The Internet is a great place to find information security resources, but getting a well-rounded selection of sources can be a bit hard as you work to filter out the information about the latest Anonymous hack or virus.

What I’ve tried to collect here are some of the best educational resources on InfoSec. Notice these aren’t tools or news sites, but rather sources by which you can ground yourself in the basics. Also note that there is no particular ordering that occurred as I wrote the list, just the order that I thought of them.

  1. Security Now! - Security Now is a podcast from the TWiT network. Although there is an emphasis on recent events, there are also in-depth explanations of how the exploits occurred. Add that to periodic series dedicated to explaining fundamentals (such as “The SSL/TLS Protocol” episode 195), this is a great resource for InfoSec education. And at over 300 episodes, there’s quite a backlog for you to work through.

  2. NIST - NIST, the National Institute of Standards and Technology, defines federal standards in security. This is the agency which ran the AES competition and defined FIPS, and you can find many other cryptography and security related standards and best practices defined here.

  3. IT Security (Stack Exchange) - Following the question and answer format of its parent site, Stack Exchange, IT Security is a community driven site answering a wide range of security questions.

  4. Cryptography Beta (Stack Exchange) - I almost kept this with the IT Security, but this site is distinguished by the more in-depth look at cryptography. There is some overlap with the security site, but most of the questions here have to do with the cryptosystems themselves, sometimes even with the cryptographic primitives. The rate of question generation here is much slower than at the security page, but if you like cryptography this is a great site for you.

  5. Open Security Training - Open Security Training attempts to recreate an OpenCourseware/Khan Academy approach to security education. I’ve been focused on a cryptography course in the past few months since I came across this, but I’ll be taking advantage of some of the materials here in the near future.

  6. Infosec Island - A combination of InfoSec news and educational resources, surely worthy of adding to your RSS reader.

  7. Coursera/Udacity cryptography courses - A structured approach to getting into cryptography, both these courses have video lectures and quizzes/assignments provided for online students. I’ve been taking the Coursera Introduction to Crytography course, and I have found it to be a great way to learn about cryptography. Although they are two separate entities, these two courses seem to be so similar to each other I decided to list them as entry.

  1. A Computational Introduction to Number Theory and Algebra - Although it isn’t directly related to info sec, many things in security can be modeled mathematically. This book covers many of the things you’ll need to know to get an in-depth understanding of cryptography. I’m still looking for a resource that appears to cover more of graph theory (good for representing things like file and user permissions). I haven’t spent much time with this book yet, but what I have looked at so far looks to be decently written.

  2. The Code Project (Cryptography and Security Section) - Until recently I had never heard of the Code Project, but research I have been doing lately has repeatedly brought this site up in searches. Although the site design could be better, the information contained on security is well researched, and well sourced. Enjoy reading about topics like self healing code, stenography and more.

  3. Defcon - Surely you’ve heard of Defcon? The site for this annual hacking conference contains recordings of some (all?) of the talks from previous conferences (look under “The Hard Drive”), as well as other interesting content. Perhaps this is nearing coverage of exploits, but I think this is still a useful educational tool.

  4. Chaos Communications Congress (Youtube) - Ranging over a wide variety of topics, you can pick up a lot about modern security vulnerabilities (and far more) while going through some of these videos.

  5. Handbook of Applied Cryptography - A free online book on Cryptography by Alfred J. Menezes, Paul C. van Oorshot and Scott A. Vanstone. I’ve not spent much time with this book, but it looks to be good resource to have on hand

Needless to say, there are more resources out there than I have listed. Please leave a comment if you can think of some.