Free online cybersecurity training resources, these resources can help skill up your workforce or help you land a cybersecurity job.
Scare headlines about the looming cybersecurity skills shortage are a regular headline in the media, and occasionally even make it into mainstream. If one thing is clear, it’s that companies outbidding each other for a tiny talent pool of security engineers with five to ten years’ experience is not a winning formula to increase the cybersecurity labor force.
So what is then?
Training or hiring junior security staff!
A growing number of free and cheap training resources online make it easier to skill up thousands of workers in-house and help job seekers prove their worth at a relatively low cost. The following list is by no means comprehensive. Got a favorite resource you enjoy? Drop us a link and we just might add it here.
Cybrary (Free online cybersecurity training resources)
An emerging player in scalable remote virtual learning is Cybrary, which offers a freemium service with classes to help employees and job seekers earn their CompTIA A+, CompTIA Security+, CCNA, CISSP and a variety of other entry-level security certifications.
Job seekers looking to break into infosec could do a lot worse than spending a few weeks working their way through many of the free courses available on Cybrary. Some of the paid courses may be valuable as well. The platform also offers enterprise subscriptions to industry and government on an affordable per-seat basis, making it cost effective to skill up thousands of employees into junior cybersecurity roles.
Hack the Box (Free online cybersecurity training resources)
More ambitious job seekers looking to take the Offensive Security Certified Professional (OSCP) certification should consider the wealth of free lab virtual machines (VMs) that Hack the Box offers. Why spend tons of money on lab access if you can get some of that experience elsewhere for free — or at least, affordable?
To make sure only the dedicated sign up, Hack the Box requires wannabe users to hack the login form, a clever little twist to keep the non-determined out.
Hack the Box offers many free lab machines, with access to retired machines and walkthroughs available for £10 ($12.80) per month. Companies and universities can also get organization-wide access on a sliding scale, depending on the number of users and time frame.
Pentester Academy (Free online cybersecurity training resources)
Those intent on a career as a red teamer will find Pentester Academy an affordable resource to learn the basics of pen testing, including x86 assembly and shell code, Metasploit, buffer overflows, forensics, PowerShell and many more.
Job seekers gain access for $99 to sign up, and then a $39 per month subscription after that. Enterprise plans are available. (Pentester Academy also runs a lab network where students can learn and practice red teaming, but it is far from cheap, starting at $399 per month for 30-day access.)
SANS Cyber Aces (Free online cybersecurity training resources)
Known for its eye-wateringly expensive courses, SANS also offers a free course in cyber security that teaches the basics — operating systems, networking and systems administration. This free training is ideal for getting less-technical employees up to speed on security issues. Employees or job seekers who polish off this course lickety-split are good candidates for further study.
“SANS Cyber Aces Online is an online course that teaches the core concepts needed to assess, and protect information security systems,” its website says. “The course was developed by SANS, the most trusted and the largest source for information security training and security certification in the world.”
The larger the cybersecurity workforce, the larger the number of students prepared to pay for SANS’s excellent (but expensive) advanced classes. This quality freebie is designed to grow their pipeline of potential future students, but also genuinely benefits organizations struggling with growing the talent pool.
OWASP Broken Web Apps Project (Free online cybersecurity training resources)
Much of cybersecurity learning is self-teaching. There’s only so much book learning can accomplish until students start breaking and fixing things. The best way to learn to play defense is to play offense, and the OWASP Broken Web Applications Project makes it easy for application developers, novice penetration testers and security-curious management to flex their offensive muscle in the safety of a virtual machine on their own laptop.
The OWASP Broken Web Applications Project comes bundled in a virtual machine (VM) that contains a large collection of deliberately broken web applications with tutorials to help students master the various attack vectors. From trivial to more difficult, the project is designed to lead the user to a better understanding of web application security.
This well-documented project is free and is ideal for those who want to self-study web application security.
Offensive Security’s free Metasploit course (Free online cybersecurity training resources)
Offensive Security, the makers of Kali Linux and the OSCP certification, offer a free online course in Metasploit, the automated attack tool used by almost everyone these days. “This course is a perfect starting point for information security professionals who want to learn penetration testing and ethical hacking, but are not yet ready to commit to a paid course,” its website says. “We will teach you how to use Metasploit in a structured and intuitive manner. Additionally, this free online ethical hacking course makes a wonderful quick reference for penetration testers, red teams, and other security professionals.”
Given Offensive Security’s reputation for quality, technical, hands-on training, this seems like a great deal. The online course is free, and OffSec asks only for a small, optional donation to charity in return.
Free book: Mitre’s “Ten Strategies of a World-Class Cybersecurity Operations Center” (Free online cybersecurity training resources)
Want a 346-page deep dive into how to build a security operations center (SOC)–or find out how to get hired by one? Mitre’s “Ten Strategies of a World-Class Cybersecurity Operations Center” is a must-read free resource by people who know what they are talking about.
There are big takeaways in this book for security practitioners at all levels, from “want-a-job” beginner to board-level CSO. “If you are part of, support, frequently work with, manage, or are trying to stand up a SOC, this book is for you,” author Carson Zimmerman writes. “Its primary audience is SOC managers, technical leads, engineers, and analysts.”
Key strategies the book emphasizes include “do a few things well,” “favor staff quality over quantity,” and “exercise discrimination in the data you gather.” The author digs deep into the nuts and bolts of how to run a modern enterprise SOC today. While experts may quibble over the details, this free book is an impressive resource with an irresistible price tag.
No Starch Press books (Free online cybersecurity training resources)
Books. Remember them? Those inexpensive resources for self-directed learning. Few publishers offer better technical bang for the buck than No Starch Press, whose Hacking & Computer Security titles feature some of infosec’s leading experts. Georgia Wiedman’s Penetration Testing and Sikorski and Honig’s Practical Malware Analysis (a.k.a. “the alien book,” after the cover image) are both indispensable learning resources for the ambitious infosec up-and-comer.
Copies of No Starch books come with a DRM-free electronic edition at no additional charge. Plus, you can always put the alien book on your coffee table when family and friends comes to visit.
Did we miss an amazing free or cheap infosec learning resource? Let us know!