Resources | Opportunities | Direction




Free and
Low-Cost Tools
Professional Organizations
(Industry Leading Certifications)
Government Agencies
(Careers)
Technical Publications /
Security Research / Best Practice

Free and Low-Cost Tools
Good tools can make a skilled craftsman better. Below are online resources and tools to assist in a cybersecurity professional's ability to mature their cybersecurity posture.
CDE scoping, including identifying and defining where payment cards are stored, is critical for compliance. The following free and low-cost tools can be used to search your networks and systems for payment card data:
Organizations are required to implement file-integrity monitoring tools that alert employees to unauthorized modifications of critical system, configuration, and content files. The following free file integrity monitoring tools can be used for this requirement:
- OSSEC: http://www.ossec.net (also does centralized logging and host IDS)
- Samhain: http://la-samhna.de/samhain (also does centralized logging and host IDS)
- Ftimes: http://ftimes.sourceforge.net/FTimes
- Samurai WTF: http://www.samurai-wtf.org/
- Nessus: https://www.tenable.com/
- Nmap: https://nmap.org/
- OpenVAS: http://www.openvas.org/
- Splunk: https://www.splunk.com/
- Qualys BrowserCheck: https://browsercheck.qualys.com/
Organizations may want to implement intrusion-detection systems (IDS) and/or intrusion-prevention systems (IPS) to monitor all traffic at the perimeter of the data environment (DE) and at critical points inside the DE. The following free IDS/IPS tools can be used for this requirement:
- OSSEC: http://www.ossec.net/
- Samhain: http://la-samhna.de/samhain
- Snort: http://www.snort.org
- Suricata: http://openinfosecfoundation.org/index.php/download-suricata
- ATT Cybersecurity: https://www.alienvault.com/products/ossim
- Open Onion: https://securityonion.net/
Network monitoring tools can be used to ensure that NIST-required controls and process (e.g. SSH, SLL) are correctly running. The following free network monitoring tools are often seen by Coalfire during PCI assessments:
- Nagios: http://www.nagios.org
- Zabbix: https://www.zabbix.com/
- APIC EM: https://developer.cisco.com/site/apic-em/
- OpenNMS: http://www.opennms.org
- Sguil: http://bammv.github.io/sguil/index.html
You can use the following free tools to manage passwords:
- Password Safe: http://passwordsafe.sourceforge.net/index.shtml
- Keepass: http://keepass.info
- Password Gorilla: https://github.com/zdia/gorilla/wiki
Organizations should regularly detect and identify wireless access points (WAPs) within their environments. The following free and low-cost tools can be used to detect and identify WAPs:
- Wireless netview: http://www.nirsoft.net/utils/wireless_network_view.html
- Kismet: http://www.kismetwireless.net
- Inssider Office: http://www.metageek.net/products/inssider-office
- Xirrus Wi-Fi Inspector (NOW CAMBIUM): https://www.cambiumnetworks.com/xirrus/

Industry Leading Organizations & Certifications
In today's competitive industry, having a certification and clear direction for your career path will help a cybersecurity professional stand out to highlight their knowledge base.
- (ISC)2: https://www.isc2.org/
- IEEE: https://www.ieee.org/
- INCOS: https://www.incose.org/
- ISACA: https://www.isaca.org/
- EC-Council: https://www.isaca.org/
- NSPE: https://www.nspe.org/
- CompTIA: https://www.comptia.org/home
- DRI: https://drii.org/
- CBT Nuggets: https://www.cbtnuggets.com/home

Government Agencies
As a cybersecurity professional, there is a need to work with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future.
- NIST: https://www.nist.gov/
- DHS CS: https://www.dhs.gov/topic/cybersecurity
- CISA: https://www.cisa.gov/
- FBI: https://www.fbi.gov/investigate/cyber
- Idaho Dept. of Human Resources: https://dhr.idaho.gov/job-seekers/

Technical Publications & Security Research
In a climate where technology is constantly evolving, research and articles can help keep a cybersecurity professional up-to-date. The following publications are targeted for IT staff such as best practice guides and security research.
SP 800-53 Rev. 5
Security and Privacy Controls for Information Systems and Organizations