At Fumaça, an independent investigative newsroom from Portugal, we are doing a very long security training, focused mostly in Digital Security. Most of it is based on the ADIDS approach. As a way to develop further reflection and knowledge about the specific topic we are working on in a session, we have at the end a Deepening the Lessons part, were I (as the Trainer), provide other resources in a plethora of formats (Video, Audio, Books/Articles and sometimes Games), sometimes directly connected to the topic, other times marginally connected. This article serves as the public repository for those resources.
If you find this useful be free to use them. If you have any other resource suggestions ping me at any of the contact options below.
Module 00 - Arrival
This was the module with almost no content, still we dived into some basic concepts.
004 - Information Security 101:
- To read: Security by Obscurity;
- To see: A year of surveillance in France: a short satirical tale;
- To listen: Digital Security for Journalists with Freedom of the Press Foundation;
Module 01 - Foundations
101 - Threat Modeling:
- To read: User Personas for Privacy and Security;
- To play: Press Panic!;
Are you going to give a security training soon? Check out Press Panic! a game developed by me to ease into Threat Modeling.
102 - Risk Analysis:
Module 02 - Personal Security
201 - Doxxing and Harassment:
- To read: April Glaser’s “13 security tips for journalists covering hate online”;
- To see: Sumsub - How to Stalk People Effectively and Legally Through OSINT;
- To listen: The Secure Dad Podcast - Doxxing: How to Protect Yourself;
202 - Phishing and Targeted Attacks:
- To read: Practical Social Engineering // Sextortion Scammers Try to Scare People by Sending Photos of Their Homes;
- To see: Watch a CNN reporter get hacked;
- TO listen: Darknet Diaries - Alethe;
203 - Passwords and Accounts:
- To read: Keep Calm and Log On - Gus Andrews;
- To see: 2FA: Two Factor Authentication - Computerphile;