Further Cyber Security Resources

General

• Common Vulnerabilities and Exposures (CVE) database.
• Computer Forensic Reference DataSet Portal.
• How cyber attacks work.
• 10 steps to cyber security.
• CIS benchmarks.
• MITRE ATT&CK.
• NIST Risk Management Framework.
• The Honeynet Project.
• Cuckoo Sandbox - Automated malware mnalysis.
• How FIDO works.
• The good and bad of biometrics.
• Cloud Control Matrix.
• Gaining the advantage - Applying Cyber Kill Chain methodology to network defense.
• ExifTool.
• 6 steps for applying data science to security.
• 5 ways to better use data in security.
• The essential guide to security.
• 10 tips for more secure mobile devices.
• Are your Android apps sending unencrypted data?
• A pragmatic approach to fixing cyber security: 5 steps.
• Cyber essentials.
• National Vulnerability Database.
• Black Hat events.
• Life under GDPR and what it means for Cyber Security.
• What organisations can do to strengthen their Cyber Security stance.
• The case for integrating physical security and cyber security.
• Boosting security effectiveness with ‘adjuvants’.
• Supporting a back-to-basics approach with cyber threat intelligence.
• How to protect your browser from Unicode domain phishing attacks.
• 5 security mistakes your IT team wish you wouldn’t make.
• Solving the problem of storing passwords.
• NCSC rolls out free and easy steps to improve public sector cyber security.
• To AV, or not to AV?
• Common cyber attacks: Reducing the impact.
• Protecting your organisation from ransomware.
• 8 best anti ransomware tools you must be using in 2017.
• 7 tools for stronger IoT security, visibility.
• 6 myths about IoT security.
• Cloud security: Standards and definitions.
• Penetration testing – what is it and who is it for?
• Eight myths not to believe about penetration testing.
• Infographics at the NCSC.
• Sophos Threatsaurus.
• StaySafeOnline.org.
• ConsumerFraudReporting.org.
• Action Fraud – Types of Fraud.
• Scam Busters.
• The 6-step “happy path” to HTTPS.
• Website reputation checker tool.
• Whois lookup.
• 15 free temporary email services to avoid inbox spam.
• Top 10 sites to receive SMS online without a phone.
• 4 basic principles to help keep hackers out.
• 8 nation-state hacking groups to watch in 2018.
• Radio frequency jammers.

Email

• How to get email headers.
• ParseMail.
• Virus Total – Email submissions.

National Cyber Security Centre (NCSC) Guidance

• End user device security collection.
• The NIS guidance collection.
• Risk management collection.
• Denial of Service (DoS) guidance collection.
• Application development collection.
• Phishing attacks: defending your organisation.
• Password guidance: Simplifying your approach.
• Password guidance summary: how to protect against password-guessing attacks.
• Ransomware: Latest NCSC guidance.
• ‘Meltdown’ and ‘Spectre’ guidance.
• Guidance on Virtual Private Networks (VPNs).
• Obsolete platforms security guidance.
• NCSC IT: Installing software updates without breaking things.

Privacy

• Terms of Service; Didn’t Read.
• Twitter privacy settings.
• The complete guide to facebook privacy settings.

Wi-Fi

• Wi-Fi Alliance launches WPA3 protocol with new security features.
• Is Wi-Fi still safe to use?
• ‘Krack’ Wi-Fi guidance.
• Wi-Fi at risk from KRACK attacks – here’s what to do.
• New WPA2 attack (KRaCKs) – How to prevent it.

Blogs

• Cisco Security Blog.
• Dark Reading.
• Google Security Blog.
• Graham Cluley.
• Krebs on Security.
• Microsoft Secure Blog.
• Naked Security.
• Schneier on Security.
• Station X Cyber Security Blog.
• Troy Hunt.
• We Live Security.
• Zero Day.
• More…

Cyber Security Certifications

Entry-Level:

• CompTIA Security+.
• GIAC Security Essentials (GSEC).
• Systems Security Certified Practitioner (SSCP).

Mid-Level:

• CompTIA Cybersecurity Analyst (CySA+).
• CompTIA PenTest+.
• Certified Information Systems Security Professional (CISSP).
• Certified Ethical Hacker (CEH).
• Cisco Certified Network Associate Security (CCNA Security).
• GIAC Certified Incident Handler (GCIH).
• Certified Information Systems Auditor (CISA).

Advanced-Level:

• CompTIA Advanced Security Practitioner (CASP+).
• Certified Penetration Testing Engineer (CPTE).
• Offensive Security Certified Professional (OSCP).
• Cisco Certified Network Professional Security (CCNP Security).
• Cisco Certified Internetwork Expert Security (CCIE Security).
• GIAC Certifications.
• CISSP Concentrations.

Cyber Security Companies

• Avast.
• AVG Technologies.
• Bitdefender.
• F-Secure.
• Malwarebytes.
• McAfee.
• Microsoft.
• Sophos.
• Symantec.
• More…

News

• Computer Weekly.
• Guardian Online Information Security.
• Infosecurity Magazine:
• International Business Times.
• Security Week:
• The Hacker News:
• The Telegraph Internet Security.
• Wired – Threat level.

Podcasts

• Cyber Security Sauna.
• CyberTangent.
• Darknet Diaries.
• Hacking Humans Podcast.
• Risky Business.
• Secure Talk.
• Security Now.
• Security This Week.
• Smashing Security.
• Sophos Podcasts.
• The CyberWire Daily Podcast.
• The Grumpy Old Geeks Podcast.
• The Lazarus Heist.
• Threat Intelligence Podcast.
• 35 of the best information security podcasts to follow.