for Cybersecurity Awareness Month? Get everything you need to jumpstart awareness at your organization and instill secure habits.
Whitepaper & report

Cybersecurity Culture — Quantified

Security awareness, Cybersecurity
See the data on the most overlooked variable in security and learn how to measure your organization's cybersecurity culture.
Webinar & video

CISA Resources to Reduce Ransomware Risk | Infosec Edge Webcast

Security awareness, Best practices, Cybersecurity
Join the CISA team as they discuss the state of ransomware, prevention guidance and free tools to help you reduce risk.
Watch now
Webinar & video

CMMC rollout: How CMMC will impact your organization | Infosec Edge Webcast

Professional development, Compliance, Cybersecurity, Certification
More than 300,000 organizations will be affected by the new CMMC Framework. Learn how your organization will be affected.
Watch now
Webinar & video

Infosec IQ instant demo: Cybersecurity for every employee

Phishing, Security awareness
Learn how Infosec IQ can help educate and empower your employees to be one of your greatest cybersecurity assets in this instant demo.
Watch now
Webinar & video

Infosec Skills instant demo: Close your team’s skills gap

Professional development, Best practices, Threat intel, Cybersecurity, Certification
Learn how Infosec Skills can help close your organization’s cybersecurity skills gap in this instant demo.
Watch now
Poster, infographic & tool

Infosec Skills course catalog

Professional development, Cybersecurity, Certification
Infosec Skills keeps your team's security skills fresh year-round with hundreds of courses mapped to the NICE Cybersecurity Workforce Framework.
Poster, infographic & tool

ROI of Security Awareness Calculator

Security awareness
Download our free calculator, input your organization's costs and measure your return on security awareness training.

How to become a secure coder | Cyber Work Podcast

Professional development, Cybersecurity
On today’s podcast Infosec Skills author Chrys Thorsen talks about founding IT Without Borders, a humanitarian organization built to empower underserved communities through capacity building information and communications technology (ICT) skills and information access. She’s also a consultant and educator. And, for our purpose, she is the author of several learning paths on our Infosec Skills platform. She has written course paths for Writing Secure Code in Android and Writing Secure Code in iOS, as well as a forthcoming CertNexus Cyber Secure Coder path.

0:00 - Intro
2:43 - Thorsen’s origin story in cybersecurity
4:53 - Gaining about 40 certifications
6:20 - Cross certification knowledge
7:25 - Great certification combos
8:45 - How useful are certifications?
11:12 - Collecting certifications
13:01 - Changing training landscape
14:20 - How teaching changed
16:36 - In-demand cybersecurity skills
17:48 - What is secure coding?
19:34 - Secure coders versus coders
20:31 - Secure coding in iOS versus Android
22:39 - CertNexus secure coder certification
24:13 - Secure coding before coding
24:42 - Secure coding curriculum
26:27 - Recommended studies post secure coding
26:50 - Benefits to skills-based education
27:43 - Tips for lifelong learning
29:29 - Cybersecurity education’s future
30:54 - IT Without Borders
33:38 - Outro
Listen now

How to use the MITRE ATT&CK matrix

Professional development, Cybersecurity
The MITRE ATT&CK® enterprise matrix outlines how real-world adversaries operate. Use it to help develop your team's cybersecurity skills.
Watch Now

Learning Linux is key to building your cybersecurity skills | Cyber Work Podcast

Professional development, Cybersecurity
On today’s podcast Jasmine Jackson takes us through how you can get noticed on your resume, how Linux basics can set you up for learning other aspects of cybersecurity, and how capture the flag (CTF) activities are crucial to enriching your work skills. Jackson has over 10 years of information security experience and shares her passion for cybersecurity by presenting and teaching workshops, including new courses now available in Infosec Skills. She is currently the Jeopardy-style CTF coach for the inaugural U.S. Cyber Games and works as a senior application security engineer for a Fortune 500 company.

0:00 - Intro
3:08 - Jasmine Jackson’s origin story
4:25 - Winning a computer
6:22 - Jackson’s career path
13:46 - Thoughts on certifications
19:10 - Ideal job description
21:01 - Most important cybersecurity skills
22:54 - Linux fundamentals class
25:07 - What does knowing Linux do for you?
26:35 - How to build upon a Linux foundation
28:51 - Benefits to skills training
29:50 - Tips for lifelong learning
31:30 - Coaching in the U.S. Cyber Games
34:26 - How are team members chosen for the games?
37:47 - An intriguing CTF puzzle
41:43 - Where is cybersecurity education heading?
43:36 - Learn more about Jackson
46:33 - Outro
Listen now

How to configure a network firewall

Professional development, Cybersecurity
Learn the basics of setting up a network firewall, including stateful vs. stateless firewalls, setting up access control lists and more.
Watch Now
Webinar & video

CompTIA PenTest+: Everything you need to know about the new exam | Infosec Edge Webcast

Professional development, Certification
CompTIA's PenTest+ certification is being updated to align with the most up-to-date penetration testing skills requested by employers in 2021.
Register now
Webinar & video

CompTIA CASP+: Everything you need to know about the new exam | Infosec Edge Webcast

Professional development, Certification
CompTIA's popular CASP+ certification is getting an overhaul heading into 2022 to ensure it validates the most relevant and in-demand skills.
Register now
Webinar & video

Putting the security in DevSecOps | ISACA and Infosec webcast

Professional development, Cybersecurity
DevSecOps is about adding security into every aspect of the software development lifecycle. Learn who should be doing this, and how, in this on-demand webcast.
Watch now

4 network utilities every security pro should know

Professional development, Cybersecurity
Command line utilities are useful in a variety of scenarios. Learn how, and when, you can use Ping, Netstat, Traceroute and ARP.
Watch Now
Webinar & video

CompTIA Network+: Everything you need to know about the new exam | Infosec Edge Webcast

Professional development, Certification
CompTIA's Network+ certification is getting an update in September 2021. Learn how the new exam is changing, and why, from CompTIA's Randall Edwards.
Watch now

Episode 200 extravaganza! Best of the Cyber Work Podcast (and $1,000 in prizes!)

Professional development, Security awareness, Best practices, Threat intel, Cybersecurity, Certification
PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.

In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays!

To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH.

Huge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!

0:00 - Intro
0:42 - Monthly challenges and $1,000 in prizes!
1:30 - Cyber Work Podcast origins
2:32 - First episode with Leighton Johnson
3:16 - Finding our first guests
3:46 - Keatron Evans on incident response
6:54 - Susan Morrow on two-factor authentication
8:54 - Susan Morrow on GDPR
11:03 - Susan Morrow on "booth babes" and speaking up
13:20 - Alissa Knight on getting arrested for hacking at 17
16:39 - Alissa Knight on API security
19:14 - Ron Gula on cybersecurity challenges
23:23 - Amber Schroader on the real work of digital forensics
26:19 - Theme of the Cyber Work Podcast
27:01 - Jeff Williams on creating the OWASP Top Ten
31:23 - David Balcar on the biggest APTs
33:46 - Elie Bursztein on breaking into cybersecurity
37:37 - Sam King on AppSec frameworks and analysis
41:17 - Gary DeMercurio on getting arrested for red teaming
47:19 - Eric Milam on the BAHAMUT threat group
53:39 - Feedback from Cyber Work Podcast listeners
55:16 - Alyssa Miller on finding your career path
57:24 - Amber Schroader on computer forensics tasks
59:07 - Richard Ford on malware analyst careers
1:02:02 - Career action you can take today
1:02:19 - Rita Gurevich on reading and learning
1:03:20 - Snehal Antani on transitioning careers
1:04:26 - Promoting underrepresented voices
1:05:09 - Mari Galloway on women in cybersecurity
1:05:31 - Alyssa Miller on diversity "dog whistles"
1:10:11 - Christine Izuakor on creating role models
1:10:52 - We want to hear your story
1:11:40 - Monthly challenges and outro
Listen now

How to use Nmap and other network scanners

Professional development, Cybersecurity
What's on your network, or someone else's? Use free network scanning tools like Nmap, Zenmap and advanced port scanner and find out.
Watch Now

How to excel at penetration testing | Cyber Work Podcast

Professional development, Cybersecurity
Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.

0:00 - Intro
5:26 - Becoming a world-class pentester
13:55 - 2004 pentesting versus now
17:25 - Early years of pentesting
19:30 - Natural skills to be a pentester
23:12 - Advice for aspiring pentesting
25:50 - Working in pentesting
27:50 - Red teaming
31:08 - How to be a great pentester
33:04 - Learn about CREST
36:13 - What should be on my resume?
37:45 - Cyberis Limited
40:25 - Diversity and inclusion
43:42 - The human cost of social engineering
50:06 - Training staff positively
52:54 - Current projects
54:20 - Outro
Listen now

Becoming an ethical hacker with Offensive Security CEO Ning Wang | Cyber Work Podcast

Professional development, Cybersecurity, Certification
Ning Wang of Offensive Security talks to us about her role as CEO of Offensive Security. In her role she is responsible for the company culture, vision, strategy and execution. We talk about Wang’s cybersecurity journey, her direction at OffSec and the ways that white hat hackers can be recruited into the industry, possibly riding the interest of big news-story hacking events like the Colonial Pipeline hack to do so.

0:00 - Intro
2:21 - Origin story
5:31 - Changing careers
7:46 - Skills learned throughout Wang’s career
11:46 - Taking a chance on a new career
12:50 - What is Offensive Security?
16:19 - Try harder mindset
19:42 - Offensive Security certification
23:02 - Recruiting ethical hackers
28:12 - Civic responsibility
33:10 - Ethical hacking job specialties
36:49 - Tips for ethical hacking learners
40:09 - Women in cybersecurity
43:56 - Offensive Security’s future
46:35 - Feedback from students
48:11 - Learn more about Wang OS
48:48 - Outro
Listen now

How to use Wireshark for protocol analysis

Professional development, Best practices, Compliance, Cybersecurity
Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump. Then try it yourself!
Watch Now