September 15, 2025
Why “we already have that data” is bullsh*t
CybSafe’s CEO and founder Oz Alashe unpacks why your colleagues keep missing the point on behavioral risk – and what to do about it
This list of free (or cheap) resources is a good introduction to cyber security, computer science and the human aspect of cyber security. It's by no means exhaustive, covering only the most fundamental concepts.Nevertheless, it’s a great place to start for beginners and those wanting to understand the basics.If you don’t have time to look through it all, we’d recommend you start with the things marked ‘recommended’.Enjoy, and good luck.
Recommended
Essential cyber security knowledge, simple, jargon-busting video that provides easy-to-understand definitions for terminology commonly used to describe cyber threats and the technology and security measures used to protect data.
2 mins
Free
Nick Espinosa explains how internet culture fails to foster a common understanding of cybersecurity and threats online. His five laws, designed to help us think like a hacker, explain why human nature exposes people and businesses to vulnerabilities and risk.
7 mins
Free
With two decades of cybersecurity experience, LaCour shines a light on the underbelly of internet mischief and malice, with the intent of empowering you to be vigilant and stay safe and protected.
10 mins
Free
Recommended
James Lyne talks about the growing gap between the cybersecurity know-how of internet users and the skills and tactics of professional cyber criminals. .
55 mins
Free
Recommended
Having a computer hacked can be life altering. We’re often fearful of hackers and those who want to engage in identity theft.
Adam Anderson is an ex-NSA agent and IT specialist and explains how hacking can be prevented.
13 mins
Free
Ransomware has become increasingly pervasive, but effective, as a form of cybercrime. James Lyne, steps through a demo of how ransomware victimises unsuspecting users, showing how cyber criminals use the internet to piece together ransomware to create cryptocode.
11 mins
Free
Chris Domas is a cybersecurity researcher, operating on what's become a new front of war, "cyber." In this engaging talk, he shows how researchers use pattern recognition and reverse engineering to understand a chunk of binary code whose purpose and contents they don't know.
16 mins
Free
Frank Heidt, cyber defense professional, offers a sobering historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions. Heidt mixes humor with intellect as he places the audience on "high alert" through stories of espionage and intrigue.
18 mins
Free
Recommended
Personal data is a precious commodity but can we sometimes share too much? Rob May thinks we need to develop our human firewall in an age where so much of our lives are online.
16 mins
Free
Hacking is about more than mischief-making or political subversion. As Catherine Bracy describes in this spirited talk, it can be just as much a force for good as it is for evil. She spins through some inspiring civically-minded projects in Honolulu, Oakland and Mexico City — and makes a compelling case that we all have what it takes to get involved.
10 mins
Free
Glenn Greenwald was one of the first reporters to see -- and write about -- the Edward Snowden files, with their revelations about the United States' extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about sensitive information and privacy, even if you're "not doing anything you need to hide."
21 mins
Free
It's been 25 years since the first PC virus (Brain A) hit the net. What was once an annoyance has become a sophisticated tool for crime and espionage. Computer security expert Mikko Hyppönen tells us how we can stop these new viruses from threatening the internet as we know it.
17 mins
Free
Most organisations fail to measure their human cyber risk.
Some measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed over time?” and “Which security interventions reduce most risk?”.
This whitepaper explains that to answer such questions, the security industry needs meaningful metrics: to be able to benchmark; to be able to see progress; and to measure success and impact.
1 hour
Free
Recommended
Much has been written about the benefits of a secure culture. By contrast, very little has been written about how to develop a secure culture.
This whitepaper reveals how today’s security teams can build a people-centric secure culture – one that places your people at the heart of cyber security. It also introduces C-CAT, CybSafe’s world-first Culture Assessment Tool that generates personalised recommendations for advancing the people-centric security culture of individual organisations.
Highlights include:
1 hour
Free
In this whitepaper, we outline the CybSafe approach to applying behavioural science, how it’s embedded in everything we do and how our products drive behaviour change in employees.
Contents:
1 hour
Free
Cybrary’s cyber security glossary provides the cyber security community with knowledge of and insight on the industry’s significant terms and definitions.
This list contains key terminology and is one of the most extensive cyber security glossary/vocabulary resources online.
N/A
Free
Recommended
Cyber security encompasses a much bigger, broader range of roles than most people realise. From operations to risk analysis to law, there are a huge variety of interesting career options – and you don’t necessarily have to study STEM subjects or have a degree in cyber security.
Cyber Security Challenge UK exists to inspire and enable more people from diverse backgrounds to become cyber security professionals.
Their website offers free resources and information on typical roles within the industry, development paths and career advice.
N/A
Free
This report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point.
2 hours
Free
Recommended
Most security awareness training attempts to raise awareness only. This blog explains the importance of security awareness training raising awareness, changing behaviour and building a culture of security, in order for it to be successful in decreasing risk.
3 mins
Free
Here, CybSafe explains why the old definition of security awareness training is too rudimentary - because it talks only of educating people and says nothing of ensuring they actually do anything with this security knowledge.
Instead, of assuming people’s awareness will automatically change their behaviour, this blog explains the importance of behaviour training and a secure culture in successfully decreasing risk.
3 mins
Free
Recommended
The definition of the human aspect of cyber security is changing. Cyber security strategies are typically sub-divided into sections on technology, processes and the human aspect of cyber security.
Definitions of both technology and processes are relatively uniform. The human aspect, however, is unique and can actually mean different things to different people.
This blog set out what the “human aspect” means in a traditional sense, as well as what it will mean in the future.
3 mins
Free
This course in cyber risk management provides practical, to-the-point training in everyday language, complete with examples that are easy to understand. It covers big picture events driving cybercrimes and the top cyber risks affecting executives and their organizations. It provides examples of common cyberattacks; explains how good "security hygiene" helps to combat security threats; outlines key actions to avoid threats such as phishing, identity theft, hacking, and financial fraud; and explains how contract "firewalls" and third-party cyber risk management can help mitigate the most common cyber risks. 1 hour 46 mins £7.00With the advent of information systems, information has become the life-blood of the modern world. And yet organisations aren’t always as careful as they could be with it. Whether it’s their customer details, details of their business transactions or their intellectual property, information is – almost casually – shared when it shouldn’t be.In this course you’ll explore what makes information so valuable and how information security is about the balance of the CIA Triad: Confidentiality, Integrity and Availability. 10 hours Free
Recommended
We shop online. We work online. We play online. We live online. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important. This course will help you to understand online security, recognise threats, and take steps to protect your digital life, whether at home or work. The course will also frame your online safety in the context of the wider world, introducing you to different types of malware, including viruses and trojans, as well as concepts such as network security, cryptography, identity theft and risk management. 16 hours FreeThis course is aimed at anyone with an interest in Information Security, whether as a career or for general business knowledge. It delivers an understanding of Information Security management issues including risk management, security standards, legislation, frameworks and business continuity. 3 days Tbd
This course offers a high-level overview of the security landscape.
It covers foundational concepts for the field of cybersecurity;
examines various types of common threats and attacks; ways to protect our environments through tools and design; explains some advanced topics such as penetration testing; and provides context for the cybersecurity jobs market and key roles within the industry.
38 hours
Free
Recommended
This introduction to end-user information and cyber security awareness is designed to teach the principles and practices that mobile, desktop and gaming device users need to keep themselves safe, at home and at work.
Based on the principle that a company’s most valuable assets are its people and its data, the course outlines why cyber security training is a means to protect both.
1 hours
Free
This course outlines the basic components of social engineering and how it is used.
Addressing different types of social engineering attacks, it provides hands-on experience using the Social Engineering Toolkit (SET).
The course teaches behavioural and technical controls that can be implemented to reduce the likelihood of a successful social engineering attack. It explores fake social media profiles, phishing emails and malicious payload and gives you the experience of playing the “victim” by opening a malicious file.
The course explains why you should limit the information you share on social media and covers some basic items to include in your security awareness program.
By the end of the course, you should understand:
2 hours
Free
