Security Awareness & Education

Making Software Security Accessible to Everyone

Free resources, certification guidance, and hands-on learning to help developers, engineers, and technology leaders build and maintain secure software.

Subscribe to Newsletter Watch on YouTube

About

Decades of experience distilled into practical security knowledge for everyone.

With over 30 years of software development experience and certifications including CISSP and CCSP, I've spent my career at the intersection of software engineering and information security.

In my professional work, I focus on AWS cloud security — from resolving security incidents to establishing enterprise-wide procedures that ensure security standards are upheld across organizations.

Software Security Matters is my way of giving back. Through my YouTube channel and this site, I share practical security knowledge for both technical and non-technical audiences. Whether you're a developer wanting to write more secure code or a leader trying to understand your organization's security posture, you'll find something useful here.

CISSP CCSP 30+ Years Experience AWS Cloud Security
Latest video thumbnail

Visit the YouTube Channel →

Security Resources

Curated free resources from the most trusted organizations in information security.

OWASP

Open Web Application Security Project

The go-to resource for web application security. Home of the OWASP Top 10, security cheat sheets, and testing guides.

Visit OWASP

NIST

National Institute of Standards and Technology

Cybersecurity frameworks, standards, and publications. Essential for compliance and security program development.

Visit NIST

ISC2

International Information System Security Certification Consortium

The world's leading cybersecurity professional organization. Free community resources, webinars, and career development tools.

Visit ISC2

CISA

Cybersecurity & Infrastructure Security Agency

U.S. government cybersecurity resources including alerts, advisories, and best practices for organizations of all sizes.

Visit CISA

CIS

Center for Internet Security

CIS Benchmarks and CIS Controls — globally recognized best practices for securing systems and data.

Visit CIS

SANS Reading Room

SANS Institute

Thousands of free whitepapers on security topics written by industry practitioners. A goldmine of practical knowledge.

Visit SANS

MITRE ATT&CK

MITRE Corporation

Comprehensive knowledge base of adversary tactics and techniques. Essential for threat modeling and security operations.

Visit MITRE ATT&CK

Cloud Security Alliance

CSA

Research, guidance, and best practices for cloud security. Publishers of the Cloud Controls Matrix and STAR registry.

Visit CSA

Security Certifications

Industry-recognized certifications to validate your security knowledge and advance your career.

CISSP

ISC2

Certified Information Systems Security Professional. The gold standard for senior security practitioners and managers.

Learn more

CCSP

ISC2

Certified Cloud Security Professional. Demonstrates advanced competence in cloud security architecture and operations.

Learn more

CompTIA Security+

CompTIA

The top entry-level cybersecurity certification. Validates foundational skills needed for any security role.

Learn more

CEH

EC-Council

Certified Ethical Hacker. Learn to think like an attacker to better defend systems and networks.

Learn more

CISM

ISACA

Certified Information Security Manager. Focused on security governance, risk management, and program development.

Learn more

OSCP

OffSec

Offensive Security Certified Professional. Hands-on penetration testing certification requiring a rigorous practical exam.

Learn more

AWS Security Specialty

Amazon Web Services

Validates expertise in securing AWS workloads. Covers incident response, logging, monitoring, and infrastructure security.

Learn more

CCSK

Cloud Security Alliance

Certificate of Cloud Security Knowledge. A foundational cloud security credential covering key cloud security concepts.

Learn more

Practice Labs & CTFs

Learn security by doing. These free platforms let you practice offensive and defensive skills in safe environments.

TryHackMe

Guided learning paths with browser-based virtual machines. Perfect for beginners with structured rooms and walkthroughs.

Beginner Friendly

Hack The Box

Realistic penetration testing labs with active and retired machines. Great for building practical offensive security skills.

Intermediate

PicoCTF

Free Capture The Flag competition from Carnegie Mellon. Excellent for students and anyone new to security challenges.

Beginner Friendly

OverTheWire

Command-line wargames teaching Linux, networking, and cryptography through progressively harder levels.

Beginner Friendly

OWASP WebGoat

Deliberately insecure web application for learning about common web vulnerabilities in a safe, legal environment.

Beginner Friendly

CryptoHack

Learn modern cryptography through fun, interactive challenges. Covers everything from basics to advanced crypto attacks.

Intermediate

DVWA

Damn Vulnerable Web Application. A PHP/MySQL web app for practicing common web attack techniques at varying difficulty levels.

Intermediate

CTFtime

The definitive calendar of Capture The Flag competitions worldwide. Find upcoming events and join teams.

All Levels