An awesome list of resources for training, conferences, speaking, labs, reading, etc that are free all the time or during COVID-19 that cybersecurity professionals with downtime can take advantage of to improve their skills and marketability to come out on the other side ready to rock.
CATEGORIES
CONFERENCES
TRAINING
INSTRUCTOR LED WEBINAR/LABS/WORKSHOPS
BOOKS
PODCASTS
Conferences
HITB Lockdown Livestream - April 25-26 (10:00-18:00 CET) - A free livestream featuring some of the talks and speakers from the cancelled HITBSecConf2020 - Amsterdam. https://conference.hitb.org/lockdown-livestream/
OWASP Virtual AppSec Days April 2020 - April 27 - The OWASP Foundation is hosting a Virtual AppSec Days on April 27-29th. They will be running a 90 minute virtual mini-conference. This is the only free part of the event. [OWASP said ability to register coming this week]
RedHat Summit - April 28-29 - "Our virtual event will feature the keynotes, breakout sessions, and collaboration opportunities that you’ve come to expect from Red Hat® Summit. This programming will be shared as a blend of live and recorded content designed to inspire and engage a global audience. You will have access to the experts behind the code as you learn about the latest in open hybrid cloud, automation, cloud-native development, and so, so much more. Red Hat Summit 2020 Virtual Experience is your platform to learn, network, and plot the next steps in your career as you find ways to unlock your potential." - https://www.redhat.com/en/summit
DerpCon - April 30 (workshop) May 1 Conference - https://www.eventbrite.com/e/derpcon-2020-tickets-101700143868 we want to do our part to foster the information security community while simultaneously providing attendees with interesting knowledge they can use personally or professionally. We will be supporting the local Colorado community by accepting donations for the Colorado COVID-19 Relief Fund.
DISC – SANS ICS Virtual Conference Friday May 1 ICS Virtual Conference (10-6 pm ET) - The content is focused around being widely acceptable for both IT Security and OT/ICS audiences and the theme is focused around education especially during times when many folks are at home and working remotely. Special focuses are being given in the talks to what work and efforts can be accomplished with minimal effort during slow down periods. https://www.sans.org/webcasts/disc-ics-virtual-conference-114285
VMware Carbon Black Connect 2020 - May 13-14 - Connect 2020 is a free, action-packed two-day virtual event about the future of endpoint security. The agenda has something for everyone, including a Developer Day for technical users, hands-on threat hunting workshops, and a chance to become product certified. Hear from the experts, explore our sponsor hub, and participate in a series of trainings on the most effective ways to combat the latest threats. https://www.carbonblack.com/connect20/
FWD:CLOUDSEC June 29 - a new cloud security practitioners conference which will be held online - https://fwdcloudsec.org/
RSAC 2020 APJ July 15 – 17 "Transforming RSA Conference 2020 Asia Pacific & Japan into a free virtual learning experience, taking place 15 – 17 July. We have many exciting and relevant sessions and keynotes planned, featuring some of the world’s leading cybersecurity experts." https://go.rsaconference.com/rsac-apj2020/
github地址:https://github.com/gerryguy311/CyberProfDevelopmentCovidResources
Training
Pluralsight Free for April 2020. Massive top tier library of content including lots of cyber training www.pluralsight.com
Metasploit Unleashed Most complete and in-depth Metasploit guide available, with contributions from the authors of the No Starch Press Metasploit Book. https://www.offensive-security.com/metasploit-unleashed/
AWS Cloud Certified Get skills in AWS to be more marketable. Training is quality and free. https://www.youtube.com/watch?v=3hLmDS179YE Have to create an AWS account, Exam is $100.
SANS Faculty Free Tools List of OSS developed by SANS staff. https://www.sans.org/media/free/free-faculty-tools.pdf?msc=sans-free-lp
"Using ATT&CK for Cyber Threat Intelligence Training" - 4 hour training The goal of this training is for students to understand the following: at: https://attack.mitre.org/resources/training/cti/
What ATT&CK is and why it’s useful for cyber threat intelligence (CTI)
How to map to ATT&CK from both finished reporting and raw data
Why it’s challenging to store ATT&CK-mapped data and what you should consider when doing that
How to perform CTI analysis using ATT&CK-mapped data
How to make defensive recommendations based on CTI analysis
Coursera -"Coursera Together: Free online learning during COVID-19" Lots of different types of free training. https://blog.coursera.org/coursera-together-free-online-learning-during-covid-19/
Fortinet Security Appliance Training Free access to the FortiGate Essentials Training Course and Network Security Expert courses 1 and 2 https://www.fortinet.com/training/cybersecurity-professionals.html
Chief Information Security Officer (CISO) Workshop Training - The Chief Information Security Office (CISO) workshop contains a collection of security learnings, principles, and recommendations for modernizing security in your organization. This training workshop is a combination of experiences from Microsoft security teams and learnings from customers. - https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop
CLARK Center Plan C - Free cybersecurity curriculum that is primarily video-based or provide online assignments that can be easily integrated into a virtual learning environments https://clark.center/home
Hack.me is a FREE, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of "runnable" vulnerable web applications, code samples and CMS's online. The platform is available without any restriction to any party interested in Web Application Security. https://hack.me/
Hacker101 - Free classes for web security - https://www.hacker101.com/
ElasticStack - Free on-demand Elastic Stack, observability, and security courses. https://training.elastic.co/learn-from-home
Hoppers Roppers - Community built around a series of free courses that provide training to beginners in the security field. https://www.hoppersroppers.org/training.html
IBM Security Learning Academy Free technical training for IBM Security products. https://www.securitylearningacademy.com/
M.E. Kabay Free industry courses and course materials for students, teachers and others are welcome to use for free courses and lectures. http://www.mekabay.com/courses/index.htm
Open P-TECH Free digital learning on the tech skills of tomorrow. https://www.ptech.org/open-p-tech/
Autopsy Digital Forensics - FREE ($495 value) Autopsy is a Windows-based desktop digital forensics tool that is free, open source, and has all of the features that you’d normally find in commercial digital forensics tools. It is extensible and comes with features that include keyword search, hash matching, registry analysis, web analytics, and more. https://www.autopsy.com/support/training/covid-19-free-autopsy-training/
Udemy - Online learning course platform "collection from the free courses in our learning marketplace" https://www.udemy.com/courses/free/
Linux Fundamentals Linux Fundamentals LiveLessons has more than 10 hours of comprehensive video training for you to have everything you need to build a strong understanding of working with Linux. https://pearsonadvance.com/courses/linux-fundamentals/
AWS Certified Cloud Practitioner Seven hours of video instruction covering the fundamentals of cloud computing; AWS core services such as Amazon EC2, Amazon RDS, and Amazon S3; security; architecture design principles; best practices; and cost management.AWS Certified Cloud Practitioner Complete Video Course is a video product designed to help viewers understand Amazon Web Services at a high level, introduce cloud computing concepts, and key AWS services, and prepare them for the exam according to the certification exam guide published by Amazon Web Services. https://pearsonadvance.com/courses/aws-certified-cloud-practitioner/
Enroll Now Free: PCAP Programming Essentials in Python https://www.netacad.com/courses/programming/pcap-programming-essentials-python Python is the very versatile, object-oriented programming language used by startups and tech giants, Google, Facebook, Dropbox and IBM. Python is also recommended for aspiring young developers who are interested in pursuing careers in Security, Networking and Internet-of-Things. Once you complete this course, you are ready to take the PCAP – Certified Associate in Python programming. No prior knowledge of programming is required.
Packt Web Development Course Web Development Get to grips with the fundamentals of the modern web Unlock one year of free online access. https://courses.packtpub.com/pages/free?fbclid=IwAR1FtKQcYK8ycCmBMXaBGvW_7SgPVDMKMaRVwXYcSbiwvMfp75gazxRZlzY
Learn Empire Powershell This Tutorial contains installation of Kali Linux and Windows VM, Installation of Empire PowerShell 3.1,Exploiting Windows 10 machines by various attacks including Empire,Running Mimikatz, Privelege Escalation & Using Hashcat to crack the various password hashes https://pentestskills.teachable.com/p/empire-powershell
Stanford University Webinar - Hacked! Security Lessons from Big Name Breaches 50 minute cyber lecture from Stanford.You Will Learn: -- The root cause of key breaches and how to prevent them; How to measure your organization’s external security posture; How the attacker lifecycle should influence the way you allocate resources https://www.youtube.com/watch?v=V9agUAz0DwI
Stanford University Webinar - Hash, Hack, Code: Emerging Trends in Cyber Security Join Professor Dan Boneh as he shares new approaches to these emerging trends and dives deeper into how you can protect networks and prevent harmful viruses and threats. 50 minute cyber lecture from Stanford. https://www.youtube.com/watch?v=544rhbcDtc8
Kill Chain: The Cyber War on America's Elections (Documentary) (Referenced at GRIMMCON), In advance of the 2020 Presidential Election, Kill Chain: The Cyber War on America’s Elections takes a deep dive into the weaknesses of today’s election technology, an issue that is little understood by the public or even lawmakers. https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections
Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729
Cybersecurity Essentials (30 hours) Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses. https://www.netacad.com/portal/web/self-enroll/c/course-1003733
Instructor Led Webinar/ Labs / Workshops
April
Breaching the Cloud Perimeter Training w/ Labs (4-Hours) - [COURSE REPORTING FULL 4/19/2020] Blackhills Information Security - Saturday, April 25th, 11am – 4pm EST- You will leave this workshop with new skills for assessing cloud-based infrastructure! https://register.gotowebinar.com/register/1264630092013493773
IEEE PES DAY 2020 | Cybersecurity for Industrial Control Systems - Cybersecurity Path - Wed, April 22, 2020 11:00 AM – 2:30 PM CDT https://www.eventbrite.com/e/ieee-pes-day-2020-cybersecurity-path-tickets-101773356850?aff=ebdssbonlinesearch
Breaking into Cybersecurity Wed, April 22, 2020 6:30 PM – 8:30 PM EDT Join us for the Breaking Into Cybersecurity online panel to learn about the cybersecurity landscape globally and in Jacksonville. The panel is hosted by the Cyber Bootcamp at University of North Florida powered by Fullstack Academy, which takes students from novice to cybersecurity professional in just 26 weeks part-time. https://www.eventbrite.com/e/breaking-into-cybersecurity-tickets-101302931796?aff=ebdssbonlinesearch
"Hack Yourself First: Hands-on Ethical Hacking" Thu, Apr 23, 2020 11:00 AM - 12:00 PM EDT In this webcast we will go over various ethical hacking/offensive security offerings and performing hands-on demonstrations of each: Vulnerability Scanning, Vulnerability Assessment, Penetration Testing, Red Team Exercises, Purple Teaming. https://register.gotowebinar.com/register/8300923968439652109
Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests (1-Hour) — on Apr 23, 2020 2:00 PM EDT (Black Hills Information Security) We'll look at the Developer Tools in the latest Firefox with a pentester's eye. Inspect and change the DOM (Document Object Model), take screenshots, find and extract key bits of data, use the console to run Javascript in the site's origin context and even pause script execution in the debugger if things go too fast… : https://attendee.gotowebinar.com/register/8048757572878556940
How Operational Technology (OT) Security is Redefining the CISO Role Tuesday, April 28th, 2020 at 3:30 PM EDT - The digital transformation of industrial systems yields numerous benefits and efficiencies for business, but the resulting interconnectivity between these systems and an organizations IT network has made operational technology (OT) increasingly susceptible to cyber threats. And while the role of CISOs in dealing with IT network security is well defined, many security leaders dont know where to start when it comes to their OT defense strategy. Further complicating matters, traditional IT security tools are not compatible with OT environments, and conventional wisdom for defending IT environments is not always applicable. https://www.sans.org/webcasts/operational-technology-ot-security-redefining-ciso-role-114360
Cybersecurity Seminar (EC-COUNCIL sponsored) April 30 Thu, 7:00 PM - 8:00 PM Be a part of this fast-growing industry today. Attend our free seminar and learn about: How to get started in cybersecurity, Cybercrimes and best investigation practices today, Career opportunities for cybersecurity specialists and students, How to be eligible for course fee support.https://www.eventbrite.com/e/cybersecurity-seminar-tickets-96384190709?aff=ebdssbonlinesearch
May
Women in Cybersecurity Capture the Flag {Virtual} | SecureSet and WiCyS - Sat, May 2, 2020 10:00 AM – 1:00 PM MDT — Our Women Only Capture the Flag event is designed specifically for women who want to dive headfirst into the cybersecurity game in a welcoming environment where you can build confidence and network with women in the cybersecurity community! https://www.eventbrite.com/e/women-in-cybersecurity-capture-the-flag-virtual-secureset-and-wicys-tickets-102703516984?aff=ebdssbonlinesearch
Cyber Threat Hunting Training – May Session (4-Hours) - Blackhills Information Security - Tuesday, May 12th, 12pm – 4pm EST -- In this free, one-day course, we will cover how to leverage network data to perform a cyber threat hunt. The course includes hands-on labs using packet captures of various command and control channels. The labs will enable you to apply what you’ve learned using various open-source tools. https://register.gotowebinar.com/register/5841228496128209677
Virtual Cybersecurity Capture the Flag for All Ages - Thu, May 14, 2020 5:00 PM – 8:00 PM MD Put your tech skills to the test in our Virtual Capture the Flag (CTF) for All Ages game. This event is a fun challenge for adults, teens, and everyone in between! https://www.eventbrite.com/e/virtual-cybersecurity-capture-the-flag-for-all-ages-tickets-102932542004?aff=ebdssbonlinesearch
SANS MIC Talk - Prioritizing OT Security Efforts: The Five Tactical Things to Accomplish While Leadership Defines a Security Program (Don Weber Talk) May 27 8:30PM EDT - This talk will cover the five tactical things an OT/IT team can do while leadership defines the direction of a security program for the OT environment. It will discuss quick wins that can be accomplished with equipment typically already deployed. These steps will also provide the leadership team with valuable information that will help prioritize future efforts and quickly improve vendor / integrator / MSP requirements for near-term greenfield and upcoming brownfield maintenance projects. https://www.sans.org/webcasts/atmic-talk-prioritizing-ot-security-efforts-tactical-things-accomplish-leadership-defines-security-program-113985
Responding to Incidents in Industrial Control Systems (ICS): Identifying Threats, Reactions and Developing the IR Process Friday May 29 1:00 PM - How can effective and proven incident response processes identify, mitigate and remediate threats in the ICS environment? In this new webcast with SANS instructor Don C. Weber and representatives Eric Knapp and Matt Wiseman from Honeywell, we will identify ICS threats, look at how incidents can be managed, and provide recommendation for setting up an effective IR program to reduce risk exposure. Attendees will learn how to best apply proven IR programs and techniques.https://www.sans.org/webcasts/responding-incidents-industrial-control-systems-ics-identifying-threats-reactions-developing-ir-process-114525
Breaching the Cloud Perimeter Training w/ Labs (4-Hours) - Blackhills Information Security - Thursday, May 28th, 12pm – 5pm EST- You will leave this workshop with new skills for assessing cloud-based infrastructure! https://register.gotowebinar.com/register/1264630092013493773
June
Cyber Security Webinar Series - Session I: Cybersecurity for Small Business JUNE 11Thu, 11:00 AM - 12:00 PM PDT — These classes serve as a survey in terms of the recommended best practices in use for both commercial and federal information systems. It is important to note that cybersecurity is about controlling access, it is the defensive measures that can be taken to reduce the risk of an attack. The goal of the plan is to impede the attacker, limit the effect of the attack, and recover. https://www.eventbrite.com/e/cyber-security-webinar-series-session-i-cybersecurity-for-small-business-tickets-92155713219?aff=ebdssbonlinesearch
Books
Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems (O'Reilly) By Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield https://static.googleusercontent.com/media/landing.google.com/en//sre/static/pdf/SRS.pdf
Security Engineering By Ross Anderson - A guide to building dependable distributed systems. (and Ross Anderson is brilliant //OP editorial) https://www.cl.cam.ac.uk/~rja14/book.html
The Cyber Skill Gap By Vagner Nunes - The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! (Use COUPON CODE: W4VSPTW8G7 to make it free) https://payhip.com/b/PdkW
The Beginner’s Guide to Information Security By Limor Elbaz - Offers insight and resources to help readers embark on a career in one of the 21st century’s most important—and potentially lucrative—fields. https://www.amazon.com/Beginners-Guide-Information-Security-Kickstart-ebook/dp/B01JTDDSAM
Podcasts
Risky Business Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. https://risky.biz/
Pauls Security Weekly This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. https://securityweekly.com/category-shows/paul-security-weekly/
Security Now - Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. https://twit.tv/shows/security-now
Daily Information Security Podcast ("StormCast”) Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute. https://isc.sans.edu/podcast.html
Below podcasts Added from here: https://infosec-conferences.com/cybersecurity-podcasts/
Down the Security Rabbithole http://podcast.wh1t3rabbit.net/ Down the Security Rabbithole is hosted by Rafal Los and James Jardine who discuss, by means of interviewing or news analysis, everything about Cybersecurity which includes Cybercrime, Cyber Law, Cyber Risk, Enterprise Risk & Security and many more. If you want to hear issues that are relevant to your organization, subscribe and tune-in to this podcast.
The Privacy, Security, & OSINT Show https://podcasts.apple.com/us/podcast/the-privacy-security-osint-show/id1165843330 The Privacy, Security, & OSINT Show, hosted by Michael Bazzell, is your weekly dose of digital security, privacy, and Open Source Intelligence (OSINT) opinion and news. This podcast will help listeners learn some ideas on how to stay secure from cyber-attacks and help them become “digitally invisible”.
Defensive Security Podcast https://defensivesecurity.org/ Hosted by Andrew Kalat (@lerg) and Jerry Bell (@maliciouslink), the Defensive Security Podcasts aims to look/discuss the latest security news happening around the world and pick out the lessons that can be applied to keeping organizations secured. As of today, they have more than 200 episodes and some of the topics discussed include Forensics, Penetration Testing, Incident Response, Malware Analysis, Vulnerabilities and many more.
Darknet Diaries https://darknetdiaries.com/episode/ Darknet Diaries Podcast is hosted and produced by Jack Rhysider that discuss topics related to information security. It also features some true stories from hackers who attacked or have been attacked. If you’re a fan of the show, you might consider buying some of their souvenirs here (https://shop.darknetdiaries.com/).
Brakeing Down Security https://www.brakeingsecurity.com/ Brakeing Down Security started in 2014 and is hosted by Bryan Brake, Brian Boettcher, and Amanda Berlin. This podcast discusses everything about the Cybersecurity world, Compliance, Privacy, and Regulatory issues that arise in today’s organizations. The hosts will teach concepts that Information Security Professionals need to know and discuss topics that will refresh the memories of seasoned veterans.
Open Source Security Podcast https://www.opensourcesecuritypodcast.com/ Open Source Security Podcast is a podcast that discusses security with an open-source slant. The show started in 2016 and is hosted by Josh Bressers and Kurt Siefried. As of this writing, they now posted around 190+ podcasts
Cyber Motherboard https://podcasts.apple.com/us/podcast/cyber/id1441708044 Ben Makuch is the host of the podcast CYBER and weekly talks to Motherboard reporters Lorenzo Franceschi-Bicchierai and Joseph Cox. They tackle topics about famous hackers and researchers about the biggest news in cybersecurity. The Cyber- stuff gets complicated really fast, but Motherboard spends its time fixed in the infosec world so we don’t have to.
Hak5 https://shop.hak5.org/pages/videos Hak5 is a brand that is created by a group of security professionals, hardcore gamers and “IT ninjas”. Their podcast, which is mostly uploaded on YouTube discusses everything from open-source software to penetration testing and network infrastructure. Their channel currently has 590,000 subscribers and is one of the most viewed shows when you want to learn something about security networks.
Threatpost Podcast Series https://threatpost.com/category/podcasts/ Threatpost is an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide. With an award-winning editorial team produces unique and high-impact content including security news, videos, feature reports and more, with their global editorial activities are driven by industry-leading journalist Tom Spring, editor-in-chief.
CISO-Security Vendor Relationship Podcast https://cisoseries.com Co-hosted by the creator of the CISO/Security Vendor Relationship Series, David Spark, and Mike Johnson, in 30 minutes, this weekly program challenges the co-hosts, guests, and listeners to critique, share true stories. This podcast, The CISO/Security Vendor Relationship, targets to enlighten and educate listeners on improving security buyer and seller relationships.