From the report, “With so much of our personal information now flowing through mobile applications, has our security awareness kept pace? Have consumers adopted best practice behaviors or are they leaving themselves vulnerable to cyber attacks? To better understand consumer behavior, RiskIQ commissioned Ginger Comms² to survey 1,000 US and 1,000 UK consumers aged 16 to 60+, specifically focusing on smartphone apps. The survey was conducted between February and March 2017.”

This survey, the sixth in a series of annual studies by SANS on security practices in software development, is the first to explicitly focus on DevOps. The results of this study show that organizations are finding ways to keep up with rapid change through DevOp but they have a number of challenges they still need to deal with.

This report offers insight into the DevSecOps Community.

From the report, “The fight to protect your company’s data isn’t for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. That’s why we’ve developed this incident response guide. We’ve collected and curated decades of infosec war stories and intelligence — from across the galaxy — so that you’re better armed in the fight against cybercrime. You’ll have an insider’s perspective on how to build an incident response plan and team, and what tools and training you can use to arm those team members.”

This report provides insight into threat hunting and the challenge of returning the balance of power for security from the attackers to the defenders.

This paper aims to provide help in understanding how to better the cybersecurity culture in an organization.

“Despite the massive impact the WannaCry ransomware attack had on businesses across the globe and the immediate changes to security practices following it, a year later businesses still have a reactive approach and struggle to implement comprehensive security policies that target employees and management. With cyber threats evolving so rapidly, businesses need to learn how to be quick on their toes and expedite the development and enforcement of cyber security policies to better prevent future breaches.”

This report analyzes the data submitted by 1,718 security awareness professionals from around the world to identify and benchmark how organizations are managing their human cyber security risk. The analysis includes how factors such as security awareness program maturity, funding, and staffing combine to make successful programs.

“For the (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study), we talked to cybersecurity pros as well as IT pros who spend at least 25% of their time working on cybersecurity activities. This report explores the findings of that research, illuminating the cybersecurity skills gap by revealing the trends, elements, and impact, all of which can be used to inform the steps organizations and individual cybersecurity pros can take to address this troubling progression.”

This report is the results of a survey conducted among security professionals to analyze their experiences with phishing.

Here is a report based on collaboration from a variety of cybersecurity insiders.

This is a report from Kent University in Canterbury, UK. It details the findings from their online survey which gives a better picture of the prevalence and impact of cybercrime victimization, cyber security practices, and risks as seen by a sample of the UK population.

This guide seeks to aid organizations in creating an effective program for helping raise awareness in employees.

This paper is the presentation of data found through a survey administered in November and December of 2015.

Offering insight into a variety of issues related to cloud security, this report discusses several key issues, including, the biggest threats to cloud security, legacy security tools that do not work in the cloud, and the growth of cloud security budgets.

This paper seeks to provide guidance in understanding the best ways to train employees so that the don’t forget important information.

This resource is designed to help you see the importance of people-focused solutions to cybersecurity risk mitigation. Here they’ve collected 17 statistics to help make the point that, “a cybersecurity budget isn’t complete until you’ve allocated money to building your human capacity to identify and respond to cybersecurity risk.”

This whitepaper presents 15 best practices for making users a powerful layer of phishing defense.

There’s no clear and direct career path to the role of infosec executive. But, there are skills that can help you advance your career to the management level, such as deep technical knowledge, strong communication skills and having business acumen.

This is a brief playbook that gives a plan for how to get started with cloud security.

Positive Technologies regularly performs assessment of information security awareness among employees at major companies all over the world. This report provides statis- tics and analysis from 10 most instructive testing projects in 2016 and 2017, including examples of successful attacks against employees. These projects are based on various social engineering techniques and generally included emails, phone conversations, and communication via social networks.