Resources
A curated collection of tools, sites, and reading I actually use and recommend. Updated regularly.
Security Tools for Everyday People
Tools anyone can use, no technical background required.
Password Management
- Bitwarden (bitwarden.com) — Free, open source, and the best password manager available. Use it. No excuses.
- 1Password (1password.com) — Premium option, excellent for families and teams.
Two-Factor Authentication
- Authy (authy.com) — Free app for two-factor authentication. More secure than SMS codes.
- Google Authenticator (available on iOS and Android) — Simple and widely supported.
Secure Browsing
- Brave Browser (brave.com) — Free, privacy-focused browser that blocks ads and trackers by default.
- uBlock Origin (ublockorigin.com) — Free browser extension. The best ad and tracker blocker available.
- Privacy Badger (privacybadger.org) — Free EFF tool that learns to block invisible trackers.
VPNs
- Mullvad (mullvad.net) — No logs, no accounts, privacy-first. ~$5/month.
- ProtonVPN (protonvpn.com) — Strong free tier, Swiss-based, open source. Excellent reputation.
Email Privacy
- ProtonMail (proton.me) — Free encrypted email. Based in Switzerland.
- SimpleLogin (simplelogin.io) — Free email alias service. Never give out your real email again.
Data Breach Monitoring
- Have I Been Pwned (haveibeenpwned.com) — Free. Check if your email has appeared in a known data breach. Set up alerts.
- Firefox Monitor (monitor.firefox.com) — Free breach monitoring connected to your email.
🧠 Stay Informed — Threat Intel Sources
Where security professionals actually go to stay current.
News and Reporting
- Krebs on Security (krebsonsecurity.com) — Brian Krebs. The gold standard in investigative cybersecurity journalism.
- The Hacker News (thehackernews.com) — Daily threat news, updated constantly.
- Bleeping Computer (bleepingcomputer.com) — Excellent breach and malware coverage. Very reliable.
- Dark Reading (darkreading.com) — Enterprise-focused security news.
- Wired Security (wired.com/category/security) — Long-form reporting on security and privacy.
Threat Intelligence
- CISA Alerts (cisa.gov/news-events/cybersecurity-advisories) — Official US government threat advisories. Free.
- MITRE ATT&CK (attack.mitre.org) — The definitive knowledge base of adversary tactics and techniques.
- CVE Database (cve.org) — Official database of publicly known cybersecurity vulnerabilities.
- Shodan (shodan.io) — Search engine for internet-connected devices. Eye-opening.
Newsletters Worth Reading
- SANS NewsBites (sans.org/newsletters/newsbites) — Free twice-weekly security news digest.
- Risky Business (risky.biz) — Weekly security news and interviews. Essential listening.
- tl;dr sec (tldrsec.com) — Curated security links for practitioners. Free weekly.
Learn Cybersecurity
Whether you're starting from zero or leveling up.
Free Learning Platforms
- Cybrary (cybrary.it) — Free and paid cybersecurity courses. Strong fundamentals content.
- TryHackMe (tryhackme.com) — Hands-on learning through guided labs. Great for beginners.
- Hack The Box (hackthebox.com) — More advanced hands-on hacking practice.
- SANS Cyber Aces (cyberaces.org) — Completely free foundational security courses from SANS.
Certifications to Know About
- CompTIA Security+ — Entry-level, vendor-neutral, widely recognized. Good starting point.
- CISSP (ISC2) — The gold standard for senior security professionals.
- CEH — Certified Ethical Hacker. Practical penetration testing knowledge.
- CISM (ISACA) — Management-focused. Strong for those moving toward leadership roles.
YouTube Channels
- NetworkChuck — Approachable, high-energy security and networking content.
- John Hammond — Malware analysis, CTF walkthroughs, threat research.
- David Bombal — Networking and ethical hacking tutorials.
- SANS Institute (youtube.com/@SANSInstitute) — Webinars, talks, and training content.
Recommended Reading
Books that shaped how I think about security, leadership, and risk.
Security and Technology
- The Art of Invisibility — Kevin Mitnick. Practical privacy for everyday people. Highly accessible.
- Sandworm — Andy Greenberg. The definitive account of Russian state-sponsored cyberattacks. Gripping.
- Countdown to Zero Day — Kim Zetter. The story of Stuxnet. Essential reading for anyone in cyber.
- Ghost in the Wires — Kevin Mitnick. His own story as the world's most wanted hacker.
- Hacking: The Art of Exploitation — Jon Erickson. Technical but foundational.
Leadership and Risk
- The CISO Desk Reference Guide — Bill Bonney, Gary Hayslip, Matt Stamper. Practical guide for aspiring security leaders.
- Tribe of Hackers — Marcus J. Carey. Interviews with 70 cybersecurity leaders. Invaluable.
- Thinking in Systems — Donella Meadows. Not a security book — but understanding systems thinking is essential for security leadership.
- The Art of War — Sun Tzu. Still relevant. Defenders and attackers are adversaries with asymmetric information.
Privacy and Policy
- No Place to Hide — Glenn Greenwald. The Snowden files and what they revealed about mass surveillance.
- The Age of Surveillance Capitalism — Shoshana Zuboff. Dense but essential. How your data is the product.
- Future Crimes — Marc Goodman. Accessible overview of how technology is being weaponized.
For Organizations and Teams
Resources for security professionals and business leaders.
Frameworks and Standards
- NIST Cybersecurity Framework (nist.gov/cyberframework) — The foundational US standard for security programs. Free.
- CIS Controls (cisecurity.org/controls) — Practical, prioritized security controls. Excellent starting point for any org.
- ISO 27001 — International standard for information security management. Widely recognized globally.
- SOC 2 — Relevant for any organization handling customer data in the cloud.
Incident Response
- CISA Free Resources (cisa.gov/resources-tools/resources) — Free playbooks, checklists, and guidance.
- NIST SP 800-61 — Computer Security Incident Handling Guide. Free PDF from NIST.
Security Awareness Training
- KnowBe4 (knowbe4.com) — Industry leading security awareness training platform.
- Proofpoint Security Awareness (proofpoint.com) — Enterprise-grade phishing simulation and training.
Useful Quick Tools
Fast, free tools you'll reach for regularly.
| Tool | What it does | Link |
|---|---|---|
| Have I Been Pwned | Check if your email was breached | haveibeenpwned.com |
| VirusTotal | Scan files and URLs for malware | virustotal.com |
| Shodan | Search for exposed devices | shodan.io |
| URLScan | Analyze suspicious URLs safely | urlscan.io |
| MXToolbox | Email and DNS diagnostics | mxtoolbox.com |
| Censys | Internet-wide attack surface scanning | censys.io |
| CyberChef | Data encoding and decoding tool | gchq.github.io/CyberChef |
| Exploit Database | Search known exploits | exploit-db.com |
| Wayback Machine | View archived versions of websites | web.archive.org |
Podcasts
Security knowledge you can absorb on the go.
- Risky Business — Weekly security news and expert interviews. The best in the business.
- Darknet Diaries — True stories from the dark side of the internet. Brilliant storytelling.
- Security Now — Deep dives into security topics with Steve Gibson. Long-running and thorough.
- CyberWire Daily — Quick daily briefing on the latest security news.
- Smashing Security — Lighter tone, great for making security accessible to a wider audience.
- SANS Internet Stormcast — Daily 5-minute threat briefing. Perfect for staying current fast.
This page is maintained by Cyber Devotee and updated regularly. Have a tool or resource you think belongs here? Get in touch.