30 HorizonShield ebooks · 17 categories · 17 hand-picked external resources from NIST, OWASP, MITRE, and more — all free, all SOC-aligned.

End-to-end blueprint for small and mid-sized businesses to stand up a working security program without enterprise budget.
Operational checklist for scoping, executing, and reporting external + internal pentests for SMB environments.
Tabletop-tested playbook covering the first 30 minutes through post-incident review. Real templates, not theory.
EU Digital Operational Resilience Act mapped to controls and evidence — for financial entities and their ICT providers.
AWS/Azure/GCP baseline hardening with infrastructure-as-code patterns, IAM least-privilege, and CSPM coverage.
Pragmatic ZT roadmap for SMBs: identity, device, network, segmentation, with vendor-agnostic decision trees.
Hypothesis-driven hunting paired with running a modern SOC: rules, runbooks, metrics, hand-offs.
Shift-left in practice — SAST, DAST, SCA, secrets, signing, SBOM, supply-chain. Pipeline patterns that don't slow ship cadence.
OWASP Top 10 + Top 25 in production: attack patterns, defensive headers, secure coding for full-stack engineers.
Segmentation, firewall rule discipline, IDS/IPS placement, and the realistic NAC for environments without enterprise switching.
Linux internals for security operators — process trees, syscalls, eBPF basics, audit framework, kernel hardening.
Human-layer attacks — phishing, vishing, OSINT-driven pretexting — and the controls (training + technical) that actually work.
Static + dynamic analysis with sandbox patterns. Practical reverse engineering for IR responders, not just researchers.
Disk and memory forensics for IR — chain of custody, imaging, Volatility, timeline reconstruction.
Applied crypto for engineers — TLS, signing, key rotation, post-quantum considerations, common pitfalls.
SOC 2 Type II, ISO 27001, PCI DSS v4 mapped to control libraries with evidence collection automation.
Securing AI and LLM deployments — prompt injection, data leakage, model supply chain, and operator-side controls.
IAM essentials — directory design, federation, MFA, conditional access, and joiner/mover/leaver flows.
Operational technology and industrial control system security — Purdue model, segmentation, asset discovery, and incident handling.
Building a CTI practice — collection, correlation, IOC pipelines, MISP integration, and intel-driven detection.
Mobile security across iOS and Android — app testing methodology, MASVS, SDK risks, and enterprise MDM controls.
Kubernetes hardening — RBAC, network policy, admission controllers, runtime detection, and supply chain integrity.
Bug bounty programme operations — scope, triage, payout policy, hacker comms, and integration with internal AppSec.
Right-sized security architecture for early-stage startups — what matters at seed, Series A, and post-product-market-fit.
The full NIST CSF 2.0 reference — Govern, Identify, Protect, Detect, Respond, Recover. Framework foundation for risk-aligned security programmes.
Security and Privacy Controls for Information Systems — the canonical control catalog used by federal and regulated industries.
NIST guide to information security testing and assessment — pen-testing methodology, assessment lifecycle, and reporting.
OWASP Testing Guide — comprehensive web application security testing methodology and checklist.
Free reference book by William Shotts — Linux shell, scripting, and command-line proficiency for security practitioners.
Plain-language cybersecurity handbook covering fundamentals, threats, and practical defenses for SMBs.
Free, hand-picked references the HorizonShield SOC team actually uses. No affiliate links.