TrainingMatchmaker.com Cyber Security Trainer Gary Robinson from Uleska shares with #LearnuaryNI challengers 31 cyber security learning resources for practicing IT security and IT professionals and students to conquer over the month of January:
Continue your learning after January 2018. Gary runs public access training courses in Cyber Security – register your interest by contacting Gary directly.
| Day | Description |
| 1 | OWASP Top 10 Web Application Security Risks: The OWASP Top 10 educates web developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas, and provides guidance on where to go from here. |
| 2 | NCSC advice on monitoring your security: This blog explores a series of questions, each designed to encourage continual improvement within security monitoring teams, ensuring their work remains effective in face of an ever-changing environment. |
| 3 | NCSC advice for cyber security in small businesses: If you’re a small or medium-sized enterprise (SME) then there’s around a 1 in 2 chance that you’ll experience a cyber security breach. |
| 4 | ISACA is an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. |
| 5 | BSIMM 7 Guide: The BSIMM is a measuring stick for software security. The best way to use the BSIMM is to compare and contrast your own initiative with the data about what other organizations are doing contained in the model. You can then identify goals and objectives of your own and refer to the BSIMM to determine which additional activities make sense for you. |
| 6 | Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. |
| 7 | The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. |
| 8 | NCSC advice on Anti-Virus software usage: “Do I need to install AV?” is one of the questions many organisations have. This guides provide administrators and risk owners detailed advice for many configuration options, but on the whole we don’t spend much time in the guidance specifically discussing the use of antivirus (AV) or anti-malware products. |
| 9 | The OWASP Application Security Verification Standard is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is. |
| 10 | NCSC advice on automatically updating your computers: The NCSC thought that the frequent news of security vulnerabilities would serve as a useful reminder of the importance of automating firmware updates. |
| 11 | Ultimate List of Security Links: Gary shares a heap of resources he constantly comes back to in talks, workshops and just during the course of his everyday work. He says: “Frankly, I have trouble remembering them all myself plus I reckon they’re kinda useful for other people too so I thought I’d drop them all into a post here. If you’ve got good stuff I’ve missed (and you almost certainly will), drop it into a social media post tagging me and using the hashtag #LearnuaryNI as I’d love to add to my own set of resources plus that way it gets shared with everyone. Enjoy!” |
| 12 | 66 Cyber Security Videos from the OWASP AppSec EU 2017 Conference in Belfast: This YouTube channel contains recordings of 66 sofware security talks from the OWASP AppSec EU conference held in the Waterfront Belfast during May 2017. |
| 13 | 17 Things we should have learned about Cyber Security in 2017: The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn’t already have known? |
| 14 | The OWASP Developer Guide to really take on the “builder” community, helping software engineers to build secure websites. |
| 15 | DevSecOps: Similar to the Agile Manifesto in software engineering, this site covers the DevSecOps Manifesto encouraging software teams to consider security, authmatically, throughout the sofware development lifecycle. |
| 16 | Infographic depicting the mons common fram scams / Cyber Fraud: Do you know the most common #fraud scams targeting employees? The losses can reach millions of euros in some cases. Stay alert! |
| 17 | The OWASP Testing Guide includes a “best practice” penetration testing framework which users can implement in their own organizations and a “low level” penetration testing guide that describes techniques for testing most common web application and web service security issues. |
| 18 | NCSC article on Cyber Pranking: Gary was recently targeted for a prank and took the unorthodox step of asking James Linton, the very person who was trying to prank him, to help write this blog. |
| 19 | Videos from Bsides Belfast 2017: Watch one or more of 17 talks on this YouTube channel which contains17 Bsides Belfast recordings from their 2017 conference in the Europa Hotel Belfast. |
| 20 | Learn from a Cyber Security Thought Leader: Top Security Blogger Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper, including eight front-page stories in the dead-tree edition and a Post Magazine cover piece on botnet operators. |
| 21 | NCSC Cyber Security advice for SMBs: New edition of cyber security guidance helps small businesses to tackle common cyber attacks |
| 22 | SANS Top 25 Software Errors: A popular guide from the SANS organization to identify and eliminate common software and security issues. |
| 23 | Read up on the NCSC glossary on Cyber Security |
| 24 | NCSC advice for debunking cloud security myths: From discussions with users, we know that there are a wide range of opinions about cloud security – and SaaS in particular – ranging from the unrealistically positive to the extremely negative. The goal of this meeting was to try to address a few of the myths that have grown up around SaaS, hopefully without saying ‘it depends’. Learn (from a slightly edited) version of what Gary said there. |
| 25 | Know your stats: This survey has shows that more than 80% of small and medium sized companies were victims of cyber crime in the last few years. |
| 26 | OWASP Code Review Guide is a technical book written for those responsible for code reviews (management, developers, security professionals). The primarily focus of this book has been divided into two main sections. Section one is why and how of code reviews and sections two is devoted to what vulnerabilities need to be to look for during a manual code review. While security scanners are improving every day the need for manual security code reviews still needs to have a prominent place in organizations SDLC (Secure development life cycle) that desires good secure code in production. |
| 27 | Videos from Bsides Belfast 2017: Choose to learn from one or more of 17 talks on this YouTube channel which contains Bsides Belfast recordings from their 2017 conference in the Europa Hotel Belfast. Don’t forget to share details on which of the 17 videos you watched using #LearnuaryNI. |
| 28 | 66 Cyber Security Videos from the OWASP AppSec EU 2017 Conference in Belfast: This YouTube channel contains recordings of 66 sofware security talks from the OWASP AppSec EU conference held in the Waterfront Belfast during May 2017. |
| 29 | Videos from Bsides Belfast 2017: Choose to learn from one or more of 17 talks on this YouTube channel which contains Bsides Belfast recordings from their 2017 conference in the Europa Hotel Belfast. Don’t forget to share details on which of the 17 videos you watched using #LearnuaryNI. |
| 30 | 66 Cyber Security Videos from the OWASP AppSec EU 2017 Conference in Belfast: This YouTube channel contains recordings of 66 sofware security talks from the OWASP AppSec EU conference held in the Waterfront Belfast during May 2017. |
| 31 | Videos from Bsides Belfast 2017: Choose to learn from one or more of 17 talks on this YouTube channel which contains Bsides Belfast recordings from their 2017 conference in the Europa Hotel Belfast. Don’t forget to share details on which of the 17 videos you watched using #LearnuaryNI. |
