Resources We Rely On

Relevant Sites for CISOs

(ISC)2, https://www.isc2.org/

CISA (Cyber & Infrastructure Security Agency), https://www.cisa.gov/

CyberEdBoard, members-only community for security leaders, https://ismg.io/brands/cyberedboard/

Cybersecurity Collaborative, which offers resources for CISOs, https://www.cyberleadersunite.com/memberships/for-cisos

FBI, https://www.fbi.gov/

Global Cyber Alliance, https://www.globalcyberalliance.org/

IEEE, https://www.ieee.org/

InfraGard, https://www.infragard.org

National Security Institute at George Mason University, https://nationalsecurity.gmu.edu/

NSA, https://www.nsa.gov/what-we-do/cybersecurity/

SANS, https://www.sans.org/

US Chamber of Commerce, https://www.uschamber.com/national-and-cyber-security

Stay Informed of the Latest Threats

Blogs and Periodicals

Bleeping Computer, https://www.bleepingcomputer.com/

CIO, https://www.cio.com/

CRN, http://crn.com

CSO, https://www.csoonline.com/

Cybercrime Magazine, https://cybersecurityventures.com/

Dark Reading, https://www.darkreading.com/

HackerNews, https://news.ycombinator.com/

Krebs on Security Blog, https://krebsonsecurity.com/

Motherboard, https://www.vice.com/en/section/tech

Network World, https://www.networkworld.com/

Schneier on Security, https://www.schneier.com/

Security Week, https://www.securityweek.com/

ZDNet, https://www.zdnet.com/topic/security/

Follow on Twitter

Marcus J. Carey, https://twitter.com/marcusjcarey

Cyberleaders, https://twitter.com/cyberleaders

FBI, https://twitter.com/FBI

Katie Moussouris, https://twitter.com/k8em0

NSA, https://twitter.com/NSAGov

Runa Sandvik, https://twitter.com/runasand

SANS, https://twitter.com/SANSInstitute

Dino Dai Zovi, https://twitter.com/dinodaizovi

Podcasts

Daily Stormcast, https://isc.sans.edu/podcast.html

Hacker Valley Studios, https://hackervalleystudio.podbean.com/

Risky.biz, https://risky.biz/

Security Conversations, https://securityconversations.fireside.fm/

Microsoft's Security Unlocked podcast, https://securityunlockedpodcast.com/

Books

George Finney, Well Aware: Master The Nine Cybersecurity Habits To Protect Your Future, https://wellawaresecurity.com/bookstore-2/

Brian Krebs, Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door, https://bookshop.org/books/spam-nation-the-inside-story-of-organized-cybercrime-from-global-epidemic-to-your-front-door/9781492603238

Kevin Mitnick, The Art of Deception: Controlling the Human Element of Security, https://www.mitnicksecurity.com/the-art-of-deception

Bruce Schneier, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, https://www.schneier.com/books/click-here/

Adam Shostack, Threat Modeling: Designing for Security, https://shostack.org/books/threat-modeling-book

List of cyber-related books

Cybersecurity Canon, curated list of books from Ohio State's Institute for Cybersecurity and Digital Trust, https://icdt.osu.edu/cybercanon

Communicate Effectively with the Business

Books

Joel Garfinkle, Getting Ahead, https://garfinkleexecutivecoaching.com/books/getting-ahead

Dan Heath, Upstream: The Quest to Solve Problems Before They Happen, https://heathbrothers.com/books/upstream/

Douglas Hubbard and Richard Seiersend, How to Measure Anything in Cybersecurity Risk, https://www.howtomeasureanything.com/cybersecurity/

Jerry Z. Muller, The Tyranny of Metrics, https://press.princeton.edu/books/hardcover/9780691174952/the-tyranny-of-metrics

Alexander Osterwalder and Yves Pigneur, Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers, https://bookshop.org/books/business-model-generation-a-handbook-for-visionaries-game-changers-and-challengers/9780470876411

Kerry Patterson, Joseph Grenny, Ron McMillan, and Al Switzler, Crucial Conversations: Tools for Talking When Stakes Are High, https://bookshop.org/books/crucial-conversations-tools-for-talking-when-stakes-are-high-second-edition-9780071771320/9780071771320

Jack J. Phillips and Lynn Schmidt, The Leadership Scorecard, https://www.routledge.com/The-Leadership-Scorecard/Phillips-Schmidt/p/book/9780750677646

Online Resources

BoardTalk blog, https://blog.nacdonline.org/

Cyber Risk Oversight Handbook, https://isalliance.org/isa-publications/cyber-risk-oversight-handbook/

Share Data from Annual Breach and Threat Reports

Accenture, https://www.accenture.com/us-en/insights/security/cyber-threatscape-report

Crowdstrike, https://www.crowdstrike.com/resources/reports/global-threat-report/

FireEye, https://www.fireeye.com/current-threats/annual-threat-report.html

OWASP Top Ten, https://owasp.org/www-project-top-ten/

Verizon Data Breach Investigations Report, https://www.verizon.com/business/resources/reports/dbir/

World Economic Forum Global Risks Report, https://www.weforum.org/reports/the-global-risks-report-2021

Risk and Compliance

CMMC (Cybersecurity Maturity Model Certification), https://www.acq.osd.mil/cmmc/

How to Make Sense of Cybersecurity Frameworks by Frank Kim, SANS, https://youtu.be/dt2IqidgpS4

Cyber Supply Chain Risk Management (C-SCRM) References, https://csrc.nist.gov/scrm/references.html

ISO 28000, https://www.iso.org/standard/44641.html

ISO 20243, https://www.iso.org/standard/74399.html

ISO 31000 risk management standard, https://www.iso.org/iso-31000-risk-management.html

MITRE ATT&CK framework knowledge base, https://attack.mitre.org/

NIST Cybersecurity Framework, https://www.nist.gov/cyberframework

NIST SP 800-171, https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final

Conferences to Attend

RSA Conference, https://www.rsaconference.com/

Gartner cybersecurity conferences, https://www.gartner.com/en/conferences/calendar/security-risk-management

FIRST Incident Response Conference https://www.first.org/conference/

Many events

Infosec-Conferences.com, Cybersecurity conference and event aggregator, https://infosec-conferences.com/

Increase Diversity and Inclusion

Diversity

International Consortium of Minority Cybersecurity Professionals, https://www.icmcp.org/

Diversity Wins: How Inclusion Matters, https://www.mckinsey.com/featured-insights/diversity-and-inclusion/diversity-wins-how-inclusion-matters

Women

Executive Women's Forum, https://www.ewf-usa.com/

Risky Women, https://riskywomen.org/

WiCyS - Women in Cybersecurity, https://www.wicys.org/

Women of Security (WoSEC), https://www.womenofsecurity.com/

Women's Society of Cyberjutsu,https://womenscyberjutsu.org/

Society of Women Engineers, https://swe.org/

Training and Certifications

(ISC)2 offers major certifications including CISSP, SSCP, CCSP, CAP, CSSLP or HCISPP, https://www.isc2.org/

National Initiative for Cybersecurity Careers and Studies, https://niccs.cisa.gov/training

ICE - National Initiative for Cybersecurity Education, https://www.nist.gov/itl/applied-cybersecurity/nice

Open Security Training, https://www.opensecuritytraining.info/Training.html

Georgia Tech network security course, https://www.udacity.com/course/network-security--ud199

Promote Security Awareness

National Cybersecurity Alliance, with free tools and information to support employee security awareness programs, https://staysafeonline.org/

National Cybersecurity Awareness Month, https://www.cisa.gov/national-cyber-security-awareness-month

Cloud Security

Cloud Security Alliance, https://cloudsecurityalliance.org/

Secure Development

CMU Software Engineering Institute Cybersecurity Engineering, https://www.sei.cmu.edu/our-work/cybersecurity-engineering/

OWASP (Open Web Application Security Project), https://owasp.org/

Tools

Burp Suite, https://portswigger.net/burp

ZAP (Zed Attack Proxy), https://www.zaproxy.org/

Hacker Conferences

Bsides, http://securitybsides.com

Shmoocon, https://www.shmoocon.org/

GrrCon, https://grrcon.com/

SummerCon, https://www.summercon.org/

DefCon, http://defcon.org

Black Hat, https://www.blackhat.com/

IoT Security

IoT Security 101, https://github.com/V33RU/IoTSecurity101#Books-For-IoT-Pentesting

Industrial Control Systems Security, https://www.sans.org/industrial-control-systems-security/

Industry-Specific Resources

ISAC (Information Sharing and Analysis Centers) for many industries, https://www.nationalisacs.org/member-isacs-3

Financial Services Information Sharing and Analysis Center, https://www.fsisac.com/

Healthcare

Association for Executives in Healthcare Information Security, https://aehis.org/

CHIME (College of Healthcare Information Management Executives), https://chimecentral.org/

HIMSS (Healthcare Information and Management Systems Society), https://www.himss.org/

Massachusetts Health Data Consortium, https://www.mahealthdata.org/page-1861560

Fill the Future Skills Pipeline

FBI Cybercamp, https://www.infragardnational.org/programs/cyber-camp-in-a-box/

NICE - National Initiative for Cybersecurity Education, https://www.nist.gov/itl/applied-cybersecurity/nice

Girls Who Code, https://girlswhocode.com/

Cyber Talent Initiative, get a job that comes with $75K in student loan assistance, https://cybertalentinitiative.org/

CyberStart America, program for high school students, https://www.cyberstartamerica.org/

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset