Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Cybersecurity Weekly: Preparing for supply-chain attacks, new approaches to security awareness and a ransomware warning from the FBI

Tips to prepare for potential supply-chain attacks, tips for enhancing your security awareness programs and breaches to critical infrastructure. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Cyber talent diversity: It's time to redefine the face of security

Why a diverse cybersecurity team is good for your business and five things to consider during recruitment and retention of diverse employees.
Read More
Article

Want to lead a global privacy program? 6 things to know about CIPM

CIPM is a unique certification for privacy professionals to prove they not only know privacy law — they can develop, deploy and manage a privacy program.
Read More
Article

Cybersecurity and Windows 11: What you need to know

Microsoft baked numerous cybersecurity safeguards to Windows 11. From the chip to the cloud — see what they are.
Read More
Article

Data privacy careers: 6 key insights about this life-changing path

Looking for "a seat at the big table?" Chris Stevens reveals his successful journey into data privacy careers and privacy training.
Read More
Article

CompTIA PenTest+ domain 4: Reporting and communication

Learn how Domain 4 of the CompTIA PenTest+ exam tests effective communication with the pentesting customer.
Read More
Article

Log4j - the remote code execution vulnerability that stopped the world

Learn how the log4j flaw works, how adversaries can take advantage of this weakness and provide the main steps to fix it.
Read More
Article

3 major flaws of the black-box approach to security testing

By understanding the methodology’s three primary flaws, you and your security team can be more effective in protecting your company’s assets.
Read More
Article

Python scripting: A tool you need to learn and use for cybersecurity

Because of its ease of use, interactivity and ability to automate tasks, Python is a powerful tool you need to know for cybersecurity applications.
Read More
Article

Red Teaming: Top tools and gadgets for physical assessments

Popular tools, gadgets, and strategies to for physical security controls.
Read More
Article

CompTIA PenTest+ domain 3: Attacks and exploits

Learn about PenTest+ domain 3’s subject matter: attacks and exploits.
Read More
Article

Cybersecurity Weekly: The return of a dangerous botnet, malware in the GooglePlay Store and more

The Emotet botnet returns, SharkBot malware disguised as antivirus and exploiting Amazon smart speakers. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

The NIST NICE Framework: How to improve cybersecurity role clarity and recruiting

How one organization implements the NIST NICE Framework to revolutionize how they hire, retain, and grow a new generation of cyber professionals.
Read More
Article

Using Zeek for network analysis and detections

Learn about how to use Zeek, a free, powerful open-source network traffic analyzer.
Read More
Article

Suricata: What is it and how can we use it

Learn about the open-source threat detection engine that is an intrusion detection system (IDS) and an intrusion prevention system (IPS).
Read More
Article

FINDING MY FRIEND 1 VulnHub CTF Walkthrough - Part 2

Continue pursuing the capture the flag challenge from Vulnhub in part two of this task.
Read More
Article

CompTIA PenTest+ domain 2: Information gathering and vulnerability scanning

Learn how Domain 2 of the CompTIA PenTest+ exam tests candidates’ knowledge of gathering threat intelligence via reconnaissance.
Read More
Article

How to choose and harden your VPN: Best practices from NSA & CISA

These five best practices will steer you on course for choosing and hardening your VPN.
Read More
Article

Can bug bounty programs replace dedicated security testing?

Bug bounty programs don’t replace the need for a security consulting company that you work directly with for your security testing program. 
Read More
Article

Rook ransomware analysis

In this article, we will go through the details of rook, describe the most effective techniques, and provide some measures to fight ransomware.
Read More
Article

Red teaming: Initial access and foothold

Learn how red teaming techniques are used to gain a foothold in target attacks like social engineering.
Read More
Article

CompTIA PenTest+ domain 1: Planning and scoping

Learn how Domain 1 of the CompTIA PenTest+ exam prepares candidates to plan, scope and ethically perform a penetration test.
Read More
Article

Intelligence brief: Russian invasion of Ukraine and its cybersecurity impact

The Russian invasion of Ukraine will have a global impact. Here's what you should know to keep your organization safe from potential cyber threats.
Read More
Article

Skills and experience needed to support a CSIRT, SOC or SIEM team

Who works on an incident response team or in a security operations center? What skills do they need to succeed? Find out.
Read More