Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Top 5 cybersecurity questions for small businesses answered

What can small and medium-sized businesses do to protect their business and data from cybercrime? Here are five tips from Jack Koziol.
Read More
Article

How does encryption work? Examples and video walkthrough

Infosec Skills author Mike Meyers provides an easy-to-understand walkthrough of cryptography.
Read More
Article

The most dangerous vulnerabilities exploited in 2022

This article will spotlight some of the most dangerous vulnerabilities that threat actors exploited in the first half of 2022.
Read More
Article

Data architect: The ultimate career guide

Data architect is an in-demand role. Learn what a data architect does, the steps to become a data architect, data architect salaries and more.
Read More
Article

Security operations center: 5 key functions your SOC should perform

The key functions of an enterprise security operations center (SOC) and how an organization can lay the foundation for a successful SOC implementation.
Read More
Article

The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]

Learn everything you need to know to get you on your way to pursuing an ISACA certification to improve your cybersecurity job qualifications.
Read More
Article

Cybersecurity Weekly: Cisco breach, Starlink hacked, Microsoft phishing attack targets crypto

Cisco confirms VPN data breach, ransomware attack survey results, and Starlink hacked using $25 modchip. All these and more in this week's edition of Cyberse
Read More
Article

I failed IAPP’s CIPP/C certification. Here’s how I recovered

Find out what privacy expert Chris Stevens did after initially failing his CIPP/C Canadian Privacy certification, and how he returned to succeed!
Read More
Article

What Is zero-trust security, and should your business adopt it?

While zero-trust may seem cumbersome, it is an effective way to keep your data and business safe from growing cyber threats.
Read More
Article

Follina — Microsoft Office code execution vulnerability

Microsoft tracked as CVE-2022-30190 a new vulnerability, also called “Follina,” that leverages Microsoft Office to lure victims and execute code without thei
Read More
Article

Spring4Shell vulnerability details and mitigations

Spring4Shell is a remote code execution vulnerability (CVSS 9.8) published at the end of March 2022 that impacts Spring Framework.
Read More
Article

SOC analyst resume tips [updated 2022]

Whether you’re looking to score your first entry-level job in a security operations center or advance to a senior role on an incident response team, it’s ess
Read More
Article

Cybersecurity Weekly: Emergency alert system, semiconductor ransomware, Slack password hashing bug fixed

Emergency alert system vulnerable to hacking, semiconductor producer suffers ransomware hack, and Slack exposed salted password hashes. All these and more in
Read More
Article

What’s next in cybersecurity: Predictions from Andrew Howard

Learn what to expect and how to navigate the world as an emerging cyber pro with predictions from Andrew Howard, the CEO of Kudelski Security.
Read More
Article

How training employees about ransomware can mitigate cyber risk

Training your employees to detect ransomware can save your business money and time. Here's what they should know.
Read More
Article

How to hack mobile communications via Unisoc baseband vulnerability

This vulnerability allows attackers can neutralize communications in a specific location.
Read More
Article

Fileless malware uses event logger to hide malware

Learn about a fileless malware that is “taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild.”
Read More
Article

Cybersecurity Weekly: Data breach cost passes $4MM, Uber data breach coverup, Chrome extension vulnerability

Average cost of a data breach surpasses $4MM, Uber admits to massive data breach coverup from 2016, and Google Chrome extension steals emails undetected. All these and more in this week's edition of Cybersecurity Weekly.
Read More
Article

Infosec Skills August Challenge

Join the quest for new skills, bragging rights and over $1,000 in prizes. Each month, we’ll release a brand new challenge. Can you complete it?
Read More
Article

Today’s IT job market: Beyond fear, uncertainty and doubt

You may have heard some buzz about layoffs in the cybersecurity sector. Let's look at what's really going on in the job market.
Read More
Article

Capture: Improve IoT firmware security with new firmware architecture

In this article, we shall discuss what Capture is and discuss how its application can benefit both IoT device owners and IoT device vendors.
Read More
Article

How learning to be "Always Flexible" helped a Marine in earning the Security+ certification

Semper Gumby.  Almost as synonymous with the Marine Corps as its official motto of Semper Fidelis, the mantra of staying “Always Flexible,” as the bendabl
Read More
Article

Nerbian RAT Using COVID-19 templates

Nerbian RAT has been spreading by taking advantage of Covid19 email templates containing a Microsoft Word attachment with malicious macros inside.
Read More
Article

Popular evasion techniques in the malware landscape

This article compiles some of the evasion strategies used by malware users in the wild.
Read More