The curated list of resources we actually use ourselves and recommend without reservation. Updated regularly.

Hands-On Training Platforms

Free Learning Resources

Books We Recommend

Offensive

  • The Web Application Hacker’s Handbook — Stuttard & Pinto
  • The Hacker Playbook 3 — Peter Kim
  • Red Team Field Manual (RTFM) — Ben Clark
  • Real-World Bug Hunting — Peter Yaworski

Defensive / DFIR

  • The Art of Memory Forensics — Ligh, Case, Levy, Walters
  • Practical Malware Analysis — Sikorski & Honig
  • Blue Team Field Manual (BTFM) — Alan White & Ben Clark
  • The Practice of Network Security Monitoring — Richard Bejtlich

Engineering & Foundations

  • Computer Networking: A Top-Down Approach — Kurose & Ross
  • Operating System Concepts — Silberschatz
  • Cryptography Engineering — Ferguson, Schneier, Kohno

Certifications by Career Stage

Entry

  • CompTIA Security+ — HR filter cert; cheap, broad
  • eLearnSecurity eJPT — best entry-level offensive cert
  • Microsoft SC-200 — for SOC analysts in M365 environments

Mid-Career Offensive

  • OSCP — still the canonical offensive cert
  • HTB CPTS — increasingly accepted as OSCP alternative
  • OSWE — web exploitation specialization
  • CRTP / CRTE — Active Directory specialization

Mid-Career Defensive

  • GCIA / GCIH / GCFA — SANS, gold standard, expensive
  • HTB CDSA — defensive analyst cert
  • CCD — Certified CyberDefender by CyberDefenders

Strategic / Leadership

  • CISSP — for management track and HR filters
  • CISM — for security management
  • CCSP — for cloud-security leadership

CTF Platforms & Competitions

Newsletters & Podcasts

Newsletters

  • tl;dr sec — Clint Gibler’s weekly AppSec roundup
  • Risky Biz News — security news, mostly free
  • CyberWire Daily — daily news with depth

Podcasts

  • Darknet Diaries — long-form security storytelling
  • Risky Business — weekly news and analysis
  • SANS ISC Stormcast — daily 5-minute brief

Conferences

  • DEF CON (Las Vegas) — annual, late summer
  • Black Hat USA — co-located with DEF CON
  • RSA Conference — enterprise security
  • BSides events — local, free or low-cost; check your region
  • OffensiveCon — offensive research focus
  • NULLCON (India), NorthSec (Canada), Insomni’hack (Switzerland)

Communities

  • Reddit: r/netsec, r/AskNetsec, r/cybersecurity (lighter)
  • Discord: HackTheBox, TryHackMe, individual creator servers
  • Twitter/X: follow @csecurityelite plus established researchers
  • InfosecMastodon: infosec.exchange — the post-Twitter holdout community

If we missed a resource you find indispensable, tell us — contact [at] cybersecurityelite.com.