Chore: weekly repo cleanup

CODE_OF_CONDUCT.md

@@ -15,7 +15,7 @@ diverse, inclusive, and healthy community.
 ## Alignment with the Security Alliance (SEAL) Code of Conduct
 
 This initiative follows the
-[Security Alliance (SEAL) Code of Conduct](https://www.securityalliance.org/news/Code_of_conduct),
+[Security Alliance (SEAL) Code of Conduct](https://radar.securityalliance.org/code_of_conduct/),
 which sets expectations for all members and contributors across the organization.
 
 At SEAL, we commit to:

CONTRIBUTING.md

@@ -67,6 +67,11 @@ across every page on the site, which is what makes the Frameworks readable as a
 individual contributions. Open it before you start writing, even if you are only adding a section to an existing page,
 since the same structural rules apply.
 
+**Keep each page focused on a single topic.** If your content would require more than 5-6 top-level
+sections (## headings), it is covering too much ground in one place. Split it into separate pages
+within a framework folder, one page per major angle of the topic. Each sub-page should be
+self-contained enough that a reader can land on it directly without needing to read the others first.
+
 The workflow:
 
 1. **Fork the repository** to your own GitHub account. For how to set up the project locally, see
@@ -364,10 +369,10 @@ fits, for example in block-quotes.
   where you can jump straight to draw!
 
   ```mermaid
-pie title What Voldemort doesn't have?
-          "FRIENDS" : 2
-          "FAMILY" : 3
-          "NOSE" : 45
+  pie title What Voldemort doesn't have?
+      "FRIENDS" : 2
+      "FAMILY" : 3
+      "NOSE" : 45
   ```
 
 - Adding images is welcome and encouraged.

components/mermaid/MermaidRenderer.tsx

@@ -10,16 +10,16 @@ interface MermaidRendererProps {
 
 const MermaidRenderer: React.FC<MermaidRendererProps> = ({ code, id }) => {
   const containerRef = useRef<HTMLDivElement>(null);
+  const renderCount = useRef(0);
   useEffect(() => {
     if (!containerRef.current) return;
-
     const renderMermaid = async () => {
       try {
-        mermaid.initialize({ startOnLoad: false });
-
+        const isDark = document.documentElement.classList.contains("dark");
+        mermaid.initialize({ startOnLoad: false, theme: isDark ? "dark" : "default" });
         const cleanCode = code.trim();
-        const { svg } = await mermaid.render(id, cleanCode);
-
+        const uniqueId = `${id}-${++renderCount.current}`;
+        const { svg } = await mermaid.render(uniqueId, cleanCode);
         if (containerRef.current) {
           containerRef.current.innerHTML = svg;
         }
@@ -30,8 +30,13 @@ const MermaidRenderer: React.FC<MermaidRendererProps> = ({ code, id }) => {
         console.error(err);
       }
     };
-
     renderMermaid();
+    const observer = new MutationObserver(() => renderMermaid());
+    observer.observe(document.documentElement, {
+      attributes: true,
+      attributeFilter: ["class"],
+    });
+    return () => observer.disconnect();
   }, [code, id]);
 
   return <div ref={containerRef} className="mermaid" />;

docs/pages/awareness/core-awareness-principles.mdx

@@ -19,7 +19,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
 <TagProvider>
 <TagFilter />
 
-# 1. Core Awareness Principles
+# Core Awareness Principles
 
 <TagList tags={frontmatter.tags} />
 <AttributionList contributors={frontmatter.contributors} />

docs/pages/awareness/cultivating-a-security-aware-mindset.mdx

@@ -19,7 +19,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
 <TagProvider>
 <TagFilter />
 
-# 3. Cultivating a Security-Aware Mindset
+# Cultivating a Security-Aware Mindset
 
 <TagList tags={frontmatter.tags} />
 <AttributionList contributors={frontmatter.contributors} />
@@ -28,7 +28,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
 > verification. By questioning unusual requests, pausing before acting, and leveraging peer support, you transform
 > security from a set of rules into an intuitive approach to daily interactions.
 
-## 3.1. Behavioral Best Practices
+## Behavioral Best Practices
 
 ### Practical Tips
 
@@ -50,7 +50,7 @@ A community manager receives a direct message on Discord that looks like it come
 asking for private credentials. Instead of immediately responding, they cross-check the message in a team meeting or via
 a known contact method.
 
-## 3.2 Awareness in Community Settings
+## Awareness in Community Settings
 
 ### Unique Challenges on Social Platforms
 
@@ -74,7 +74,7 @@ During a routine community chat, several members report receiving odd messages t
 community manager organizes a quick session to remind members of red flags and the correct reporting channels,
 reinforcing collective vigilance.
 
-## 3.3 Organizational Strategies for Security Culture
+## Organizational Strategies for Security Culture
 
 - **Leadership Commitment:**
 
@@ -120,9 +120,9 @@ A project implements a monthly "Security Spotlight" where different aspects of s
 members can share their experiences or ask questions. This regular touchpoint keeps security top-of-mind and encourages
 ongoing dialogue about best practices.
 
-## 3.4 Essential Security Practices
+## Essential Security Practices
 
-### 3.4.1. Password Management
+### Password Management
 
 - **Strong, Unique Passwords:**
 
@@ -136,7 +136,7 @@ Utilize a reputable password manager to securely store and generate complex pass
 **Example:** Tools like Bitwarden, 1Password, or KeePassXC can generate and store unique passwords for all your
 accounts.
 
-### 3.4.2. Multi-Factor Authentication (MFA)
+### Multi-Factor Authentication (MFA)
 
 - **Enable MFA Everywhere Possible:**
 
@@ -149,7 +149,7 @@ Hardware tokens and authenticator apps are more secure than SMS-based verificati
 **Example:** Use YubiKeys or authenticator apps like Authy instead of SMS, which can be vulnerable to SIM swapping
 attacks.
 
-### 3.4.3. Secure Communication
+### Secure Communication
 
 - **End-to-End Encryption:**
 
@@ -162,7 +162,7 @@ Be cautious of unexpected platform changes for important communications.
 **Example:** If a colleague suddenly asks to switch from your company's official channel to a personal messaging app for
  work discussions, verify this request directly.
 
-### 3.4.4. Device Security
+### Device Security
 
 - **Keep Systems Updated:**
 
@@ -174,9 +174,9 @@ Regularly update your operating system and applications to patch security vulner
 Be mindful of physical security in shared or public spaces.
 **Example:** Use privacy screens when working in public and lock your device when stepping away.
 
-## 3.5. Incident Response Awareness
+## Incident Response Awareness
 
-### 3.5.1. Recognizing Security Incidents
+### Recognizing Security Incidents
 
 - **Know the Warning Signs:**
 
@@ -188,7 +188,7 @@ Understand what constitutes a potential security incident.
 Know what steps to take when you suspect a security incident.
 **Example:** Disconnect from networks, document what happened, and report to your security team immediately.
 
-### 3.5.2. Reporting Procedures
+### Reporting Procedures
 
 - **Clear Reporting Channels:**
 

docs/pages/awareness/resources-and-further-reading.mdx

@@ -20,7 +20,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
 <TagProvider>
 <TagFilter />
 
-# 5. Resources & Further Reading
+# Resources & Further Reading
 
 <TagList tags={frontmatter.tags} />
 <AttributionList contributors={frontmatter.contributors} />
@@ -29,7 +29,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
 > security community. By leveraging curated learning materials, self-assessment tools, and professional networks, you
 > can deepen your expertise and stay ahead of emerging threats.
 
-## 5.1. Additional Learning Materials
+## Additional Learning Materials
 
 - **Security Awareness Blogs:**
 
@@ -57,29 +57,29 @@ this based on frameworks, will be available at
 - Interactive phishing simulation: [Phishing Dojo](https://phishing.therektgames.com).
 - [SEAL's blog](https://securityalliance.org/news) on frameworks.
 
-## 5.2. Recommended Security Newsletters
+## Recommended Security Newsletters
 
 - [SANS NewsBites](https://www.sans.org/newsletters/newsbites/) - Twice-weekly summaries of the most important security
 news
 - [FIRST.org](https://www.first.org/) - Forum of Incident Response and Security Teams newsletters and resources
 - [The Hacker News](https://thehackernews.com/) - Cybersecurity news and analysis
 - [Krebs on Security](https://krebsonsecurity.com/) - In-depth security news and investigation
 
-## 5.3. Security Podcasts and Media
+## Security Podcasts and Media
 
 - [Daily Stormcast](https://isc.sans.edu/podcast.html) - Daily 5-10 minute updates from SANS Internet Storm Center
 - [Darknet Diaries](https://darknetdiaries.com/) - Stories from the dark side of the internet
 - [Security Now](https://twit.tv/shows/security-now) - Weekly deep dives into security topics
 - [Risky Business](https://risky.biz/) - Weekly information security podcast
 
-## 5.4. Security Training Resources
+## Security Training Resources
 
 - [OWASP](https://owasp.org/) - Open Web Application Security Project resources and guides
 - [Cybrary](https://www.cybrary.it/) - Free and premium cybersecurity training
 - [SANS](https://www.sans.org/) - Professional information security training
 - [Phishing.org](https://www.phishing.org/) - Anti-phishing training and awareness resources
 
-## 5.5. Web3-Specific Security Resources
+## Web3-Specific Security Resources
 
 - [DeFi Security Summit](https://defisecuritysummit.org/) - Conference focused on DeFi security
 - [SEAL news](https://securityalliance.org/news) & [SEAL Discord](https://discord.gg/seal) - Security Alliance's
@@ -89,7 +89,7 @@ initiatives related to news and events
 - [Blockthreat](https://blockthreat.io/) - Web3 security news and analysis
 - [The Red Guild](https://blog.theredguild.org/) - Web3 security awareness and education
 
-## 5.6. Web3 Security Tools
+## Web3 Security Tools
 
 - **Token Approval Management:**
 - [Unrekt](https://app.unrekt.net/) - Check and revoke token approvals
@@ -106,7 +106,7 @@ wallets
 - [Wallet Scrutiny](https://walletscrutiny.com/) - Analyze wallet security and features
 - [Hardware Wallet Resources](https://trezor.io/learn) - Educational content about hardware wallet security
 
-## 5.7. Security Tools and Services
+## Security Tools and Services
 
 - **Password Managers:**
 - [Bitwarden](https://bitwarden.com/) - Open-source password management

docs/pages/awareness/staying-informed-and-continuous-learning.mdx

@@ -19,7 +19,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
 <TagProvider>
 <TagFilter />
 
-# 4. Staying Informed & Continuous Learning
+# Staying Informed & Continuous Learning
 
 <TagList tags={frontmatter.tags} />
 <AttributionList contributors={frontmatter.contributors} />
@@ -28,9 +28,9 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr
 > establishing regular training routines, staying current with emerging threats, and fostering a culture of continuous
 > improvement, you ensure your security awareness remains effective against evolving challenges.
 
-## 4.1. Comprehensive Security Training Framework
+## Comprehensive Security Training Framework
 
-### 4.1.1. Training Approaches
+### Training Approaches
 
 - **Bite-Sized Learning:**
 
@@ -68,7 +68,7 @@ preventive measures.
 Use assessments and quizzes to evaluate the effectiveness of training and identify areas where additional training may
 be needed.
 
-### 4.1.2. Training Delivery
+### Training Delivery
 
 - **Regular Awareness Sessions:**
 
@@ -84,7 +84,7 @@ threats in a risk-free environment.
 Implement periodic campaigns that focus on specific security themes to reinforce key messages.
 Example: A "Phishing Awareness Month" with targeted activities and resources.
 
-### 4.1.3. Measuring Training Effectiveness
+### Measuring Training Effectiveness
 
 - **Baseline Assessments:**
 
@@ -98,7 +98,7 @@ Track security-related behaviors such as reporting rates for suspicious emails o
 
 Gather participant feedback to continuously improve training content and delivery methods.
 
-## 4.2. Essential Training Topics
+## Essential Training Topics
 
 - **Phishing and Social Engineering:**
 
@@ -129,9 +129,9 @@ Cover best practices for securing devices and accounts, including updates, encry
 
 Keep team members informed about new and evolving security threats relevant to your organization.
 
-## 4.3. Trusted Information Sources
+## Trusted Information Sources
 
-### 4.3.1. Security Newsletters
+### Security Newsletters
 
 - **Industry News:**
 
@@ -143,7 +143,7 @@ Example: The SANS NewsBites provides twice-weekly summaries of the most importan
 Follow security updates from the software and hardware vendors in your project stack.
 Example: Subscribe to security bulletins from cloud providers, operating system vendors, and key software dependencies.
 
-### 4.3.2. Security Communities
+### Security Communities
 
 - **Online Forums and Groups:**
 
@@ -155,7 +155,7 @@ Example: The SEAL Discord provides a space to discuss security challenges specif
 Attend security-focused events to network and learn.
 Example: Conferences like DeFi Security Summit offer insights into emerging threats and defenses.
 
-### 4.3.3. Security Blogs and Podcasts
+### Security Blogs and Podcasts
 
 - **Technical Blogs:**
 
@@ -168,7 +168,7 @@ Listen to podcasts that cover current security topics.
 Example: The Daily Stormcast from FIRST.org offers brief daily updates, while Darknet Diaries provides longer-form
 stories about notable security incidents.
 
-## 4.4. Implementing a Learning Culture
+## Implementing a Learning Culture
 
 - **Share Knowledge:**