Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

LockBit 3.0 ransomware analysis

Hospitals and health systems are susceptible to the LockBit ransomware.
Read More
Article

Security control mapping: Connecting MITRE ATT&CK to NIST 800-53

The alignment of NIST 853 and MITRE ATT&CK is a step toward simplifying threat and response profiles and how they relate to cyber threats.
Read More
Article

AstraLocker releases the ransomware decryptors

Astralocker is a piece of ransomware first identified in 2021. It is probably a fork from the well-known Babuk and other ransomware like Rook. Version 2.0 of
Read More
Article

2022 cybersecurity spending trends: Where are organizations investing?

Nearly 70 percent of organizations plan to spend more on cybersecurity in 2022. Learn what organizations are investing in — and why.
Read More
Article

Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?

FIDO for consumers offers a passwordless online experience, but will adoption mean better security and seamless identity?
Read More
Article

Analysis of Nokoyawa ransomware

Ransomware is an ongoing threat. New variants are constantly detected, and existing threats keep adding new features and techniques for performing malicious
Read More
Article

vSingle is abusing GitHub to communicate with the C2 server

Lazarus' advanced persistent threat (APT) operations use malware specially crafted for attacking financial institutions, espionage, and disruptive purposes.
Read More
Article

Twitter’s cybersecurity whistleblower: What it means for the community

The recent whistleblower complaint against Twitter highlights the disconnect between cybersecurity experts and executives in organizations.
Read More
Article

Goodwill ransomware group is propagating unusual demands to get the decryption key

Goodwill ransomware uses three different socially-driven and philanthropic activities to be able to download the decryption key.
Read More
Article

Cybersecurity analyst (SOC analyst) interview questions and answers

Here are some questions that SOC analysts may face during interviews, with explanations of why these issues are as important as they are.
Read More
Article

Dangerous IoT EnemyBot botnet is now attacking other targets

EnemyBot is a dangerous IoT botnet that was designed to attack web servers, Android devices and CMS servers. Learn more in this article.
Read More
Article

Top 5 cybersecurity questions for small businesses answered

What can small and medium-sized businesses do to protect their business and data from cybercrime? Here are five tips from Jack Koziol.
Read More
Article

How does encryption work? Examples and video walkthrough

Infosec Skills author Mike Meyers provides an easy-to-understand walkthrough of cryptography.
Read More
Article

The most dangerous vulnerabilities exploited in 2022

This article will spotlight some of the most dangerous vulnerabilities that threat actors exploited in the first half of 2022.
Read More
Article

Data architect: The ultimate career guide

Data architect is an in-demand role. Learn what a data architect does, the steps to become a data architect, data architect salaries and more.
Read More
Article

Security operations center: 5 key functions your SOC should perform

The key functions of an enterprise security operations center (SOC) and how an organization can lay the foundation for a successful SOC implementation.
Read More
Article

The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]

Learn everything you need to know to get you on your way to pursuing an ISACA certification to improve your cybersecurity job qualifications.
Read More
Article

I failed IAPP’s CIPP/C certification. Here’s how I recovered

Find out what privacy expert Chris Stevens did after initially failing his CIPP/C Canadian Privacy certification, and how he returned to succeed!
Read More
Article

What Is zero-trust security, and should your business adopt it?

While zero-trust may seem cumbersome, it is an effective way to keep your data and business safe from growing cyber threats.
Read More
Article

Follina — Microsoft Office code execution vulnerability

Microsoft tracked as CVE-2022-30190 a new vulnerability, also called “Follina,” that leverages Microsoft Office to lure victims and execute code without thei
Read More
Article

Spring4Shell vulnerability details and mitigations

Spring4Shell is a remote code execution vulnerability (CVSS 9.8) published at the end of March 2022 that impacts Spring Framework.
Read More
Article

SOC analyst resume tips [updated 2022]

Whether you’re looking to score your first entry-level job in a security operations center or advance to a senior role on an incident response team, it’s ess
Read More
Article

What’s next in cybersecurity: Predictions from Andrew Howard

Learn what to expect and how to navigate the world as an emerging cyber pro with predictions from Andrew Howard, the CEO of Kudelski Security.
Read More
Article

How training employees about ransomware can mitigate cyber risk

Training your employees to detect ransomware can save your business money and time. Here's what they should know.
Read More