README.md

Train the Trainers

At LPL we get requests for operational and digital security trainings, infrastructure security reviews, and web security reviews from activists, legal support groups, and non profits. We are trying to compile some good resources in these areas. PRs welcome!

Operational Security Training

List of OPSEC resources from the grugq

Digital Security Training

Read this first

Roles and Responsibilities of a Digital Security Trainer - Level Up

Curriculum Resources

Tactical Tech Curriculum - contains curriculum guides and resources that can be printed out for digital security trainings.

EFF Surveillance Self Defense Playlists - contains "playlists" for the security concerns of different groups

How to Lead a Digital Security Workshop - by Rachel Weidinger, Cooper Quintin, Martin Shelton, and Matt Mitchell

Security Training Resources for Security Trainers - Winter 2017 by Rachel Weidinger, Cooper Quintin, Martin Shelton, and Matt Mitchell

Infrastructure Security Review

SAFETAG - A Security Auditing Framework and Evaluation Template for Advocacy Groups - Great guide by Internews on infra audits.

FTC security guide aimed at small businesses - relevant for non-profits

OTAlliance security / privacy best practices

OTAlliance risk assessment questions

Decent list of questions about IT infrastructure

PCI standards - yeah yeah. It's worth knowing about

List of questions on security architecture

Writing a security assessment report

ANSSI - 40 Essential Measures for a Healthy Network

Web Security Review

OWASP Developer Guide

OWASP Testing Guide