Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Making the old new again: The power of experiential learning to build cybersecurity skills

Learning by doing is important. Learn the how and why of experiential learning and its application to cybersecurity education.
Read More
Article

Authentication vs. authorization: Which one should you use, and when?

Take a look at the difference between authentication and authorization and what works best for you.
Read More
Article

3 steps to get your business cybersecurity-ready in 2022

With a new year upon us, here are three steps businesses should take now to mitigate cybersecurity risks and prepare for 2022.
Read More
Article

HOGWARTS: BELLATRIX VulnHub CTF walkthrough

In this article, we will solve a Harry Potter-themed capture the flag (CTF) challenge posted on Vulnhub.
Read More
Article

PenTest+ vs. CEH: Which certification is better? [2022 update]

Find out why the CompTIA PenTest+ or EC-Council's CEH is the certificate for you.
Read More
Article

AI and machine learning career paths, trends and job prospects

Learn about the job prospects for artificial intelligence and how to prepare for a career in it.
Read More
Article

Android malware BrazKing returns

Analyze the main layers of this malware how it operates, and provide some measures to stop threats of this nature.
Read More
Article

Why your company should prioritize security vulnerabilities by severity

You want a system in place to grade severity so you know where to focus your efforts, and in what order.
Read More
Article

CIPP/US: 5 things to know about privacy and cybersecurity law

Certifications are a way to motivate you to study and learn as they can help you expand upon your cybersecurity career.
Read More
Article

How to structure your CSIRT or SOC team

Learn how to structure your computer security incident response team (CSIRT) and security operations center (SOC).
Read More
Article

How to write a vulnerability report

Find out how to write a good vulnerability report and why it's important to do well.
Read More
Article

CompTIA PenTest+ certification: Overview and career path [updated 2022]

Penetration testing is in high demand. Learn more about the CompTIA PenTest+ certificate and exam.
Read More
Article

Cybersecurity Weekly: Social media fraud surges in America, CISA’s ‘Must Patch” list and COVID-19 testing scams

FTC reports a whopping $770 million lost in social media fraud, CISA releases new ‘Must Patch’ list and a 521% COVID-19 testing scams increase. All this, and
Read More
Article

How to hack two-factor authentication: Which type is most secure?

There are many types of two-factor authentication (2FA) or multi-factor authentication your organization can implement, but which one is best? Find out.
Read More
Article

Beelzebub: 1 VulnHub CTF walkthrough

Take on this capture the flag to gain some cybersecurity knowledge.
Read More
Article

The ransomware paper (part 3): New trends and future concerns

The ransomware economy may shift towards consumer attacks as those attacks become more profitable, explains Infosec's Keatron Evans.
Read More
Article

Salary transparency in cybersecurity: You get paid *how* much?

The taboo around salary privacy is breaking down thanks to new laws and pay-sharing platforms; what can that mean for cybersecurity professionals?
Read More
Article

Malicious push notifications: Is that a real or fake Windows Defender update?

According to McAfee, threat actors are increasingly abusing push notifications to impersonate legitimate Windows alerts.
Read More
Article

Amazon Athena Security: 6 essential tips

Learn about Amazon's popular cloud service, Amazon Athena, and how to improve visibility and control.
Read More
Article

How to report a security vulnerability to an organization

Finding a bug is rewarding. But what do you do once you've found one?
Read More
Article

There’s no such thing as “done” with application security

Technology evolves so quickly that it requires you to constantly revisit your security to stay ahead of new vulnerabilities.
Read More
Article

Top tools for password-spraying attacks in active directory networks

Learn how password spraying attacks work, how popular tools are used within this context and how to defeat these kinds of attacks.
Read More
Article

Cybersecurity Weekly: Getting your organization cybersecurity-ready for 2022, Olympics app privacy risks and surging GDPR fines

Protecting your company from ransomware incidents in 2022, growing concerns with privacy in the Beijing 2022 Winter Olympics app and a sevenfold increase in
Read More
Article

Inside phishing data: What works and doesn’t work with employee training

Two reports explore the data behind phishing trends and the effectiveness of security awareness training. Find out what works — and what doesn't.
Read More