A single place to get every possible learning resources for cybersecurity that includes YouTube videos, GitHub repositories, books, videos, courses, labs, certifications, articles, newsletters etc. We would keep adding relevant learning references when we find them informative for our community.
Note
You can also star or fork our other important repositories listed below:
- Security Study Plan
- Security Interview Questions
- Awesome AWS Security
- Cybersecurity career roadmap
- Cybersecurity FAQs
- Cybersecurity Slides
- Python for Cybersecurity
Tip
We have categorised the learning resources based on the below domains (subject to change):
- Common Learning Resources
- Penetration Testing learning resources
- Network security learning resources
- API security learning resources
- Application security learning resources
- DevSecOps learning resources
- AI/ML security learning resources
- Cloud security learning resources
- GRC learning resources
- Mobile Application Security resources
- Container Security learning resources
- SOC / Blue Team learning resources
- DFIR (Digital Forensics & Incident Response) learning resources
- Threat Intelligence (CTI) learning resources
- Malware Analysis & Reverse Engineering learning resources
- Red Team & Active Directory learning resources
- OSINT learning resources
- IoT & Hardware Security learning resources
- ICS / OT Security learning resources
- Cryptography learning resources
- IAM & Identity Security learning resources
- Blockchain / Smart Contract Security learning resources
- Binary Exploitation & Low-Level Security learning resources
- Books
- Cybersecurity Videos
- Free/Paid Cybersecurity Courses
- Free/Paid Cybersecurity Labs
- Certifications
- Newsletters
- Blogs/Articles
- Security Events/Conferences
Books that you must read in your cybersecurity journey
- Secure By Design - Highly Recommended
- Security Engineering 3rd Edition
- The Web Application Hacker's Handbook - This was my first book when I started working as a Penetration Tester in 2014
- Thinking Security
- Schneier on Security - Little old now, but still very much useful to give you an idea of overall security notion. I enjoyed reading it!
- The Phoenix Project
- How to build a career in Cybersecurity
- Cybersecurity Roadmap for Beginners
- Most underrated skills in Cybersecurity
- Top 3 skills for success career in Cybersecurity
- Foundation of Cybersecurity by Google
- Google Cybersecurity Professional Certificate
- Certified in Cybersecurity Specialization by ISC2
- ISC2 CC - Free entry-level cybersecurity certification - Exam voucher is free under the "One Million Certified in Cybersecurity" program in some regions.
- Microsoft SC-900 Fundamentals
- Cisco Networking Academy - free cybersecurity courses
- hackthebox - Recommended
- tryhackme
- vulnhub
- portswigger web security academy - Must go through
- Parrot CTF
- Pico CTF
- Lets Defend for Blue Teamers
- CTF Time
- Hacker101 by HackerOne
- CyberDefenders - Blue-team challenges, DFIR.
- RangeForce - Blue-team labs.
We are keeping the certifications which are popular amongst security community and what HR asks.
- CC from ISC2
- CompTIA Security+
- CISSP from ISC2
- CompTIA SecurityX (formerly CASP+, rebranded Dec 2024)
1. ISC2
- CC - Entry-level Cybersecurity
- CISSP - Leadership and Operations
- CSSLP - Secure Software Development
- SSCP - Security Administrator
- CCSP - Cloud Security
- CGRC - Governance, Risk and Compliance
2. EC-Council
- C|EH - Ethical Hacker
- E|CSA
- C|HFI
- C|CISO
- C|Pent - Penetration Testing
- C|SA - SOC Analyst
- E|CIH - Incident Handler
- E|CDE - DevSecOps
- CASE.Net - Application Security
- CASE.Java - Application Security
3. CompTIA
- Security+
- CySA+
- Pentest+
- SecurityX (formerly CASP+, rebranded Dec 2024)
4. eLearn Security
- eJPT
- eWPT
- eWPTX
- eCPPT
5. Offensive Security
- OSCP
- OSEP
- OSWP
- OSWA
- OSWE
6. Cloud Security Alliance
- CCSK
- CCAK
7. CNCF Certs
- KCNA - Kubernetes and Cloud Native Associate
- CKA
- CKS
8. SANS Certs
- GCSA
- GCLD
- GCPN
- GWEB
- GCSA
- GSEC
- GWAPT
- GSLC - GIAC Security Leadership
9. Practical DevSecOps Certs
- CDP
- CDE
- CCSE
- CCNSE
- CTMP
- CASP
- CSSE
- CSC
- CAISP
10. APISec Certs
- CASA - Certified API Security Analyst
- ASCP - API Security Certified Professional
Instead of keeping it various locations in this repo, I kept it here for quick look and you can subscribe to the newsletter that is important for you and your career.
- The Hacker News
- TLDR Sec
- CSO Online
- Cyber Magazine
- Dark Reading Recommended 👍
- API Security
- AWS Security
- Cloud Security
- One more for cloud security
- SANS Newsletter
- Schneier on Security -> Very interesting one 👌
- Zero Day issues newsletter
- Krebs on Security
- Security Magazine
- tl;dr sec by Clint Gibler - Weekly AppSec/DevSecOps digest (recommended).
- Risky Business podcast + newsletter
- OpenSSF Feed / Open Source Security Digest
- Reddit: How to get started in Cybersecurity
- Quora: How do I start career in cybersecurity
- NIST Cybersecurity Framework 2.0
- MITRE ATT&CK knowledge base
- OWASP Top 10 (Web, API, LLM, Mobile, K8s) - central OWASP site
- CISA Known Exploited Vulnerabilities (KEV) catalog
You can try to present, attend and meet like-minded people in these security chapters or conferences. Look for the local chapters near you like Bsides bangalore, Null Hyderabad, Nullcon Goa etc.
| Meetup/Conferences | Type |
|---|---|
| Null | Chapters |
| Nullcon | International |
| Defcon | International |
| Blackhat | International |
| OWASP | Chapters |
| Bsides | Chapters |
| CXO Cywayz | Chapters |
| The Hacker's Meetup | Chapters |
| Bi0s | Chapters |
| ISC2 | Chapters |
| ISACA | Chapters |
| DevSecCon by Snyk | International |
Note
This list is not holistic, but we can make it more comprehensive together. So, if you want to add any learning resources, fork the repository and send PR or contact Sanjeev on Linkedin
