You’re in luck! Cybersec people, for the most part, love sharing what they know/have done with each other. Many believe in freedom of information and find value in open collaboration. We just wanna show you the whacky thing we did with what we had.

The biggest resource I’ll share with you is membership with ISAAC. Find whatever category you fit into here and push to get your org membership, if you don’t already. This puts you into a huge working group with your industries’ peers and they will have all sorts of resources for you to use including discussions, meetings with pros, etc.

There’s also SANS who has some free stuff (check their Reading Room) but also has classes (paid, expensive, but veeery worth it imo, again if you can get buy-in)

Outside of the paid membership options, there’s still a lot of good options:

• MISP is a great threat intel sharing platform, but will require some setup as a product (free && opensource). Take this one slow, you don’t want data leakage. Start small and locked down, gradually open up as you gain buy-in/trust/confidence.

• Cybrary IT is a free+paid learning platform, good stuff here - lots of diversity including business stuff

• OWASP - more so for web-app security, still good knowledge to add to that toolbox

• OpenSecurityTraining - heard some good things about this site, I think you may enjoy it - I have not used it myself, but please let me know if you have any problems/reasons you don’t like it.

Then there’s always the classic CTF/Hack Challenges websites out there which let you get real experience with red-teaming/bolstering your knowledge of attacker TTPs (Techniques, Tactics, Procedures):

• HackTheBox - challenges for practicing your skills. No hand-holding, just a sandbox for you to play in. They have academy offerings (paid, and a new service, recommend skipping unless you can get buy in from the company/have a team who would benefit from a bulk-license purchase), regular free boxes to challenge yourself with, etc

-TryHackMe - this one is also CTFs but its more so lesson based/training stuff

• Heard good things about (KC7)[kc7cyber.com] as well, seems to be more threat hunting/blue team focused (blue team = defend, red team = attack)

• (Lets Defend)[www.letsdefend.io] - Free + paid options, more blue team stuff, great for SOCs which may or may not hit your mark.

Hope this helps you out, biggest thing is getting integrated with the community, reading the news (religiously), and managing burn out. Security is an uphill battle, but we roll this boulder for others who cannot. Respect your body and take care of your mental, or you will burn out and scar yourself. LMK if you need anything!