| Link | Description |
|---|---|
| Accidental CISO | Accidental CISO blog and website |
| Last Week as a vCISO | Last week as a VCISO - insights on building a vCISO business |
| CISO Portal | CISO Portal - all things CISO |
| CISOTradeCraft/CISO Role | CISOTradecraft's Github repository on the role of the CISO |
| Interactive Verizon Data Breach Investigations Report | Interactive page on Verizon Data Breach Investigations |
| CISA All Resources & Tools | Resources and Tools from US Government agency, CISA |
| Board of Directors Insights Hub - Google Cloud | Google Cloud's board of directors insights hub |
| Introducing How to CISO, Volume 1: The First 91 Days | Orca Security blog on the first ~90 days as a CISO |
| Security Certification Roadmap | Paul Jerimy's map of Security Certifications |
| Awesome Annual Security Reports | A curated list of annual cybersecurity reports that get released to the industry. Find them all in once place here |
| Link | Description |
|---|---|
| Threat modeling Manifesto | The guide to the core tenets of Threat Modeling. |
| Link | Description |
|---|---|
| Cover Your Tracks: EFF | EFF's Cover Your Tracks resource webpage |
| Qualys Browser Check | Qualys browser check |
| Privacy.net Analyzer | Privacy.net analyzer to see what data is exposed from browser |
| AmIUnique.org | Examine Browser footprint and online presence |
| Cloudflare Browser Security Check | Cloudflare browser security check tool |
| Link | Description |
|---|---|
| Terms of Service TL;DR | Terms of Service, Didn't Read - for covering the terms of service from various platforms when they're too long to read |
| Email Spoof Test | Publicly available online tool to test email spoof capabilities |
| Online Visual Traceroute | visualize a traceroute command |
| Isitdown.us | check if a website or service is actually down |
| Link | Description |
|---|---|
| MLSecOps | MLSecOps podcast |
| Darknet Diaries | Covers a wide range of hacking and information security stories from real threat actors, defenders, criminals, and other security figures |
| CISO Tradecraft | CISO Tradecraft podcast |
| The Cybersecurity Defenders Podcast | Cybersecurity Defenders podcast, often focuses on defense |
| Link | Description |
|---|---|
| FBI Field Offices | Field offices for the Federal Bureau of Investigation (FBI) |
| U.S. DOJ Computer Crime and Intellectual Property (CCIPS) | U.S. Department of Justice Computer Crime and Intellectual Property division/site |
| CISA Joint Ransomware Task Force | Task force for Ransomware from CISA |
| United States CSIRTs List | List of vendor and government CSIRTs in the United States |
| FIRST Incident Response Teams List (Global) | List of contact information for teams participating in FIRST, the Forum of Incident Response and Security Teams |
| CSIRT Americas | Network of Government Cyber Incident Response Teams (CSIRT) of the Member States of the Organization of American States (OAS) |
| Data Breach Notification Laws By State - IT Governance | Laws broken down by state for Data Breach Notifications |
| Link | Description |
|---|---|
| Brutalist Report - The Day's Headlines | News aggregator for major news and tech outlets. Quite concise. |
| All Infosec News | All Infosec News Website |
| Security News and Views for the World - The Register | The Register, information source on Security News |
| Threatpost - the first stop for security news | Threatpost Security News |
| Link | Description |
|---|---|
| Security Strategy Recommendations for SMBs, Education and Government Entities: Mike Manrod | Overview of security strategies for Small + Medium Businesses from Mike Manrod |
| IRISSCon 2018: The Evolving Role of The CISO - Jacky Fox | Talk on changing role of the CISO from IRISSCon 2018 |
| Cyber Insurance 101 for CISOs | Discussion on Cyber Insurance for CISOs |
| KringleCon 2021: A CISO's Best Friend: The Pentester!!?! - Sean Atkinson & Chris Elgee | Talk from KringleCon on the relationship between a CISO and Pentester(s) |
| RSA 2023: A CISO's Best Friend: The Pentester (extended) | Extended version of the CISO/Penetration Tester talk from Sean Atkinson & Chris Elgee |
| Kate Mullin: Social Engineering from a CISO's Perspective, Layer 8 Conference | Layer 8 Conference talk on Social Engineering from the perspective of a CISO |
| Cyber Risk at the Board Level: A CISO's Guide with NACD's Chris Hetner | Chris Hetner dives deep into discussing cyber risk, and the what that conversation looks like at the board-level |
| GRIMMCon 0x2 - Closing CISO Panel with Shawn M Bowen, Brett Conlon, Matt Conner, and Brian M DeMuth | a CISO panel from GRIMMCon |
| Deputy CISO Secrets: What They Really Look for in New Cyber Talen | Podcast with Kevin Tooker discussing sourcing new talent and role as a Deputy CISO; insights |
| CC13 (Cactus Con): CISO Village - Keynote with Ashley Devoto | Cactus Con 13 Keynote from the CISO Village |
| CC13: CISO Village - "Identifying and Navigating the Risks of Executive Debt" | CISO Village Cactus Con talk on Executive Debt |
| CC13: CISO Village - "Making It Click - How To Build an Effective Security Strategy" | CISO Village discussing the nuances of executive debt vs. technical debt, eliminiation of executive debt, etc. |
| CC13: CISO Village - "How I Quit Worrying About an Incident and Learned to Become a CISO" | Preston Callos reveals a playbook that moves one from "incident firefighter" to trusted security leader |
| CC13: CISO Village - "Vendor Reveal Party | Flipping perspectives so CISOs and vendors can finally speak the same language; workshop to build vendor partnerships and cut procurement friction |
| CC13: CISO Village - Panel Discussion | Four frontline CISOs trade “worst-day” breach stories, debate AI fraud, and share practical ways to turn burned-out employees into your first line of defense |
| CC13: CISO Village - "Cybersecurity Leadership Accelerator: Your First 100 Days as CISO" | Move from “new hire” to trusted security leader in 100 days—get the step-by-step game plan, communication templates, and quick-win checklist straight from two battle-tested CISOs |
| cc13: ciso village - "fortifying the future: essential cyber insurance strategies for cisos" | Learn exactly how to read, negotiate, and use a cyber-insurance policy before breach-day panic sets in |
| Link | Description |
|---|---|
| US Data Breach Law Interactive map - Baker Law | An interactive map of US Data Breach Laws |
| AI Incident Database | Database from the last few years of AI-related incidents. |
| Cyber Loss Data Types | A Visual overview of Cyber Risk Loss Types |
| Reasonable IR Team Expectations - Leslie Carhartt blog | Blog article from industry leader Leslie Carhartt on concrete expectations from a mature Incident Response team: What should the company be able to provide and deliver? |
| Orange Cyber Defense | Europe-based firm that conducts threat research and intelligence. May contain helpful directions or resources. |
| Responding in the 'Golden Hour' of a Cyber Attack - SecurityInfoWatch.com | Article on improving time to detection during incidents |
| Breaches.cloud - documenting cloud breaches | This site is a compendium of information related to security incidents and breaches with customers operating in the major cloud providers. It is intended to help cloud security practitioners articulate the risks of specific cloud security mistakes and to help them inform their respective leadership, development, and operations teams. Our goal is to provide the security community a go-to place for identifying real-world examples of how cloud security misconfigurations have impacted real customers. |
| Link | Description |
|---|---|
| CVE.org | Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. |
| CVE - Vulnerability Management | Historical database of vulnerabilities. |
| National Vulnerability Database Home | The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). |
| Cloud Security Atlas | Datadog Cloud Security Atlas is a risk register for Threats and Vulnerabilities. This database gives you the ability to search and filter on your cloud provider platform, risk type, and sort by impact, exploitability, and recency. |
| Link | Description |
|---|---|
| The Immutable Laws of Security | Microsoft Documentation Link to the Immutable Laws of Security |
| Search - Cyentia Cybersecurity Research Library | Cyentia Cybersecurity Research Library's Search Page. |
| SAFECode | Courses link for SAFECode initiative |
| OWASP | Authority, OWASP, with many projects and publications around Web Application Security |
| Pbom.dev | Open-source framework for releasing secure projects. |
| Software Bill of Materials (SBOM) - CISA | A nested inventory, a list of ingredients that make up software components, page from CISA. |
| ENISA - Good Practices for Supply Chain Cybersecurity | The report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organisations in the EU. |
| Security Score Cards | Build better security habits,one test at a time. Quickly assess open source projects for risky practices |
| Boostsecurity.io | Service provider for Actionable Security Automation |
| Continuous Cloud Audit Metrics Catalog | Catalog from the Cloud Security Alliance of metrics. |
| Cloud Security Alliance (CSA) Metrics | A list of metrics and overview from Cloud Security Alliance. |
| Securing your Open Source Dependencies (Google PDF) | A PDF from Google on 5 practical steps to securing open-source dependencies. |
| Supply-chain Levels for Software Artifacts (SLSA) | Security Framework to prevent tampering, improve integrity, and secure packages and infrastructure in your projects. |
| Link | Description |
|---|---|
| Tony Martin-Vegue | Fascinating blog and thoughts on the economics of security. |
| Cyber Economics | Advisors to the Cyber Insurance market, with several resources including research. |
| The Society for Risk Analysis | The Society for Risk Analysis is a multidisciplinary, interdisciplinary, scholarly, international society that provides an open forum for all those who are interested in risk analysis. |
| OWASP RISK CALCULATOR | This Risk Rating Calculator is based on OWASP's Risk Rating Methodology. |
| Cyber Exposure Index | The Cyber Exposure Index (CEI) is powerful data for investors and risk management professionals. It is a measure of externally observable cyber exposure of publicly traded companies. |
| GRC Lab (Content from Aron Lange) | Information on GRC, overviews of Information Security, and others |
| The Duckbill Group | Information and consultancy on AWS Strategies and risk mitigation |
| Building a Cyber Risk Management Program | O'Reilly - building a cyber risk management program info. |
| Building a Cyber Risk Management Prgram (PDF) | PDF of "Building a Cyber Risk Management Program |
| Centre for Risk Studies (Cambridge) | Cambridge's center for studying risk. |
| Link | Description |
|---|---|
| AI Risk Management Framework | NIST's AI Risk Management Framework |
| NISTIR 8286, Integrating Cybersecurity and Risk Management (ERM) | NIST Publication on Enterprise Risk Management |
| Identity & Access Management | NIST's page on Identity and Access Management (IAM) |
| Search - CSRC | Search on NIST's publications for CSRC |
| NCCoE: NIST National Cybersecurity Center of Excellence | National Cybersecurity Center of Excellence link from NIST |
| National Online Informative References Program | NIST Project for National Online Informative References |
| Link | Description |
|---|---|
| MITRE Assistant | MITRE Assistant |
| MITRE ATT&CK | MITRE ATT&CK |
| MITRE ATT&CK® Navigator | MITRE ATT&CK® Navigator |
| nist800-53-r5 overview in Navigator | Overview of NIST 800-53 in MITRE Navigator |
| MITRE D3FEND™ | MITRE D3FEND™ framework |
| MITRE Caldera™ | MITRE Caldera Adversary Emulation Platform |
| Insider Threat Types | Top types of insider threats according to MITRE research |
| Top ATT&CK Techniques | The top ATT&CK Techniques, documented by MITRE |
| MITRE ATT&CK® Evaluations | ATT&CK® Evaluations' mission is to bridge the gap between the security solution providers and their users/customers by enabling users to better understand and defend against known adversary behaviors through a transparent evaluation process and publicly available results |
| Operationalizing MITRE ATT&CK - Infosec Writeups | Infosec Writeups Medium blog on operationlizing the ATT&CK Framework |
| MITRE’s Innovation Toolkit (ITK) | Collection of proven and repeatable problem-solving methods to help you and your team do something different that makes a difference |
| Space Attack Research and Tactic Analysis (SPARTA) matrix | SPARTA is intended to provide unclassified information to space professionals about how spacecraft may be compromised via cyber and traditional counterspace means |
| MITRE Engage - Adversary Engagement Operations Framework | Framework for planning and discussing adversary engagement operations |
| Link | Description |
|---|---|
| Cyber Incident Response Team Playbook Battle Cards | Battle Cards for Incident Response Teams playbooks |
| Playbooks - Awesome Incident Response | Playbooks section in the Awesome Incident Response Github Repository |
| Incident Response Playbooks: Steps for Minimizing Damage | Self help guides for common incidents from FRSecure |
| docs.velociraptor.app | Documentation link for Velociraptor Endpoint visibility and collection tool |
| CISCO TALOS Intelligence Center | Cisco's Talos intelligence center, searchable intelligence and advanced threat research from Talos |
| Ransomware.live | Sponsored by Hudson Rock, database of incidents, ransom negotiations, TTPs, YARA Rules, and more! |
| RansomWatch | Ransom group statistics and index of ransomware groups |
| Ransom Wiki | Check if your company or partner appears in a claimed* ransom attack breach |
| APTMap | Semi-accurate map based on data sources such as MISP, MITRE, and others displaying an attempted map of Advanced Persistent Threats (ATPs) |
| Map of Ransomware Attacks - Worldwide | Map of Confirmed Ransomware Attacks from 2018 to Present from Comparitech |
| Link | Description |
|---|---|
| Health Information Privacy | U.S. Department of Health and Human Services (HHS) information on Health Information Privacy |
| HIPAA Security Rule | Information on HIPAA Security rule (SP 800-66 Revision 1) |
| Healthcare Cyber Resilience HHS 405(d) | |
| The NIST Cybersecurity Framework and the FTC | Learn how the NIST Cybersecurity Framework aligns with the FTC's work on data security |
| General Data Protection Regulation (GDPR) Information | Official PDF link to GDPR and furher information from intersoft consulting |
| Digital Operational Resilience Act (DORA) - Updates, Compliance | Digital Operational Resilience Act (Regulation (EU) 2022/2554), known as DORA, addresses a gap in EU financial regulation |
| PCI Security Standards Council (PCI SSC) | A global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide |
| FDIC: Cybersecurity Resources Page | FDIC's Cybersecurity Resources Page containing links and bookmark-able websites |
| Enhancing Healthcare Security: New Guidance from CISA | CISA guidance blog for common vulnerabilities across the Healthcare and Public Health (HPH) Sector |
| Mitigation Guide: Healthcare and Public Health (HPH) Sector - CISA PDF | Official PDF link to CISA's HPH Mitigation guide |
| OIG General Compliance Program Guidance blog from Akerman Insights | Ackerman Insights on the latest Developments in Healthcare Law - guidance on reading the Office of Inspector General (OIG) guidance on Compliance Programs |
| Link | Description |
|---|---|
| cmd.ms: The Microsoft Command Line! | Use the power of your browser's address bar to quickly get to your favorite blade in Azure, Microsoft 365, Entra ID, Intune... |
| MSPortals.io | A comprehensive directory of all Microsoft Portals in one place |
| M365maps.com - Microsoft 365 Licensing Maps | Compare all the licensing tiers and visualize what each Microsoft level has access to |
| Overview of Microsoft Billing | Overview on Microsoft Billing structure |
| Microsoft Security Hub | Microsoft's hub for security |
| Azure Governance Documentation | Governance documentation for Azure platform |
| Identity and Access Management Documentation | Documentation for Identity and Access Management Tehcnologies |
| Office 365 for IT Pros | The ultimate guide to mastering Microsoft 365 |
| DirTeam | The Active Directory community is proud to present you with the DirTeam.com and ActiveDir.org Weblogs: A collection of weblogs written by a team of dedicated IT Professionals |
| Entra.news | News and updates, podcasts on the Entra platform |
| Activedirectorypro.com | Streamline Active Directory Management - helpful blog articles, too |
| ThatLazyAdmin | Real-world fixes and powerful scripts for fellow admins |
| LazyWinAdmin | Francois-Xavier Cat blog on solving technical problems through automation and sharing Microsoft knowledge |
| Link | Description |
|---|---|
| EndofLife.Date | Easily see an overview of when software has an expected end-of-life or support end date |
| Link | Description |
|---|---|
| ACTRA - Automated Cyber Threat Response & Analysis | ACTRA provides automated cyber threat intelligence sharing and response capabilities for organizations |
| National Credit Union ISAO - NCU-ISAO | a strategic collaborative partnership established the National Credit Union Information Sharing & Analysis Organization (NCU-ISAO) - See RESOURCE LINKS section on website |
| Health-ISAC - Collaborating for Resiliance in Health | Health-ISAC empowers health sector organizations to prevent, detect, and respond to cyber and physical security events |
| Link | Description |
|---|---|
| Security Operations Maturity Model(SOC-CMM) | The SOC-CMM was created using a Design Science Research approach in which a scientific approach is combined with practical testing and experiences to create a usable artifact, in this case the maturity assessment tool |
| Software Assurance Maturity Model (SAMM) | The mission of OWASP SAMM is to be the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture |
| Security Awareness Maturity Model | Established in 2011 through a coordinated effort by over 200 security awareness officers |
| Security Culture Maturity Model | The Security Culture Maturity Model created by KnowBe4 is an evidence-driven framework for understanding and benchmarking the current security-related maturity of an organization, industry vertical, region, or any measurable group |
| AWS Security Maturity Model | The AWS Security Maturity Model is a set of guidance and documentation from AWS, intended to help an organization assess their security maturity, shape their cloud security strategy, and to prioritise future work accordingly |
| Threat Hunting Maturity Model | Threat Hunting Maturity Model is a five-level evaluation system of how efficient an organization is in terms of cyber hunting |
| Cyber Threat Intelligence Capability Maturity Model(CTI-CMM) | The CTI-CMM is a community-developed framework to help Cyber Threat Intelligence teams assess and improve their support for internal stakeholders. It defines 11 domains tied to typical stakeholder functions and maps specific CTI practices to levels of maturity |
| Vendor Risk Management Maturity Model (VRMMM) | ) - The VRMMM evaluates third-party risk programs against a set of comprehensive best practices and industry benchmarks. The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices |
| Enterprise Browser Security Maturity Model (LayerX) | The Browser Security Maturity Model by LayerX provides a structured, three-stage approach to securing the enterprise web browser as a critical risk surface in the SaaS, BYOD, and GenAI era |
| OWASP DevSecOps Maturity Model (DSOMM) | The DevSecOps Maturity Model, which is presented in the talk, shows security measures which are applied when using DevOps strategies and how these can be prioritized |
| SOAR Maturity Model | As security orchestration, automation and response (SOAR) adoption continues at a rapid pace, security operations teams have a greater need for a structured planning approach |
| Consumer Authentication Strength Maturoity Model (CASMM) | An easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? |
| Zero-trust Maturity Model | CISA’s Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture. The goal of the maturity model is to assist agencies in the development of their zero trust strategies and implementation plans and present ways in which various CISA services can support zero trust solutions across agencies |
| Red Team Maturity Model | A model to reference when gauging Red Team maturity, as well as set goals and provide guidance when building internal Red Teams |
| Cybersecurity Capability Maturity Model (C2M2) | You can use the C2M2 to consistently measure cybersecurity capabilities over time, identify target maturity levels based on risk, and prioritize the actions and investments |
| Vulnerability Management Maturity Model | The SANS Vulnerability Management Maturity Model helps you gauge the effectiveness of your Vulnerability Management program |
| IoT Security Maturity Model | The goal of a Security Maturity Model (SMM) is to provide a path for Internet of Things (IoT) providers to know where they need to be and how to invest in security mechanisms that meet their requirements without over-investing in unnecessary security mechanisms |
| ENISA Computer Security Incident Response Teams (CSIRT) Maturity Framework | The ENISA CSIRT Maturity Framework is intended to contribute to the enhancement of the global capacity to manage cyber incidents, with a focus on CSIRTs |
| API Security Model | Inspired by the Richardson Maturity Model, which outlines increasing degrees of web service development maturity, the API Security Maturity Model reframes the model within the context of security. Within this model, security and trust are improved the higher up you go |
| Building Security in Maturity Model (BSIMM) | BSIMM helps organizations plan, implement, and measure their software security initiatives |
| Container Security Model | This maturity model can help organizations understand and successfully meet the security challenges that go along with adopting and expanding containerized applications |
| Privileged Access Management Maturity Model | The Delinea Privileged Access Management (PAM) Maturity Model is a framework to help you systematically lower privileged access risk, increase business agility, and improve operational efficiency |
| Infrastructure as Code Maturity Model | Although infrastructure as code is not explicitly called out as a practice in the Continuous Delivery Maturity Model, many of it’s best practices can be found in the maturity model |
| Essential Eight Maturity Model | The Essential Eight are designed to protect Microsoft Windows-based internet-connected networks. While the Essential Eight may be applied to cloud services and enterprise mobility, or other operating systems, it was not primarily designed for such purposes and alternative mitigation strategies may be more appropriate to mitigate unique cyber threats to these environments |
| Cloud Forensics Capability Maturity Model (CMM) | CMM can be used by both cloud consumers and Cloud Service Providers (CSPs) in assessing their process maturity for conducting digital forensic investigations in the cloud environment. Five maturity levels were given, with an attempt to map classic digital forensics to the cloud environment |
| Threat Model Maturity Model | This framework attempts to be a prescriptive target for designing a specific strategy to successfully threat model |
| Insider Threat Program Maturity Model | The Insider Threat Program Maturity Model created to help security professionals assess their organization’s ability to monitor for, detect, and respond to insider threats. By using a maturity model for reference, organizations can see where their program needs improvement, working towards an Optimized level of maturity |
| Security Maturity Model | This model is designed to help organizations grow and mature their security capabilities related to people, processes and technology. The goal is to help you better understand the reality of where your organization stands today and the steps you should take to level up. A step-by-step guide for CISOs to build alignment, reduce risk and deliver business value. CISOs can no longer focus strictly on developing technical capabilities and protecting their organizations. Executives and boards are looking to CISOs to make investments that drive growth with a holistic security framework. No security program can fully eliminate risk or human error, but a mature approach to cybersecurity can mitigate the risks that pose the most danger to organizational objectives and success. |
| Product Security Incident Response Team (PSIRT) Maturity Model | A PSIRT is an entity within an organization which, at its core, focuses on the identification, assessment, and disposition of the risks associated with security vulnerabilities within the products, including offerings, solutions, components, and/or services which an organization produces and/or sells. PRIST supports Identifying metrics for evaluating performance and/or effectiveness to identify improvements. PSIRT services framework helps to assess or evaluate how well a PSIRT is operating, and to identify potential areas for improvement. The PSIRT will be able to measure its performance and understand areas where improvement is desired. |