The fedora community has a very good awareness of security from what I see. There are some user resources like Security Features and Security Basics hosted by the project.
I have outlandish opinions like before obtaining a driver’s license basic proficiency in maintenance should be acquired. Similarly computer users really do need basic cybersecurity education. Websites that deal with transactions many times offer very rudimentary cybersecurity information which is less that the minimum needed though.
As a fedora user I would like to operate my devices as securely, safely and with as much privacy as is reasonable. Much of what I do is considered unreasonable by many members of my family, friends, acquaintances and coworkers. But I do them anyway as I have endured having to clean up the mess triggered in environments I’ve supported.
So where do you go to become cybersecurity savvy? In the US a premier resource is NIST who work with top industry experts to produce quality guidance. There is plenty to read that goes as in-depth as you want and then some. Much is publicly published by reasonably reliable sources (plenty of unreliable as well). There are classes and certifications available as well.
Having basic knowledge, being observant, having a plan on what to do in case of and incident and having access to usable resources to leverage on the way back to normalcy is what I am advocating. I think there is plenty fedora specific such that doing something here could be appropriate. Are there existing resources from fedora, centos or even rhel that users would benefit from knowing about?
Google IT Support Specialist was first I completed
Google Cyber security Specialist was second one
Both are good for basics and fundamentals
After those I went for C|EH certified Ethical Hacker
Taking lots of time for that and having fun
Learn some basics, understand the basics fundamentals and then do your threat modeling more strict more hicups there will be so making your own threat modeling and starting there is good start
I’m not sure if this would qualify as an answer to your question, but for what it is worth, I occasionally find myself reading Dan Walsh’s blog when I’m trying to find information about SELinux.
The internet Every LastPass/Bitwarden/other cloud password manager news article I see just reaffirms my decision to rely on locally-managed Keepass, and commenters usually throw a new curve-ball that makes me look into it.
I like Fedora’s packaging and structure, but mainly like using it for SELinux! Nowadays it works quietly enough to not be noticed on Workstation, but I particularly liked that I ran into it blocking stuff hard on Server; AppArmor on Ubuntu and openSUSE never said a word about daemons with custom systemd scripts doing whatever/wherever
I haven’t had to really delve-deeper into learning SELinux to make my stuff work for a while (bin_t was the last trick I learned that worked nicely), but I think I’d like to read a thick book all about SELinux and contexts casually!
Not that I’m aware of. Folks sort of learn on their own in an ad-hoc way and I’ve not seen anyone discussing any organised resources/events for a broader audience. It could be done—we do host community classrooms where we teach/train people on different things, but we’ll need to find an instructor who knows what/how to teach given how broad cybersecurity is as a field.
I pointed my parents to resources like these for basics:
You mentioned here a good point: work with others & exchange. Keep in touch with others and stay informed of what is going on with security impacts. No one can have holistic knowledge of security (which leads to the question of what “security” actually is) → we rely on others and on combining our knowledge and exchange.
You can learn a lot there, especially about current issues and what is currently going on. Fedora has a large outreach. You might also become aware of new standards and such.
Less active is at the moment, the security-sig tag in this forums, but nevertheless it belongs to the security SIG: #security-sig topics → feel free to subscribe to it if you want.
Fedora strongly aims to be compliant and without changes to its upstream and standards. Therefore, much around security comes together in a dedicated manner only in the mentioned channels, whereas documentations are upstream. Yet, the channels are well connected
Maybe existing online classes as noted by wonderful repliers would be a place to send ‘normal’ users. Remember the poster of the shady character handing out floppies?
There are a lot of features that help with cybersecurity in fedora and what they are and how they work is a different topic. With becoming a cybersecurity expert being only for the few with that specific temperment, what is it that ‘normal’ users need to know?
Should we all be able to give accurate answers if we were ever quized on any element of an attack matrix?
It’s just that all users need some education and I would like to find a good resource to point them to.