Skip to content

Resources

Your one-stop shop, minus the noise.

There is no shortage of cybersecurity advice out there. There is a shortage of trustworthy advice that meets you where you are. We built this page to cut through the overload and the misinformation so you can stop researching and start moving.

Call it the cure for paralysis by analysis. We know what it takes to succeed in this field, and we want that for you, so you will know what success looks and feels like before you ever get there.

Browse by where you are, entry to advanced, and by the path that calls to you. Not sure yet? Start with Getting started, and take the Cyber Audit if you want a nudge in the right direction.

Career pathGetting started19

No path chosen yet, and that is fine. Start here to get the lay of the land before you commit.

  • EntryToolFree

    The Ctrl+Alt+Elite Cyber Audit

    Start with us. A few-minute quiz that maps where you are right now and points you to the next step that actually fits you. There is no wrong place to begin.

  • EntryCourseFree tier

    Google Cybersecurity Certificate (opens in a new tab)

    A structured, beginner-friendly on-ramp that introduces Linux, SQL, Python basics, SIEM tools, and incident workflows. Treat it as proof you have done the reps, not as a replacement for an accredited exam.

  • EntryFrameworkFree

    NIST NICE Workforce Framework (opens in a new tab)

    The map of who does what in cybersecurity. Skim it when the job titles feel like alphabet soup, and the field starts to make sense as a set of real roles you can aim at.

  • EntryCertificationPaid

    CompTIA Security+ (SY0-701) (opens in a new tab)

    The credential that shows up in roughly seven of every ten entry-level postings and satisfies the DoD 8140 baseline. For most career changers aiming to get hired, this is the strongest first certification to target.

  • EntryCertificationFree tier

    ISC2 Certified in Cybersecurity (CC) (opens in a new tab)

    A foundational certification with no work-experience requirement, and the exam is free through ISC2's One Million Certified in Cybersecurity program. A low-cost way to prove you know the principles. Note the modest annual maintenance fee once you pass.

  • EntryCourseFree

    Professor Messer (free YouTube courses) (opens in a new tab)

    Full, exam-objective-by-objective video courses for Security+ and more, free on YouTube. When budget is the blocker, this is how thousands of people study, and the quality is genuinely good.

  • EntryPlatformFree tier

    TryHackMe (opens in a new tab)

    Hands-on labs in your browser with guided rooms, so you learn by doing instead of just watching. The generous free tier is one of the best places to get your hands dirty on day one.

  • EntryPlatformFree

    picoCTF (opens in a new tab)

    Free capture-the-flag challenges from Carnegie Mellon, built to be approachable. A low-stakes, genuinely fun way to find out whether the puzzle-solving side of security clicks for you.

  • EntryFrameworkFree

    NIST Cybersecurity Framework 2.0 (opens in a new tab)

    The most transferable framework to learn first, and it is free to read cover to cover. Most organizations use it as the umbrella over their other commitments, so knowing it pays off everywhere.

  • EntryCourseFree tier

    AWS Skill Builder (free security learning) (opens in a new tab)

    Free, official learning paths for securing AWS, the platform an enormous share of the internet runs on. A practical way to build cloud security fluency without paying for a course first.

  • EntryCertificationPaid

    Microsoft Security Fundamentals (SC-900) (opens in a new tab)

    A foundational, approachable certification covering security, compliance, and identity across Microsoft cloud. A clean entry point if your target employers live in the Azure and Microsoft 365 world.

  • EntryCommunityFree

    Blacks In Cybersecurity (BIC) (opens in a new tab)

    A community and conference series built to highlight and elevate Black people in cybersecurity, with meetups and events worldwide. A place to find people who look like you and are doing the work you want to do.

  • EntryCommunityFree

    Black Girls in Cyber (opens in a new tab)

    A nonprofit focused squarely on women of color entering cybersecurity, STEM, and privacy. Built to raise awareness and open doors at exactly the entry point where it matters most.

  • EntryCommunityFree tier

    Women in CyberSecurity (WiCyS) (opens in a new tab)

    A national nonprofit dedicated to recruiting, retaining, and advancing women in the field, with mentorship, a strong job board, and scholarships. One of the most established communities to grow inside of.

  • EntryCommunityFree

    Cyversity (opens in a new tab)

    A nonprofit working to bring consistent representation of women, underrepresented communities, and veterans into cybersecurity through scholarships, mentoring, and workforce programs.

  • EntryCommunityFree tier

    Women's Society of Cyberjutsu (WSC) (opens in a new tab)

    A 501(c)(3) focused on advancing women in cybersecurity through training, networking, mentorship, and a job board. Local chapters mean the support can be in-person, not just online.

  • EntryScholarshipFree

    ISC2 Women's Cybersecurity Scholarships (opens in a new tab)

    Annual scholarships from the Center for Cyber Safety and Education to help women start or advance a cybersecurity career, including named awards. Check the current cycle's deadline before you apply.

  • EntryScholarshipFree

    WiCyS Scholarship Opportunities (opens in a new tab)

    A multi-stage program offering financial help toward tuition, certifications, and conference attendance for women in cybersecurity. A practical way to lower the cost of the credentials on this page.

  • IntermediateScholarshipFree

    SANS / SANS.edu external scholarships (opens in a new tab)

    Scholarship and diversity programs that can cover SANS course fees and certification exams, some aimed specifically at women entering the field. The awards are competitive but life-changing when they land.

Career pathGRC & compliance9

Governance, risk, and compliance. One of the most welcoming front doors into the field, and it rewards the organized.

  • EntryCertificationPaid

    CompTIA Security+ (SY0-701) (opens in a new tab)

    The credential that shows up in roughly seven of every ten entry-level postings and satisfies the DoD 8140 baseline. For most career changers aiming to get hired, this is the strongest first certification to target.

  • EntryCertificationFree tier

    ISC2 Certified in Cybersecurity (CC) (opens in a new tab)

    A foundational certification with no work-experience requirement, and the exam is free through ISC2's One Million Certified in Cybersecurity program. A low-cost way to prove you know the principles. Note the modest annual maintenance fee once you pass.

  • EntryFrameworkFree

    NIST Cybersecurity Framework 2.0 (opens in a new tab)

    The most transferable framework to learn first, and it is free to read cover to cover. Most organizations use it as the umbrella over their other commitments, so knowing it pays off everywhere.

  • EntryFrameworkFree

    CIS Controls v8.1 (opens in a new tab)

    The practical, prioritized control set that sits underneath the big frameworks. Free to download, and concrete enough that you can see exactly what good security operations look like in practice.

  • IntermediateFrameworkPaid

    ISO/IEC 27001 (opens in a new tab)

    The international standard for information security management, and increasingly expected outside the US. Understanding how its controls map to audit evidence is core GRC literacy.

  • IntermediateFrameworkFree

    SOC 2 (AICPA Trust Services Criteria) (opens in a new tab)

    The report most cloud vendors live and die by. Read a publicly published SOC 2 Type II report once and the abstract idea of compliance turns into something concrete you can speak to in an interview.

  • IntermediateCertificationPaid

    CompTIA CySA+ (CS0-003) (opens in a new tab)

    The logical step after Security+ for people aiming at analyst and SOC roles. It focuses on detecting, analyzing, and responding to threats with real tools, which is exactly what those jobs ask for.

  • AdvancedFrameworkPaid

    ISO/IEC 42001 (AI management systems) (opens in a new tab)

    The new must-know as organizations race to meet the EU AI Act and govern their AI use. GRC professionals who understand it early are positioned for the work everyone is suddenly hiring for.

  • AdvancedFrameworkFree

    NIST AI Risk Management Framework (opens in a new tab)

    The free framework organizations are leaning on to govern AI risk responsibly. Knowing it bridges the security and GRC sides of AI, which is exactly where a lot of the new work is opening up.

Career pathSOC & blue team13

Defense. Detecting, analyzing, and responding to what attackers do, usually from a security operations center.

  • EntryCourseFree tier

    Google Cybersecurity Certificate (opens in a new tab)

    A structured, beginner-friendly on-ramp that introduces Linux, SQL, Python basics, SIEM tools, and incident workflows. Treat it as proof you have done the reps, not as a replacement for an accredited exam.

  • EntryCertificationPaid

    CompTIA Security+ (SY0-701) (opens in a new tab)

    The credential that shows up in roughly seven of every ten entry-level postings and satisfies the DoD 8140 baseline. For most career changers aiming to get hired, this is the strongest first certification to target.

  • EntryCourseFree

    Professor Messer (free YouTube courses) (opens in a new tab)

    Full, exam-objective-by-objective video courses for Security+ and more, free on YouTube. When budget is the blocker, this is how thousands of people study, and the quality is genuinely good.

  • EntryPlatformFree tier

    TryHackMe (opens in a new tab)

    Hands-on labs in your browser with guided rooms, so you learn by doing instead of just watching. The generous free tier is one of the best places to get your hands dirty on day one.

  • EntryFrameworkFree

    CIS Controls v8.1 (opens in a new tab)

    The practical, prioritized control set that sits underneath the big frameworks. Free to download, and concrete enough that you can see exactly what good security operations look like in practice.

  • IntermediatePlatformFree tier

    LetsDefend (opens in a new tab)

    A simulated security operations center where you work real-feeling alerts. The closest thing to a SOC analyst day-in-the-life before you land the role, with paths that line up to defensive certs.

  • IntermediatePlatformFree tier

    Blue Team Labs Online (opens in a new tab)

    Gamified defensive challenges and investigations refreshed regularly. Good for building the detection and incident-response reflexes a blue team role actually leans on.

  • IntermediatePlatformFree tier

    CyberDefenders (opens in a new tab)

    Digital forensics and incident response challenges built from realistic data. Where you practice the analysis work that defenders are paid to do well under pressure.

  • IntermediateCertificationPaid

    CompTIA CySA+ (CS0-003) (opens in a new tab)

    The logical step after Security+ for people aiming at analyst and SOC roles. It focuses on detecting, analyzing, and responding to threats with real tools, which is exactly what those jobs ask for.

  • IntermediateCertificationPaid

    Blue Team Level 1 (BTL1) (opens in a new tab)

    A hands-on defensive certification that asks you to actually investigate and respond, not memorize. A strong, practical signal for a first or second SOC role.

  • IntermediateFrameworkFree

    MITRE ATT&CK (opens in a new tab)

    The shared vocabulary defenders use to describe what attackers actually do. Free, deep, and worth learning early, because it shows up in detections, threat reports, and interviews alike.

  • IntermediateCourseFree

    Splunk free training & Search Tutorial (opens in a new tab)

    Free courses and a sandbox for one of the SIEM tools you will see most in SOC job descriptions. Getting comfortable querying logs here removes a real barrier on day one of the job.

  • IntermediateCertificationPaid

    Microsoft Security Operations Analyst (SC-200) (opens in a new tab)

    Focused on detecting and responding to threats with Microsoft Defender and Sentinel. A practical certification for SOC-adjacent cloud defense in Microsoft-heavy environments.

Career pathOffensive & red team10

Ethical hacking and penetration testing. You find the holes before the bad actors do.

Career pathCloud security4

Securing the platforms almost everything now runs on: AWS, Azure, and Google Cloud.

Career pathAI security4

The newest frontier. Securing the models and the systems built on top of them, and governing how AI gets used.

  • IntermediateFrameworkFree

    OWASP Top 10 for LLM Applications (opens in a new tab)

    The starting map of what goes wrong in apps built on large language models: prompt injection, data leakage, and the rest. Free, current, and the fastest way to get fluent in AI application risk.

  • AdvancedFrameworkPaid

    ISO/IEC 42001 (AI management systems) (opens in a new tab)

    The new must-know as organizations race to meet the EU AI Act and govern their AI use. GRC professionals who understand it early are positioned for the work everyone is suddenly hiring for.

  • AdvancedFrameworkFree

    MITRE ATLAS (opens in a new tab)

    The ATT&CK-style knowledge base for attacks against machine-learning systems, with real tactics, techniques, and case studies. Pair it with the OWASP LLM list and you cover both layers of the AI security stack.

  • AdvancedFrameworkFree

    NIST AI Risk Management Framework (opens in a new tab)

    The free framework organizations are leaning on to govern AI risk responsibly. Knowing it bridges the security and GRC sides of AI, which is exactly where a lot of the new work is opening up.

Still deciding where to point all this?

The Cyber Audit takes a few minutes and points you toward the path that fits where you are right now. Then this whole page has a direction.

Take the Cyber Audit