Making Software Security Accessible to Everyone
Free resources, certification guidance, and hands-on learning to help developers, engineers, and technology leaders build and maintain secure software.
Built on Experience
Decades at the intersection of software engineering and information security, distilled into practical knowledge for everyone.
With over 30 years of software development experience and industry certifications including CISSP, CCSP, and multiple AWS credentials, I've spent my career building secure software and helping organizations protect their digital assets.
In my professional work, I focus on AWS cloud security — from resolving security incidents to establishing enterprise-wide procedures that ensure security standards are upheld across organizations.
Software Security Matters is my way of giving back. Through my YouTube channel and this site, I share practical security knowledge for both technical and non-technical audiences. Whether you're a developer wanting to write more secure code or a leader trying to understand your organization's security posture, you'll find something useful here.
Security Resources
Curated free resources from the most trusted organizations in information security.
OWASP
Open Web Application Security Project
The go-to resource for web application security. Home of the OWASP Top 10, security cheat sheets, and testing guides.
NIST
National Institute of Standards and Technology
Cybersecurity frameworks, standards, and publications. Essential for compliance and security program development.
ISC2
International Information System Security Certification Consortium
The world's leading cybersecurity professional organization. Free community resources, webinars, and career development tools.
CISA
Cybersecurity & Infrastructure Security Agency
U.S. government cybersecurity resources including alerts, advisories, and best practices for organizations of all sizes.
CIS
Center for Internet Security
CIS Benchmarks and CIS Controls — globally recognized best practices for securing systems and data.
SANS Reading Room
SANS Institute
Thousands of free whitepapers on security topics written by industry practitioners. A goldmine of practical knowledge.
MITRE ATT&CK
MITRE Corporation
Comprehensive knowledge base of adversary tactics and techniques. Essential for threat modeling and security operations.
Cloud Security Alliance
CSA
Research, guidance, and best practices for cloud security. Publishers of the Cloud Controls Matrix and STAR registry.
Security Certifications
Industry-recognized certifications to validate your security expertise and advance your career.
CISSP
ISC2
Certified Information Systems Security Professional. The gold standard for senior security practitioners and managers.
CCSP
ISC2
Certified Cloud Security Professional. Demonstrates advanced competence in cloud security architecture and operations.
CompTIA Security+
CompTIA
The top entry-level cybersecurity certification. Validates foundational skills needed for any security role.
CEH
EC-Council
Certified Ethical Hacker. Learn to think like an attacker to better defend systems and networks.
CISM
ISACA
Certified Information Security Manager. Focused on security governance, risk management, and program development.
OSCP
OffSec
Offensive Security Certified Professional. Hands-on penetration testing certification requiring a rigorous practical exam.
AWS Security Specialty
Amazon Web Services
Validates expertise in securing AWS workloads. Covers incident response, logging, monitoring, and infrastructure security.
CCSK
Cloud Security Alliance
Certificate of Cloud Security Knowledge. A foundational cloud security credential covering key cloud security concepts.
Practice Labs & CTFs
Learn security by doing. These free platforms let you practice offensive and defensive skills in safe environments.
TryHackMe
Guided learning paths with browser-based virtual machines. Perfect for beginners with structured rooms and walkthroughs.
Hack The Box
Realistic penetration testing labs with active and retired machines. Great for building practical offensive security skills.
PicoCTF
Free Capture The Flag competition from Carnegie Mellon. Excellent for students and anyone new to security challenges.
OverTheWire
Command-line wargames teaching Linux, networking, and cryptography through progressively harder levels.
OWASP WebGoat
Deliberately insecure web application for learning about common web vulnerabilities in a safe, legal environment.
CryptoHack
Learn modern cryptography through fun, interactive challenges. Covers everything from basics to advanced crypto attacks.
DVWA
Damn Vulnerable Web Application. A PHP/MySQL web app for practicing common web attack techniques at varying difficulty levels.
CTFtime
The definitive calendar of Capture The Flag competitions worldwide. Find upcoming events and join teams.