Free Cybersecurity Help: Trustworthy Sources

Wouldn’t it be nice to get some free cybersecurity help? Well, let us help you get some free help. Hmmm, I guess that makes us the helper’s helpers. Maybe we are helping the helpers help those who need help. I should probably stop now, if I don’t get to the point of this post, I’ll be less than helpful and leave you helpless.

Ok, I’m done.

NIST Recommended, LRS Approved

As you probably know, at LRS Education Services we offer a number of cybersecurity courses. Of course, those aren’t free but we did give away some free info straight from our NIST Cybersecurity Framework Bootcamp Training course in a recent webinar. Here’s the replay!

In our NIST Cybersecurity Framework training courses, we cover the components of the NIST CSF, including the Core, Implementation Tiers, and Profiles. We cover every detail of the Core, which means we see all 5 Functions, 23 Categories and 108 Subcategories in the NIST CSF.

One of those Subcategories is ID.RA-2: Threat and vulnerability information is received from information-sharing forums and sources. The ID stands for the Identify Core Function and the RA is the Risk Assessment category. What this subcategory means is that as cybersecurity professionals, we don’t only count on our own knowledge and experience. We also seek information to support our cybersecurity efforts from trustworthy external sources.

And here at LRS Education Services we don’t just teach it, we live it.

Enter Troy’s Email

In recent months, just a bit before lunchtime in our NIST Cybersecurity Framework Foundation/Bootcamp training courses, I’ve gotten in the habit of briefly showing a portion of my Microsoft Outlook email list. Here is an example:

I do so to demonstrate that we do our best to stay up to date on what is happening in the world of cybersecurity and cyberattacks. If you look at the list, you’ll see a diverse group of “information sharing forums and sources.” This is certainly not a comprehensive list of what we use, but it gives you an idea.

Here is the Free Cybersecurity Help

To support your cybersecurity efforts, we thought we’d give you suggestions of places where we’ve found just such valuable information. Note that each site has one or more newsletters to which you can subscribe.

The Hacker News

“The Hacker News (aka THN) is the leading and go-to source for timely and relevant breaking news from the world of cybersecurity, as well as valuable insights into the latest threats and solutions. As an independent news source, we provide unbiased and comprehensive coverage of the industry, making us a trusted resource for professionals and enthusiasts alike.”

I find THN (because you can’t have “Hacker” in your name without an acronym) to be a well-rounded source of cybersecurity news. I especially appreciate that right on the homepage they have topics divided into categories including Data Breaches, Cyber Attacks, Vulnerabilities, and Webinars. This makes it easy to find the most up-to-date info on whichever topic you are researching. (Newsletter signup link.)

Dark Reading

“Dark Reading: Connecting the Cybersecurity Community

Long one of the most widely read cybersecurity news sites, Dark Reading is also the most trusted online community for security professionals like you. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals. We want you to join us.”

Dark Reading is a good mix of news and commentary. You may not always agree with the commentary, but it will certainly make you think. Dark Reading has multiple sections and a LOT of non-news content such as whitepapers, reports, webinars, and slide shows. They also have a couple of different libraries with valuable resources from leading industry experts. (Newsletter signup link.)

Naked Security by Sophos

“Naked Security is Sophos’s award-winning threat newsroom, giving you news, opinion, advice and research on computer security issues and the latest internet threats.”

You’d think that since Naked Security is a part of Sophos that the focus would be on their own products. It’s true that they link back to Sophos, but they also offer some FREE tools right on the homepage. Perhaps my favorite thing about Naked Security is that they put info about the major recently discovered vulnerabilities front and center. And, of course, they have strong cybersecurity news content. (Newsletter signup link.)

Krebs on Security

“Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper, including eight front-page stories in the dead-tree edition and a Post Magazine cover piece on botnet operators. In 2014, he was profiled in The New York Times, Business Week, NPR’s Terry Gross, and by Poynter.org. More recently, he was invited to an “Ask Me Anything” discussion on Reddit about investigative reporting.”

Important things about Krebs on Security from my perspective:

  • It’s a blog site with in-depth content on the latest cybersecurity news and powerful analysis. This is VERY valuable when you want more than just a short snippet from a news site.
  • Brian Krebs is NOT a trained tech professional, but he is an educated and highly experienced journalist. However, he got VERY interested and truly obsessed with cybersecurity when his own home network was taken over by hackers in 2001. His obsession has contributed greatly to the cybersecurity community over the years.
  • I read all content with a critical eye, but I almost implicitly trust the content at Krebs on Security.

(Newsletter signup link.)

Cybersecurity & Infrastructure Security Agency (CISA)

“CISA works with partners to defend against today’s threats and collaborate to build a more secure and resilient infrastructure for the future. CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. We are designed for collaboration and partnership. Learn about our layered mission to reduce risk to the nation’s cyber and physical infrastructure.

Mission: We lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.
Vision: A secure and resilient critical infrastructure for the American people.”

Let’s start with the obvious. CISA is an agency within the US federal government and has been the subject of both praise and criticism. Having said that, I find great value in being subscribed to their Cybersecurity Advisories and Vulnerability Bulletins. I spend very little time on the actual website, although there is a lot of content. (Newsletter signup link.)

Wrapping Up

I hope this list has given you some ideas on ways to get external information on cybersecurity information. There are many other great places to get this kind of content. The point is simply this, stay current on what is happening in the world of cybersecurity…or you won’t be secure for long.

If you’d like to learn more about our NIST Cybersecurity Framework training courses, check us out at https://www.lrseducationservices.com/cybersecurity/nist-cybersecurity/.

Have a great day!
Troy Stoneking
Certified NIST Cybersecurity Framework Professional Trainer and Cybersecurity Assessor