Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Introduction to SIEM (security information and event management)

Learn all about SIEM, a software system that collects and aggregates data and events from various networking devices and resources.
Read More
Article

M87 1: VulnHub Capture the flag walkthrough

This VulnHub capture the flag (CTF) challenge is a great resource for those looking to learn hacking skills and practice them in a safe environment.
Read More
Article

Phishing attacks doubled last year, according to Anti-Phishing Working Group

This article will recap findings from the 2020 fourth quarter edition of the APWG Phishing Activity Trends Report.
Read More
Article

Introduction to Kubernetes security

Get an overview of Kubernetes security, including Kubernetes architecture, control plane components, worker node components and more.
Read More
Article

Kali Linux: Top 5 tools for social engineering

These Kali Linux tools can help you learn more about social engineering threats.
Read More
Article

Kobalos malware: A complex Linux threat

Kobalos is a dangerous malware, but there are ways to stay on top of your cybersecurity.
Read More
Article

Threat Modeling 101: Getting started with application security threat modeling [2021 update]

Learn the basics of threat modeling and what to use it for.
Read More
Article

VPNs and remote access technologies

What types of VPNs are available and how do they work. Learn about remote access VPNs, site-to-site VPNs, secure shell and more.
Read More
Article

What is Operation Dream Job by Lazarus?

The Lazarus Group uses malware to attack financial institutions and spy on other countries.
Read More
Article

The Phish Scale: How NIST is quantifying employee phishing risk

The NIST Phish Scale is a useful tool for quantifying phishing risk for your employees.
Read More
Article

7 entry-level cybersecurity career questions, answered!

How do you start a career in cybersecurity? You asked the questions; our panel of experts answered. Learn how to launch your career.
Read More
Article

Cybersecurity Weekly: DarkSide quits, STRRAT attacks, Mercari data breach

The DarkSide ransomware gang quits after their servers and Bitcoin stash are seized. The STRRAT RAT is masquerading as ransomware. An e-commerce giant suffers a major data breach in the Codecov incident. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

VLAN network segmentation and security- chapter five [updated 2021]

A deep dive into VLAN security practices.
Read More
Article

NYX 1: VulnHub CTF walkthrough

Gain some hands-on experience with this capture the flag challenge from Vulnhub.com.
Read More
Article

CCPA vs CalOPPA: Which one applies to you and how to ensure data security compliance

Follow the California Consumer Privacy Act and the California Online Privacy Protection Act for data security compliance.
Read More
Article

IT auditing and controls – planning the IT audit [updated 2021]

Performing an IT audit is important to understand your security strengths and weaknesses.
Read More
Article

Cybersecurity Weekly: Favicon backdoor, triple extortion scheme, ransomware for sale

Magecart hackers hide a PHP-based backdoor in website favicons. Ransomware attackers are now demanding cash from the customers of victims. Ransomware is selling for $4,000 on the dark web. All this, and more, in this week’s edition of Cybersecurity Weekly.
Read More
Article

Quantitative risk analysis [updated 2021]

Utilizing a quantitative risk analysis is an integral part of security and ensuring a positive cost and benefit.
Read More
Article

Trojan URSA malware: How it works and how to prevent it

This articles shares the modus operandi of the URSA trojan as well as some preventative measures to counter potential infections.
Read More
Article

Finding security defects early in the SDLC with STRIDE threat modeling [updated 2021]

Threat modeling via the STRIDE model can help reduce the effect of security attacks.
Read More
Article

The ROI of security awareness training

Do the benefits of security awareness training outweigh the costs? In this post, we show you how to calculate the ROI of security awareness training at your organization.
Read More
Article

Understanding DNS sinkholes - A weapon against malware [updated 2021]

Excerpt: Utilizing DNS sinkholes to prevent malware DNS sinkhole or black hole DNS is used to spoof DNS servers to prevent resolving hostnames of specified
Read More
Article

GANANA: 1 VulnHub CTF walkthrough part one

This easy to intermediate VulnHub capture the flag (CTF) requires you to know some Linux commands and be able to run basic pentesting tools.
Read More
Article

TBBT: FUNWITHFLAGS VulnHub CTF walkthrough part 1

Explore this easy-level VulnHub capture the flag (CTF) and see if you can find all seven flags required to gain root access.
Read More