Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Could psychology be the key to cybersecurity awareness? Research points to yes

Understanding the psychology of cybersecurity will go a long way towards helping cybersecurity teams implement best practices.
Read More
Article

Converting a PCAP into Zeek logs and investigating the data

Learn how to better understand the Zeek log file structure and how to use the logs when investigating events.
Read More
Article

11 phishing email subject lines your employees need to recognize [Updated 2022]

53% of organizations reported a phishing-related breach. Here are the top phishing email subject lines your employees should be able to recognize.
Read More
Article

How IT pros can keep their organization on the cutting edge

CompTIA surveyed professionals on their company's technology. Three trends stood out for those who identified as already on the cutting edge.
Read More
Article

Navigating local data privacy standards in a global world

Global connection has a unique set of privacy standards to navigate.
Read More
Article

ISC2 CGRC domain #1: Information security risk management program

Learn the key information security risk management objectives in the CGRC exam — and how to use that knowledge in your career.
Read More
Article

ISC2 CGRC: Overview & career path

Earning the Certified in Governance, Risk and Compliance certification can help prove to employers that you stand well above the rest.
Read More
Article

Security gives your company a competitive advantage

When you properly secure your software system and then can prove it, you obtain a competitive advantage that helps you earn trust and win sales.
Read More
Article

Fundamentals of IoT firmware reverse engineering

Explore the basic steps on how to analyze IoT firmware from scratch.
Read More
Article

CompTIA PenTest+ domain 5: Tools and code analysis

Learn how Domain 5 of the CompTIA PenTest+ exam tests knowledge of programming and the tools used during a penetration testing engagement.
Read More
Article

CASP+ vs. CISSP: Which certification should you get in 2022?

CASP+ and CISSP are both advanced-level certifications that validate your cybersecurity skills, but which certification is best for your career?
Read More
Article

Cybersecurity Weekly: Preparing for supply-chain attacks, new approaches to security awareness and a ransomware warning from the FBI

Tips to prepare for potential supply-chain attacks, tips for enhancing your security awareness programs and breaches to critical infrastructure. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Cyber talent diversity: It's time to redefine the face of security

Why a diverse cybersecurity team is good for your business and five things to consider during recruitment and retention of diverse employees.
Read More
Article

Want to lead a global privacy program? 6 things to know about CIPM

CIPM is a unique certification for privacy professionals to prove they not only know privacy law — they can develop, deploy and manage a privacy program.
Read More
Article

Cybersecurity and Windows 11: What you need to know

Microsoft baked numerous cybersecurity safeguards to Windows 11. From the chip to the cloud — see what they are.
Read More
Article

Data privacy careers: 6 key insights about this life-changing path

Looking for "a seat at the big table?" Chris Stevens reveals his successful journey into data privacy careers and privacy training.
Read More
Article

CompTIA PenTest+ domain 4: Reporting and communication

Learn how Domain 4 of the CompTIA PenTest+ exam tests effective communication with the pentesting customer.
Read More
Article

Log4j - the remote code execution vulnerability that stopped the world

Learn how the log4j flaw works, how adversaries can take advantage of this weakness and provide the main steps to fix it.
Read More
Article

3 major flaws of the black-box approach to security testing

By understanding the methodology’s three primary flaws, you and your security team can be more effective in protecting your company’s assets.
Read More
Article

Python scripting: A tool you need to learn and use for cybersecurity

Because of its ease of use, interactivity and ability to automate tasks, Python is a powerful tool you need to know for cybersecurity applications.
Read More
Article

Red Teaming: Top tools and gadgets for physical assessments

Popular tools, gadgets, and strategies to for physical security controls.
Read More
Article

CompTIA PenTest+ domain 3: Attacks and exploits

Learn about PenTest+ domain 3’s subject matter: attacks and exploits.
Read More
Article

Cybersecurity Weekly: The return of a dangerous botnet, malware in the GooglePlay Store and more

The Emotet botnet returns, SharkBot malware disguised as antivirus and exploiting Amazon smart speakers. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

The NIST NICE Framework: How to improve cybersecurity role clarity and recruiting

How one organization implements the NIST NICE Framework to revolutionize how they hire, retain, and grow a new generation of cyber professionals.
Read More