CSOH

OWASP EKS Goat

Intentionally vulnerable AWS EKS environment with 20+ attack-defense labs simulating real-world misconfigurations, IAM flaws, and pod breakout paths.

Kubernetes Goat

Interactive Kubernetes security learning platform with guided workbook for GKE, EKS, AKS, or K3S. Deploy in your own cloud account.

Kubecon NA 2019 CTF

GCP-based CTF with guided workbook covering two attack and defense scenarios plus bonus challenges.

OWASP Wrong Secrets

Hands-on vulnerable application teaching secrets management anti-patterns and best practices.

CloudGoat

Deliberately vulnerable AWS deployment tool for learning cloud penetration testing. Create scenarios in your own AWS account.

FLAWS

Challenge-based website teaching AWS security concepts through real vulnerabilities and misconfigurations.

FLAWS 2

Sequel to FLAWS with new AWS security challenges focusing on different attack vectors.

Wiz EKS Cluster Games

Vulnerable EKS pod with flag challenges across environment, includes leaderboard and requires registration.

Wiz Big IAM Challenge

CTF focused on AWS IAM privilege escalation and permission boundaries.

Wiz K8s LAN Party

Network of misconfigurations and vulnerabilities in Kubernetes cluster with leaderboard.

Wiz CTF Portal

Central hub for all Wiz CTF challenges and competition. Explore various cloud security challenges with leaderboards and prizes.

Thunder CTF

GCP-focused CTF challenges covering various cloud security scenarios.

IAM Vulnerable

AWS IAM privilege escalation playground with 31 different attack paths. Deploy with Terraform.

CloudFoxable

Deploy vulnerable AWS scenarios using Terraform. Companion to CloudFox enumeration tool.

BadZure

Deliberately vulnerable Azure infrastructure for testing and learning.

AIGoat

Deliberately vulnerable AI infrastructure from Orca Research for learning AI security.

CNAPPGoat

Multi-cloud vulnerable environment for testing CNAPP capabilities.

CICDont

Deliberately vulnerable CI/CD environment for learning pipeline security.

Bust a Kube

Vulnerable K8S cluster VMs for local VMWare environment.

Kube Security Lab

Local Kubernetes security testing environment with 14 vulnerable clusters using Docker, Ansible, and Kind.

Blue Team Labs

Defensive security scenarios and detection engineering challenges.

Hack The Box BlackSky

Cloud security specialist labs for AWS, Azure, and GCP with realistic enterprise infrastructure. Earn Cloud Security Specialist certifications.

Cybr Free AWS Labs

Free 1-click deploy hands-on AWS security labs for building practical skills risk-free.

Digital Cloud Training Challenge Labs

1000+ scenario-based labs for AWS and Azure with automatic validation, scoring, and multiple difficulty levels.

AWS Well-Architected Security Labs

Hands-on labs and documentation for building secure workloads using AWS Well-Architected Framework.

Awesome CloudSec Labs

Curated collection of free cloud native security learning labs including CTF, workshops, and research labs.

Immersive Labs

Cyber drills, labs, and reporting mapped to MITRE ATT&CK, NICE, and NIST frameworks for measuring team readiness.

SecureFlag GCP Labs

Hands-on GCP security training covering IAM, network security, encryption, and API security.

Pwned Labs

Premium Azure and AWS security labs with assume-breach scenarios and professional certifications.

TryHackMe

Gamified cybersecurity training with cloud security learning paths and 800+ labs.

A Cloud Guru

Comprehensive cloud training platform with AWS, Azure, and GCP security courses.

CBT Nuggets

IT training platform with cloud security certification prep courses.

Udemy Courses

Wide selection of cloud security courses from various instructors.

Amazon EKS Workshop

Hands-on workshop for learning Amazon EKS including security best practices.

AccuKnox CNAPP

Zero Trust CNAPP with integrated CSPM, CWPP, KSPM, ASPM. Features runtime protection via KubeArmor with eBPF/LSM and inline mitigation.

Wiz CNAPP

Agentless CNAPP with security graph technology for visualizing attack paths across AWS, Azure, GCP, OCI, and Alibaba Cloud.

Sysdig Secure

CNAPP leveraging open-source Sysdig and Falco for deep runtime threat detection with eBPF monitoring.

Orca Security

Agentless CNAPP with side-scanning technology and attack path analysis showing real-world exploitation scenarios.

Aikido Security

Unified code-to-cloud platform combining CSPM, CWPP, SAST, SCA. Traces issues from runtime back to IaC source code.

Fidelis Security Halo

CNAPP with patented 2MB microagent technology for Windows/Linux with self-installing capabilities.

Shodan

Search engine for Internet-connected devices. Essential for cloud asset discovery and reconnaissance.

ZoomEye

Cyberspace search engine for discovering exposed services and devices.

Binary Edge

Internet scanning and attack surface management platform.

LeakIX

Search engine for exposed data and misconfigurations.

DNSDumpster

DNS reconnaissance and research tool for discovering domain assets.

Security Trails

DNS and domain intelligence for attack surface discovery.

grep.app

Search across 500K+ GitHub repositories for code, credentials, and configurations.

Dorksearch

Google dork search tool for finding exposed information.

Packet Storm

Information security news, files, and exploits database.

Exploit-DB

Archive of public exploits and vulnerable software.

CloudVulnDB

Open-source database of cloud security vulnerabilities.

OWASP

Open Web Application Security Project with cloud security resources.

Cloud Katana

Cloud adversary emulation tool for testing detection capabilities.

ScoutSuite

Multi-cloud security auditing tool for AWS, Azure, GCP, and more.

Saner CNAPP

Revolutionary CNAPP integrating CSPM, CIEM, CWPP with AI-driven monitoring and automated remediation.

AccuKnox CNAPP

Zero Trust CNAPP built on KubeArmor with eBPF runtime protection and inline mitigation.

Datadog Cloud Security

Real-time threat detection with compliance automation for DevSecOps workflows.

Lacework Polygraph

AI-powered CNAPP with ML anomaly detection and automated threat response.

SentinelOne Cloud

AI-powered threat detection for cloud workloads with runtime protection.

Check Point CloudGuard

Unified security across applications, networks, and workloads with AI-driven threat prevention.

Sysdig Secure

Container and Kubernetes-focused security with runtime protection and deep investigation.

CrowdStrike Falcon Cloud

Identity-centric cloud security with continuous monitoring and least-privilege enforcement.

Orca Security

Agentless cloud security with SideScanning technology for comprehensive visibility.

Palo Alto Prisma Cloud

Comprehensive CNAPP with end-to-end security from code to cloud.

CCSP Certification

Certified Cloud Security Professional from ISC². Advanced certification requiring 5+ years IT experience covering cloud architecture and risk management.

CKS Certification

Certified Kubernetes Security Specialist from CNCF. Hands-on certification proving command-line proficiency in securing production K8s workloads.

Pwned Labs Professional Bootcamps

Cloud attack & defense bootcamps for AWS (ACRTP), Azure/M365 (MCRTP), and GCP (GCRTP) with professional certifications.

CSA DevSecOps Training

Self-paced course on DevSecOps implementation, challenges, enablers, and culture measurement.

CSA Cloud Threat Modeling

Training on top 11 cloud threats, threat modeling techniques, and risk treatment methods.

AWS Certified Cloud Practitioner

Foundational AWS certification covering cloud concepts and basic security.

AWS Solutions Architect Associate (SAA-C03)

Associate-level AWS certification with security design principles.

AWS Solutions Architect Professional

Professional-level AWS certification including advanced security architectures.

Security Certification Roadmap

Comprehensive visual guide to cybersecurity certifications and career paths.

ISC2 CCSP 2025

Updated Certified Cloud Security Professional with new domains: zero trust, DevSecOps, cloud-native security.

CKS: Kubernetes Security

Certified Kubernetes Security Specialist with hands-on labs for cluster and system hardening.

CSA CCSK v5

Updated Certificate of Cloud Security Knowledge v5 covering latest cloud security domains.

GIAC GCSA & GCLD

Cloud Security Automation (GCSA) and Cloud Data (GCLD) focusing on automation and data security.

CompTIA Cloud+ 2025

Updated Cloud+ covering cloud security implementation across hybrid environments.

Tumeryk

Cloud security testing and attack simulation platform. Test cloud infrastructure for security vulnerabilities through automated attacks and provide AI-powered recommendations.

Lakera Guard

Real-time LLM security platform detecting prompt injection, jailbreak attempts, and unsafe behavior with <50ms latency. Industry-leading protection backed by millions of attack data points.

NVIDIA Garak

Open-source LLM vulnerability scanner probing for hallucination, data leakage, prompt injection, toxicity, and jailbreaks. The nmap of AI security.

LLM Guard

Open-source security toolkit with advanced input/output scanners for data leakage prevention, prompt injection detection, and content moderation. 2.5M+ downloads.

Rebuff AI

Multi-layered prompt injection detection using heuristics, LLM-based detection, and canary tokens to identify and mitigate vulnerabilities.

CalypsoAI Moderator

Model-agnostic enterprise LLM security solution providing real-time scanning, alerts, and comprehensive risk identification at scale.

NeMo Guardrails

NVIDIA's Python toolkit for adding programmable guardrails to LLM conversational applications, ensuring responsible and ethical AI use.

Guardrails AI

Python package for specifying structure, type validation, and correcting LLM outputs with pre-built measures for various risks.

Giskard AI Security

Automated LLM security testing with heuristics-based and LLM-assisted detectors for domain-specific vulnerabilities in AI applications.

LLMFuzzer

Open-source fuzzing framework for LLMs focusing on API integrations with diverse fuzzing strategies to identify vulnerabilities.

Pynt LLM Security

Dynamic analysis and traffic inspection for LLM APIs, identifying prompt injection pathways and insecure output handling.

BurpGPT

Burp Suite extension integrating LLMs for AI-enhanced web security testing with vulnerability scanning and traffic analysis.

Lasso Security

End-to-end LLM security solution protecting against external threats and internal vulnerabilities with comprehensive threat modeling.

WhyLabs LLM Security

Multi-layered approach to LLM security with data loss prevention, prompt injection monitoring, and misinformation detection.

Protecto AI

High-precision LLM security evaluation with Privacy Vault for data encryption, anonymization, and secure model deployment.

Vigil

Alpha-stage prompt-level security scanner for high-volume environments requiring prompt validation without infrastructure overhaul.

OpenAI Aardvark

Agentic security researcher monitoring commits for vulnerabilities using LLM-powered reasoning to identify, explain, and fix security issues.

Microsoft PyRIT

Python Risk Identification Toolkit for red-teaming LLMs with structured approaches to adversarial testing.

Constitutional AI

Anthropic's framework for AI safety through constitutional principles, enabling models to self-correct and maintain alignment.

Alert AI Gateway

Zero-Trust AI Security Gateway with automatic vulnerability scanning across full development lifecycle.

DeepEval

LLM evaluation and guardrails framework with LLM-as-judge for data leakage, prompt injection, jailbreaking, bias, and toxicity detection.

Nexos.ai Platform

Unified AI governance platform with AI Gateway, AI Workspace, guardrails, and LLM observability for enterprise security.

Granica AI Crunch

AI data platform optimizing training data pipelines with security, privacy, and compliance controls for LLM development.

Mindgard AI

AI security posture management (AI-SPM) for continuous threat monitoring, risk scoring, and automated remediation.

DeepStrike AI Pentesting

AI-specific penetration testing services simulating adversarial attacks, model inversion, and memory poisoning.

Hugging Face Model Cards

Standardized model documentation framework for transparency, security evaluation, and risk assessment of AI models.

OWASP Top 10 for LLMs 2025

Definitive list of top 10 LLM security vulnerabilities including prompt injection, data poisoning, and excessive agency. Updated for 2025 with new threats.

OWASP Agentic AI Top 10 2026

Groundbreaking framework for autonomous AI systems released at Black Hat Europe 2025, covering agentic manipulation and tool poisoning.

Prompt Injection Guide

Comprehensive OWASP guide to prompt injection vulnerabilities, direct and indirect attacks, and mitigation strategies ranked #1 AI security risk.

CSA Guardrails Guide

Cloud Security Alliance's in-depth guide on building enterprise AI prompt guardrails with DLP integration, multilayered security, and compliance frameworks.

Bypassing LLM Guardrails Research

Academic research demonstrating character injection and AML evasion attacks achieving 100% bypass rates against commercial guardrails.

CNAPPs Surge Report

IDC research on CNAPPs as top-3 security investment priority with AI integration reducing alert fatigue and enabling 50% faster response.

LLM Security Guide

Comprehensive GitHub reference for securing LLMs covering OWASP Top 10, prompt injection, adversarial attacks, and mitigation strategies.

Datadog Guardrails Best Practices

Technical guide on implementing guardrails for LLM security covering input validation, prompt construction, and output filtering.

Lakera Prompt Injection Guide

Tactical guide to understanding, recognizing, and preventing prompt injection attacks with real-world examples and defense strategies.

Obsidian: Prompt Injection #1

Analysis of prompt injection as #1 AI exploit in 2025 appearing in 73% of production deployments with enterprise mitigation strategies.

Confident AI: Ultimate Guardrails Guide

Complete guide to LLM guardrails using LLM-as-judge for data leakage, prompt injection, jailbreaking, and bias detection.

Invicti: OWASP LLM Analysis

Business impact analysis of OWASP Top 10 LLM risks with technical testing methods and defense strategies.

Qualys: OWASP 2025 Updates

Analysis of key changes in OWASP Top 10 for LLMs 2025 including RAG vulnerabilities and vector/embedding weaknesses.

EvidentlyAI: OWASP Testing

Practical guide to testing Gen AI apps against OWASP Top 10 with risk assessment, adversarial testing, and implementation strategies.

Strobes: Mitigation Playbook

Comprehensive mitigation playbook for OWASP Top 10 LLM risks with technical controls and governance frameworks.

Nexos.ai: Top 10 LLM Tools

Comparative analysis of top LLM security tools in 2025 based on feature depth, enterprise fit, and industry coverage.

Lakera: Top 12 LLM Tools

Curated list of paid and free LLM security tools including vulnerability scanners, guardrails, and testing frameworks.

Pynt: Essential LLM Tools

Essential LLM security tools covering prompt injection detection, data leakage prevention, and automated security testing.

Protecto: Best LLM Tools 2025

Comprehensive review of best LLM security tools for testing, monitoring, and compliance with implementation guidance.

Obsidian: AI Pentesting Tools

Specialized AI pentesting tools for uncovering LLM vulnerabilities including prompt injection, model inversion, and memory poisoning.

Mindgard: Guardrail Evasion

Research on evading AI guardrails using invisible characters achieving 100% evasion success against major vendors.

MDPI: Prompt Injection Review

Comprehensive academic review of prompt injection attacks from 2023-2025 analyzing 45 sources with PALADIN defense framework.

DeepStrike: OWASP Deep Dive

Deep dive into OWASP Top 10 LLM vulnerabilities with real attack scenarios, business impact analysis, and remediation strategies.

AccuKnox: Monitoring Tools 2025

Top 7 cloud security monitoring tools in 2025 offering real-time threat detection, runtime protection, and compliance automation.

TechTarget: CNAPP vs CSPM

Technical comparison of CNAPP and CSPM tools explaining when to use each, with decision frameworks for cloud maturity stages.

LinkedIn

Premier professional networking platform. Essential for cloud security job search, networking, and building your personal brand.

Dice

Tech-focused job board with extensive cybersecurity listings. Advanced filters, salary data, and market insights for tech professionals.

CyberSeek

Interactive career pathways and workforce data for cybersecurity professionals. Maps career progression and shows demand by location.

ClearanceJobs

Specialized job board for security-cleared professionals. Essential for government and defense contractor positions.

CyberSecJobs

Cybersecurity-exclusive job board with strong federal and defense contractor presence. Focuses on cleared positions.

CyberSN

Cybersecurity-exclusive platform with curated listings from entry-level to CISO roles. Free posting and candidate matching tools.

CareersinCyber

Strong in GRC, audit, and compliance roles. Ideal for policy-focused cybersecurity positions in financial services.

Glassdoor

Job search with company reviews, salary transparency, and interview insights. Research companies before applying.

Indeed

Largest job board with extensive filters and volume. Swiss Army knife of job search for all experience levels.

USAJOBS

Official US government job board. Essential for federal cybersecurity positions with NSA, CIA, FBI, DHS, and other agencies.

CyberCareers.gov

Federal government cybersecurity career platform. Tools, resources, and guide to cybersecurity workforce within federal government.

Hack The Box Careers

Job board for companies hiring HTB users. Your HTB rank and reputation can be more valuable than a resume line.

Scale.jobs

AI-powered job application platform with ATS-friendly resume tools and human support for cybersecurity professionals.

Wiz Cloud Security Jobs Board

Cloud security job board from Wiz featuring roles in cloud security, DevOps, and infrastructure security from leading companies.

Resume Worded

Free resume analyzer and optimization tool. Instant feedback on ATS compatibility and suggestions for improvement.

VisualCV

Professional resume builder with ATS-friendly templates. Track who views your resume and optimize for keywords.

Wozber

Free ATS-friendly resume builder with ATS resume scanner. Optimize your cybersecurity resume for applicant tracking systems.

Enhancv

Modern resume builder with industry-specific templates. Includes cybersecurity analyst examples and ATS optimization.

Toptal Resume Review

Expert guide to tech resumes in 2025. ATS trends, formatting tips, and keyword optimization for technical roles.

Resumatic

ATS-optimized resume templates for multiple tech roles including cybersecurity, with free options available.

Teal HQ LinkedIn Guides

Comprehensive LinkedIn optimization guides for cybersecurity roles. Headlines, summaries, and profile tips for 2025.

National Cybersecurity Alliance - Resume & LinkedIn Guide

LinkedIn Mentorship Program

Structured mentorship program including CoachIn for women in tech. Career guidance, skill development, and networking.

MentorCruise - Cybersecurity

1-on-1 cybersecurity mentorship with experienced professionals. Project-based learning and career guidance.

Cyber Potential

Cybersecurity career coaching including LinkedIn optimization, job search strategy, and interview preparation.

OffSec Talent Finder

Connect with cybersecurity employers looking for OffSec-certified professionals. Visibility for OSCP, OSWA, OSEP holders.

r/cybersecurity

Active Reddit community for cybersecurity professionals. Career advice, job leads, and informal mentorship.

r/netsec

Network security subreddit with experienced professionals. Technical discussions and career guidance.

Programs.com - Cybersecurity Job Guide 2025

Honest guide to getting cybersecurity jobs in 2025. AI impact, practical experience, and entry-level strategies.

DestCert - Cybersecurity Job Demand 2025

Analysis of cybersecurity job market trends, demand by industry, and career outlook through 2030.

Global Cybersecurity Network Blog

Career articles including job search strategies, resume tips, and showcasing skills effectively.

Cybersecurity Guide - Job Resources

Comprehensive roadmap for finding cybersecurity jobs. Company websites, agencies, internships, and networking tips.

HackerOne

Leading bug bounty platform. Build verifiable portfolio, earn recognition, and gain practical security experience.

Bugcrowd

Crowdsourced security platform. Find vulnerabilities, build reputation, and create public portfolio.

Synack

Vetted bug bounty platform with higher-quality targets. Requires application but offers better opportunities.

Black Hat

Premier cybersecurity conference. Networking, job fair, and connections with potential employers and mentors.

DEF CON

World's largest hacker conference. Networking, CTFs, and connecting with security community and employers.

RSA Conference

Major cybersecurity conference with extensive job opportunities, networking, and vendor connections.

BSides Security

Community-driven security conferences worldwide. Accessible networking and mentorship opportunities at all levels.

OWASP Local Chapters

Local OWASP chapter meetings worldwide. Free networking, learning, and connecting with local security professionals.

NICCS - NICE Framework

National Initiative for Cybersecurity Careers and Studies. NICE framework, career pathways, and workforce development.

(ISC)² Career Development

Cybrary Career Paths

Guided career paths for cybersecurity roles. Skills roadmaps from entry-level to advanced positions.

SANS Career Development

Career resources from SANS including job board, salary survey, and cybersecurity careers site.

Levels.fyi

Tech salary transparency. Compare compensation packages for security roles at major tech companies.

PayScale

Salary data and compensation research for cybersecurity positions. Free salary reports and negotiation tools.

Salary.com

Comprehensive salary information for cybersecurity roles. Job descriptions, salary ranges, and career advice.

GitHub

Essential for showcasing security projects, scripts, and contributions. Your technical portfolio and proof of work.

Medium

Publish cybersecurity articles and build thought leadership. Share writeups, tutorials, and security research.

DEV Community

Developer community for sharing security tutorials and projects. Build reputation and connect with tech community.

Toptal

Elite freelance network for top 3% of cybersecurity consultants. High-paying contract opportunities.

Upwork

Freelance platform with cybersecurity consulting opportunities. Build reputation and client base.

Fiverr

Freelance marketplace for security services. Pentesting, security audits, and consulting gigs.

DayCyberwox YouTube

Career advice and day-in-the-life content for cybersecurity professionals. Real-world insights and tips.

Help Net Security Jobs

Weekly cybersecurity job listings worldwide. Curated positions including remote, hybrid, and on-site roles.