The field of cybersecurity is always evolving, and nothing suggests that that is likely to change soon. That’s because hackers are constantly finding new ways to infiltrate systems. A degree or bootcamp will give you the foundational knowledge you’ll need to launch your career, but cybersecurity professionals need to be constantly learning once they’re out of school.
Whether you’re a seasoned veteran or just getting started in your cybersecurity career, it’s important to stay up to date on the newest developments. That’s why we’ve put together this list of sixty-three cybersecurity resources, including cybersecurity experts to follow, blogs to read, podcasts to listen to, and channels to watch. With these resources, you’ll be one step ahead of other cybersecurity professionals, and hopefully one step ahead of the hackers too.
Become a Cybersecurity Analyst. Land a Job or Your Money Back.
Conduct vulnerability assessments into on-premise and cloud security risks. Work 1:1 with an industry mentor. Graduate with a CompTIA Security+ Certification. Land a job — or your money back.
Free Cybersecurity Learning Resources and Courses
Launched in 2015, Cybrary aims to “provide the opportunity to learn cybersecurity, to anyone, anywhere, who wants that opportunity.” The result? A plethora of free cybersecurity courses and resources on all topics related to the field. This crowdsourced platform boasts two million users, providing a toolkit of resources like free practice tests, practice labs, and assessments to help you achieve your professional goals.
Whether you classify you’re a beginner, intermediate, or expert, Cybrary will have courses and training tailored to your skill set. There are more than 150 courses in the catalog, including classes on cryptography, secure coding, advanced penetration testing, virtualization management, and other cybersecurity attacks.
The Federal Virtual Training Environment (FedVTE) is a resource that makes free online cybersecurity resources available to those who work in government at the federal, state, and local levels. It focuses on security issues that pertain to the federal government and national security.
The Handout on Cybersecurity Education Resources is a cybersecurity initiative that helps make cybersecurity education at the K-12 level accessible. It provides worksheets, lesson plans, and notes that cover foundational concepts in dealing with cybersecurity incidents and preventing security issues.
The Cybersecurity and Infrastructure Security Agency has the goal of helping both federal and non-federal professionals protect their cybersecurity activities. They provide assessment frameworks and courses that can be used to learn about cybersecurity vulnerabilities, the cybersecurity supply chain, application security, and mitigating security issues.
This program offered by CompTIA covers all of the fundamentals of cybersecurity. This is a resource that you can use if you’re getting started with learning about the cybersecurity industry and setting up systems in compliance with cybersecurity protection rules.
Fortinet is a company that offers a range of cybersecurity products. But they also provide resources in areas like threat intelligence and other cybersecurity topics. Reading up on their research is a great way to ensure the improvement of cybersecurity programs and learn about what’s happening at the cutting edge of the cybersecurity industry.
Ready to start studying for a cybersecurity certification? If so, you may want to explore TechExams.net’s free certification preparation community. Members of this active online community have probably completed that same tech certification successfully. They can provide you with an insightful perspective on the process and point you to new resources that weren’t already on your list.
In addition to test and certification prep, the community’s threads encompass topics like job searches and professional development, as well as timely tech-related news events. Pose a question in one of their forums on issues relating to creating a proper cybersecurity program or preventing cybersecurity attacks and a user will likely answer quickly.
Get To Know Other Cybersecurity Students
It’s no surprise that the U.S. Department of Homeland Security’s website offers an abundance of content and information on setting up a comprehensive cybersecurity program. But the site also features free cybersecurity courses and training materials for those who want to broaden their knowledge of the security of industrial control systems.
You can access 11 courses that cover subjects from operational security for control systems to current trends in cybersecurity vulnerabilities that put industrial control systems at risk. And if you’re seeking an in-person experience, the agency also periodically offers instructor-led courses on making your cybersecurity protections consistent with their regulations.
You can use that information to make informed decisions about the kind of annual certification processes that you want at your organization or bi-annual vulnerability assessments that could help you mitigate threats. This could even serve as a starting point for you to get a certification of compliance in the cybersecurity field.
Developed by the SANS Institute, this free course aims to help alleviate the shortage of cybersecurity professionals by introducing students and professionals to the field. It is designed to provide beginners with the core skills to launch a cybersecurity career.
The National Initiative for Cybersecurity Careers and Studies is an organization that strives to create a workforce that can defend sensitive data and infrastructure against cyber attacks. They offer an extensive training catalog that can be used by current employees in the security space to upskill.
Binni Shah is a Linux evangelist and security expert who often posts about how to create systems in compliance with cybersecurity protection measures.
Brian Krebs is a former Washington Post reporter who has spent a significant part of his career writing articles about security and studying the cybersecurity field. He’s done work recommending safer cybersecurity activities and highlighting consumer protection issues.
Dave Kennedy is the founder of Binary Defense, a cybersecurity firm. He tweets regularly about emerging cybersecurity issues, tools to combat attacks, and high-profile cybersecurity incidents. Viewing this content will give you an idea of how domestic banks, captive insurance companies, and other large organizations have an initial certification process for their employees and a whole host of other cybersecurity measures.
Graham Cluley has been covering the cybersecurity industry since the 1990s. He also hosts a podcast called Smashing Security where he discusses how to create an effective cybersecurity program, cybersecurity regulation, and other issues in the cybersecurity field.
Lesley Carhart is a director of incident response at Dragos, an industrial cybersecurity company. She is a must-follow for those who want to stay abreast of recent developments in cybersecurity policies, as well as measures to put in place to prevent a security breach at your organization.
Cybersecurity Websites and Blogs
Signal is a magazine that covers homeland security, big data, and cyber technologies from a national security perspective. Reading the magazine is a great way to gain an understanding of how the government and military are increasingly making cybersecurity a core focus. You will learn about how government bodies go about instituting threat assessment programs and the risk-based requirements they have for the companies that work with them.
Computer World’s Emerging Technology section covers general emerging technologies like the metaverse and Web3, but it also gives you the latest updates on happenings in the world of cybersecurity.
Daniel Miessler is one of the foremost thought leaders in the world of cybersecurity. His newsletters cover security risk assessments, cyber assessment frameworks, and industry news in a digestible format.
Data Insider is a publication offered by Digital Guardian, a company that makes a SaaS data loss prevention product. It covers news and research that pertains to data protection, threat research, and cybersecurity policies.
Security Affairs is a website that covers all things cybersecurity, including malware, cybercrime, and how to create an effective cybersecurity program.
Hacker News is a popular technology forum created by the folks at YCombinator. Interacting with the forum can be a great way to bring yourself up to speed on how startups and individual hackers are dealing with cybersecurity issues.
On our blog, we cover a variety of cybersecurity topics, and share free information that you can use to advance your career or become a cybersecurity analyst. Whether it’s advice about which programming languages to learn for cybersecurity or pointers on creating a cybersecurity resume, the blog is frequently updated with new tips and articles to keep you informed.
Schneier on Security consistently rates as one of the top cybersecurity personal websites in the blogosphere—and for good reason. Security expert Bruce Schneier is an author and cybersecurity influencer. He’s currently the chief technology officer at IBM Resilient, a fellow at Harvard University’s Berkman Center, and is often quoted in media outlets.
Another lauded cybersecurity blog comes from Brian Krebs, who worked as a reporter for The Washington Post from 1995 to 2009 and authored more than 1,300 posts for the Security Fix blog. His interest in the topic grew after his home network was attacked in 2001. On his influential blog, recurring themes include online crime investigations, data breaches, and cyber justice.
Get To Know Other Cybersecurity Students
Cybersecurity Books and Whitepapers
If you prefer books to blogs, then you should check out O’Reilly Media’s robust offering of free ebooks. The media company has an impressive roster of complimentary titles on cybersecurity, touching on topics like data lakes, the darknet, and DevOps security.
While white papers are often crafted with the intention of swaying the reader, they also can be filled with sound information and illuminating data. And for cybersecurity professionals, the Center for Internet Security’s website is a strong source of related white papers. The nonprofit—whose mission is to “identify, develop, validate, promote, and sustain best practice solutions for cyber defense”—also features other educational tools, webinars, and videos for those interested in learning more about cybersecurity vulnerabilities, improving cybersecurity programs, and contending with ever-increasing cybersecurity risks.
Although CompTIA is probably best known for its role in issuing cybersecurity certifications, the nonprofit trade organization is also a good resource for white papers, guides, and research on technology. The website has various cybersecurity research materials that are worth a read. And after perusing those titles, you’ll likely want to check out the website’s other free tools and content.
This document discusses the future of the cybersecurity industry in terms of regulatory requirements and potential cybersecurity attacks. Anyone who’s wondering about how they can create an effective cybersecurity program or deal with cyber threats in an organizational setting should go through this work.
The Center for Internet Security regularly releases white papers on topics such as cyber hygiene, enterprise cybersecurity tips, and carrying out periodic risk assessments.
This is a document aimed at those who want to train and identify talent in the cybersecurity industry. It covers the different ways to train, cultivate, and assess software professionals with a security bent. If you’re trying to break into the industry, this can give you a good idea of what potential employers are looking for. You’ll learn about how you can secure data in both internal networks and external networks and integrate procedural tools that can help in your work.
Cybersecurity Channels and Videos
Dark Cubed MSP Cybersecurity Webinar
This is a cybersecurity webinar that caters to managed service providers (MSP). The instructor is former Whitehouse Chief Information Security Officer Vince Crisler, so you know that you’re in good hands.
TED Talks are known for their compelling delivery, informative nature, and 18-minute time limits. They’re also completely free to watch. Check out this blog post that covers 12 compelling TED and TEDx Talks on cybersecurity.
Stanford University Cybersecurity Courses and Videos
We don’t all have the credentials to earn a degree from Stanford, but that doesn’t mean the school’s educational resources are out of reach. As part of its professional certificate program in advanced computer security, Stanford offers free cybersecurity webinars and a video talk series featuring some of the university’s computer security experts. The school also has a deep bench of free videos on computer science and security on its YouTube channel.
If you run a small- or medium-sized business, it’s possible that you haven’t spent enough time thinking about setting up a cyber assessment framework. The CyberSecure My Business Program is meant to be a crash course for smaller business owners who want to know how they can secure sensitive data from malicious actors.
Hear from thousands of thought leaders and experts in the cybersecurity field by tuning in to BrightTALK’s comprehensive stream of cybersecurity-related webinars. Thousands of videos are available in the IT security stream, which is constantly being updated. Especially useful for professionals who are further along in their cybersecurity careers, BrightTALK also includes options for non-English speakers.
Cybersecurity solution provider BeyondTrust provides a variety of products to help companies protect themselves against cyber threats. It also offers a wide breadth of educational resources like webinars, white papers, datasheets, and case studies. The firm’s webinars examine best practices, expert tips for doing security risk assessments, and other applicable concepts that help organizations safeguard against attacks.
13Cubed is a YouTube channel that produces videos that cover penetration testing, digital forensics, and information security.
Computerphile is among the most popular technology channels on YouTube. They cover a wide range of topics pertaining to both hardware and software. You can learn a lot about general cybersecurity and how it relates to consumer privacy by following this channel.
InsiderPhD is a YouTube channel that brings a rather unique voice to the cybersecurity world. The creator is a PhD student who applies natural language processing techniques to cybersecurity threat investigation. You can learn a lot about practical approaches to threat detection and the applicable requirements for a robust cybersecurity program by following the channel.
John Hammond is a hacker and thought leader in the cybersecurity field and consumer data privacy. His videos detail security vulnerabilities in different operating systems, consumer applications, how to do a review of logs pertaining to security, etc.
LiveOverflow is a great YouTuber to follow to get a hacker’s perspective on information security topics. It talks about the ways in which you can do a periodic assessment of your cyber activity and have an overall healthier cyber security profile.
Launched in 2007, Risky Business focuses on current industry news and interesting guest interviews. (Bob Lord, the chief security officer of the Democratic National Committee, was interviewed on the podcast earlier this summer.) Hosted by journalist Patrick Gray, this podcast runs for about 60 minutes and is an entertaining way for security professionals to stay on top of the latest news.
One of the longest-running cybersecurity podcasts, Security Weekly has been connecting the information security community since 2005. The main host is Paul Asadoorian, but he’s joined by a handful of others for news discussions, technical segments, and interviews. Each podcast by Security Weekly is supplemented with detailed notes. And they’re broadcast live on YouTube and Facebook.
Available in audio and video formats, Security Now is a weekly podcast hosted by TWiT Netcast Network founder Leo Laporte and Steve Gibson, who created the first anti-spyware program (and who is credited with coining the word “spyware”). The show runs for about two hours and focuses on helping the audience ramp up their personal security, with topics like password security, firewalls, and application security.
If two-hour podcasts aren’t for you, check out the bite-sized daily updates from the SANS Internet Storm Center. These “StormCasts” distill the most important network security news of the day into five minutes or so.
Host Timothy De Block began his IT career as an electronics technician in the U.S. Navy. After leaving the military, he discovered an interest in security, eventually becoming an information security officer for a South Carolina state agency. On his weekly show, he shares his expertise and talks to infosec industry leaders about the latest news and trends.
The Cybersecurity Workforce Training Guide was put together by the Cybersecurity and Infrastructure Security Agency (CISA). It is a tool for early-career cybersecurity professionals to understand how they can chart a successful career in the cybersecurity industry.
NICE is a cybersecurity framework created by the Cybersecurity and Infrastructure Security Agency (CISA). It covers techniques across a range of areas within the cybersecurity field, including exploitation analysis, language analysis, and risk assessments.
This mapping tool is an accessory to the previously mentioned NICE framework. It makes it easy to figure out where you fit into the cybersecurity infrastructure of an organization and what your responsibilities are given that position. You can simply download the guide and select your position to see where it fits into the framework.
Open-Source Cybersecurity Tools
An open-source framework to detect and prevent phishing attacks. You can use it to monitor your own networks and release a notice to consumers if you run a company that handles customer data.
Scumblr is an open-source tool that companies like Netflix use to prevent DDOS attacks and other security threats.
This is a secure reporting tool to detect intruders and prevent hackers from accessing sensitive data. It will alert you when systems as simple as a document hosting service might be compromised in a cyber attack.
The “VAS” in OpenVAS stands for “vulnerability assessment scanner.” This is a secure reporting tool that you can use to scan for cyber risks in your network that can be exploited by hackers and shore them up.
This is a firewall, which means that you can use it to set access parameters in your organization and proactively prevent attacks on the system.
Resources to Tackle Cyber Attacks
This resource from the Cybersecurity and Infrastructure Security Agency (CISA) introduces readers to phishing schemes, and how to respond to such an attack.
Another resource on phishing, this time from the Federal Trade Commission. If you work at places like a state-chartered bank or insurance company, then you should definitely consider looking into the resources provided by the FTC.
Avoiding Social Engineering and Phishing Attacks
Cyber attacks don’t always originate through a sophisticated technological attack. Sometimes hackers can use social engineering to piece together pieces of your digital identity. This resource talks about how you can keep from falling prey to such cybersecurity attacks.
This is a detailed report by the Anti-Phishing Working Group (APWG) on the most recent developments in phishing. It will give you an idea of the regulations you want to put in place at your organization and the filing requirements to ensure cybersecurity safety practices are adhered to.
This is a resource from the CISA on identifying fake antivirus software, which can compromise your personal and organizational data.
DOS attacks are a common way for malicious actors to gain access to protected systems. This resource introduces readers to how these attacks are mounted and what you can do to preempt them in compliance with cybersecurity protection regulations.
An MitM attack is carried out by an attacker who positions himself between two communicating parties in a network, like a corporate parent company and subsidiary interacting digitally for example. The linked resource introduces readers to the different kinds of man-in-the-middle attacks and how you can prevent them.
Since you’re here…
Interested in a career in cybersecurity? With or Cybersecurity Bootcamp, you’ll get a job in the industry, or we’ll return your tuition money. Test your skills with our free cybersecurity course, and check out our student reviews. We’re a safe bet. 🔒😉