Resources
Links we actually use. Vendor-neutral, practical, and current.
Frameworks & Standards
NIST Cybersecurity Framework (CSF) 2.0
Core functions, tiers, and profiles for risk governance.
ISO/IEC 27001 Overview
Information security management standard and controls family.
CIS Critical Security Controls
Prioritized, measurable controls with implementation groups.
OWASP ASVS
Verification standard for application security requirements.
Threat & Defense
MITRE ATT&CK
Adversary tactics and techniques knowledge base.
CISA Known Exploited Vulnerabilities (KEV)
Authoritative list of vulnerabilities under active exploitation.
Cloud Security Alliance (CSA) Guidance
Best practices and research for cloud security programs.
AI Security & Safety
OWASP Top 10 for LLM Applications
Risk categories and mitigations for LLM-enabled apps.
NIST AI Risk Management Framework
Guidance for trustworthy and risk-aware AI systems.
ENISA AI Threat Landscape
EU threat overview for AI systems and mitigations.
Incident Readiness
CISA Incident Response Playbooks
Playbooks and guidance for IR planning and exercises.
First Responder's Guide (NIST SP 800-61r2)
Computer Security Incident Handling Guide.
Privacy & Governance
NIST Privacy Framework
Risk-based approach to privacy engineering and governance.
CISA Secure by Design
Principles for measurable, shipping-grade security outcomes.