SecOps Resources Updated (late 2025): free and inexpensive resources for cybersecurity operations leaders

Working in cybersecurity and especially cyber security operations (SecOps) much is known about how to do things, what does and doesn’t work, and some of the tough choices every “shop” makes (again and again). Unfortunately for many much of the best knowledge and wisdom is locked up in expensive classes and consulting firms. While there are excellent courses and great consultants out there for those with the resources, there are many free and inexpensive resources I’ve found valuable studying, designing, planning, and improving SecOps programs.

• Ten, rather, Eleven Strategies (MITRE): https://www.mitre.org/news-insights/publication/11-strategies-world-class-cybersecurity-operations-center
• NIST 800-61r2 as well as r3 https://csrc.nist.gov/pubs/sp/800/61/r2/final https://csrc.nist.gov/pubs/sp/800/61/r3/final
• CJCSM 6510 (2014) https://www.jcs.mil/Portals/36/Documents/Library/Manuals/m651001.pdf:
• ASD mitigation guidance (as well as NSA, NCSC, ENISA guides … ) https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/mitigating-cyber-security-incidents/strategies-to-mitigate-cybersecurity-incidents-mitigation-details
• CIS guides and free resources eg https://www.cisecurity.org/controls

Instructors and consultant websites, picking three:

• Chris Crowley’s Montance SOC-Class (take the class!) free resources https://montance.com/soc-class
• Chris Sanders’s blog and the AND courses (take the classes!) descriptions: eg https://chrissanders.org/publications/
• Don Murdoch’s resources: https://www.linkedin.com/in/don-murdoch-gse-msise-mba-30b1007

SecOps books:

• Blue Team Handbook series by Don Murdoch: http://www.blueteamhandbook.com/
• Crafting the Infosec Playbook (O’Reilly) “alligator” book: https://www.infosecplaybook.com/
• Incident Response and Computer Forensics, 3rd Edition, Jason T. Luttgens, Matt Pepe, and Kevin Mandia https://ir3e.com/
• The Practice of Network Security Monitoring, Richard Betjlich https://nostarch.com/nsm
• Applied Network Security Monitoring, Chris Sanders, https://chrissanders.org/appliednsm/

One more recommendation: once you join some community and professional organisations (which you and your org should join!) you will find they may have extensive collections of papers, books, and videos to support your work. Or your school or local library may be able to help you get books and papers or even course access.

Please let me know what I missed and what you learn! I :heart: #TIL posts and email!

Editorial note: This post is a sort of an update to a blog post I made ten (10) years ago, this month. The links may not all work anymore, but many of the recommendations have not changed: https://www.dfirnotes.net/SOCresources/ ( November 18, 2015)