Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every month!

View Results
Filter Results
Whitepaper & report

Cybersecurity talent development playbook

Professional development, Best practices, Cybersecurity
12 pre-built training plans to help teams identify, upskill and retain cybersecurity talent
Download Playbook

Security education with heart: how St. Catherine’s secures their community with hands-on cyber training

Phishing, Security awareness, Best practices, Cybersecurity
Learn how Mike Urbanki's team improved St. Catherine’s security posture and employee engagement by focusing on proactive security awareness training and incentive programs.
Read more
Case study

Angel Sayani earns 13th certification at age 19

Professional development, Cybersecurity, Certification
We sat down with Angel Sayani, a 19-year-old entrepreneur and app developer that passed 13 certification exams within just seven months, to learn about her training success.
Read more

How Milwaukee County utilizes Infosec IQ to enhance their organization’s cybersecurity culture

Phishing, Security awareness, Best practices, Cybersecurity
Jason Scherer from Milwaukee County has reinvigorated their security awareness training program over the past two years to build a stronger cybersecurity culture and drive engagement
Read more
Whitepaper & report

The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022

Security awareness
Read The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 to learn why Infosec was among the top two ranked solutions for Current Offering based on learner content, risk quantification, reporting capabilities criteria, security culture betterment and other criteria.

How Leidos identifies, trains and retains world-class cybersecurity talent with help from Infosec Skills

Professional development, Best practices, Cybersecurity
Nearly three years ago, Slim helped establish Leidos’ CyberEDGE Academy. EDGE is an acronym for Engage, Develop, Grow, Experience. The six-month training program is supported by Infosec Skills.
Read more
Case study

Cyberjutsu Scholarship Winner, Mansi Thakar, earns her PMP with Infosec Skills

Professional development, Cybersecurity, Certification
We sat down with Mansi Thakar, a cybersecurity professional and Women’s Society of Cyberjustu (WSC) scholarship winner that used her lifetime access to Infosec Skills to earn her PMP certification.
Read more
Whitepaper & report

Cybersecurity Culture — Quantified

Security awareness, Cybersecurity
See the data on the most overlooked variable in security and learn how to measure your organization's cybersecurity culture.
Webinar & video

CMMC rollout: How CMMC will impact your organization | Infosec Edge Webcast

Professional development, Compliance, Cybersecurity, Certification
More than 300,000 organizations will be affected by the new CMMC Framework. Learn how your organization will be affected.
Watch now
Poster, infographic & tool

Infosec IQ training module catalog

Security awareness
Educate and engage your employees with the industry’s leading security awareness and training modules.
Poster, infographic & tool

Infosec Skills course catalog

Professional development, Cybersecurity, Certification
Infosec Skills keeps your team's security skills fresh year-round with hundreds of courses mapped to the NICE Cybersecurity Workforce Framework.
Poster, infographic & tool

ROI of Security Awareness Calculator

Security awareness
Use industry averages from Osterman Research to instantly calculate your return on security awareness training, or customize your results with data from your own organization’s data.
Calculate ROI

Cybersecurity has a marketing problem — and we’re going to fix it | Cyber Work Podcast

Professional development, Cybersecurity
On today's episode, we're breaking down phrases you've heard a million times: “security is everyone’s job,” “humans are the weakest link in the security chain,” “it’s not if you get breached, but when.” Returning guest Alyssa Miller drills into these comforting nostrums and explains why, even when they’re used for well-intended purposes, they often act to limit the conversation and the options, rather than address the hard work needed to overcome these evergreen problems. You’re not going to want to miss this one, folks! It’s all that, plus a little bit of book talk, today on Cyber Work!

0:00 - Intro
1:38 - Alyssa's tweet that inspired this episode
4:00 - Why you need to read the Cybersecurity Career Guide
9:10 - Cybersecurity platitudes and clichés
11:30 - Cliché 1: "It's not if you get breached, but when"
18:44 - Cliché 2:"Just patch your shit"
24:58 - Cliché 3: "Users are the weakest link"
32:34 - Cliché 4: "Security is everyone's job"
35:52 - Cliché 5: What is a "quality gate"?
44:14 - Cliché 6: "You just need passion to get hired"
48:14 - How to write a better cybersecurity job description
50:15 - Business value of diversity and inclusion
52:52 - Building a security champions program
55:12 - Where can you connect with Alyssa Miller?
56:44 - Outro
Listen now

What does a secure coder do? | Cybersecurity Career Series

Professional development, Cybersecurity
Secure coders are responsible for developing and writing secure code in a way that protects against security vulnerabilities like bugs, defects and logic flaws. They take proactive steps to introduce secure coding methodologies before the application or software is introduced into a production environment, often following recommendations from the Open Web Application Security Project (OWASP) Foundation.

0:00 - Intro
0:25 - What does a secure coder do?
5:48 - How do you become a secure coder?
9:46 - What skills do secure coders need?
12:28 - What tools do secure coders use?
17:08 - What roles can secure coders transition into?
19:50 - What to do right now to become a secure coder
Listen now

Cybersecurity jobs: How to better apply, get hired and fill open roles | Cyber Work Podcast

Professional development, Security awareness, Cybersecurity
Diana Kelley returns to the show to discuss her work as a board member of the Cyber Future Foundation and the goings-on at this year’s Cyber Talent Week. Whether you’re a cybersecurity hiring manager who doesn’t know why you’re not getting the applicants you want, a candidate who hears the profession has 0% unemployment but still can’t seem to get a callback or anyone in between, DO. NOT. MISS. THIS. EPISODE. This is one for the books, folks.

0:00 - Cybersecurity hiring and job searching
4:30 - Diana Kelley of Cyber Future Foundation
9:00 - Cyber Future Foundation talent week
13:58 - Reexamining cybersecurity job descriptions
21:52 - Cybersecurity hiring manager and applicant training
27:10 - Strategies to bring in diverse talent from other industries
33:06 - Narrowing your cybersecurity job pursuit
39:37 - Using different educations in cybersecurity roles
41:32 - Implementing an educational pipeline
44:40 - Hiring based on strong skills from other trades
48:22 - Cybersecurity apprenticeships
53:22 - Fostering cybersecurity community value
59:09 - Diana Kelley's future projects
1:00:30 - Outro
Listen now

Ethical user data collection and machine learning | Cyber Work Podcast

Professional development, Security awareness, Cybersecurity
Today on Cyber Work Ché Wijesinghe of Cape Privacy talks about the safe and ethical collection of user data when creating machine learning or predictive models. When your bank is weighing whether to give you a loan, they can make a better choice the more info they know about you. But how secure is that contextual data? Hint: not as secure as Wijesinghe would like!

0:00 - Machine learning and data collection
2:37 - Getting started in cybersecurity
3:15 - Being drawn to big data
4:35 - What data is driving decision-making?
9:04 - How is data collection regulated?
15:02 - Closing the encryption gap
16:50 - Careers in data privacy
19:07 - Where can you move from data privacy?
21:20 - Ethics of data collection
23:25 - Learn more about Wijesinghe
23:55 - Outro
Listen now

Working as a privacy manager | Cybersecurity Career Series

Professional development, Cybersecurity
A Privacy Manager is responsible for the development, creation, maintenance and enforcement of the privacy policies and procedures of an organization. They ensure compliance with all privacy-related laws and regulations. The Privacy Manager takes an active lead role when a privacy incident or data breach occurs and will start the investigation. They will then monitor, track and resolve any privacy issues. The Privacy Manager builds a strategic and comprehensive privacy program for their organization that minimizes risk and ensures the confidentiality of protected information.

Advanced knowledge of privacy law and data protection is critical to success in this role.

0:00 - Working as a privacy manager
0:40 - What does a privacy manager do?
3:02 - Experience a privacy manager needs
5:15 - Is college necessary for a privacy manager?
8:05 - Skills needed to be a privacy manager
10:30 - What tools does a privacy manager use?
11:15 - Where do privacy managers work?
12:15 - Roles privacy managers can move to
13:30 - How do I get started becoming a privacy manager?
Listen now

What does a cybersecurity beginner do? | Cybersecurity Career Series

Professional development, Cybersecurity
Just getting started? This role is for you!

The Cybersecurity Beginner role focuses on the foundational skills and knowledge that will allow anyone to take the first step towards transitioning into a cybersecurity career. No prior knowledge of cybersecurity or work experience is required. The only prerequisite is a passion for technology and cybersecurity.

0:00 - Working as a cybersecurity beginner
0:41 - Tasks a cybersecurity beginner may take on
4:15 - Cybersecurity work imposter syndrome
5:49 - Common tools cybersecurity beginners use
9:08 - Jobs for cybersecurity beginners
13:50 - Get started in cybersecurity
Listen now

What does an ICS security practitioner do? | Cybersecurity Career Series

Professional development, Cybersecurity
Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.

0:00 - ICS security practitioners
0:25 - What is an industrial control system practitioner?
2:22 - How to become an ICS practitioner
4:00 - Education required for an ICS practitioner
5:00 - Soft skills ICS practitioners need
6:05 - Common tools ICS practitioners use
7:59 - Where do ICS practitioners work?
10:05 - Can I move to another role after ICS practitioner?
12:18 - Getting started as an ICS practitioner
Listen now

A public discussion about privacy careers: Training, certification and experience | Cyber Work Live

Professional development, Compliance, Cybersecurity
Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!

0:00 - Intro and guests
3:45 - What is privacy as a career?
8:15 - Day-to-day work of a cybersecurity privacy professional?
16:45 - Intersection of law and tech degrees
20:30 - What beginner privacy certifications should I pursue?
25:45 - Best practices for studying for IAPP certifications
33:00 - How to gain experience in cybersecurity privacy work
40:27 - How to interview for a cybersecurity privacy job
45:00 - GDPR and ransomware
51:52 - Implementation of privacy laws and security positions
58:15 - Outro
Listen now

What does a security engineer do? | Cybersecurity Career Series

Professional development, Cybersecurity
Security engineers are responsible for implementing and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.

0:00 - What is a security engineer?
3:39 - How do I become a security engineer?
4:52 - Studying to become a security engineer
5:47 - Soft skills for security engineers
7:05 - Where do security engineers work?
9:43 - Tools for security engineers
12:10 - Roles adjacent to security engineer
13:15 - Become a security engineer right now
Listen now

What does an information risk analyst do? | Cybersecurity Career Series

Professional development, Cybersecurity
Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.

0:00 - Information risk analyst career
0:30 - Day-to-day tasks of an information risk analyst
2:09 - How to become an information risk analyst
4:00 - Training for an information risk analyst role
5:42 - Skills an information risk analyst needs
9:24 - Tools information risk analysts use
10:51 - Jobs for information risk analysts
13:08 - Other jobs information risk analysts can do
18:05 - First steps to becoming an information risk analyst
Listen now

The importance of cyber threat research | Cyber Work Podcast

Professional development, Security awareness, Cybersecurity
Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything.

0:00 - Cybersecurity threat research
2:21 - Getting interested in computers
3:25 - Penetration testing and threat research
6:15 - Code vulnerabilities
10:58 - Research process for vulnerabilities
17:05 - Proper reporting of threats
23:11 - Full disclosure vs proper disclosure
25:53 - Current security threats
30:20 - Day-to-day work of security researchers
32:02 - Tips for working in pentesting
35:32 - What is Apiiro?
39:11 - Learn more about Moshe Zioni
39:42 - Outro
Listen now
Whitepaper & report

How to secure your software faster and better

Professional development, Best practices, Compliance, Cybersecurity
Learn how to better secure your software with this free ebook from Infosec Skills instructor and #1 best-selling author Ted Harrington.