Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Bahamut Android malware and its new features

Learn all about the Bahamut malware that is once again infecting devices.
Read More
Article

Red Teaming: Taking advantage of Certify to attack AD networks

Learn more about using Certify to attack AD networks.
Read More
Article

U.S. privacy and cybersecurity laws — an overview

Learn how federal and state privacy laws intersect with cybersecurity and how to comply without being overwhelmed.
Read More
Article

Cybersecurity Weekly: Uber breach, Tesla Model Y NFC hack, EvilProxy phishing

Details on Uber breach are still hazy, New Tesla Model Y NFC hack, and phishing service bypasses 2FA. All these and more in this week's edition of Cybersecur
Read More
Article

6 cybersecurity truisms the industry needs to rethink

Do cybersecurity cliches make you roll your eyes? Alyssa Miller breaks down five of the most comment (and dangerous) truisms and why they need to change.
Read More
Article

Run your security awareness program like a marketer with these campaign kits

Learn how security professionals can adopt basic marketing principles to transform an otherwise routine and easily dismissed security training program into a campaign that employees actually want to engage with.
Read More
Article

Linux+ certification: Related training and courses [2022 update]

Learn about the popular, open-source operating system and how to study for the exam and advance your career.
Read More
Article

What is a cloud administrator? Essential roles and skills

Learn about the role of a cloud administrator, the salary, required skills and certifications that can help advance a cloud administration career.
Read More
Article

Common misperceptions about PCI DSS: Let’s dispel a few myths

Find out why your company should look into how payment card industry data security standards affect your business.
Read More
Article

LockBit 3.0 ransomware analysis

Hospitals and health systems are susceptible to the LockBit ransomware.
Read More
Article

Cybersecurity Weekly: Cobalt Strike DDoS, Patreon security team laid off, US sanctions Iran over APT activity

Cobalt Strike servers DDoSed, city-operated ISP knocked offline due to ransomware, and Patreon lays off security team. All these and more in this week's edit
Read More
Article

Security control mapping: Connecting MITRE ATT&CK to NIST 800-53

The alignment of NIST 853 and MITRE ATT&CK is a step toward simplifying threat and response profiles and how they relate to cyber threats.
Read More
Article

AstraLocker releases the ransomware decryptors

Astralocker is a piece of ransomware first identified in 2021. It is probably a fork from the well-known Babuk and other ransomware like Rook. Version 2.0 of
Read More
Article

2022 cybersecurity spending trends: Where are organizations investing?

Nearly 70 percent of organizations plan to spend more on cybersecurity in 2022. Learn what organizations are investing in — and why.
Read More
Article

Cybersecurity Weekly: IRS leak, TikTok bug, James Webb telescope photo installs malware

IRS confirms data leak of personal info, TikTok bug in Android allows account hijack, and hackers use James Webb space telescope to install malware. All thes
Read More
Article

Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?

FIDO for consumers offers a passwordless online experience, but will adoption mean better security and seamless identity?
Read More
Article

Analysis of Nokoyawa ransomware

Ransomware is an ongoing threat. New variants are constantly detected, and existing threats keep adding new features and techniques for performing malicious
Read More
Article

vSingle is abusing GitHub to communicate with the C2 server

Lazarus' advanced persistent threat (APT) operations use malware specially crafted for attacking financial institutions, espionage, and disruptive purposes.
Read More
Article

Twitter’s cybersecurity whistleblower: What it means for the community

The recent whistleblower complaint against Twitter highlights the disconnect between cybersecurity experts and executives in organizations.
Read More
Article

Cybersecurity Weekly: Whistleblower hits Twitter cybersecurity, LastPass data breach, Twilio hack leads to Authy 2FA access

Cybersecurity bombshell from whistleblower puts Twitter on its heels, LastPass data breach leaks source code, and Twilio breach leads to Authy 2FA account ac
Read More
Article

Goodwill ransomware group is propagating unusual demands to get the decryption key

Goodwill ransomware uses three different socially-driven and philanthropic activities to be able to download the decryption key.
Read More
Article

Cybersecurity analyst (SOC analyst) interview questions and answers

Here are some questions that SOC analysts may face during interviews, with explanations of why these issues are as important as they are.
Read More
Article

Dangerous IoT EnemyBot botnet is now attacking other targets

EnemyBot is a dangerous IoT botnet that was designed to attack web servers, Android devices and CMS servers. Learn more in this article.
Read More
Article

Cybersecurity Weekly: Hackers dodge MFA, CISA adds vulnerabilities, Phishing attacks exploit AWS

Hackers are dodging MFA, BlackByte returns to Twitter, and CISA adds seven vulnerabilities to exploited bugs list. All these and more in this week's edition
Read More