Learn

This is a small, practical security course for the people on the other end of an incident call: system administrators, network engineers, and the technical decision-makers who sign off on their budgets — with a deliberate focus on Iceland.

It is not a beginner's "what is a password" course. It assumes you already run things. What it does is make the vocabulary, the scoring systems, and the threat landscape legible — so that when an advisory drops or a CERT-IS bulletin lands in your inbox, you know in thirty seconds whether to drop everything or file it for Tuesday.

Everything here is drafted with AI assistance and reviewed by a working Icelandic systems administrator. It will grow.

Start here The concepts that matter CVE, CVSS, EPSS, KEV, ATT&CK, threat actors — what they mean, how they relate, and how an attack actually unfolds from edge device to encrypted file server. Live data The Iceland IoC dashboard — how to read it A reading guide for the live threat-indicator dashboard: what counts as Icelandic, how the by-tenant panel attributes IPs, what the tier badges mean, and what's deliberately filtered out. Defender handbook Iceland cybersecurity — a handbook for sysadmins The Iceland picture turned into a working handbook: the laws, who to call, the 72-hour clock, ISNIC takedown reality, M365 token theft and BEC, Auðkenni MFA fatigue, and a 14-item checklist every Icelandic sysadmin should run through. ~15 min. Reference Glossary ~50 terms you'll see across advisories, threat reports, and this site — each in two lines, several with the Icelandic angle attached.

Use this site to learn

This isn't only a reading list — the site itself is a learning tool. A few things to try:

Iceland Security Dashboard — the live view: which Icelandic-hosted IPs are showing up in threat feeds, which hosting operators carry the most of it, current ransomware victims, and the "patch lag" picture for Iceland-exposed software. Read it with the Iceland page open in another tab.
Pivot pages — every CVE, vendor, and vulnerability class has a page that cross-references the others:
by attack technique → /technique/T1190 (and any other MITRE ATT&CK technique ID)
by vendor → /vendor/fortinet, /vendor/ivanti, /vendor/microsoft, …
by class of bug → /class/rce, /class/auth-bypass, /class/deserialization, … (full list on any /class/ page)
Any CVE — type /tag/cve-2024-3400 (or any CVE ID, lowercase) for an AI-written, NVD- and KEV-grounded summary plus related CVEs and the ATT&CK techniques it maps to. Useful for the "wait, what is this one" moment.
Tags and the digest — the tag index is a topic map; the digest is the "if you read one thing today" view.
Threat feeds — if you run a firewall or a SIEM, the blocklists here (including an Iceland-focused one) are machine-readable.

Where this is going

Planned, not built yet: short structured tracks (a ~30-minute "threat triage 101", a vulnerability-management track, an incident-response track), and a self-hoster handbook for the solo / homelab / small-business operator audience. If there's something you'd want covered, mail admin@1881.is.