CISO Express | A Security Professional’s Home Page

Community Driven Security Training

Radare2 Book

This book aims to cover most usage aspects of radare2. A framework for reverse engineering and analyzing binaries. The radare project started in February of 2006, aiming to provide a free and simple command-line interface for a hexadecimal editor supporting 64-bit offsets, to make searches and to help recovering data from hard-disks.

Lots of Free Tutorials by Cyber Punk

- How does it work- IP Tables? - Open Source SysAdmin Resources - Analyzing Apache Log Files - DoS Attack With hPing3 - Understanding the LDAP - Configuration Management System: Chef - Booting Kali Linux Live over HTTP

Introduction to Cloud Security

1. Intro to Cloud Computing | By Chris Brenton 2. Cloud Versus Virtualization | By Chris Brenton 3. Virtualization Security | By Chris Brenton 4. IaaS Security – Part 1 | By Chris Brenton 5. IaaS Security – Part 2 | By Chris Brenton 6. Simplified IaaS Security via Group Management | By Chris Brenton 7. IaaS Provider Auditing | By Chris Brenton

eBook: Identity Security Trends in the Mobile Era

GRC Stack Courseware

Outsourcing critical business functions into the Cloud can result in challenges of maintaining assurance and control over legal and regulatory obligations for data management and protection. The Cloud Security Alliance is offering a training session to show you how to leverage the CSA GRC (Governance, Risk Management & Compliance) Stack, a toolkit designed for peeling back and revealing those layers of accountability and responsibility between Cloud Service Providers and their Tenants, applying measurable risk-based decision making for both assessing and attesting to governance, risk and compliance best practices. GRC Stack Training is currently being offered upon request. Please email us for more information. https://cloudsecurityalliance.org/education/

Enabling Business Beyond the Corporate Network

Secure solutions for mobility, cloud and social media

How to do PCI in the Cloud?

PCI DSS in the Cloud Training The first ever class dedicated to assessing and implementing PCI DSS controls in cloud computing environments covers how to think of and how to do PCI DSS in various cloud computing environments. Focused primarily on people familiar with PCI DSS, it starts from the “hype-free” cloud computing facts and then delves into key scenarios where PCI DSS and clouds overlap in the real world. You will learn where to look while assessing such environments and what pitfalls and mistakes to avoid. It will also cover the shared responsibility between service providers and merchants in implementing PCI DSS controls. Specifically, we will discuss how PCI DSS Requirement 12.8 applies to various cloud scenarios. The class would be most useful to PCI DSS QSA, organizations offering PCI DSS consulting as well as merchants planning or implementing PCI compliance. https://cloudsecurityalliance.org/education/

The Essential Guide to Cloud Security

With Practical Tips for CISOs and CIOs to Reduce Costs and Improve Security

Security Policy Management in the Data Center for Dummies

As corporate networks, data centers, and the security infrastructure that protects them continue to grow in size and complexity, so too does the security policy. Security Policy Management in the Data Center For Dummies provides you with the information you need to reduce network security complexity and address dynamic business requirements and increasing security risks – all at the speed of the business.

eBook: Security by Design

Top 10 Reasons Enterprises are Moving Security to the Cloud

A better approach to security

Information Assurance Support Environment by DISA

    Free Tools

    Lots of free Community Driven tools by Cyber Punk

    Lots of free Community Driven tools by Cyber Punk

    - HTTP Evader - Automate Firewall and IDS Evasion Tests - Netflix Sleepy Puppy XSS Payload Management Framework - Flash Exploit Detector - AChoir- Windows Live Artifacts Acquisition Script - PowerMemory- Exploit the credentials present in files and memory - Maltelligence - Fuzz Testing with afl-fuzz (American Fuzzy Lop) - Secure-Desktop: Anti-keylogger/anti-rat application for Windows and many more!
    Win10-Unfuck

    Win10-Unfuck

    Remove anti-privacy, anti-security, and general nuisance "features" from Windows 10.
    Try out for free for two weeks- Web Security, Network Assessment and Software Security Testing Tools

    Try out for free for two weeks- Web Security, Network Assessment and Software Security Testing Tools

    On-demand Vulnerability Report  What is your organization’s external SSL security posture? Internet-

    On-demand Vulnerability Report What is your organization’s external SSL security posture? Internet-

    Threat Center Venafi Threat Center provides awareness and insight related to the attack on trust—keys and certificates. Recognized as a security industry leader, the Venafi Threat Center is the first step toward Next-Generation Trust Protection.

    PKI-PKE Tools