Cybersecurity
Resources

The gold standard for enterprise cyber risk management. CSF 2.0 adds a "Govern" function covering organizational context, roles, and supply chain risk. Essential for incident response and compliance alignment.

Updated incident response guide covering preparation, detection, containment, eradication, and post-incident activity. Revised to align with CSF 2.0 and cloud environments. The definitive federal IR standard.

Globally recognized adversary tactics, techniques, and procedures (TTPs) knowledge base. Used for threat modeling, detection engineering, red/blue team exercises, and SOC playbook development.

18 prioritized security controls mapped to common attack patterns. Provides a practical implementation roadmap for organizations of any size, with Implementation Groups (IG1–IG3) for maturity tiering.

Official guidance on the Cyber Incident Reporting for Critical Infrastructure Act. Outlines 72-hour incident reporting and 24-hour ransomware payment reporting obligations for covered entities.

The most critical web application security risks, maintained by OWASP. Covers injection, broken access control, cryptographic failures, and more. Essential for AppSec reviews and developer security training.

International standard for Information Security Management Systems (ISMS). Key for enterprise clients seeking formal certification. Free overview and Annex A control summary available; full standard is paid.

Complements ATT&CK by mapping defensive techniques to adversary techniques. Ideal for building detection and response playbooks aligned to specific attacker TTPs used in the wild.

Open-source SIEM, XDR, and CSPM platform. Provides log analysis, intrusion detection, vulnerability detection, file integrity monitoring, and compliance reporting (PCI DSS, HIPAA, GDPR).

Scalable, open-source Security Incident Response Platform (SIRP). Enables SOC teams to manage cases, tasks, observables, and TTPs. Integrates with MISP, Cortex, and major SIEM tools.

Open-source threat intelligence platform for sharing, storing, and correlating IoCs. Used by national CERTs, ISACs, and enterprises. Supports STIX, TAXII, and integrates with TheHive and Elastic SIEM.

Open-source cyber threat intelligence platform built on STIX2. Allows organizations to manage, visualize, and operationalize threat intelligence. Developed by ANSSI and Luatix.

Free-tier SIEM built on the Elastic Stack. Provides detection rules, ML-based anomaly detection, and MITRE ATT&CK-mapped alerts. Excellent KQL query support. Self-hosted is free; cloud managed adds cost.

Industry-standard network scanner for host discovery, port scanning, OS fingerprinting, and vulnerability detection via NSE scripts. Essential for asset inventory, pentest reconnaissance, and perimeter audits.

The most widely used network protocol analyzer. Captures and inspects packets in real time. Critical for network forensics, malware traffic analysis, and protocol debugging during incident response.

CISA's Known Exploited Vulnerabilities catalog — the authoritative list of CVEs actively exploited in the wild. Required patching reference for federal agencies; critical prioritization tool for all security teams.

The world's most widely used penetration testing framework. Contains hundreds of exploits, payloads, and auxiliary modules. Used for vulnerability validation, red team operations, and security assessments.

Full-featured open-source vulnerability scanner covering 50,000+ CVEs using the Greenbone Community Feed. Ideal for internal vulnerability management programs without Tenable/Qualys licensing costs.

Cloud-native SIEM and SOAR from Microsoft. Tight integration with Microsoft 365, Defender, and Entra ID. Pay-per-GB ingestion model. Includes built-in UEBA, MITRE mapping, and KQL-based detection rules.

Industry-leading SIEM with powerful SPL query language, extensive integrations, and a massive app ecosystem. Widely used in large MSSPs and enterprises. Notable for threat hunting and risk-based alerting.

Leading vulnerability management platform. Nessus Professional for individual assessors; Tenable.io for enterprise VM programs. Nessus Essentials is free for up to 16 IPs — a good entry point.

AI-powered threat intelligence platform aggregating data from open, dark, and technical web sources. Provides real-time alerts, actor tracking, and vulnerability intelligence. Free community edition available.

Enterprise SOAR platform with 900+ integrations, automated playbooks, and case management. Enables MSSPs to standardize and automate multi-client IR workflows with role-based access and multi-tenancy support.

Aggregates results from 70+ antivirus engines and URL/domain scanners. Free for manual lookups; paid API for automated enrichment in SOAR playbooks. Invaluable for IoC triage and malware analysis.

Premier cybersecurity training organization offering 60+ courses and GIAC certifications (GSEC, GCIH, GCIA, etc.). Covers incident response, forensics, cloud security, and red team ops. Industry gold standard for practitioners.

Browser-based, gamified cybersecurity learning with guided paths for SOC analysts, pentesters, and cloud security. Free tier available; premium unlocks all rooms. Great for onboarding junior analysts.

Advanced hands-on hacking labs and CTF challenges. Includes blue team labs (Sherlocks) and enterprise training tracks. Preferred by experienced security professionals for sharpening offensive and defensive skills.

CISA offers dozens of free online and ILT courses covering ICS/SCADA security, cybersecurity essentials, incident management, and workforce development — open to public and private sector employees.

Home of the CISSP — the most recognized cybersecurity management certification globally. CCSP focuses on cloud security. Also offers Certified in Cybersecurity (CC) for free as a career entry credential.

On-demand cybersecurity learning mapped to the NICE framework, MITRE ATT&CK, and major cert paths (CompTIA, CEH, OSCP). Free tier covers foundational content; Insider Pro unlocks advanced labs.

Creators of Kali Linux and the OSCP certification. Offers hands-on penetration testing courses including PEN-200 (OSCP), WEB-300, and EXP-301. OSCP remains the most respected practical pentesting credential.

Free learning paths covering Sentinel, Defender, Entra ID, Purview, and SC-200/SC-300 cert prep. Directly applicable for organizations on the Microsoft security stack. Sandbox labs included at no cost.

Official IR playbooks for ransomware and phishing — including detection checklists, containment procedures, and evidence preservation steps. Designed for federal agencies but applicable to all organizations.

Community-maintained IR plan templates, communication templates, and runbooks. Covers initial triage, stakeholder notifications, chain of custody, and lessons-learned formats.

Library of 27+ free, downloadable security policy templates from SANS — covering acceptable use, password policy, email security, remote access, disaster recovery, and more. Ready to adapt for client deployments.

The full SP 800-53 Rev 5 control catalog as a downloadable spreadsheet. Useful for gap assessments, compliance mapping, and building control implementation matrices. Covers 20 control families.

Web-based tool for annotating and visualizing ATT&CK matrices. Useful for building coverage heat maps, presenting detection gaps to clients, and documenting threat actor TTPs during incident response.

Curated GitHub repository of IR tools, frameworks, checklists, disk imaging tools, memory forensics utilities, and artifact collection scripts. Community-maintained and frequently updated.

Official CISA alerts, advisories, and ICS-CERT notices covering active vulnerabilities, nation-state activity, and critical infrastructure threats. Subscribe for real-time threat notifications from the federal government.

Search engine for internet-connected devices. Used for external attack surface discovery, identifying exposed services, and asset exposure tracking. Free searches available; paid API for bulk queries and alerting.

Breach notification service indexing billions of compromised credentials. Free for individual lookups; paid API for organizational domain monitoring. Useful for breach exposure checks and credential hygiene assessments.

NIST's authoritative repository of CVE vulnerability data enriched with CVSS scores, CPE data, and CWE mappings. Free JSON/API access for automated ingestion into vulnerability management and detection systems.

Google/Mandiant provides free access to threat actor profiles, malware family reports, and select intelligence reports. The Advantage free tier includes limited IoC lookups and actor tracking.

One of the most widely read cybersecurity news sites. Covers vulnerability disclosures, breach news, threat actor activity, and security research. Daily newsletter available for keeping teams current on threats.

Brian Krebs's independent investigative security journalism covering cybercrime, data breaches, and the underground economy. One of the most trusted sources for in-depth analysis of major security incidents.

Daily threat diaries, handler-written analysis, and a free threat level dashboard. Ideal for SOC morning briefs. Covers emerging attack patterns, suspicious IPs, and vulnerability exploitation trends.

Global forum connecting CSIRTs and PSIRTs across 100+ countries. Provides CVSSv4 calculator, TLPWHITE shared resources, and coordination frameworks for national and organizational incident response teams.

Active security communities on Reddit. r/netsec is strictly moderated for high-quality technical content; r/cybersecurity covers broader industry topics and career discussion. Good for staying current and Q&A.