Do you want to know everything there is about cyber security? Welcome to our generous list of useful cyber security resources. Here you will find everything that interests you as a cyber security professional or someone who wants to explore this sector.
The various sections below will run you through important books to read, blogs to keep an eye on and where to find the latest trends in Cybersecurity.
If you are looking for pressing risk management and security topics directly from the Google’s Security Team, this is the place to go.
Brian Krebs is a very well known investigative reporter from the Washington Post. Now he contributes most of his time writing exclusively on internet security, cybercrime and latest news in the industry.
Schneier is a very well known security blogger. He is also known as the ‘ security guru’ and has been blogging in cyber security since 2004. He has authored 12 books and is a fellow at Harvard’s Berkman Center. He is also the CTO of Co3 Systems Inc.
This is a book review blog that is headed by Rick Howard, also the CSO at Palo Alto Networks. He has penned down a big list of ‘must read’ cyber security books both fictional and non fictional. He calls this list ‘Cyber Cannon‘.
This is the perfect place to go if you want to read application security research and news. It is run by the team at Veracode, a company well known to focus on cloud based application security systems.
The blog by ZDNet is a well known place to find latest in vulnerabilities, threats, computer attacks and hardware/software security research.
An excellent blog that is packed with useful information like ebooks, hands on tutorials, information security training and mini courses for students in cyber security. It is handled by InfoSec institute.
While Microsoft has many different blogs on the internet, this is aimed at security news and alerts.
Looking for an extensive list of blogs and networks from around the internet? Security Bloggers Network collects information from around 300 different blogs and podcasts to provide in one place.
Threat Track Security Labs has partnered with different businesses to fight back Advanced Persistent Threats (ATPs). While this blog focuses on company based information, it still provides plenty of reading in security.
The University of Texas – Pan American was awarded $3.7 million to set the Center of Excellence in STEM Education by the U.S. Department of Defense. It is responsible for offering challenge based instructions which are geared towards students of all ages. They hold a regular STEM summer camp, gives away scholarships and holds college programs for students and adult professionals alike.
For known information security vulnerabilities and exposures, CVE is an excellent dictionary which offers common identifiers for the public. The system is handled by MITRE with the help of fundings from office of Cybersecurity and Communications at the U.S. Department of Homeland Security.
If you are looking for IT training in subjects like Cisco, PMP, Microsoft, VMware, Wireless and Citrix, infotec pro is the perfect place to check out. They offer some of the best instructor led e learning courses in known certifications like CompTIA Security+ and CompTIA Network+ with an addition of several other security certifications like CCNA, CISSP etc.
An excellent place to find a huge list of academic institutions that are well known for cybersecurity education. It is perfect when you are comparing different cyber security schools.
If you want to find an up to date database of different cyber security scholarships being offered by the government, non-profit organizations, corporations and colleges, this page by NICCS is the perfect place to go. You can search for scholarships using keywords, expertise level, amount and deadline.
The DHS’s web page dedicated to cyber security has plenty of testimonies from the Senate and the House as well as a resourceful directory that has many statements and analytic reports to discover and read.
Helpful resource on Purdue’s Center of Education and Research in Security Websites and Information Assurance can be found here. You’ll also find reports and papers, FTP archives and the Cassandra Vulnerability Tracking System on the website.
This is an excellent forum where you can ask questions and get answers directly from information security professionals. If you are curious about how security professions work, or you want to find info on career paths, this is the place to go.
The ISC is an all volunteer Effort. It provides free analysis and warning system to users of the internet. It was created in response to the Lion Worm event back in 2001. Now it focuses on identifying threats and presents a log which has millions of intrusion detection data from 500,000 different IP addresses in 50 different countries. The SANS Institute funds the ISC.
OVAL is a well known community developed language. It was built from the ground to determine configuration and vulnerability issues. It aims to make everything standardize when it comes to assessing and reporting upon the machine state of the computer systems in the entire world.
US CERT ( U.S. Computer Emergency Readiness Team) is 24/7 operational arm of the Department of Homeland Security’s NCCIC department. It is responsible for broadcasting threat information and vulnerabilities through the National Cyber Awareness System (NCAS). It also operates a Vulnerability Notes Database.
As the name suggests, this is a MySQL/PHP web application that is vulnerable. It is there as a teaching aid for web developers, educators and security professionals.
This is a virtual machine that was intentionally made vulnerable. It runs on Ubuntu Linux and is designed to be hacked by metasploit and other known hacking tools.
NATAS is a war game created by OverThewire. It is there to teach you the basics of server side web security.
Another hack simulation game that asks you to defend a virtual PC against intruders while you try to hack other players in a time period.
This is a security website that boasts a large user base of 1.8 million plus. You can learn and attempt at various basic and advanced hacking challenges set in a legal environment.
This is a free open source web application that allows the users to use hack a vulnerable web application and pen test it.
NIBS offers various cybersecurity workshops for owners and managers.
The CSAW capture the flag is a competition where undergraduates who want to get into the cyber security field are tested with a series of real world situations having nearly all types of computer security problems to deal with. The competition is sponsored by Information Systems and Internet Security (ISIS) lab of NYU.
ESC is a team based competition which is also the only hardware security competition in the entire world. Experts from NYU Polytechnic School of Engineering take part in this competition by competing against participating universities. During the competition the experts defend against the attacks from other university participants.
NCL serves as a training ground for collegiate students who want to develop and enhance their cyber security skills. This competition also serves as a practice ground for participants. competitors are put through next generation simulated environments.
Pitcoctf is the largest competition in cyber security for middle and high school students. It is run by Carnegie Mellon University. Competing individuals are asked to complete a series of hacking, engineering and decryption challenges. Successfully completing a challenge earns them prize money.
The Chromium Security is a challenge set by Google and it is held with Pwn2Own contest during the CanSecWest conference. White hackers from around the country are invited to find and expose vulnerabilities in Google Chrome OS. The prize money is often huge, for example, in 2014 it was $2.7 million in potential.
The goal of this challenge is to find 10,000 of the brightest and best cyber security professionals from the U.S. There are different competitions where contestants are tested. These include capture the flag and Cyber Quest.
The DEF CON takes place every year with a number of different contests for security professionals of all expertise. The competitions include scavenger hunts, hacking, lockpicking and capture the flag.
This is the biggest college level cyber defense competition in the United States of America. The collegiate Cyber Defense Competition System focuses on operational aspects of protection of infrastructure of corporate network and other business information systems.
In this network security competition by NCCDC, competing team is challenged to capture different targets and protect them from other teams. Teams who control and operate critical services take on points and win the challenge.
This is a hacking contest which challenges security enthusiasts to demonstrate leakages in security in very popular enterprise and consumer level software platforms. Winning the challenge earns you $100,000, but you need to find as many exploits as possible before everyone else.
SANS set up many different interactive training contests, this is one of them. You can test your skills in real world scenarios. There is also a tournament of champions during the annual CDI conference in which the past winners of different competitions are invited to fight one on one.
Ars Technica has a strong team of reporters responsible for their security section. They pen down different stories about security including informative articles on cyber spying, cost of cybercrime and new data breaches.
A great place to find security and risk management resources. CSO online has many news articles, blogs, slideshows and white papers.
Britain’s largest newspaper has a section dedicated to cybersecurity and information. Most of their articles are designed to be understood by the common man.
A great place to find all your needs about information security industry. They have tons of white papers, news articles and lists that outline latest and greatest upcoming conferences, webinars and events.
SC is choke loaded with a range of different technical information and business resources. You’ll find a lot of white papers, videos, news articles and product reviews on the site.
Backed by Kaspersky Lab, you’ll find tons of videos, news and feature reports on cybersecurity.
An excellent place to find up-to-date articles on cyber attacks, hacks, data breaches, international developments and research.
Presented by InformationWeek, this site covers trending stories from the information security sector. You’ll find articles on app sec, threats, mobile, attacks and breaches.
You’ll find plenty of topics that directly affect homeland security listed down here.
This is a newsroom run by Sophos, mostly known for their unique computer security products. There is a number of different researches, advice, opinion and security news available to read.
Another site backed by Kaspersky Lab. It aims to provide you with massive information on spam, hackers and viruses.
Co written by Anthony Stiebar and Josh More. This is an excellent guide that focuses on practical aspects of starting a cybersecurity careers. You’ll find an interesting ‘level up’ progression game for your career progression. This includes a learn, do and teach approach through the different tiers of Information Security jobs. Included are also examples for specific career paths and job roles in each of the job tiers so you can find out the best skills for the role you desire the most.
Written by David E. Sanger. This book covers inside account of Obama administration’s foreign policy progress. It covers many of the important details of Operation Olympic Games, the cover cyber attack that the U.S. made on Iran’s nuclear facilities. It also covers the government’s thoughts on cyber weapons.
Co written by Robert K. Knake and Richard Clarke. The book mostly covers about the failures in cyber defense. Author Richard Clarke is an ex-National Coordinator for security, counter terrorism and infrastructure protection for the United States. He has a lot of knowledge about cyber terrorism, cyber warfare and government policies.
Written by Glenn Greenwald. It is an interesting read because it is written by the close contact of Snowden during the leak of classified U.S. government secrets. Greenwald is a columnist for The Guardian.
Written by Bruce Schneier. The book answers the question whether we should give up our privacy for better security. If you are curious how giving up privacy can impact security, then read it out.
Written by Andrew Jaquith. This is a book that tells you how to classify, quantify and measure Infosec operations in latest enterprise environments.
Co written by Matthew Lyon and Katie Hafner. This book offers a good look at the infosec history. The book includes interviews from some of the most eccentric and brilliant minds that were responsible for bringing the internet. It also covers popular stories like ARPANET and many other post WWII projects that you may not be aware of.
Written by Shon Harris. This book covers many resources for the CISSP exam preperation. It is constantly updated so make sure to get the latest version. The guide includes nearly everything you will ever need to properly prepare for CISSP including practice questions, exam tips, in-depth explanations and training modules. The book also covers all 10 domains of CISSP. It is available in both print and digital formats.
Written by Niels Ferguson, Tadayoshi Kohno and Bruce Schneier. Looking for a good foundational guide on practical cryptography? This book should help. The authors have covered many basics that include key exchange, ciphers, mathematics basics and message digests. You’ll also be offered a closer look at software, hardware and the human issues involved revolving around cryptography engineering. This book isn’t meant for advanced cryptographers.
Written by Kevin Poulsen. An interesting and real story about Max Butler, a hacker who gained access to 1.8 million plus credit card accounts. Being a former hacker who went through 5 years of prison, Poulsen knows what he is telling.
Written by Richard Bejtlich. An excellent book that shows you how to deploy, build and run NSM operation using vendor neutral tools and open source software. The guide is written in step by step instructions.
Written by Ross J. Anderson. A book that is almost 900+ pages in size covers everything from high level policy to technical engineering basics and specialized protection mechanisms. Anderson is one of the top security experts in the infosec sector, so he has a lot to say about the subject. If you are new and want to learn about real world failures and success stories in form of case studies, then you should definitely get it. The book was last updated in 2008 to include more information.
Written by Brian Krebs. This is a detailed and often entertaining book that contains info on world of organized cyber crimes. Most of the text involves incidents from 2003 – 2013.
SIGSAC’s aim is to bring up the information security profession by offering sponsorships to many high end workshops and research based conferences.
A non profit organization focusing on the best practices of security assurance on cloud computing and offering education on how to use the cloud to ensure security for all other forms in computing.
A global non profit organization that is dedicated in promoting collaboration and education for the investigation and prevention of high end tech crimes.
An international non profit organization established by It security practitioners and professionals. They provide publications, educational forums, networking opportunities and more.
NSI was created for the sole purpose of protecting the nation’s most sensitive business and technology secrets. It has now become one of the biggest and best organizations that are assisting ‘cleared’ defense contractors in learning about threats to national security.
A global non profit charitable organization that is focusing on improving software security. It focuses on making software security visible to organizations and individuals and then tell them of the various software security risks.
ASIS offers various educational programs, materials and certifications in security. It also supports the value of security management to the media, entities, businesses, public and the government.
ISF is based in London, UK. It is a non profit organization that is focuses on clarifying, investigating and resolving key problems in risk management and information security.
NICCS acts as an excellent ‘one place for all’ on cyber security education and career information. You will find tons of information on training options, internship and scholarship opportunities, conferences, competitions and more.
A U.S. based non profit organization that is committed in supporting the various efforts of local and state law enforcement in investigating, preventing and prosecuting high tech and economic crimes.
SANS is a cooperative education and research based organization for IT professionals. It is dedicated in providing information security certifications and training by maintaining a free library that has plenty of research documents. It also operates the Internet Storm Center.
Local Security Groups
AFCEA focuses on cyber security because it relates itself to intelligence communities, homeland security and defense. Although chapters are now spreading around the world, you can still expect more of these in the Maryland and Virginia regions for obvious reasons.
IEEE has members from at least one or more IEEE technical councils/societies who have similar geographical proximity and technical interests. Events from this chapter includes workshops, social functions and guest speakers. IEEE is dedicated on the advancement of technology.
With 200+ chapters around the world, the ISACA is one of the biggest networking organizations. They sponsor local workshops, seminars and often conduct IT research projects that give the members with a variety of training opportunities in leadership.
ISSA is a strong chapter network that offers regular chapter activities. They have also created a Chapter Leaders Summit and Special Interest Groups like security awareness, women in security and health
OWASP Chapter program is free to join. You do not need a membership to take advantage of the chapter. This chapter is open for all and is managed by universal guidelines. There are many OWASP presentations during the meetings that you can join in any time you want to.
Members of this chapter are mostly credible group of cloud security experts from the region. Chapters that are located throughout the world must contain at least 20 CSA members.
InfraGard is a non profit/public private partnership between the FBI and U.S. businesses. The chapter is dedicated in sharing intelligence in order to prevent any aggressiveness against the nation. Chapters have members meeting in order to exchange information on new threats and listen to conversations between security experts.
Chapter members of (ISC)2 receive exclusive discounts on all programs and products offered by the organization. They can also earn CPEs by taking part in local community outreach projects and professional activities.
This conference is the finest and the best event by Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery.
These conferences cover all things about cryptography. It is sponsored by International Association of Cryptologic Research.
This is a conference by the community for the community. It is held in many cities and is often free for anyone.
CSAW is the biggest student run cyber security conference in the U.S. It is managed by the students at Information Systems and Internet Security (ISIS) Laboratory at the NYU Polytechnic School of Engineering. The conference includes discussions, events and contests.
DEF CON has earn the title of being the most notorious and largest hacking conferences around the world. There are talks, events and contests.
Held in the Europe, it is meant to attract security experts from the law enforcement, military, government, academia and industry. Discussions on new research and development takes place revolving mostly around IT security.
EC-Council presents this multi series of conferences around the world.
An annual open conference that features security and hacking research. It is held in Paris.
This conference attracts experts from around the world to talk about cryptographic modules. Talks include implementation, secure design, use and assurance. This is held every year in the U.S.
This three day conference is all about attracting researchers and professionals froun around the country to who develop, design, deploy and exploit technologies that define the very network and distributed system security.
Nullcon is an excellent conference where information is exchanged on zero day vulnerabilities, attack vectors and unknown threats. It is held in India.
The SANS CDI is known for holding the popular Tournament of Champions and Netwars competitions. It draws a huge crowed every year.
This is an educational conference on information risk management and security. It is held yearly at St.Paul, Minnesota.
One of the most popular hacker conventions set by a non profit organization. It attracts as many as 1000+ individuals who are interested in cryptography and computer security.
Set to attract analysts, technology experts, security experts, educators, professionals and analysts. It is held in Dublin, Seattle and Boston.
This is a single day hacking conference which is held in a secret location annually. There are workshops, talks and live hacker music.
The Conference is designed to provide hands on digital forensics training. A networking forum for cyber security experts is also held within the conference.
The VB bulletin is all about covering a variety of different security related topics. Both technical and corporate entities can join in.
Being the oldest security conference in the U.S., ACSAC attracts security professionals from the government, academia and various industries to apply in cyber security.
Black Hat used to be a small conference in Las Vegas. It is now an extensive series of conferences that offer training camps and security events in Europe, Asia and the U.S. Black Hat was created by the founder of DEF CON, Jeff Moss.
This is a popular three day conference held in Canada. It focuses on applied digital security. CanSecWest also holds the Chromium challenge and the Pwn2Own contest with prize money worth $100,000.
A popular yearly conference held in Europe. It includes network, computer and application security talks and events.
Another hacking conference where you’ll find workshops, games and contests.
The conference is all about addressing computer security issues as well as privacy, technology and information applications on society.
The conference is held to attract government representatives, industry leaders and academics to talk about cutting edge ideas in information security. It is held in India.
Provides an yearl platform for many security researchers and IT professionals to come in and talk about next generation security issues in computers. The conference is held in Amsterdam and Kuala Lumpur, Malaysia.
Held for addressing latest issues in electronic and computer privacy and security, the conference is brought together by IEEE Computer Society Technical Committee on Security and Privacy with cooperation from International Association for Cryptographic Research.
This is an invitation only workshop meant for researchers in information security and related fields. Any proceedings at the conference are published through ACM.
The conference is held to represent itself as a forum where cryptographers can come and share their latest advancements and knowledge in Internet Security. The conference takes place annually in Europe, Asia and U.S.
This conference focuses on thought leaders in ICS security community. It is only meant for advanced security professionals.
The annual conference focuses on providing relevant training, education and networking for cyber security professionals.
SIN CON is well respected in the international forum for being a perfect place to present research and different applications for security in networks and information.
This international IT security conference is a place where researchers gather from around the world to discuss cyber security.
The conference is a favorite for IT experts and professionals who want to present their latest findings and research. It is held every year in Germany.
The conference is quite popular and is held annually in Canada and U.S. with a different location every year. System administrators, practitioners , system programmers and researchers who are keen on learning about latest advancements in security and privacy of networks and computers are invited to attend.
Latest posts by Jake Ciber (see all)
- USA Muni market is slowly paying attention to cyber risks - June 15, 2017
- The cybersecurity industry will face massive worker shortfall by 2022 - June 8, 2017
- Is cybersecurity a threat to our interconnected future? - May 22, 2017