Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every month!

View Results
Filter Results
Whitepaper & report

Cybersecurity Culture — Quantified

Security awareness, Cybersecurity
See the data on the most overlooked variable in security and learn how to measure your organization's cybersecurity culture.
Webinar & video

CMMC rollout: How CMMC will impact your organization | Infosec Edge Webcast

Professional development, Compliance, Cybersecurity, Certification
More than 300,000 organizations will be affected by the new CMMC Framework. Learn how your organization will be affected.
Watch now
Poster, infographic & tool

Infosec Skills course catalog

Professional development, Cybersecurity, Certification
Infosec Skills keeps your team's security skills fresh year-round with hundreds of courses mapped to the NICE Cybersecurity Workforce Framework.
Poster, infographic & tool

ROI of Security Awareness Calculator

Security awareness
Download our free calculator, input your organization's costs and measure your return on security awareness training.

What does a SOC analyst do? | Cybersecurity Career Series

Professional development, Cybersecurity
Security operations center (SOC) analysts are responsible for analyzing and monitoring network traffic, threats and vulnerabilities within an organization’s IT infrastructure. This includes monitoring, investigating and reporting security events and incidents from security information and event management (SIEM) systems. SOC analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts.

0:00 Intro
1:20 - What is a SOC analyst?
1:58 - Levels of SOC analyst
2:24 - How to become a SOC analyst
2:53 - Certification requirements
3:29 - Skills needed to succeed
4:38 - Tools SOC analysts use
5:32 - Open-source tool familiarity
6:05 - Pivoting from a SOC analyst
6:50 - What can I do right now?
7:32 - Experience for your resume
8:07 - Outro
Listen now

Top cybersecurity breaches of 2021 | Cyber Work Podcast

Professional development, Cybersecurity
Infosec’s Principal Security Researcher, instructor and cybersecurity renaissance man Keatron Evans returns to the show for the first in a series of once-quarterly episodes breaking down big stories in the news and cybersecurity trends for the future! We talk Solarwinds, Colonial Access Pipeline, Oldsmar, Keatron’s origin story and why, just like practicing your scales makes you a better musician, master pentesters and security pros got where they did by mastering the art of repetition in learning.

0:00 - Intro
2:30 - How did you get into cybersecurity?
4:00 - What skills did you have early on?
6:10 - First interaction with Infosec
10:34 - Work as a principal security researcher
13:20 - Machine learning in cybersecurity
14:14 - Infosec classes
17:28 - Equity in cybersecurity
20:25 - You don't need a technical background
21:36 - Major security breaches of 2021
22:15 - SolarWinds breach
24:56 - What job roles help stop these breaches?
27:50 - Water treatment plant breach
31:42 - Infrastructure security
34:30 - President Biden and cybersecurity
39:22 - Supply chain security
43:20 - Security trends for 2022
49:00 - Projects to keep an eye on
50:52 - Learn more about Evans
51:44 - Outro
Listen now

What does a security manager do? | Cybersecurity Career Series

Professional development, Cybersecurity
Security managers develop security strategies that align with the organization's goals and objectives. In addition, they direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.

0:00 - Intro
0:26 - What does a security manager do?
3:15 - How do you become a security manager?
4:54 - What education is required for security managers?
5:55 - What certificates are required for security managers?
7:23 - What skills does a security manager need to have?
9:58 - Common tools security managers use
11:48 - Where do security managers work?
13:45 - How well do security managers pivot into other roles?
15:36 - What step can someone take now to become a security manager?
17:27 - Outro
Listen now

Predictions for cybersecurity in 2022 | Cyber Work Podcast

Professional development, Cybersecurity
Andrew Howard, CEO of Kudelski Security, returns to give us his cybersecurity predictions for 2022! How will cybersecurity protect the supply chain, why is quantum computing on all of his clients' minds, and how would Andrew rewrite security from the ground up if a genie granted him three wishes?

0:00 - Intro
3:00 - Getting into cybersecurity
4:00 - How has the cloud evolved?
6:46 - The past year in cybersecurity
8:20 - The next cybersecurity innovation
8:57 - Where quantum computing is going
10:15 - Concerns about encryption data
10:54 - The state of ransomware
12:57 - Cybersecurity supply chain issues
16:18 - Hybrid work cybersecurity
18:42 - The year of cyber insurance
20:35 - DOD directive to close security gaps
22:15 - What would you change in cybersecurity?
25:45 - What would put phishing out of mind?
28:10 - Advice to 2022 cybersecurity students
29:37 - Kudelski Security
30:58 - Blockchain security in 2022
31:57 - Learn more about Kudelski
32:10 - Outro
Listen now

What does a penetration tester do? | Cybersecurity Career Series

Professional development, Cybersecurity
Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.

0:00 - Intro
0:26 - What does a penetration tester do?
1:10 - Levels of penetration testers
1:50 - How to become a penetration tester
3:08 - Education needed to be a pentester
3:50 - Skills needed to pentest
4:24 - Common tools of the pentester
5:07 - Training with the tools
5:42 - Job options for pentesters
6:36 - Work duty expectations
7:45 - Can you move to a different role?
9:09 - What can I do to become a pentester?
9:54 - Outro
Listen now

Advanced adversary tactics and defense evasion with MITRE ATT&CK

Professional development, Cybersecurity
Learn how advanced persistent threat groups use defense evasion to stay hidden. Then open our cyber range and test your evasion skills.
Watch Now

Security risks facing streamers on Twitch and YouTube | Cyber Work Podcast

Professional development, Cybersecurity
Roderick Jones of Concentric talks about security risks facing content creators, influencers, gamers and streamers on Twitch, YouTube and elsewhere. Online harassment is often seen as “part of the package” if you’re going to work in a public-facing streamer community, but Jones knows that this isn’t inevitable, and it is fixable. A future without a shrug-shoulders approach to online abuse?

0:00 - Intro
3:37 - How did you get into cybersecurity?
5:30 - Were you scouted for your role?
6:44 - How did the landscape change?
8:40 - Security intelligence to private sector
11:50 - Daily work at Concentric
13:25 - Staying up on trends
15:09 - Gaming, streaming and security issues
21:31 - Desentization and online personalities
25:42 - The future of online access
27:37 - How to protect streamers
31:40 - Censoring on streaming platforms with AI
35:06 - Safeguards streams should have in place
40:06 - Cybersecurity jobs related to streaming security
41:58 - Being courteous online
42:43 - More about Concentric
43:58 - Learn more about Jones
44:35 - Outro
Listen now

Privilege escalation via cross-site scripting with MITRE ATT&CK

Professional development, Cybersecurity
Learn how certain cross-site scripting vulnerabilities can be exploited for a privilege escalation attack. Then dive in and try it yourself.
Watch Now

High-tech hacking tools and how to defend against them | Cyber Work Podcast

Professional development, Cybersecurity
Bentsi Ben-Atar of Sepio Systems talks about some truly scary high-tech hacking weapons and techniques, from Raspberry Pis in your mouse or keyboard to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare?

0:00 - Intro
3:18 - Getting into cybersecurity
4:30 - Career highlights
5:50 - Co-founding two companies
7:22 - Typical work day at CTO and CMO
11:29 - New stealthy hacking tools
13:08 - Hacking a smart copy machine
17:46 - Stealing data with a Raspberry Pi
26:01 - The ninja cable
32:11 - Security awareness while traveling
35:20 - How to work battling high-tech cybercrime
36:35 - Exploring cybersecurity
37:47 - More about Bentsi’s companies
39:31 - Find more about Bentsi
39:57 - Outro
Listen now
Whitepaper & report

IDC MarketScape: U.S. IT Training 2021 Vendor Assessment

This IDC report offers organizations a methodology for evaluating IT education and training providers.
Download Report
Poster, infographic & tool

Hacked for the Holidays Toolkit

Security awareness
Kick off your organization’s holiday celebrations with our free Hacked for the Holidays security awareness toolkit. It includes everything you need to help employees outsmart cybercrime this holiday season and beyond.

How to work in cloud security | Cyber Work Podcast

Professional development, Cybersecurity
On today’s podcast, Menachem Shafran of XM Cyber talks about cloud security. Menachem tells us about the work of project manager and product manager, how the haste to migrate to the cloud can unnecessarily leave vulnerabilities wide open and why a cloud security expert also needs to be a good storyteller.

0:00 - Intro
2:40 - Getting into cybersecurity
5:47 - Project manager in cybersecurity
9:12 - Identifying pain points
10:24 - Working as a VP of product
14:09 - Data breaches
16:30 - Critical versus non-critical data breaches
18:19 - Attacker’s market
19:38 - How do we secure the cloud?
22:45 - A safer cycle of teams
24:40 - How to implement cybersecurity changes
28:50 - How to work in cloud security
30:48 - A good cloud security resume
33:02 - Work from home and cloud security
34:30 - XM Cyber’s services
37:21 - Learn more about Menachem
38:00 - Outro
Listen now

Persistence: Maintaining a foothold with MITRE ATT&CK techniques

Professional development, Cybersecurity
Learn how threat actors use MITRE ATT&CK® persistence techniques to maintain a foothold in an environment. Then try the techniques yourself.
Watch Now
Webinar & video

Cybersecurity project management: Your career starts here | Cyber Work Live

Professional development, Cybersecurity
Have you considered a career as a cybersecurity project manager? Join our live panel to learn all about this exciting career path.
Watch now

How to get started with bug bounties and finding vulnerabilities | Cyber Work Podcast

Professional development, Cybersecurity
On this week’s Cyber Work Podcast, BugCrowd and! founder Casey Ellis discusses how to think like a cybercriminal, the crucial need for transparent vulnerability disclosure, the origins of BugCrowd and why mentorship is a gift that goes in both directions.

0:00 - Intro
3:15 - Getting into cybersecurity
4:30 - Criminal mindset in cybersecurity
5:49 - Ellis’s career to date
9:10 - Healthcare cybersecurity
11:47 - Mentoring others
13:52 - Mentorship as a two-way street
16:12 - Bugcrowd and bug bounty
19:18 - Vulnerability disclosure project
21:30 - Bug bounty popularity
24:52 - U.S. sanctions on hacking groups
26:52 - Hiring hackers
31:52 - Pursue specialization
33:51 - Cyber threats flying under the radar
39:17 - Working from home safely
40:48 - How to get into bug bounties
42:18 - How to report vulnerabilities
44:04 - Advice to begin ethical hacking
45:23 - Learn more about Ellis
45:56 - Outro
Listen now

How to begin your own cybersecurity consulting business | Cyber Work Podcast

Professional development, Cybersecurity
On today’s podcast, Kyle McNulty of Secure Ventures talks about interviewing the people behind the most up-and-coming cybersecurity startups. We discuss the best advice he’s received on the show, how to get your own podcast off the ground and his own security startup, ConsultPlace.

0:00 - Intro
2:40 - Getting into cybersecurity
6:00 - McNulty’s education and career
9:50 - Getting into consulting and startups
14:08 - Secure Ventures podcast
17:45 - Best insight from a podcast guest
20:13 - Startup stories
22:10 - Startups during COVID
23:42 - Advice for startups
25:22 - How to begin a podcast
33:25 - Tips for cybersecurity newcomers
35:04 - Upcoming podcasts
36:15 - ConsultPlace work
38:00 - Find more about McNulty
38:42 - Outro
Listen now

Executing the Sandworm APT with MITRE ATT&CK

Professional development, Cybersecurity
Learn the techniques the Sandworm APT hacking group used to compromise, pivot from and destroy a server. Then try to do it yourself.
Watch Now

How to disrupt ransomware and cybercrime groups | Cyber Work Podcast

Professional development, Cybersecurity
On today’s podcast, Adam Flatley of Redacted talks about 14 years spent with the NSA and working in global intelligence. He also delineates the process of disrupting ransomware and cybercrime groups by dismantling organizations, putting on pressure and making the crime of ransomware more trouble than it’s worth!

0:00 - Intro
3:13 - Getting into cybersecurity
4:27 - Why work for the DoD?
6:37 - Average work day in threat intelligence
9:28 - Main security threats today
11:53 - Issues cybersecurity is ignoring
16:12 - Disrupting ransomware offensively
23:00 - How to handle ransomware
25:07 - How do I fight cybercriminals
27:15 - How to convey self learning on a resume
28:24 - Security recommendations for your company
31:40 - Logistics of changing security
34:40 - Cybercrime in five years
36:57 - Learn about Redacted
39:18 - Learn more about Adam
40:00 - Outro
Listen now

How to become a cyber threat researcher | Cyber Work Podcast

Professional development, Cybersecurity
On today’s podcast, John Bambenek of Netenrich and Bambenek Consulting talks about threat research, intelligence analytics, why the same security problems are so evergreen and the importance of pitching in a little extra bit of your time and talents to make the world a bit better than you found it.

0:00 - Intro
2:45 - Getting into cybersecurity
9:40 - Threat researcher versus security researcher and threat analyst
12:05 - How to get into a research or analyst role
16:32 - Unusual types of malware
19:03 - An ideal work day
23:06 - Current main threat actors
28:50 - What cybersecurity isn’t addressing
31:38 - Where can I volunteer?
36:02 - Skills needed for threat researchers
40:53 - Adjacent careers to threat research
45:11 - Threat research in five years
48:55 - Bambenek Consulting
49:35 - Learn more about Bambenek
50:26 - Outro
Listen now
Webinar & video

Join the hunt: Threat hunting for proactive cyber defense

Professional development, Cybersecurity, Certification
Don your virtual threat hunting gear and join Infosec Principal Security Researcher Keatron Evans as he goes sleuthing for cyber threats.
Register now