Cybersecurity Hub
The official Sports Media Inc. cybersecurity playbook for interns and full-stack engineers. Includes Passbolt (our team password manager), the latest free tools, and free training and certifications for students and veterans.
Everything below is free or has a generous free tier. Works on Windows, macOS, Linux, iOS, and Android.
π Passbolt - Our Team Password Manager
Passbolt is the open-source, end-to-end encrypted password manager that Sports Media Inc. uses for all team credentials. Every intern and engineer must install Passbolt before requesting any company credential. We use Passbolt because of its true E2E encryption (OpenPGP), full ownership of encryption keys, granular sharing, and instant access revocation.
Onboarding: Get Passbolt Running in 5 Minutes
- Wait for your invite email from your team lead containing your Passbolt workspace URL (e.g.
passbolt.sportsmediainc.com). - Install the browser extension for your daily-driver browser (Chrome / Edge / Brave or Firefox).
- Click the invitation link in your invite email and follow the wizard to generate your private OpenPGP key. Save the recovery kit somewhere safe.
- Install the desktop app for your OS (Windows / macOS / Linux) so you can access credentials without a browser.
- Install the mobile app (iOS or Android), enable biometric unlock + autofill.
- Enable MFA (TOTP / YubiKey) in your Passbolt profile. Required for all engineers.
- Request access to your projectβs shared folder via your team lead. Never email or Slack credentials - always share via Passbolt.
Passbolt Downloads (All Platforms)
Access Passbolt from any modern browser via your team workspace.
Open Passbolt βAuto-fill credentials and generate strong passwords in Chrome / Edge / Brave.
Install for Chrome βOfficial Passbolt extension for Firefox (desktop and Android).
Install for Firefox βNative Windows desktop app for Passbolt.
Download for Windows βmacOS desktop app with biometric unlock.
Download for macOS βLinux desktop app (.deb / .rpm / AppImage).
Download for Linux βPassbolt for iPhone/iPad with biometric unlock and autofill.
Download on App Store βPassbolt for Android with autofill and biometric unlock.
Get it on Google Play βCommand-line interface for automation and CI/CD pipelines.
View CLI on GitHub ββ οΈ Sports Media Inc. Credential Policy
- All company credentials live in Passbolt. No exceptions.
- Never paste secrets in Slack, email, Notion, or chat logs.
- Use 32+ character generated passwords for production accounts.
- Enable MFA on every account - prefer hardware keys (YubiKey) for prod and root.
- Report any leaked or suspected-leaked credential to your team lead immediately.
π― Free Offensive Security Tools
Industry-standard pentesting and red-team tools, free for Windows, macOS, and Linux.
600+ pre-installed offensive security tools. Run as primary OS, VM, WSL, or live USB.
Lightweight Debian-based pentesting distribution with daily-driver tools.
The industry-standard network and port scanner used by every red team.
World-leading packet analyzer for network troubleshooting and forensics.
The #1 web pentesting proxy. Community Edition is free forever.
Free open-source web app security scanner. Great Burp alternative.
The worldβs most-used pentesting framework. Free open-source edition.
NSAβs open-source reverse engineering suite. Free for malware analysis & RE.
Free disk forensics (Autopsy) and memory forensics (Volatility 3) toolkits.
Search engine for internet-connected devices. Free account included.
Open-source MITRE ATT&CK-based adversary emulation framework.
Modern Node/Angular vulnerable web app. 100+ challenges, gamified learning.
Java (WebGoat) and PHP (DVWA) deliberately-vulnerable apps for hands-on web pentesting.
Rust-based Windows event log forensics with 4,000+ Sigma rules built in.
Endpoint visibility and DFIR tool maintained by Rapid7. CISA-recommended.
π‘οΈ Free Defensive & Blue-Team Tools
Endpoint protection, password managers, MFA, SIEM, IDS, and zero-trust networking - all free or with generous free tiers.
Self-hosted, open-source password manager. Used by Sports Media Inc.
Free unlimited personal password vault across all your devices.
Phishing-resistant FIDO2 hardware keys. Required for sensitive accounts.
Free for up to 50 users. SSO, device posture, and Zero Trust tunnels.
Free, built-in endpoint protection on Windows 10/11.
Open-source antivirus engine for Linux/macOS/Windows servers.
Free open-source SIEM and XDR for hosts, cloud, and containers.
High-performance open-source IDS/IPS and network security monitor.
Free open-source firewall and router. Run on your home lab edge.
Free vulnerability scanning, alerts, and KEV catalog from US CISA.
Free for open-source repos (unlimited tests); 200 tests/mo on private. Code, container, IaC.
Open-source static analysis with 3,000+ rules across 30+ languages. Free AppSec for ≤ 10 contributors.
Aqua Security's scanner for containers, K8s, IaC, secrets, and SBOM. Open source.
Free Community Build of SonarQube with 5,000+ rules across 20+ languages.
Free for up to 25 developers. ggshield CLI is fully open source.
Open-source secrets scanner with 700+ live-credential verifiers.
New open-source secret scanner (May 2026) from the original Gitleaks author. Scans git repos, dirs, and stdin.
Cheapest FIDO2 keys (~$23 USD). Good budget alternative to YubiKey.
Multi-cloud security scanner: 572+ AWS checks, 41 compliance frameworks. Replaces unmaintained ScoutSuite.
Free Community Edition vulnerability scanner with daily community feed.
CISOfy GPL tool with 300+ Linux/macOS/UNIX hardening checks.
π Free Cybersecurity Training Platforms
Hands-on labs, CTFs, and structured learning paths. Most include a generous free tier.
Browser-based hands-on cyber labs. Generous free tier with starter rooms.
Real-world pentesting boxes. Free Starting Point + 30 Cubes on signup.
Free CTF platform from Carnegie Mellon. Year-round access.
Classic Linux & networking wargames (Bandit, Natas, Leviathan).
Real-world DFIR and blue-team challenges with PCAPs and logs.
Best-in-class free web security training from the makers of Burp.
Free self-paced introduction to cybersecurity from Cisco.
Catalog of 6,000+ free cybersecurity courses, many for veterans.
π Free Certifications & Scholarships (2026)
Get industry certifications without paying retail. Several programs are veteran-only.
Free online course AND free exam through ISC2βs One Million Certified in Cybersecurity program. New enrollments close May 20, 2026; exam codes must be used by Dec 31, 2026.
Free CCNA, CyberOps, or CCNA Security training (~255 hours) plus free exam vouchers for veterans, transitioning servicemembers, Guard, Reserve, and military spouses.
Full-scholarship SANS GIAC certifications (e.g. GSEC, GCIH, GCFE) for transitioning veterans. Total value $20K+.
Free self-paced training and exam vouchers for PCNSA / PCCSA. PCNSE coursework also free.
Free Cybersecurity Career Path on LinkedIn Learning + Microsoft Learn Security modules.
Industry-recognized entry-level cyber certificate. Coursera financial aid available for free access.
Free IBM tech & cyber learning paths with industry-recognized credentials. Veteran landing page on VA.gov.
Free training, hands-on labs, and exam vouchers for the NSE 1-3 Fortinet certifications.
Free Google Cybersecurity Certificate + AI Microcredential bundle for military-affiliated learners via Student Veterans of America.
Free 850+ hours of cybersecurity training from US CISA. Open to US gov, military, veterans, and contractors.
π± Mobile Security Apps
Recommended apps for personal security on Android and iPhone.
π€ Android
- Passbolt - Team password manager (required)
- Bitwarden - Free personal password vault
- Microsoft Authenticator - TOTP / push MFA
- Google Authenticator - TOTP MFA
- Yubico Authenticator - Hardware-backed TOTP
- Signal - Encrypted messaging for sensitive comms
- Tor Browser - Anonymous browsing
- Proton VPN (Free) - Free unlimited VPN with no logs
π iPhone / iPad
- Passbolt - Team password manager (required)
- Bitwarden - Free personal password vault
- Microsoft Authenticator - TOTP / push MFA
- Google Authenticator - TOTP MFA
- Yubico Authenticator - Hardware-backed TOTP
- Signal - Encrypted messaging for sensitive comms
- Onion Browser - Tor for iOS
- Proton VPN (Free) - Free unlimited VPN with no logs
β Intern Cybersecurity Quick Checklist
Complete this on Day 1 before requesting any credential.
- Install Passbolt browser extension + desktop app + mobile app.
- Enable biometric unlock and MFA on Passbolt.
- Install Microsoft / Google Authenticator on your phone for company SSO.
- Enable full-disk encryption (BitLocker / FileVault / LUKS).
- Install Bitwarden for personal credentials (keep separate from work).
- Run Wireshark and Nmap on your local network - get familiar with traffic.
- Sign up for TryHackMe + HackTheBox + ISC2 CC (free) before May 20, 2026.
- Veterans: apply to Cisco Veteran Cyber Scholarship + SANS VetSuccess.
- Install Proton VPN and Signal for anything sensitive.
- Bookmark this page and the Sports Media CS Training homepage.
Need help getting started?
Pair this page with our full-stack and AI tooling guides for the complete intern stack.