Archive for Infosec

Infosec Institute Awards Security Education Scholarships To Help Close Cyber Skills And Diversity Gap

Posted in Commentary with tags on September 1, 2022 by itnerd

Infosec Institute, a leading cybersecurity education provider and part of Cengage Group, today announced fourteen recipients of the 2022 Infosec Accelerate Scholarship. Established in 2018 to draw new talent from under-represented groups to join the cybersecurity industry and close the growing skills gap, the program awards lifetime access to Infosec Skills, a $10,000 value, to help recipients launch and advance their cybersecurity careers. 

Infosec Skills, Infosec’s technical skill development platform, includes over 1,400 resources to assess teams and close skills gaps with hands-on cyber ranges, projects and courses. Scholarship recipients have unlimited access to the newly released Infosec Skills cyber range, where cyber professionals can learn to defend against MITRE ATT&CK® Matrix for Enterprise tactics and techniques, perform penetration tests and practice writing secure code in an enclosed environment. Labs inside the cyber ranges guide learners through realistic scenarios inside the operating environments they’d encounter on the job — with clear learning objectives and actionable lessons.

2022 Infosec Accelerate Scholarship winners are:

Infosec Accelerate Women Scholarship 

  • Thanyathorn Thanapattheerakull | Toronto, Canada
  • Betta Lyon-Delsordo | Missoula, Montana
  • Heidys Cabrera | Hialeah Gardens, Florida

Infosec Accelerate BIPOC Scholarship 

  • Summer Black | Oak Lawn, Illinois
  • Jade Brown | Beachwood, Ohio
  • Joanina Perez | Brockton, Massachusetts

Infosec Accelerate Military & Veteran Scholarship 

  • Shaz Baig | Brooklyn, New York
  • Brian Nordemo | Laconia, New Hampshire
  • Christopher Chisholm | Missoula, Montana

Infosec Accelerate Undergraduate Scholarship 

  • Nicholas Kenyon | Cape Coral, Florida
  • Anthony Torres | Santa Clarita, California
  • Nicholas Langenfeld | Wild Rose, Wisconsin

Infosec Accelerate LGBTQI+ Scholarship 

  • Angelica Bonus | San Diego, California
  • Kandice Kucharczyk | Cape Coral, Florida

Learn more about the Infosec Accelerate Scholarships here.

Infosec Institute Launches Free Resources to Help Organizations Level Up Their Cybersecurity

Posted in Commentary with tags on August 8, 2022 by itnerd

Infosec Institute, a leading cybersecurity education provider, today announced free cyber education resources to help organizations and employees level up their cybersecurity during National Cybersecurity Awareness Month (NCSAM) and beyond. Hosted every October by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), NCSAM aims to raise awareness about the importance of cybersecurity and provide resources for individuals to be secure online.

In support of this initiative, Infosec is providing a comprehensive security awareness and training toolkit, featuring: 

  • A training module for employees of all levels
  • An employee assessment to help identify security awareness training needs
  • Four posters, newsletter and email templates focused on key security behaviors
  • An NCSAM-themed screensaver to educate learners on data breaches that happened this year
  • An employee presentation about the program and targeted behaviors

As National Cybersecurity Awareness Month approaches, Infosec will release additional complementary resources for use by organizations, including a hands-on skills challenge, a training webinar for security awareness administrators, and discounts on instructor-led boot camps. All Infosec NCSAM resources are powered by the award-winning Infosec IQ and Infosec Skills security education platforms. Infosec IQ security awareness and training empowers employees with the knowledge and skills to stay cyber-secure at work and home with over 2,000 awareness and training resources.Infosec Skills helps cyber professionals upskill and get certified with unlimited access to 1,200+ hands-on cybersecurity courses, labs and cyber ranges.

Access Infosec’s Cybersecurity Awareness Month toolkit here.

Infosec Institute Recognized For Comprehensive Cybersecurity Training At The 2022 Global InfoSec Awards 

Posted in Commentary with tags on June 17, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company and part of Cengage Group, announced it won two coveted Global Infosec Awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The awards were announced last week during RSA 2022 in San Francisco, CA. Infosec was recognized for: 

  • Most Comprehensive Cybersecurity Training — Infosec Skills
  • Publisher’s Choice Security Awareness Training — Infosec IQ

Since its founding in 2004, Infosec has trained over 100,000 cybersecurity professionals through Infosec Skills courses and helped more than 5 million learners improve cybersecurity knowledge and safety at work and home with Infosec IQ training. With Infosec Skills, cybersecurity and IT professionals have access to 1,400+ hands-on cybersecurity resources, with the option to upgrade to boot camp style, instructor-led training to prepare for certifications. With Infosec IQ, organizations will continue to benefit from thousands of security awareness resources for training employees about cyber threats, phishing scams and cyber safety.

See the full list of this year’s winners at

Infosec Institute Accelerates Role-Guided Cybersecurity Training For The Entire Workforce at RSA 2022

Posted in Commentary with tags on June 2, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company and part of Cengage Group, announced a hands-on supply-chain cybersecurity workshop and role-guided training solutions they will showcase at the RSA Conference, June 7-9, 2022, in San Francisco, CA. Infosec will highlight a range of solutions including proprietary, role-guided training roadmaps, gamified security awareness programs and a chance to experience their industry-leading training firsthand with an incident response security workshop focused on supply chain security.

Record numbers of cyber incidents and open cybersecurity roles in 2021 fueled the need for security education to strengthen organizations’ security cultures, upskill cyber teams, reduce business risk and meet compliance. To help overcome these challenges, Infosec has developed new solutions within their Infosec Skills and Infosec IQ training platforms to help organizations scale effective, role-guided cyber education to every employee.

At this year’s RSA Conference, Infosec will highlight several security training solutions that provide hands-on, engaging training for the entire enterprise, empowering professionals with the knowledge, skills and confidence to outsmart cybercrime. 

  • Infosec Skills Roles provide pre-built training and certification roadmaps for 12 of the most in-demand cybersecurity positions, enabling enterprises to upskill and reskill cyber talent at scale and individuals to break into the industry. 
  • Choose Your Own Adventure® Security Awareness Games help employees learn by doing and accelerate security behavior change through a first-of-its-kind gamified approach. The games put employees in the driver’s seat with interactive storylines that foster critical thinking, boost retention and increase engagement. 
  • Infosec Skills Cyber Ranges provide hands-on training exercises in virtualized environments that security and IT professionals encounter in their jobs. Mapped to the MITRE ATT&CK® Matrix for Enterprise, interactive cyber ranges help learners not only master foundational concepts but also help them apply this knowledge hands-on to counter the adversarial behaviors targeting their businesses. 
  • Infosec IQ’s Cybersecurity Culture Survey systematically measures and tracks employee perceptions and sentiments around five domains of cybersecurity culture, enabling organizations to pinpoint areas for improvement, see recommended strategies to strengthen their culture and track progress over time.

RSA attendees will have the opportunity to experience Infosec Skills training firsthand, with a hands-on lab session on securing the supply chain led by Infosec’s principal security researcher, Keatron Evans. On the exhibit floor, attendees can experience Infosec Skills Roles and Choose Your Own Adventure® Security Awareness Games firsthand and learn how Infosec is working to fill the cyber skills gap through role-guided training that engages and empowers employees. 

Visit Infosec at booth 3324 in the South Hall at the RSA Conference or attend Infosec’s Secure the Supply Chain Workshop with Keatron Evans on June 7 from 1:15 PM – 3:15 PM PT in Moscone West 2020 to learn more about their organization-wide security training education platforms. 

A Security Researcher Provides His Initial Thoughts On The Verizon DBIR

Posted in Commentary with tags on May 28, 2022 by itnerd

A few days ago the Verizon Data Breach Investigations Report hit the streets. I covered that here and it should be considered required reading by anyone who is responsible for keeping their enterprise secure. I wanted to get another view on the DBIR. Thus I am fortunate to get the initial thoughts of Keatron Evans, principal security researcher at Infosec Institute.

Supply Chain is still top of mind and a serious threat. When we look at the other top items on the list from this report, they are intrinsically linked to the supply chain. Several high-profile Ransomware attacks were at the hands of vendors or suppliers. Several intrusions not involving Ransomware were due to vendors and suppliers. It’s great to see this report finally confirm this, but we’re still not any closer to a solution than we were when the “Winds of Solar” supply chain breach shook the world. 

NOTE: Keatron will be speaking about securing the supply chain at RSA.

82% of actual breaches had a human element to them according to the DBIR. Social Engineering, primarily phishing still leads the way for most data breaches. Credentials fall right behind it. But it’s worth mentioning the relationship between the two. Often times the reward of successful phishing is credential harvesting. This keeps end-user security awareness, Endpoint protection and EDR solutions in the lead as the best weapons to defend against the leading breach avenues. There is also a mention of Pretexting and Business Email Compromise being key drivers for this. I can cite our own internal numbers. Out of all of my clients, companies with 100 or more employees, we’ve had to assist with Business Email Compromise attacks against at least one executive at each organization. So this mirrors what we are seeing at our own micro-level. 

It’s no surprise that training has its own section in the report.  There is a very timely mention of how long training can take depending on the outcomes. I tell students all the time. Getting certifications can happen quickly, learning how to do something could take considerably longer than “quickly”, and changing will inevitably take much much longer than “quickly”.  In an article I published last year, I proposed that doing intense skills training for IT and cybersecurity staff had a greater net improvement impact on cybersecurity than end-user awareness training does. The statements made in this report about training developers and engineers on security since they build the systems are timely statements and I believe they are right on point. This again echos my own data from our customers for whom we both train and provide penetration testing and other services. 

One of my main concerns with the findings is that while we are improving on remediation, we are still remediating the same things. The vulnerabilities being exploited are not often zero-day in nature and they’re well known and mostly patchable. A lot of the web application attacks which seem to remain high are based on stolen credentials which blurs the actual issue, which is credentials are being stolen instead of bypassed by some advanced zero-day or next-generation attack. I think there are many great pieces of data uncovered by this report. We have to stay diligent in removing low-hanging fruit vulnerabilities because even advanced threat actors are using them. We must make sure we keep our people trained up to be able to combat the latest threats. And lastly, Ransomware is there to stay. It’s become too profitable and too easy. 

Infosec Institute Named a Visionary in EMA’s Vendor Vision Report

Posted in Commentary with tags on May 24, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced they were named a Visionary in the inaugural Vendor Vision report by Enterprise Management Associates (EMA), a leading IT and data management research and consulting firm. The report highlights the top ten preeminent security companies in their respective categories exhibiting during the 2022 RSA Conference at San Francisco’s Moscone Center, June 6-9. 

Recognized for delivering the right training to the right people at the right time, Infosec helps organizations strengthen their security posture, reduce risk and meet compliance by providing cyber-education for every role within an organization. Infosec Skills and Infosec IQ aim to meet learners where they are, providing them with timely and engaging content that works to fill the growing cyber skills gap. 

See the full list of vendors recognized in the report here. Infosec will be exhibiting at the RSA Conference in booth 3324 in the South Expo Hall, and more information regarding the conference can be found here.

Infosec Institute Unveils New Role-Guided Cybersecurity Training Roadmaps 

Posted in Commentary with tags on May 18, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today unveiled Infosec Skills Roles, pre-built training roadmaps aligned to the 12 most in-demand cybersecurity roles including SOC Analyst, Penetration Tester, Security Engineer and Cybersecurity Beginner. Hosted in the Infosec Skills training platform, Infosec Skills Roles helps organizations upskill and cross-train talent for open security roles while also improving engagement and performance.

Today there are over 600,000 unfilled cybersecurity roles in the U.S., with more than half requiring at least one certification. As critical cybersecurity roles remain unfilled and technology change continues to outpace skill development, organizations are increasingly vulnerable to today’s record number of cyber threats. Additionally, security leaders face increasing pressure to prevent and mitigate cyberattacks with overburdened cyber teams, inadequate training programs and limited resources.

To help cyber leaders upskill and cross-train talent quickly, Infosec Skills Roles provide training recommendations for 12 of the most common cybersecurity positions, enabling enterprises to upskill and reskill cyber talent at scale and individuals to break into the industry. Backed by the research of skills requested by employers and a panel of cybersecurity subject matter experts, each of the 12 Infosec Skills Roles clearly outline which training and certifications are needed so learners can laser focus on the most important areas to strengthen and security leaders fill skill gaps on their teams. 

Recently named a Leader in IT Training by IDC Marketscape, the Infosec Skills platform offers 1,400+ hands-on cybersecurity courses and cyber ranges mapped to the NICE Workforce Framework for Cybersecurity and MITRE ATT&CK® Matrix. Infosec Skills helps cyber leaders prepare teams for ATT&CK tactics, guide team development and fast-track certification, with over 80% of learners reporting improved skills and abilities. 

Infosec Skills Roles will be showcased at the upcoming RSA Conference, June 6-9 in San Francisco, CA and Gartner Security & Risk Management Summit June 7-9, in National Harbor, MD. Individuals are encouraged to explore Infosec Skills Roles firsthand and take Infosec’s new #MyCyberRole quiz with a custom role recommendation and a trial Infosec Skills subscription to start training towards their newly matched role. 

Explore Infosec Skills Roles. 

TrustRadius Names Infosec Skills And Infosec IQ Top Rated in 2022

Posted in Commentary with tags on May 11, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced their Infosec Skills and Infosec IQ security training platforms earned Top Rated Awards from, the most trusted review site for business technology. Top Rated Award criteria are based on authentic recent ratings and reviews from real customers.

Infosec’s platforms — Infosec IQ and Infosec Skills — provide hands-on, engaging training to the entire enterprise, empowering professionals with the knowledge, skills and confidence to outsmart cybercrime. Today, more than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent and teams, and more than five million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness and phishing training

Infosec Skills secures its second Top Rated Award

With overwhelming positive client feedback and recognition from industry experts, Infosec Skills received its second Top Rated Award in the eLearning Content category, based on client satisfaction and market relevance.

Read what other clients had to say in their TrustRadius Infosec Skills reviews.

Infosec IQ Receives Third 2022 TrustRadius Award

After winning awards from TrustRadius for Best Feature Set and Best Relationship, Infosec IQ received the Top Rated Award in the Security Awareness Training category. This award ranks Infosec IQ as having some of the highest client satisfaction ratings in the market.

Read what other clients had to say in their TrustRadius Infosec IQ reviews.

Infosec Institute Adds Sales And Channel Leaders To Their Team

Posted in Commentary with tags on April 26, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced the expansion of its international commercial business with the appointment of Jeffrey de Graaf as the senior vice president of international sales and Donna Turgeon as head of channel.  

As SVP of international sales, Jeffrey will build and lead Infosec’s global sales organization. Jeffrey de Graaf has more than 20 years of experience as a sales and marketing professional, with a strong emphasis on IT security and channel relations. He was most recently responsible for leading KnowBe4’s operations across Europe, the Middle East and Africa (EMEA). Ensuring growth aspirations were met, this included the build, growth and maturation of the Channel business, along with all foundational functions such as Sales and Account Management, Customer Success, pre and post-sales Technical support and Engineering, People Operations, Marketing and Administration functions.

In her role as head of channel, Donna will lead Infosec’s channel sales team and indirect go-to-market strategy, operations and revenue globally. Donna brings 30 years’ experience driving indirect and direct revenue, ensuring customer success, delivering global GTM programs, leading corporate Channel and Distribution strategy, recruiting and onboarding business partners, and building effective Global sales and support teams. Donna is a multiple-year CRN Channel Chief award winner. Before her role at Infosec, she built an excellent indirect and direct sales and Marketing organization as CRO of VIPRE Security Group. She has held various senior leadership roles at various companies, including KnowBe4, Tech Data, InspiredeLearning and AccentHealth. 

In 2021 alone, Infosec’s software platforms — Infosec IQ and Infosec Skills — helped millions of learners make the digital world safer by delivering 26 million minutes of cybersecurity training. The company has also received many awards for its online training platforms, Infosec Skills and Infosec IQ, and announced several strategic industry alliances with organizations like Microsoft and Check Point Software.

To learn more about Infosec, visit

Infosec Institute Partners With VetJobs To Provide Cybersecurity Scholarships To Veterans And Military Spouses

Posted in Commentary with tags on April 19, 2022 by itnerd

Infosec Institute, the leading cybersecurity education company, today announced a new Infosec Gives Partner, VetJobs.  VetJobs is a leading veteran charity organization providing job placement and ongoing career progression to veterans, transitioning military and military spouses.

The Infosec Gives Partner Program enables partners to award three annual Infosec Accelerate Scholarships — fully funded by Infosec — through their organization. Each Infosec Accelerate Scholarship provides qualified recipients lifetime access to Infosec Skills, the leading security and IT skill development platform with over 1,000 hours of hands-on cybersecurity training. Each lifetime Infosec Accelerate Scholarship is valued at $15,000. 

As the second official Infosec Gives partner, VetJobs will award three scholarships to a  transitioning service member, veteran, national guardsman, reservist, or military spouse, enabling  them to build and enhance their cybersecurity skills. Beyond the annual scholarships, the Infosec and VetJobs partnership provides discounted online technical training opportunities to VetJobs technology program participants through the Infosec Skills platform.

Infosec’s technical skill development platform, Infosec Skills, includes over 1,200 learning resources to assess teams and close skills gaps with hands-on cyber ranges, labs, projects and courses mapped to the NICE Workforce Framework for Cybersecurity and the MITRE ATT&CK® Matrix for Enterprise.

To learn more about the scholarships and to apply via VetJobs, click to apply.

Scholarship applications will open on April 18, 2022 and will close May, 13 2022.