03A47681

 

Do you want to know everything there is about cyber security? Welcome to our generous list of useful cyber security resources. Here you will find everything that interests you as a cyber security professional or someone who wants to explore this sector.

 

The various sections below will run you through important books to read, blogs to keep an eye on and where to find the latest trends in Cybersecurity.

 

Blogs

 

Google Online Security Blog

If you are looking for pressing risk management and security topics directly from the Google’s Security Team, this is the place to go.

 

Krebs on Security

Brian Krebs is a very well known investigative reporter from the Washington Post. Now he contributes most of his time writing exclusively on internet security, cybercrime and latest news in the industry.

 

Schneier on Security

Schneier is a very well known security blogger. He is also known as the ‘ security guru’ and has been blogging in cyber security since 2004. He has authored 12 books and is a fellow at Harvard’s Berkman Center. He is also the CTO of Co3 Systems Inc.

 

Terebrate

This is a book review blog that is headed by Rick Howard, also the CSO at Palo Alto Networks. He has penned down a big list of ‘must read’ cyber security books both fictional and non fictional. He calls this list ‘Cyber Cannon‘.

 

Veracode Blog

This is the perfect place to go if you want to read application security research and news. It is run by the team at Veracode, a company well known to focus on cloud based application security systems.

 

Zero Day Blog

The blog by ZDNet is a well known place to find latest in vulnerabilities, threats, computer attacks and hardware/software security research.

 

InfoSec Resources

An excellent blog that is packed with useful information like ebooks, hands on tutorials, information security training and mini courses for students in cyber security. It is handled by InfoSec institute.

 

Microsoft Malware Protection Center Blog

While Microsoft has many different blogs on the internet, this is aimed at security news and alerts.

 

Security Bloggers Network

Looking for an extensive list of blogs and networks from around the internet? Security Bloggers Network collects information from around 300 different blogs and podcasts to provide in one place.

 

Threat Track Security Labs Blog

Threat Track Security Labs has partnered with different businesses to fight back Advanced Persistent Threats (ATPs). While this blog focuses on company based information, it still provides plenty of reading in security.

 

 

Websites

 

UTPA Center Of Excellence in STEM Education

The University of Texas – Pan American was awarded $3.7 million to set the Center of Excellence in STEM Education by the U.S. Department of Defense. It is responsible for offering challenge based instructions which are geared towards students of all ages. They hold a regular STEM summer camp, gives away scholarships and holds college programs for students and adult professionals alike.

 

CVE: Common Vulnerabilities and Exposures

For known information security vulnerabilities and exposures, CVE is an excellent dictionary which offers common identifiers for the public. The system is handled by MITRE with the help of fundings from office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

 

Infotec Pro

If you are looking for IT training in subjects like Cisco, PMP, Microsoft, VMware, Wireless and Citrix, infotec pro is the perfect place to check out. They offer some of the best instructor led e learning courses in known certifications like CompTIA Security+ and CompTIA Network+ with an addition of several other security certifications like CCNA, CISSP etc.

 

National Centers of Academic Excellence (CAE) in Information Assurance (IA)/Cyber Defense (CD)

An excellent place to find a huge list of academic institutions that are well known for cybersecurity education. It is perfect when you are comparing different cyber security schools.

 

Scholarship Opportunities

If you want to find an up to date database of different cyber security scholarships being offered by the government, non-profit organizations, corporations and colleges, this page by NICCS is the perfect place to go. You can search for scholarships using keywords, expertise level, amount and deadline.

 

U.S. Department of Homeland Security – Cybersecurity

The DHS’s web page dedicated to cyber security has plenty of testimonies from the Senate and the House as well as a resourceful directory that has many statements and analytic reports to discover and read.

 

CERIAS: Tools and Resources

Helpful resource on Purdue’s Center of Education and Research in Security Websites and Information Assurance can be found here. You’ll also find reports and papers, FTP archives and the Cassandra Vulnerability Tracking System on the website.

 

Information Security Stack Exchange

This is an excellent forum where you can ask questions and get answers directly from information security professionals. If you are curious about how security professions work, or you want to find info on career paths, this is the place to go.

 

ISC: Internet Storm Center

The ISC is an all volunteer Effort. It provides free analysis and warning system to users of the internet. It was created in response to the Lion Worm event back in 2001. Now it focuses on identifying threats and presents a log which has millions of intrusion detection data from 500,000 different IP addresses in 50 different countries. The SANS Institute funds the ISC.

 

OVAL: Open Vulnerability And Assessment Language

OVAL is a well known community developed language. It was built from the ground to determine configuration and vulnerability issues. It aims to make everything standardize when it comes to assessing and reporting upon the machine state of the computer systems in the entire world.

 

US-CERT

US CERT ( U.S. Computer Emergency Readiness Team) is 24/7 operational arm of the Department of Homeland Security’s NCCIC department. It is responsible for broadcasting threat information and vulnerabilities through the National Cyber Awareness System (NCAS). It also operates a Vulnerability Notes Database.

 

 

Training

 

Damn Vulnerable Web Application (DVWA)

As the name suggests, this is a MySQL/PHP web application that is vulnerable. It is there as a teaching aid for web developers, educators and security professionals.

 

Metasploitable

This is a virtual machine that was intentionally made vulnerable. It runs on Ubuntu Linux and is designed to be hacked by metasploit and other known hacking tools.

 

NATAS

NATAS is a war game created by OverThewire. It is there to teach you the basics of server side web security.

 

SlaveHack

Another hack simulation game that asks you to defend a virtual PC against intruders while you try to hack other players in a time period.

 

HackThisSite (HTS)

This is a security website that boasts a large user base of 1.8 million plus. You can learn and attempt at various basic and advanced hacking challenges set in a legal environment.

 

Mutillidae

This is a free open source web application that allows the users to use hack a vulnerable web application and pen test it.

 

National Institute of Building Sciences

NIBS offers various cybersecurity workshops for owners and managers.

 

 

Contests

 

CSAW Capture The Flag (CTF)

The CSAW capture the flag is a competition where undergraduates who want to get into the cyber security field are tested with a series of real world situations having nearly all types of computer security problems to deal with. The competition is sponsored by Information Systems and Internet Security (ISIS) lab of NYU.

 

ESC: Embedded Security Challenge

ESC is a team based competition which is also the only hardware security competition in the entire world. Experts from NYU Polytechnic School of Engineering take part in this competition by competing against participating universities. During the competition the experts defend against the attacks from other university participants.

 

NCL: National Cyber League

NCL serves as a training ground for collegiate students who want to develop and enhance their cyber security skills. This competition also serves as a practice ground for participants. competitors are put through next generation simulated environments.

 

Pitcoctf

Pitcoctf is the largest competition in cyber security for middle and high school students. It is run by Carnegie Mellon University. Competing individuals are asked to complete a series of hacking, engineering and decryption challenges. Successfully completing a challenge earns them prize money.

 

Chromium Security

The Chromium Security is a challenge set by Google and it is held with Pwn2Own contest during the CanSecWest conference. White hackers from around the country are invited to find and expose vulnerabilities in Google Chrome OS. The prize money is often huge, for example, in 2014 it was $2.7 million in potential.

 

U.S. Cyber Challenge

The goal of this challenge is to find 10,000 of the brightest and best cyber security professionals from the U.S. There are different competitions where contestants are tested. These include capture the flag and Cyber Quest.

 

DEF CON Contests

The DEF CON takes place every year with a number of different contests for security professionals of all expertise. The competitions include scavenger hunts, hacking, lockpicking and capture the flag.

 

NCCDC: National Collegiate Cyber Defense Competition

This is the biggest college level cyber defense competition in the United States of America. The collegiate Cyber Defense Competition System focuses on operational aspects of protection of infrastructure of corporate network and other business information systems.

 

Panoply

In this network security competition by NCCDC, competing team is challenged to capture different targets and protect them from other teams. Teams who control and operate critical services take on points and win the challenge.

 

Pwn2Own

This is a hacking contest which challenges security enthusiasts to demonstrate leakages in security in very popular enterprise and consumer level software platforms. Winning the challenge earns you $100,000, but you need to find as many exploits as possible before everyone else.

 

SANS NetWars

SANS set up many different interactive training contests, this is one of them. You can test your skills in real world scenarios. There is also a tournament of champions during the annual CDI conference in which the past winners of different competitions are invited to fight one on one.

 

 

News

 

Ars Technica – Risk Assessment

Ars Technica has a strong team of reporters responsible for their security section. They pen down different stories about security including informative articles on cyber spying, cost of cybercrime and new data breaches.

 

CSO Online

A great place to find security and risk management resources. CSO online has many news articles, blogs, slideshows and white papers.

 

Guardian Information Security Hub

Britain’s largest newspaper has a section dedicated to cybersecurity and information. Most of their articles are designed to be understood by the common man.

 

Infosecurity Magazine

A great place to find all your needs about information security industry. They have tons of white papers, news articles and lists that outline latest and greatest upcoming conferences, webinars and events.

 

SC Magazine

SC is choke loaded with a range of different technical information and business resources. You’ll find a lot of white papers, videos, news articles and product reviews on the site.

 

ThreatPost

 

Backed by Kaspersky Lab, you’ll find tons of videos, news and feature reports on cybersecurity.

 

CIO Security

An excellent place to find up-to-date articles on cyber attacks, hacks, data breaches, international developments and research.

 

Dark Reading

Presented by InformationWeek, this site covers trending stories from the information security sector. You’ll find articles on app sec, threats, mobile, attacks and breaches.

 

Homeland Security News Wire – Cybersecurity

You’ll find plenty of topics that directly affect homeland security listed down here.

 

Naked security

This is a newsroom run by Sophos, mostly known for their unique computer security products. There is a number of different researches, advice, opinion and security news available to read.

 

SecureList

Another site backed by Kaspersky Lab. It aims to provide you with massive information on spam, hackers and viruses.

 

 

Books

 

Breaking Into Information Security

Co written by Anthony Stiebar and Josh More. This is an excellent guide that focuses on practical aspects of starting a cybersecurity careers. You’ll find an interesting ‘level up’ progression game for your career progression. This includes a learn, do and teach approach through the different tiers of Information Security jobs. Included are also examples for specific career paths and job roles in each of the job tiers so you can find out the best skills for the role you desire the most.

 

Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power

Written by David E. Sanger. This book covers inside account of Obama administration’s foreign policy progress. It covers many of the important details of Operation Olympic Games, the cover cyber attack that the U.S. made on Iran’s nuclear facilities. It also covers the government’s thoughts on cyber weapons.

 

Cyber War: The Next Threat to National Security and What to Do About it

Co written by Robert K. Knake and Richard Clarke. The book mostly covers about the failures in cyber defense. Author Richard Clarke is an ex-National Coordinator for security, counter terrorism and infrastructure protection for the United States. He has a lot of knowledge about cyber terrorism, cyber warfare and government policies.

 

No Place to Hide: Edward Snowden, the NSA; and the U.S. Surveillance State

Written by Glenn Greenwald. It is an interesting read because it is written by the close contact of Snowden during the leak of classified U.S. government secrets. Greenwald is a columnist for The Guardian.

 

Secrets and Lies

Written by Bruce Schneier. The book answers the question whether we should give up our privacy for better security. If you are curious how giving up privacy can impact security, then read it out.

 

Security Metrics: Replacing Fear, Uncertainty, and Doubt

Written by Andrew Jaquith. This is a book that tells you how to classify, quantify and measure Infosec operations in latest enterprise environments.

 

Where Wizards Stay Up Late

Co written by Matthew Lyon and Katie Hafner. This book offers a good look at the infosec history. The book includes interviews from some of the most eccentric and brilliant minds that were responsible for bringing the internet. It also covers popular stories like ARPANET and many other post WWII projects that you may not be aware of.

 

CISSP All-In-One Exam Guide

Written by Shon Harris. This book covers many resources for the CISSP exam preperation. It is constantly updated so make sure to get the latest version. The guide includes nearly everything you will ever need to properly prepare for CISSP including practice questions, exam tips, in-depth explanations and training modules. The book also covers all 10 domains of CISSP. It is available in both print and digital formats.

 

Cryptography Engineering: Design Principles and Practical Applications

Written by Niels Ferguson, Tadayoshi Kohno and Bruce Schneier. Looking for a good foundational guide on practical cryptography? This book should help. The authors have covered many basics that include key exchange, ciphers, mathematics basics and message digests. You’ll also be offered a closer look at software, hardware and the human issues involved revolving around cryptography engineering. This book isn’t meant for advanced cryptographers.

 

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

Written by Kevin Poulsen. An interesting and real story about Max Butler, a hacker who gained access to 1.8 million plus credit card accounts. Being a former hacker who went through 5 years of prison, Poulsen knows what he is telling.

 

The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Written by Richard Bejtlich. An excellent book that shows you how to deploy, build and run NSM operation using vendor neutral tools and open source software. The guide is written in step by step instructions.

 

Security Engineering: A Guide to Building Dependable Distributed Systems

Written by Ross J. Anderson. A book that is almost 900+ pages in size covers everything from high level policy to technical engineering basics and specialized protection mechanisms. Anderson is one of the top security experts in the infosec sector, so he has a lot to say about the subject. If you are new and want to learn about real world failures and success stories in form of case studies, then you should definitely get it. The book was last updated in 2008 to include more information.

 

Spam Nation: The Inside Story of Organized Cybercrime – From Global Epidemic to Your Front Door

Written by Brian Krebs. This is a detailed and often entertaining book that contains info on world of organized cyber crimes. Most of the text involves incidents from 2003 – 2013.

 

Organizations

 

ACM SIGSAC: Special Interest Group On Security, Audit and Control

SIGSAC’s aim is to bring up the information security profession by offering sponsorships to many high end workshops and research based conferences.

 

CSA: Cloud Security Alliance

A non profit organization focusing on the best practices of security assurance on cloud computing and offering education on how to use the cloud to ensure security for all other forms in computing.

 

HTCIA: High Technology Crime Investigation Association

A global non profit organization that is dedicated in promoting collaboration and education for the investigation and prevention of high end tech crimes.

 

ISSA: Information Systems Security Association

An international non profit organization established by It security practitioners and professionals. They provide publications, educational forums, networking opportunities and more.

 

NSI: National Security Institute

NSI was created for the sole purpose of protecting the nation’s most sensitive business and technology secrets. It has now become one of the biggest and best organizations that are assisting ‘cleared’ defense contractors in learning about threats to national security.

 

OWASP: Open Web Application Security Project

A global non profit charitable organization that is focusing on improving software security. It focuses on making software security visible to organizations and individuals and then tell them of the various software security risks.

 

ASIS International 

ASIS offers various educational programs, materials and certifications in security. It also supports the value of security management to the media, entities, businesses, public and the government.

 

ISF: Information Security Forum

ISF is based in London, UK. It is a non profit organization that is focuses on clarifying, investigating and resolving key problems in risk management and information security.

 

NICCS: National Initiative for Cybersecurity Careers and Studies

NICCS acts as an excellent ‘one place for all’ on cyber security education and career information. You will find tons of information on training options, internship and scholarship opportunities, conferences, competitions and more.

 

NW3C: National White Collar Crime Center

A U.S. based non profit organization that is committed in supporting the various efforts of local and state law enforcement in investigating, preventing and prosecuting high tech and economic crimes.

 

SANS

SANS is a cooperative education and research based organization for IT professionals. It is dedicated in providing information security certifications and training by maintaining a free library that has plenty of research documents. It also operates the Internet Storm Center.

 

Local Security Groups

 

AFCEA Chapters 

AFCEA focuses on cyber security because it relates itself to intelligence communities, homeland security and defense. Although chapters are now spreading around the world, you can still expect more of these in the Maryland and Virginia regions for obvious reasons.

 

IEEE Technical Chapters

IEEE has members from at least one or more IEEE technical councils/societies who have similar geographical proximity and technical interests. Events from this chapter includes workshops, social functions and guest speakers. IEEE is dedicated on the advancement of technology.

 

ISACA Local Chapters

With 200+ chapters around the world, the ISACA is one of the biggest networking organizations. They sponsor local workshops, seminars and often conduct IT research projects that give the members with a variety of training opportunities in leadership.

 

ISSA Chapter Directory

ISSA is a strong chapter network that offers regular chapter activities. They have also created a Chapter Leaders Summit and Special Interest Groups like security awareness, women in security and health

 

OWASP Chapters Program

OWASP Chapter program is free to join. You do not need a membership to take advantage of the chapter. This chapter is open for all and is managed by universal guidelines. There are many OWASP presentations during the meetings that you can join in any time you want to.

 

CSA Chapters

Members of this chapter are mostly credible group of cloud security experts from the region. Chapters that are located throughout the world must contain at least 20 CSA members.

 

InfraGard Local Chapters

InfraGard is a non profit/public private partnership between the FBI and U.S. businesses. The chapter is dedicated in sharing intelligence in order to prevent any aggressiveness against the nation. Chapters have members meeting in order to exchange information on new threats and listen to conversations between security experts.

 

(ISC)2 Chapter Program

Chapter members of (ISC)2 receive exclusive discounts on all programs and products offered by the organization. They can also earn CPEs by taking part in local community outreach projects and professional activities.

 

 

Conferences

 

ACM CCS: ACM Conference on Computer and Communications Security

This conference is the finest and the best event by Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery.

 

Asiacrypt/Crypto/Eurocrypt

These conferences cover all things about cryptography. It is sponsored by International Association of Cryptologic Research.

 

BSides

This is a conference by the community for the community. It is held in many cities and is often free for anyone.

 

CSAW: Cyber Security Awareness Week Conference

CSAW is the biggest student run cyber security conference in the U.S. It is managed by the students at Information Systems and Internet Security (ISIS) Laboratory at the NYU Polytechnic School of Engineering. The conference includes discussions, events and contests.

 

DEF CON

DEF CON has earn the title of being the most notorious and largest hacking conferences around the world. There are talks, events and contests.

 

EICAR Conference

Held in the Europe, it is meant to attract security experts from the law enforcement, military, government, academia and industry. Discussions on new research and development takes place revolving mostly around IT security.

 

Hacker Halted

EC-Council presents this multi series of conferences around the world.

 

Hackito Ergo Sum

An annual open conference that features security and hacking research. It is held in Paris.

 

ICMC: International Cryptographic Module Conference

This conference attracts experts from around the world to talk about cryptographic modules. Talks include implementation, secure design, use and assurance. This is held every year in the U.S.

 

NDSS (Network and Distributed Systems Security) Symposium

This three day conference is all about attracting researchers and professionals froun around the country to who develop, design, deploy and exploit technologies that define the very network and distributed system security.

 

Nullcon

Nullcon is an excellent conference where information is exchanged on zero day vulnerabilities, attack vectors and unknown threats. It is held in India.

 

SANS CDI: Cyber Defense Initiative

The SANS CDI is known for holding the popular Tournament of Champions and Netwars competitions. It draws a huge crowed every year.

 

Secure 360

This is an educational conference on information risk management and security. It is held yearly at St.Paul, Minnesota.

 

ShmooCon

One of the most popular hacker conventions set by a non profit organization. It attracts as many as 1000+ individuals who are interested in cryptography and computer security.

 

SOURCE Conference

Set to attract analysts, technology experts, security experts, educators, professionals and analysts. It is held in Dublin, Seattle and Boston.

 

Thotcon

This is a single day hacking conference which is held in a secret location annually. There are workshops, talks and live hacker music.

 

U.S. Cyber Crime Conference

The Conference is designed to provide hands on digital forensics training. A networking forum for cyber security experts is also held within the conference.

 

VB: Virus Bulletin Conference

The VB bulletin is all about covering a variety of different security related topics. Both technical and corporate entities can join in.

 

ACSAC: Annual Computer Security Applications Conference

Being the oldest security conference in the U.S., ACSAC attracts security professionals from the government, academia and various industries to apply in cyber security.

 

Black Hat

Black Hat used to be a small conference in Las Vegas. It is now an extensive series of conferences that offer training camps and security events in Europe, Asia and the U.S. Black Hat was created by the founder of DEF CON, Jeff Moss.

 

CanSecWest

This is a popular three day conference held in Canada. It focuses on applied digital security. CanSecWest also holds the Chromium challenge and the Pwn2Own contest with prize money worth $100,000.

 

DeepSec

A popular yearly conference held in Europe. It includes network, computer and application security talks and events.

 

DerbyCon

Another hacking conference where you’ll find workshops, games and contests.

 

Hack.lu

The conference is all about addressing computer security issues as well as privacy, technology and information applications on society.

 

The Hackers Conference

The conference is held to attract government representatives, industry leaders and academics to talk about cutting edge ideas in information security. It is held in India.

 

HITBSecConf: Hack In The Box Security Conference

Provides an yearl platform for many security researchers and IT professionals to come in and talk about next generation security issues in computers. The conference is held in Amsterdam and Kuala Lumpur, Malaysia.

 

IEEE Symposium on Security and Privacy

Held for addressing latest issues in electronic and computer privacy and security, the conference is brought together by IEEE Computer Society Technical Committee on Security and Privacy with cooperation from International Association for Cryptographic Research.

 

NSPW: New Security Paradigms Workshop

This is an invitation only workshop meant for researchers in information security and related fields. Any proceedings at the conference are published through ACM.

 

RSA Security Conference

The conference is held to represent itself as a forum where cryptographers can come and share their latest advancements and knowledge in Internet Security. The conference takes place annually in Europe, Asia and U.S.

 

S4: SCADA Security Scientific Symposium

This conference focuses on thought leaders in ICS security community. It is only meant for advanced security professionals.

 

SecureWorld Expo

The annual conference focuses on providing relevant training, education and networking for cyber security professionals.

 

SIN: International Conference on Security of Information and Networks

SIN CON is well respected in the international forum for being a perfect place to present research and different applications for security in networks and information.

 

Swiss Cyber Storm

This international IT security conference is a place where researchers gather from around the world to discuss cyber security.

 

TROOPERS IT Security Conference

The conference is a favorite for IT experts and professionals who want to present their latest findings and research. It is held every year in Germany.

 

— USENIX Security Symposium

The conference is quite popular and is held annually in Canada and U.S. with a different location every year. System administrators, practitioners , system programmers and researchers who are keen on learning about latest advancements in security and privacy of networks and computers are invited to attend.

 

 

 

 

Jake Ciber

Jack of all trades... master of none... ABL... Always Be Learning! I love what I do and I love helping people.