Major Industry Websites
Government Resources
Cybersecurity News
Cybersecurity Tools
Certification and Training
Cryptography
Cyber Security Risk Management
Security Architecture
Operational Policy
Management and Cyber Security Operations
Secure Software Design and Development
Network Visualization and Vulnerability Detection
Cyber Threat Intelligence
Incident Response and Computer Network Forensics
- SANS - https://www.sans.org
- (ISC)² - https://www.isc2.org
- CompTIA - https://www.comptia.org
- ISACA - https://www.isaca.org
- Cisco Networking Academy - https://www.netacad.com
- Microsoft Security - https://www.microsoft.com/en-us/security
- Verizon Enterprise Security - https://enterprise.verizon.com/products/security
- Symantec Security Center - https://www.broadcom.com/support/security-center
- Palo Alto Networks - https://www.paloaltonetworks.com
- Check Point - https://www.checkpoint.com
- Sophos - https://www.sophos.com/en-us.aspx
- Proofpoint - https://www.proofpoint.com/us
Government Resources
- NIST Cyber Security - https://www.nist.gov/topics/cybersecurity
- National Vulnerability Database - https://nvd.nist.gov/search
- US-CERT - https://us-cert.cisa.gov/
- Defense Information Systems Agency - https://disa.mil/
- FBI Cyber Crime - https://fbi.gov/investigate/cyber
- DOJ Cyber Security Unit - https://justice.gov/criminal-ccips/cybersecurity-unit
- DoD Chief Information Office - https://dodcio.defense.gov/Cyber-Workforce.aspx
- Department of Homeland Security Cybersecurity - https://dhs.gov/topic/cybersecurity
- National Council of ISACs - https://nationalisacs.org/
Cybersecurity News
- Security Week - https://securityweek.com
- Dark Reading - https://darkreading.com
- CSO Online - https://csoonline.com
- Reddit netsec - https://reddit.com/r/netsec
- The Hacker News - https://thehackernews.com
- Krebs on Security - https://krebsonsecurity.com
- Information Week - https://informationweek.com
- Threat Post - https://threatpost.com
- SC Magazine - https://scmagazine.com/home/security-news
Cybersecurity Tools
- GitHub, A curated security resource list - https://github.com/CheckPointSW/InviZzzible
- John the Ripper - https://openwall.com/john
- VirusTotal - https://virustotal.com/gui/home/upload
- Hookbin - https://hookbin.com
- UltraTools - https://ultratools.com
- Qualys SSL Labs - https://ssllabs.com
- Malware Analysis (Andrea Fortuna) - https://andreafortuna.org/2016/08/05/malware-analysis-my-own-list-of-tools-and-resources
- PenTestMonkey - http://pentestmonkey.net
- MXToolBox - https://mxtoolbox.com
- ViewDNS.INFO - https://viewdns.info
- Capture the Flag Training Site List - http://captf.com/practice-ctf
- Shell Storm - http://shell-storm.org
- DB-IP Geo-location API/DB - https://db-ip.com
Certification and Training
- (ISC)² Certifications - https://isc2.org/Certifications
- ISACA Certifications - http://isaca.org/credentialing
- CompTIA Certifications - https://certification.comptia.org
- SANS Courses- https://www.sans.org/courses/
- GIAC Certifications - https://giac.org/certifications
- ISA Certifications - https://isa.org/training-and-certifications/isa-certification
- Microsoft Certifications - https://docs.microsoft.com/en-us/learn/certifications/
- Cisco Certifications - https://cisco.com/c/en/us/training-events/training-certifications/certifications.html
- Amazon Certifications - https://aws.amazon.com/certification
- EC Council Certifications - https://eccouncil.org/programs
- Offensive Security Certifications - https://offensive-security.com/information-security-certifications
- Hack The Box Pen-Testing Labs -https://hackthebox.eu
- Smash the Stack Wargaming Network - http://smashthestack.org
- Return Oriented Programming Emporium - https://ropemporium.com
- Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer security handbook. Hoboken, NJ: John Wiley & Sons.
- Drucker, P. (2015). Management. Place of publication not identified: Routledge.
- Ferguson, N., Schneier, B., & Kohno, T. (2010). Cryptography engineering: Design principles and practical applications. Indianapolis, IN: Wiley.
- Johnson, R. (2015). Security policies and implementation issues. Burlington, MA: Jones & Bartlett Learning.
- Klemens, B. (2015). 21st century C. Sebastopol, CA: OReilly Media.
- Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise security architecture a business-driven approach. Boca Raton: CRC Press.
- Seitz, J. (2015). Black Hat Python: Python programming for hackers and pentesters. San Francisco, CA: No starch press.
- Sikorski, M., & Honig, A. (2012). Practical malware analysis: The hands-on guide to dissecting malicious software. San Francisco, California: No Starch Press.
- Schneier, B. (2018). Click here to kill everybody: Security and survival in a hyper-connected world. New York: W.W. Norton & Company.
- Schneier, B. (2016). Data and Goliath. Wiley.
- Schneier, B. (2015). Secrets and lies: Digital security in a networked world. Indianapolis, IN: John Wiley & Sons.
- Touhill, G. J., & Touhill, C. J. (2014). Cybersecurity for executives: A practical guide. Hoboken, NJ: Wiley.
Cryptography
- Cimpanu, C. (2018, May 01). LockCrypt Ransomware Cracked Due to Bad Crypto. Retrieved June 29, 2019, from https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-cracked-due-to-bad-crypto/
- Clercq, J. D. (2011, Jun 30). Q: Why is time synchronization between Windows machines critical in an Active Directory (AD) environment? How important is this for Kerberos authentication? What service controls time synchronization on Windows machines? Retrieved April 13, 2019, from ITPro Today: https://www.itprotoday.com/active-directory/q-why-time-synchronization-between-windows-machines-critical-active-directory-ad
- Digicert Inc. (2019). SSL Digital Certificate Authority - Encryption & Authentication. Retrieved April 20, 2019, from Digicert: https://www.digicert.com/
- Ferguson, N., Kohno, T., & Schneier, B. (2010). Cryptography engineering: design principles and practical applications. Indianapolis, IN: Wiley Pub., Inc.
- Garcia, J. (2017, July 20). How does RSA work? - Hacker Noon. Retrieved June 28, 2019, from https://hackernoon.com/how-does-rsa-work-f44918df914b
- Joan Daemen and Vincent Rijmen. (1999, September 3). "AES Proposal: Rijndael" (PDF). Retrieved August 14, 2019 from https://web.archive.org/web/20070203204845/https://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf as archived from the http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf (PDF).
- Kaspersky Inc. (n.d.). Free Ransomware Decryptors. Retrieved June 28, 2019, from https://noransom.kaspersky.com/
- Kowalczyk, C. (n.d.). Message authentication code (MAC). Retrieved June 28, 2019, from http://www.crypto-it.net/eng/theory/mac.html
- Massachussets Institute of Technology. (2019, January 07). What is Kerberos? Retrieved from Kerberos: The Network Authentication Protocol: https://web.mit.edu/kerberos/#what_is
- National Institute of Standards and Technologies. (2018, April). Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. (E. Barker, L. Chen, A. Roginsky, & A. Vassilev, Eds.) doi:NIST SP 800-56Ar3
- National Institute of Standards and Technology. (2007, November). NIST SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. (M. Dworkin, Ed.) doi:SP 800-38D
- National Institute of Standards and Technology (NIST). (2012, August). SP 800-107 Rev. 1 Recommendation for Applications Using Approved Hash Algorithms. Retrieved June 30, 2019, from https://csrc.nist.gov/publications/detail/sp/800-107/rev-1/final
- National Institute of Standards and Technology. (2016, January). Recommendation for Key Management, Part 1: General. (E. Barker, Ed.) doi:SP 800-57 Part 1 Revision 4
- National Institute of Standards and Technology. (2019, March). Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. (E. Barker, L. Chen, A. Roginsky, & A. Vassilev, Eds.) doi:SP 800-56B Revision 2
- Newman, L. H. (2018, December 10). The Under Armour Hack Was Even Worse Than It Had To Be. Retrieved June 29, 2019, from https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/
- Pickavance, M. (2019, March 28). Best SSL certificate services to buy from in 2019: Get the cheapest price today. Retrieved April 21, 2019, from TechRadar: https://www.techradar.com/news/best-ssl-certificate-provider
- Pornin, D. T. (2013, May 8). Is there any particular reason to use Diffie-Hellman over RSA for key exchange? Retrieved April 5, 2019, from stackexchange.com: https://security.stackexchange.com/questions/35471/is-there-any-particular-reason-to-use-diffie-hellman-over-rsa-for-key-exchange
- Lynn, Ben. Cryptography - Pseudo-Random Permutations. Retrieved June 30, 2019, from https://crypto.stanford.edu/pbc/notes/crypto/prp.html.
- Ramirez, G. (2015, July 28). MD5: The broken algorithm. Retrieved June 28, 2019, from https://blog.avira.com/md5-the-broken-algorithm/
- Tagg, G. (2000). Implementing a Kerberos Single Sign-on Infrastructure. United Kingdom. Retrieved April 13, 2019, from https://pdfs.semanticscholar.org/ee5a/69d86aa2d3d5f1d855c3e36ba778f73a3241.pdf
- Tung, B. (2007, January 2). The Moron's Guide to Kerberos, Version 2.0. Retrieved April 2019, 13, from https://wpollock.com/AUnixSec/MoronsGuideToKerberos.htm
- WolfSSL Inc. (2014, December 19). What is a Block Cipher? Retrieved June 30, 2019, from https://www.wolfssl.com/what-is-a-block-cipher/
Cyber Security Risk Management
- Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, & Department of Commerce. (2016, November 30). Risk Management Framework (RMF) Overview - Risk Management. Retrieved July 26, 2019, from https://csrc.nist.gov/Projects/Risk-Management/rmf-overview
- ISO/IEC. (2018, July 9). ISO/IEC 27005:2018. Retrieved from https://www.iso.org/standard/75281.html?browse=tc
- Joint Task Force. (2011, March 01). Managing Information Security Risk: Organization, Mission, and Information System View. Retrieved July 13, 2019, from https://csrc.nist.gov/publications/detail/sp/800-39/final
- Joint Task Force. (2012, September). Guide for Conducting Risk Assessments, NIST Special Publication 800-30 Revision 1. Retrieved August 11, 2019, from https://doi.org/10.6028/NIST.SP.800-30r1
- Joint Task Force. (2014, December). Assessing Security and Privacy Controls in Federal Information Systems and Organizations, NIST Special Publication 800-53A Revision 4. Retrieved August 10, 2019 from https://doi.org/10.6028/NIST.SP.800-53Ar4.
- Joint Task Force. (2018, December). Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, Special Publication 800-37 Revision 2. Retrieved August 1, 2019, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
- Joint Task Force, & National Institute of Standards and Technology. (2017, August). Initial Public Draft (IPD), Special Publication 800-53 ... Retrieved July 26, 2019, from https://csrc.nist.gov/csrc/media/publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft.pdf
- National Institute of Standards and Technology. (2004, February). FIPS 199, Standards for Security Categorization of Federal ... Retrieved July 22, 2019, from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf
- Stine, K., Kissel, R., Barker, W. C., Fahlsing, J., & Gulick, J. (2008, August). NIST SP 800-60 Volume 1 Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories (United States, National Institute of Standards and Technology, Department of Commerce). Retrieved July 22, 2019, from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf
- Stine, Kevin, Kissel, Richard, Barker, William, L., . . . Jim. (2008, August 01). NIST SP 800-60 Volume 2 Revision 1. Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices. Retrieved July 22, 2019, from https://csrc.nist.gov/publications/detail/sp/800-60/vol-2-rev-1/final
Security Architecture
- 1&1 IONOS Inc. (2017, 09 14). What is a root server? DNS root server definition. Retrieved from Digial Guide powered by 1&1 IONOS Products: https://www.ionos.com/digitalguide/server/know-how/what-is-a-root-server-definition-and-background/
- Enterprise Architecture Center of Excellence. (n.d.). Framework - Enterprise Architecture Center of Excellence. Retrieved June 29, 2019, from https://www.eacoe.org/ea-framework
- ISC. (n.d.). Root Server Technical Operations Assn. Retrieved June 15, 2019, from https://root-servers.org/: https://root-servers.org/
- Merriam-Webster. (2019, May 26). Tradesman | Definition of Tradesman. Retrieved from Merriam-Webster: https://www.merriam-webster.com/dictionary/tradesman
- Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture - A Business-Driven Approach. Boca Raton: CRC Press.
- The Open Group (2008) TOGAF Version 9. Van Haren Publishing, November, 2008.
- TrustRadius. (2019). Intrusion Detection. Retrieved June 28, 2019, from TrustRadius: https://www.trustradius.com/intrusion-detection?o=positive
- Wilson, S. R. (2013). Why Companies Fail with Compliance Initiatives [Video file]. Retrieved May 23, 2019, from https://www.youtube.com/watch?v=RrGamuOHIlU
- Zinatullin, L. (2018, March 11). Leron Zinatullin's Blog. Retrieved May 25, 2019, from SABSA Architecture and Design Case Study: https://zinatullin.com/2018/03/11/how-to-solve-a-business-problem-with-security-using-sabsa/
Operational Policy
- Alotaibi, M., Furnell, S., & Clarke, N. (2016). Information security policies: A review of challenges and influencing factors. 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST). doi:10.1109/icitst.2016.785672
- Bosworth, S., Kabay, M.E., and Whyne, E. (2014). Computer Security Handbook. Hoboken, NJ: John Wiley & Sons.
- Health and Medical Privacy Laws (California Medical Privacy Series). (n.d.). Retrieved March 24, 2018, from https://www.privacyrights.org/consumer-guides/health-and-medical-privacy-laws-california-medical-privacy-series
- Johnson, R. (2015). Security policies and implementation issues. Burlington, MA: Jones & Bartlett Learning.
- Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards. (n.d.). Retrieved March 24, 2018, from https://www.pcisecuritystandards.org
- Privacy/HIPAA. (n.d.). Retrieved March 21, 2018, from https://www.calhospital.org/privacyhipaa
- Stults, G. (2004, May 09). Sarbanes-Oxley - SANS Information Security Training. Retrieved March 24, 2018, from https://www.sans.org/reading-room/whitepapers/legal/overview-sarbanes-oxley-information-security-professional-1426
Management and Cyber Security Operations
- Drucker, P. F. (1985). Management: Tasks, Responsibilities, Practices. New York: Harper Business.
- Federal Trade Commission. (2019, July 24). Equifax Data Breach Settlement. Retrieved July 27, 2019, from https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement
- General Services Administration. (2018). Developing a System Security Plan (SSP). Retrieved July 27, 2019, from https://www.fedramp.gov/developing-a-system-security-plan/
- SANS Inc. (n.d.). SCORE: Checklists & Step-by-Step Guides. Retrieved July 29, 2019, from https://www.sans.org/score/checklists/system-security-plan
- Schwartz, M. J. (2019, May 13). Equifax's Data Breach Costs Hit $1.4 Billion. Retrieved July 27, 2019, from https://www.bankinfosecurity.com/equifaxs-data-breach-costs-hit-14-billion-a-12473
- Touhill, G. J., & Touhill, C. J. (2014). Cybersecurity for Executives: A Practical Guide. John Wiley & Sons.
Secure Software Design and Development
- Axelrod, C. (2012). Engineering safe and secure software systems (1st ed.). Norwood, MA: Artech House.
- Carnegie Mellon University. (n.d.). Software Engineering Institute. Retrieved July 29, 2019, from https://www.sei.cmu.edu/
- National Highway Safety Administration. (2019, June 07). Vehicle Cybersecurity. Retrieved July 29, 2019, from https://www.nhtsa.gov/technology-innovation/vehicle-cybersecurity
- Sanders, J. (2019, February 27). Software vulnerabilities are becoming more numerous, less understood. Retrieved July 28, 2019, from https://www.techrepublic.com/article/software-vulnerabilities-are-becoming-more-numerous-less-understood/
- Sommerville, I. (2015). Software engineering. (10th ed.). Essex, United Kingdom: Pearson.
Network Visualization and Vulnerability Detection
- Offensive Security Inc. “Our Most Advanced Penetration Testing Distribution, Ever.” Kali Linux, n.d. https://www.kali.org/.
- Nmap.org. Nmap. Retrieved from https://nmap.org/
- Wireshark Foundation. Download. Retrieved from https://www.wireshark.org/
- Security Onion Solutions, LLC. Security Onion. Retrieved from https://securityonion.net/
- Greenbone Networks GmbH. Open Vulnerability Assessment Scanner. Retrieved from http://www.openvas.org/
Cyber Threat Intelligence
- Anti-Phishing Working Group. (2018, December 11). Phishing Trends. Retrieved February 17, 2019, from Anti-Phishing Working Group, Inc.: http://docs.apwg.org/reports/apwg_trends_report_q3_2018.pdf
- Berg, S. (2018, December 3). Contractor's Are a Bulls-Eye for Hackers. Retrieved February 16, 2019, from SIGNAL Media: https://www.afcea.org/content/contractors-are-bulls-eye-hackers
- Carnaghan, I. (. (2018, March 17). United States Defense Contractors and Cybersecurity Challenges. Retrieved February 16, 2019, from Ian Carnaghan: https://www.carnaghan.com/united-states-defense-contractors-and-cybersecurity-challenges/
- Korolov, M. (.-p. (2019, January 25). What is a supply chain attack? Why you should be wary of third-party providers. Retrieved February 17, 2019, from CSO Online: https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-chain-attack-why-you-should-be-wary-of
- Lucas, R. (2018, December 20). Justice Department Charges Chinese Hackers In Bid To Curtail Cyber-Theft. Retrieved from https://www.npr.org/2018/12/20/678587956/justice-department-charges-chinese-hackers-in-bid-to-curtail-cyber-theft
- Olivia, B. (2018, April 13). Defense contractors face more aggressive ransomware attacks. Retrieved February 16, 2019, from The Hill: https://thehill.com/policy/cybersecurity/382904-defense-contractors-face-more-aggressive-ransomware-attacks
- Threat Modeler Inc. (2018, December 13). Threat Modeling Methodology | OCTAVE, STRIDE, PASTA, Trike, VAST. Retrieved February 16, 2019, from ThreatModeler Inc.: https://threatmoderler.com/2018/09/15/threat-modeling-methodology/
Incident Response and Computer Network Forensics
- Infosec Institute. (2016, October 04). Forensics Investigation of Document Exfiltration involving Spear Phishing: The M57 Jean Case. Retrieved December 7, 2018, from https://resources.infosecinstitute.com/forensics-investigation-document-exfiltration-involving-spear-phishing-m57-jean-case/ Courtesy of Dr. Simson Garfinkel
- Mediatemplate.net. (n.d.). Understanding an email header. Retrieved December 10, 2018, from https://mediatemple.net/community/products/dv/204643950/understanding-an-email-header
- Microsoft Support. (n.d.). Find and transfer Outlook data files from one computer to another. Retrieved December 10, 2018, from https://support.office.com/en-us/article/find-and-transfer-outlook-data-files-from-one-computer-to-another-0996ece3-57c6-49bc-977b-0d1892e2aacc
- Repa, B. K. (2012, March 28). Employer Searches and Seizures: What Are Your Rights? Retrieved December 7, 2018, from https://www.nolo.com/legal-encyclopedia/free-books/employee-rights-book/chapter5-5.html