Cybersecurity Knowledge

The most intelligent people do not have the most expansive sets of knowledge; rather, they know with the greatest precision where their knowledge ends.

Donate now

This section includes documents that can be read or referenced to increase cybersecurity knowledge and awareness of a variety of security topics but should not be considered comprehensive guides to security, compliance, or privacy. The information contained in this section should only be used for advancement of knowledge or in support of a broader security framework, strategy, and/or plan.

Acquisition Vs. Supply Chain Risk

Threat Scope Maturity: A Look at History

Risk Avoidance: A Lifecycle and an SDLC Integration

Transparency, Privacy & Confidentiality

Paper Lunch Sac Firewalls: Information Security Gear is Not Compliance

Is Dave’s Phone or Dave’s IPhone the Attacker’s Device?

The IPhone SIM Lock: An IR Technique
More Security Without Spending More Money
Deceiving the Attacker: Some Fake Treasures for Your Network
Enterprise Security: Some Ways to Move From Awareness to Culture
Social Engineering: 10 Delivery Mechanisms
Social Engineering: 6 Ways to Manipulate Humans
Technical Exploit Management: You’re Doing It Wrong
Enterprise Email: A Strategy for Securing the Phishing Deluge
Cybersecurity Maturity is Powerful: A Strategic Start
Configuration Security: Identifying & Avoiding Mistakes
Cybersecurity Basics: 12 Basic Security Components
Primary & Secondary School Guidance
Hacking in Plain Site: Native Service Abuse
Three Hacker Flows: Low & Slow, Blended, and Smash & Grab
APT Tactic Revealed: The I.O.C. Cluster-Bomb
Tunnel Cleaning: One APT Evasion Technique
Threat Actor Goals: B.L.E.E.D.
Organizational Password Management: Avoid User-Account Tunnel Vision
Security Program Reviews: Security in Practice
Weak-Security: 6 Ways to Increase Security Maturity
A Case Against Scan POAMs