Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every month!

View Results
Filter Results
Whitepaper & report

Cybersecurity talent development playbook

Professional development, Best practices, Cybersecurity
12 pre-built training plans to help teams identify, upskill and retain cybersecurity talent
Download Playbook

Security education with heart: how St. Catherine’s secures their community with hands-on cyber training

Phishing, Security awareness, Best practices, Cybersecurity
Learn how Mike Urbanki's team improved St. Catherine’s security posture and employee engagement by focusing on proactive security awareness training and incentive programs.
Read more
Case study

Angel Sayani earns 13th certification at age 19

Professional development, Cybersecurity, Certification
We sat down with Angel Sayani, a 19-year-old entrepreneur and app developer that passed 13 certification exams within just seven months, to learn about her training success.
Read more

How Milwaukee County utilizes Infosec IQ to enhance their organization’s cybersecurity culture

Phishing, Security awareness, Best practices, Cybersecurity
Jason Scherer from Milwaukee County has reinvigorated their security awareness training program over the past two years to build a stronger cybersecurity culture and drive engagement
Read more
Whitepaper & report

The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022

Security awareness
Read The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 to learn why Infosec was among the top two ranked solutions for Current Offering based on learner content, risk quantification, reporting capabilities criteria, security culture betterment and other criteria.

How Leidos identifies, trains and retains world-class cybersecurity talent with help from Infosec Skills

Professional development, Best practices, Cybersecurity
Nearly three years ago, Slim helped establish Leidos’ CyberEDGE Academy. EDGE is an acronym for Engage, Develop, Grow, Experience. The six-month training program is supported by Infosec Skills.
Read more
Case study

Cyberjutsu Scholarship Winner, Mansi Thakar, earns her PMP with Infosec Skills

Professional development, Cybersecurity, Certification
We sat down with Mansi Thakar, a cybersecurity professional and Women’s Society of Cyberjustu (WSC) scholarship winner that used her lifetime access to Infosec Skills to earn her PMP certification.
Read more
Whitepaper & report

Cybersecurity Culture — Quantified

Security awareness, Cybersecurity
See the data on the most overlooked variable in security and learn how to measure your organization's cybersecurity culture.
Webinar & video

CMMC rollout: How CMMC will impact your organization | Infosec Edge Webcast

Professional development, Compliance, Cybersecurity, Certification
More than 300,000 organizations will be affected by the new CMMC Framework. Learn how your organization will be affected.
Watch now
Poster, infographic & tool

Infosec IQ training module catalog

Security awareness
Educate and engage your employees with the industry’s leading security awareness and training modules.
Poster, infographic & tool

Infosec Skills course catalog

Professional development, Cybersecurity, Certification
Infosec Skills keeps your team's security skills fresh year-round with hundreds of courses mapped to the NICE Cybersecurity Workforce Framework.
Poster, infographic & tool

ROI of Security Awareness Calculator

Security awareness
Use industry averages from Osterman Research to instantly calculate your return on security awareness training, or customize your results with data from your own organization’s data.
Calculate ROI

Keeping your inbox safe: Real-life BEC attacks and email fraud careers | Guest John Wilson

Professional development, Phishing, Security awareness, Cybersecurity
Today's episode is all about email fraud. John Wilson, head of the cyber intelligence division at Agari by HelpSystems, discusses Business Email Compromise (BEC), spearphishing, whaling, romance fraud and more. If you can name it, John’s studied it. And he's likely collected intel that’s managed to freeze cybercriminals’ assets — and even put them away. He gives career tips and advice for engaging in threat research at all levels, we discuss the pyrrhic victory that is the modern spam filter, and John tells me why BEC fraud hunters’ best asset is a degree in psychology! All that and loads more, today on Cyber Work!

0:00 - Free cybersecurity training resources
0:58 - Overview of today's episode
1:58 - Who is John Wilson?
3:02 - Getting into cybersecurity
4:58 - How spam has evolved over the years
8:12 - Why pursue a career in fraud?
11:10 - 3 primary vectors for email attacks
15:20 - Is BEC ever an insider threat?
16:16 - Is education making a difference on BEC attacks?
20:55 - Tracking down BEC actors and recovering assets
23:50 - Two angles to preventing BEC attacks
29:12 - Careers related to BEC and phishing prevention
34:42 - How to gain cybersecurity experience and get hired
37:25 - Agari and email fraud protection
42:16 - Outro
Listen now
Webinar & video

Cybersecurity project management: A peek behind the curtain | Cyber Work Live

Professional development, Cybersecurity
Have you considered a career as a cybersecurity project manager? Join our live panel to learn all about this exciting career path.
Register now

Cybersecurity has a marketing problem — and we’re going to fix it | Cyber Work Podcast

Professional development, Cybersecurity
On today's episode, we're breaking down phrases you've heard a million times: “security is everyone’s job,” “humans are the weakest link in the security chain,” “it’s not if you get breached, but when.” Returning guest Alyssa Miller drills into these comforting nostrums and explains why, even when they’re used for well-intended purposes, they often act to limit the conversation and the options, rather than address the hard work needed to overcome these evergreen problems. You’re not going to want to miss this one, folks! It’s all that, plus a little bit of book talk, today on Cyber Work!

0:00 - Intro
1:38 - Alyssa's tweet that inspired this episode
4:00 - Why you need to read the Cybersecurity Career Guide
9:10 - Cybersecurity platitudes and clichés
11:30 - Cliché 1: "It's not if you get breached, but when"
18:44 - Cliché 2:"Just patch your shit"
24:58 - Cliché 3: "Users are the weakest link"
32:34 - Cliché 4: "Security is everyone's job"
35:52 - Cliché 5: What is a "quality gate"?
44:14 - Cliché 6: "You just need passion to get hired"
48:14 - How to write a better cybersecurity job description
50:15 - Business value of diversity and inclusion
52:52 - Building a security champions program
55:12 - Where can you connect with Alyssa Miller?
56:44 - Outro
Listen now

What does a secure coder do? | Cybersecurity Career Series

Professional development, Cybersecurity
Secure coders are responsible for developing and writing secure code in a way that protects against security vulnerabilities like bugs, defects and logic flaws. They take proactive steps to introduce secure coding methodologies before the application or software is introduced into a production environment, often following recommendations from the Open Web Application Security Project (OWASP) Foundation.

0:00 - Intro
0:25 - What does a secure coder do?
5:48 - How do you become a secure coder?
9:46 - What skills do secure coders need?
12:28 - What tools do secure coders use?
17:08 - What roles can secure coders transition into?
19:50 - What to do right now to become a secure coder
Listen now

Cybersecurity jobs: How to better apply, get hired and fill open roles | Cyber Work Podcast

Professional development, Security awareness, Cybersecurity
Diana Kelley returns to the show to discuss her work as a board member of the Cyber Future Foundation and the goings-on at this year’s Cyber Talent Week. Whether you’re a cybersecurity hiring manager who doesn’t know why you’re not getting the applicants you want, a candidate who hears the profession has 0% unemployment but still can’t seem to get a callback or anyone in between, DO. NOT. MISS. THIS. EPISODE. This is one for the books, folks.

0:00 - Cybersecurity hiring and job searching
4:30 - Diana Kelley of Cyber Future Foundation
9:00 - Cyber Future Foundation talent week
13:58 - Reexamining cybersecurity job descriptions
21:52 - Cybersecurity hiring manager and applicant training
27:10 - Strategies to bring in diverse talent from other industries
33:06 - Narrowing your cybersecurity job pursuit
39:37 - Using different educations in cybersecurity roles
41:32 - Implementing an educational pipeline
44:40 - Hiring based on strong skills from other trades
48:22 - Cybersecurity apprenticeships
53:22 - Fostering cybersecurity community value
59:09 - Diana Kelley's future projects
1:00:30 - Outro
Listen now

Ethical user data collection and machine learning | Cyber Work Podcast

Professional development, Security awareness, Cybersecurity
Today on Cyber Work Ché Wijesinghe of Cape Privacy talks about the safe and ethical collection of user data when creating machine learning or predictive models. When your bank is weighing whether to give you a loan, they can make a better choice the more info they know about you. But how secure is that contextual data? Hint: not as secure as Wijesinghe would like!

0:00 - Machine learning and data collection
2:37 - Getting started in cybersecurity
3:15 - Being drawn to big data
4:35 - What data is driving decision-making?
9:04 - How is data collection regulated?
15:02 - Closing the encryption gap
16:50 - Careers in data privacy
19:07 - Where can you move from data privacy?
21:20 - Ethics of data collection
23:25 - Learn more about Wijesinghe
23:55 - Outro
Listen now

Working as a privacy manager | Cybersecurity Career Series

Professional development, Cybersecurity
A Privacy Manager is responsible for the development, creation, maintenance and enforcement of the privacy policies and procedures of an organization. They ensure compliance with all privacy-related laws and regulations. The Privacy Manager takes an active lead role when a privacy incident or data breach occurs and will start the investigation. They will then monitor, track and resolve any privacy issues. The Privacy Manager builds a strategic and comprehensive privacy program for their organization that minimizes risk and ensures the confidentiality of protected information.

Advanced knowledge of privacy law and data protection is critical to success in this role.

0:00 - Working as a privacy manager
0:40 - What does a privacy manager do?
3:02 - Experience a privacy manager needs
5:15 - Is college necessary for a privacy manager?
8:05 - Skills needed to be a privacy manager
10:30 - What tools does a privacy manager use?
11:15 - Where do privacy managers work?
12:15 - Roles privacy managers can move to
13:30 - How do I get started becoming a privacy manager?
Listen now

What does a cybersecurity beginner do? | Cybersecurity Career Series

Professional development, Cybersecurity
Just getting started? This role is for you!

The Cybersecurity Beginner role focuses on the foundational skills and knowledge that will allow anyone to take the first step towards transitioning into a cybersecurity career. No prior knowledge of cybersecurity or work experience is required. The only prerequisite is a passion for technology and cybersecurity.

0:00 - Working as a cybersecurity beginner
0:41 - Tasks a cybersecurity beginner may take on
4:15 - Cybersecurity work imposter syndrome
5:49 - Common tools cybersecurity beginners use
9:08 - Jobs for cybersecurity beginners
13:50 - Get started in cybersecurity
Listen now

What does an ICS security practitioner do? | Cybersecurity Career Series

Professional development, Cybersecurity
Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.

0:00 - ICS security practitioners
0:25 - What is an industrial control system practitioner?
2:22 - How to become an ICS practitioner
4:00 - Education required for an ICS practitioner
5:00 - Soft skills ICS practitioners need
6:05 - Common tools ICS practitioners use
7:59 - Where do ICS practitioners work?
10:05 - Can I move to another role after ICS practitioner?
12:18 - Getting started as an ICS practitioner
Listen now

A public discussion about privacy careers: Training, certification and experience | Cyber Work Live

Professional development, Compliance, Cybersecurity
Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!

0:00 - Intro and guests
3:45 - What is privacy as a career?
8:15 - Day-to-day work of a cybersecurity privacy professional?
16:45 - Intersection of law and tech degrees
20:30 - What beginner privacy certifications should I pursue?
25:45 - Best practices for studying for IAPP certifications
33:00 - How to gain experience in cybersecurity privacy work
40:27 - How to interview for a cybersecurity privacy job
45:00 - GDPR and ransomware
51:52 - Implementation of privacy laws and security positions
58:15 - Outro
Listen now

What does a security engineer do? | Cybersecurity Career Series

Professional development, Cybersecurity
Security engineers are responsible for implementing and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.

0:00 - What is a security engineer?
3:39 - How do I become a security engineer?
4:52 - Studying to become a security engineer
5:47 - Soft skills for security engineers
7:05 - Where do security engineers work?
9:43 - Tools for security engineers
12:10 - Roles adjacent to security engineer
13:15 - Become a security engineer right now
Listen now

What does an information risk analyst do? | Cybersecurity Career Series

Professional development, Cybersecurity
Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.

0:00 - Information risk analyst career
0:30 - Day-to-day tasks of an information risk analyst
2:09 - How to become an information risk analyst
4:00 - Training for an information risk analyst role
5:42 - Skills an information risk analyst needs
9:24 - Tools information risk analysts use
10:51 - Jobs for information risk analysts
13:08 - Other jobs information risk analysts can do
18:05 - First steps to becoming an information risk analyst
Listen now