Security Awareness & Training Resource Center
Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every month!
Topic
Type
View Results
Filter Results
The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022
Security awareness
Read The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 to learn why Infosec was among the top two ranked solutions for Current Offering based on learner content, risk quantification, reporting capabilities criteria, security culture betterment and other criteria.
Download
How Leidos identifies, trains and retains world-class cybersecurity talent with help from Infosec Skills
Professional development, Best practices, Cybersecurity
Nearly three years ago, Slim helped establish Leidos’ CyberEDGE Academy. EDGE is an acronym for Engage, Develop, Grow, Experience. The six-month training program is supported by Infosec Skills.
Read more
Cyberjutsu Scholarship Winner, Mansi Thakar, earns her PMP with Infosec Skills
Professional development, Cybersecurity, Certification
We sat down with Mansi Thakar, a cybersecurity professional and Women’s Society of Cyberjustu (WSC) scholarship winner that used her lifetime access to Infosec Skills to earn her PMP certification.
Read more
Cybersecurity Culture — Quantified
Security awareness, Cybersecurity
See the data on the most overlooked variable in security and learn how to measure your organization's cybersecurity culture.
Download
CMMC rollout: How CMMC will impact your organization | Infosec Edge Webcast
Professional development, Compliance, Cybersecurity, Certification
More than 300,000 organizations will be affected by the new CMMC Framework. Learn how your organization will be affected.
Watch now
Infosec IQ training module catalog
Security awareness
Educate and engage your employees with the industry’s leading security awareness and training modules.
Download
Infosec Skills course catalog
Professional development, Cybersecurity, Certification
Infosec Skills keeps your team's security skills fresh year-round with hundreds of courses mapped to the NICE Cybersecurity Workforce Framework.
Download
ROI of Security Awareness Calculator
Security awareness
Use industry averages from Osterman Research to instantly calculate your return on security awareness training, or customize your results with data from your own organization’s data.
Calculate ROI
A public discussion about privacy careers: Training, certification and experience | Cyber Work Live
Professional development, Compliance, Cybersecurity
Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!
0:00 - Intro and guests
3:45 - What is privacy as a career?
8:15 - Day-to-day work of a cybersecurity privacy professional?
16:45 - Intersection of law and tech degrees
20:30 - What beginner privacy certifications should I pursue?
25:45 - Best practices for studying for IAPP certifications
33:00 - How to gain experience in cybersecurity privacy work
40:27 - How to interview for a cybersecurity privacy job
45:00 - GDPR and ransomware
51:52 - Implementation of privacy laws and security positions
58:15 - Outro
0:00 - Intro and guests
3:45 - What is privacy as a career?
8:15 - Day-to-day work of a cybersecurity privacy professional?
16:45 - Intersection of law and tech degrees
20:30 - What beginner privacy certifications should I pursue?
25:45 - Best practices for studying for IAPP certifications
33:00 - How to gain experience in cybersecurity privacy work
40:27 - How to interview for a cybersecurity privacy job
45:00 - GDPR and ransomware
51:52 - Implementation of privacy laws and security positions
58:15 - Outro
Listen now
What does a security engineer do? | Cybersecurity Career Series
Professional development, Cybersecurity
Security engineers are responsible for implementing and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.
0:00 - What is a security engineer?
3:39 - How do I become a security engineer?
4:52 - Studying to become a security engineer
5:47 - Soft skills for security engineers
7:05 - Where do security engineers work?
9:43 - Tools for security engineers
12:10 - Roles adjacent to security engineer
13:15 - Become a security engineer right now
0:00 - What is a security engineer?
3:39 - How do I become a security engineer?
4:52 - Studying to become a security engineer
5:47 - Soft skills for security engineers
7:05 - Where do security engineers work?
9:43 - Tools for security engineers
12:10 - Roles adjacent to security engineer
13:15 - Become a security engineer right now
Listen now
What does an information risk analyst do? | Cybersecurity Career Series
Professional development, Cybersecurity
Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.
0:00 - Information risk analyst career
0:30 - Day-to-day tasks of an information risk analyst
2:09 - How to become an information risk analyst
4:00 - Training for an information risk analyst role
5:42 - Skills an information risk analyst needs
9:24 - Tools information risk analysts use
10:51 - Jobs for information risk analysts
13:08 - Other jobs information risk analysts can do
18:05 - First steps to becoming an information risk analyst
0:00 - Information risk analyst career
0:30 - Day-to-day tasks of an information risk analyst
2:09 - How to become an information risk analyst
4:00 - Training for an information risk analyst role
5:42 - Skills an information risk analyst needs
9:24 - Tools information risk analysts use
10:51 - Jobs for information risk analysts
13:08 - Other jobs information risk analysts can do
18:05 - First steps to becoming an information risk analyst
Listen now
The importance of cyber threat research | Cyber Work Podcast
Professional development, Security awareness, Cybersecurity
Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything.
0:00 - Cybersecurity threat research
2:21 - Getting interested in computers
3:25 - Penetration testing and threat research
6:15 - Code vulnerabilities
10:58 - Research process for vulnerabilities
17:05 - Proper reporting of threats
23:11 - Full disclosure vs proper disclosure
25:53 - Current security threats
30:20 - Day-to-day work of security researchers
32:02 - Tips for working in pentesting
35:32 - What is Apiiro?
39:11 - Learn more about Moshe Zioni
39:42 - Outro
0:00 - Cybersecurity threat research
2:21 - Getting interested in computers
3:25 - Penetration testing and threat research
6:15 - Code vulnerabilities
10:58 - Research process for vulnerabilities
17:05 - Proper reporting of threats
23:11 - Full disclosure vs proper disclosure
25:53 - Current security threats
30:20 - Day-to-day work of security researchers
32:02 - Tips for working in pentesting
35:32 - What is Apiiro?
39:11 - Learn more about Moshe Zioni
39:42 - Outro
Listen now
How to secure your software faster and better
Professional development, Best practices, Compliance, Cybersecurity
Learn how to better secure your software with this free ebook from Infosec Skills instructor and #1 best-selling author Ted Harrington.
Download
How to do application security right in your organization
Professional development, Cybersecurity, Certification
Don your virtual threat hunting gear and join Infosec Principal Security Researcher Keatron Evans as he goes sleuthing for cyber threats.
Register now
Security awareness and social engineering psychology | Cyber Work Podcast
Professional development, Phishing, Security awareness, Cybersecurity
Dr. Erik Huffman, a TEDx speaker, security researcher, host of the podcast MiC Club and all-around expert on security awareness and social engineering is today's guest. Huffman spoke at the 2021 Infosec Inspire virtual conference, and for those of you who were captivated by his presentation, prepare for another hour of Dr. Huffman’s insights on why we need to teach security awareness from insight, rather than fear or punishment, how positive name recognition in an email can short-circuit our common sense and how to keep your extrovert family members from answering those questions online about your first pet and the street you lived on as a child.
0:00 - Clicking on phishing attacks
3:13 - First getting into cybersecurity
5:00 - Higher education and cybersecurity
7:41 - Cybersecurity research projects
10:05 - Impacting a cybersecurity breach
11:14 - Security awareness and social engineering
15:45 - Common social engineering tricks
23:00 - Changing security habits
30:15 - Cybersecurity communication avenues
33:30 - Getting family members cyber safe
38:00 - Harvesting info via social media
42:13 - Working in security awareness and threat research
44:54 - Importance of white papers and documentation
55:04 - Learn more about Erik Huffman
56:00 - Outro
0:00 - Clicking on phishing attacks
3:13 - First getting into cybersecurity
5:00 - Higher education and cybersecurity
7:41 - Cybersecurity research projects
10:05 - Impacting a cybersecurity breach
11:14 - Security awareness and social engineering
15:45 - Common social engineering tricks
23:00 - Changing security habits
30:15 - Cybersecurity communication avenues
33:30 - Getting family members cyber safe
38:00 - Harvesting info via social media
42:13 - Working in security awareness and threat research
44:54 - Importance of white papers and documentation
55:04 - Learn more about Erik Huffman
56:00 - Outro
Listen now
Better cybersecurity practices for journalists | Cyber Work Podcast
Professional development, Cybersecurity
Marcus Fowler, senior vice president of strategic engagement and threats at DarkTrace, talks about attack vectors currently facing embedded journalists, their need to be available at all times for potential sources and how that openness makes them, their company and their confidential sources potential attack vectors for cybercriminals. Fowler talks about security hardening strategies that don’t compromise journalistic availability, the work of threat research and why people with natural interests in cybersecurity will have their career path choose them, not the other way around.
0:00 - Cybersecurity threats to journalists
3:00 - Getting into cybersecurity
5:50 - CIA cybersecurity training
7:18 - Joining DarkTrace in engagement threat roles
10:22 - Tasks with engagement threat jobs
13:22 - Cybersecurity work balance
17:49 - Advanced persistent threats against media
23:33 - Attack vectors journalists face
26:14 - Journalist cybersecurity savvy
28:08 - A truly secure journalism source
32:58 - Damage from a compromised source
36:05 - Main cybersecurity threats right now
38:37 - Qualifications needed to work as a threat researcher
42:52 - Safe cybersecurity jobs
47:05 - What is DarkTrace?
49:06 - Learn more about Marcus Fowler
50:11 - Outro
0:00 - Cybersecurity threats to journalists
3:00 - Getting into cybersecurity
5:50 - CIA cybersecurity training
7:18 - Joining DarkTrace in engagement threat roles
10:22 - Tasks with engagement threat jobs
13:22 - Cybersecurity work balance
17:49 - Advanced persistent threats against media
23:33 - Attack vectors journalists face
26:14 - Journalist cybersecurity savvy
28:08 - A truly secure journalism source
32:58 - Damage from a compromised source
36:05 - Main cybersecurity threats right now
38:37 - Qualifications needed to work as a threat researcher
42:52 - Safe cybersecurity jobs
47:05 - What is DarkTrace?
49:06 - Learn more about Marcus Fowler
50:11 - Outro
Listen now
What makes a good cyber range? | Cyber Work Podcast
Professional development, Cybersecurity
Justin Pelletier is the director of the cyber range program at the ESL Global Cybersecurity Institute at the Rochester Institute of Technology. Infosec Skills has some great cyber ranges, but Pelletier shows the organization’s massive, immersive simulations. Because they’ve also included cyber range technology for beginning cybersecurity pros transitioning from other jobs, we cover what’s involved in making a good cyber range, how to break down those early barriers of fear and self-doubt and how quickly you can move into a cyber career after hands-on training.
0:00 - Immersive cyber ranges
3:13 - Getting into cybersecurity
5:06 - Studying data breaches
11:03 - Cybersecurity at the Department of Defense
14:02 - Cyber range education at the RIT
16:20 - Work of the Global Cyber Range
24:20 - Cyber range scenarios
38:30 - What makes a good cyber range?
42:00 - Successfully getting into cybersecurity
45:33 - Cyber range upskilling
48:47 - Cybersecurity hiring changes
51:30 - Learn more about the cyber range center
52:30 - Outro
0:00 - Immersive cyber ranges
3:13 - Getting into cybersecurity
5:06 - Studying data breaches
11:03 - Cybersecurity at the Department of Defense
14:02 - Cyber range education at the RIT
16:20 - Work of the Global Cyber Range
24:20 - Cyber range scenarios
38:30 - What makes a good cyber range?
42:00 - Successfully getting into cybersecurity
45:33 - Cyber range upskilling
48:47 - Cybersecurity hiring changes
51:30 - Learn more about the cyber range center
52:30 - Outro
Listen now
Cybersecurity and all things privacy | Cyber Work Podcast
Professional development, Cybersecurity
Today's podcast highlights implementation privacy, policy privacy and all things privacy with privacy expert and Infosec Skills author and instructor Chris Stevens. From his years in the government’s office of national intelligence to his multiple IAPP certifications, Stevens is happy to tell you everything you ever wanted to know about careers in privacy, around privacy and careers that would be better with a helping of privacy skills on top!
0:00 - Cybersecurity privacy
3:30 - Getting interested in cybersecurity
4:40 - Cybersecurity in the Department of Defense
6:00 - Computer science studies
8:50 - Cybersecurity research
11:05 - Information privacy and privacy professionals
14:48 - What does U.S. privacy cover?
19:10 - Privacy certifications and more
21:36 - Privacy differences across countries
24:50 - Difference in privacy certifications
27:16 - Learning about privacy
30:16 - Positions available for information privacy
33:50 - Educational steps to work in privacy
36:00 - Getting a job in privacy
37:57 - Entry-level work in privacy roles
42:44 - How to stay on track in lifelong learning
46:37 - Cybersecurity education in the future
48:19 - Outro
0:00 - Cybersecurity privacy
3:30 - Getting interested in cybersecurity
4:40 - Cybersecurity in the Department of Defense
6:00 - Computer science studies
8:50 - Cybersecurity research
11:05 - Information privacy and privacy professionals
14:48 - What does U.S. privacy cover?
19:10 - Privacy certifications and more
21:36 - Privacy differences across countries
24:50 - Difference in privacy certifications
27:16 - Learning about privacy
30:16 - Positions available for information privacy
33:50 - Educational steps to work in privacy
36:00 - Getting a job in privacy
37:57 - Entry-level work in privacy roles
42:44 - How to stay on track in lifelong learning
46:37 - Cybersecurity education in the future
48:19 - Outro
Listen now
Working in DevOps | Cyber Work Podcast
Professional development, Cybersecurity
Steve Pereira of Visible Value Stream Consulting discusses DevOps, SecOps, DevSecOps and his own lifelong love of streamlining projects. You’ll hear how his dad’s job with Bell Telephone facilitated his early explorations, the intersections of DevOps and Agile, the ever-important security component of it all and why following your interests and not the big money payouts might not work in the short run, but ultimately will get you where you want to go in the end.
0:00 - Intro
2:35 - Cybersecurity origin story
6:02 - Build and release engineering
9:27 - Tech and business
11:20 - DevOps projects
12:10 - Automating yourself out of your job
13:44 - What is DevOps?
23:45 - Method for DevOps success
31:47 - Development team vs security team
36:03 - DevOps history and Agile
44:50 - How do I work in DevOps?
52:09 - Visible Value Stream Consulting
54:42 - Outro
0:00 - Intro
2:35 - Cybersecurity origin story
6:02 - Build and release engineering
9:27 - Tech and business
11:20 - DevOps projects
12:10 - Automating yourself out of your job
13:44 - What is DevOps?
23:45 - Method for DevOps success
31:47 - Development team vs security team
36:03 - DevOps history and Agile
44:50 - How do I work in DevOps?
52:09 - Visible Value Stream Consulting
54:42 - Outro
Listen now
Working as a digital forensics analyst | Cybersecurity Career Series
Professional development, Cybersecurity
Digital forensics analysts collect, analyze and interpret digital evidence to reconstruct potential criminal events and/or aid in preventing unauthorized actions from threat actors. They help recover data like documents, photos and emails from computer or mobile device hard drives and other data storage devices, such as zip folders and flash drives, that have been deleted, damaged or otherwise manipulated. Digital forensic analysts carefully follow chain of custody rules for digital evidence and provide evidence in acceptable formats for legal proceedings.
0:00 - Intro
0:26 - What is a digital forensics analyst?
0:57 - Digital forensics specialties
1:24 - How to become a digital forensics analyst
2:17 - Skills needed to be a digital forensics analyst
3:34 - Common tools for a digital forensics analyst
4:42 - Using digital forensics tools
5:17 - Digital forensics analyst jobs
6:30 - Moving from digital forensics to new roles
7:17 - Get started in digital forensics
8:18 - Outro
0:00 - Intro
0:26 - What is a digital forensics analyst?
0:57 - Digital forensics specialties
1:24 - How to become a digital forensics analyst
2:17 - Skills needed to be a digital forensics analyst
3:34 - Common tools for a digital forensics analyst
4:42 - Using digital forensics tools
5:17 - Digital forensics analyst jobs
6:30 - Moving from digital forensics to new roles
7:17 - Get started in digital forensics
8:18 - Outro
Listen now
Infosec Skills instant demo: Close your team’s skills gap
Watch now
Three foundational cybersecurity certifications | Cyber Work Podcast
Professional development, Cybersecurity
Infosec Skills author Mike Meyers of Total Seminars discusses three foundational certifications that will start you on just about any path you want to go. Specifically, the CompTIA A+, Network+ and Security+ certifications. Meyers dispenses tough love for people who want someone else to map their career for them, talks up the benefits of vendor-neutral certifications and blows minds by comparing certifications with car windshield wipers. Intrigued? You should be! That’s all today, on Cyber Work!
0:00 - Intro
3:00 - Beginning in cybersecurity
3:23 - Why teach cybersecurity?
5:54 - Why CompTIA?
6:57 - Start vendor neutral with cybersecurity certification
12:10 - Being diverse in cybersecurity is essential
13:35 - Why A+, Network+ and Security+?
25:53 - Guiding your cybersecurity career
30:05 - Where to learn cybersecurity skills
42:02 - Cybersecurity job dilution
44:20 - Where do I begin my cybersecurity career?
48:32 - Using the Infosec Skills platform
49:38 - Mike Meyers' next projects
51:30 - What is Total Seminars?
52:12 - Learn more about Meyers and Total Seminars
53:23 - Outro
0:00 - Intro
3:00 - Beginning in cybersecurity
3:23 - Why teach cybersecurity?
5:54 - Why CompTIA?
6:57 - Start vendor neutral with cybersecurity certification
12:10 - Being diverse in cybersecurity is essential
13:35 - Why A+, Network+ and Security+?
25:53 - Guiding your cybersecurity career
30:05 - Where to learn cybersecurity skills
42:02 - Cybersecurity job dilution
44:20 - Where do I begin my cybersecurity career?
48:32 - Using the Infosec Skills platform
49:38 - Mike Meyers' next projects
51:30 - What is Total Seminars?
52:12 - Learn more about Meyers and Total Seminars
53:23 - Outro
Listen now
A public discussion about privacy careers: Training, certification and experience
Professional development, Compliance, Cybersecurity, Certification
Watch now
Learn intrusion detection: Using Zeek and Elastic for incident response
Professional development, Cybersecurity
Bad actors are in your network, but how can you tell? Watch Infosec Skills author Mark Viglione's live intrusion detection demo to find out.
Watch now