7 cheap or free cybersecurity training resources

No photo availableBy J.M. Porup | CSO
6 min read

Scare headlines about the looming cybersecurity skills shortage are a regular feature in the trade press, and occasionally even make…

cybrary_homepage-100788341-orig

Scare headlines about the looming cybersecurity skills shortage are a regular feature in the trade press, and occasionally even make it into mainstream publications. If one thing is clear, it’s that companies outbidding each other for a tiny talent pool of security engineers with five to ten years’ experience is not a winning formula to increase the cybersecurity labor force.

So what is? Training or hiring junior security staff.

A growing number of free and cheap training resources online make it easier to skill up thousands of workers in-house and help job seekers prove their worth at a relatively low cost. The following list is by no means comprehensive. Got a favorite resource you love? Drop us a line and we may add it here.

Cybrary

cybrary homepageCYBRARY
Cybrary enrollment comes with a free facial tattoo!

An emerging player in scalable remote virtual learning is Cybrary, which offers a freemium service with classes to help employees and job seekers earn their CompTIA A+, CompTIA Security+, CCNA, CISSP and a variety of other entry-level security certifications.

Job seekers looking to break into infosec could do a lot worse than spending a few weeks working their way through many of the free courses available on Cybrary. Some of the paid courses may be valuable as well. The platform also offers enterprise subscriptions to industry and government on an affordable per-seat basis, making it cost effective to skill up thousands of employees into junior cybersecurity roles.

Hack the Box

porup learning 2HACK THE BOX
Want to hack Hack the Box? Hack your way in first!

More ambitious job seekers looking to take the Offensive Security Certified Professional (OSCP) certification should consider the wealth of free lab virtual machines (VMs) that Hack the Box offers. Why spend tons of money on OffSec lab access if you can get some of that experience elsewhere for free — or at least, a lot more cheaply?

To make sure only the dedicated sign up, Hack the Box requires wannabe users to hack the login form, a cute little twist to keep the non-serious out.

Hack the Box offers many free lab machines, with access to retired machines and walkthroughs available for £10 ($12.80) per month. Companies and universities can also get organization-wide access on a sliding scale, depending on the number of users and time frame.

Pentester Academy

porup learning 3PEN TESTER ACADEMY
Roman legion helmet not included

Those intent on a career as a red teamer will find Pentester Academy an affordable resource to learn the basics of pen testing, including x86 assembly and shell code, Metasploit, buffer overflows, forensics, PowerShell and many more.

Job seekers gain access for $99 to sign up, and then a $39 per month subscription after that. Enterprise plans are available. (Pentester Academy also runs a lab network where students can learn and practice red teaming, but it is far from cheap, starting at $399 per month for 30-day access.)

SANS Cyber Aces

SANS Cyber Aces homepage screenshotSANS CYBER ACES
Did you just say SANS and “free” in the same sentence?

Known for its eye-wateringly expensive courses, SANS also offers a free course in cybersecurity that teaches the basics — operating systems, networking and systems administration. This free training is ideal for getting less-technical employees up to speed on security issues. Employees or job seekers who polish off this course lickety-split are good candidates for further study.

SANS Cyber Aces Online is an online course that teaches the core concepts needed to assess, and protect information security systems,” its website says. “The course was developed by SANS, the most trusted and the largest source for information security training and security certification in the world.”

The larger the cybersecurity workforce, the larger the number of students prepared to pay for SANS’s excellent (but expensive) advanced classes. This quality freebie is designed to grow their pipeline of potential future students, but also genuinely benefits organizations struggling with growing the talent pool.

OWASP Broken Web Apps Project

porup learning 5OWASP
That is one damn vulnerable web application

Much of cybersecurity learning is self-teaching. There’s only so much book learning can accomplish until students start breaking and fixing things. The best way to learn to play defense is to play offense, and the OWASP Broken Web Applications Project makes it easy for application developers, novice penetration testers and security-curious management to flex their offensive muscle in the safety of a virtual machine on their own laptop.

The OWASP Broken Web Applications Project comes bundled in a virtual machine (VM) that contains a large collection of deliberately broken web applications with tutorials to help students master the various attack vectors. From trivial to more difficult, the project is designed to lead the user to a better understanding of web application security.

This well-documented project is free and is ideal for those who want to self-study web application security.

Offensive Security’s free Metasploit course

metasploit unleashed by offensive securityOFFENSIVE SECURITY
Metasploit cow goes “moo”

Offensive Security, the makers of Kali Linux and the OSCP certification, offer a free online course in Metasploit, the automated attack tool used by almost everyone these days. “This course is a perfect starting point for information security professionals who want to learn penetration testing and ethical hacking, but are not yet ready to commit to a paid course,” its website says. “We will teach you how to use Metasploit in a structured and intuitive manner. Additionally, this free online ethical hacking course makes a wonderful quick reference for penetration testers, red teams, and other security professionals.”

Given Offensive Security’s reputation for quality, technical, hands-on training, this seems like a great deal. The online course is free, and OffSec asks only for a small, optional donation to charity in return.

No Starch Press books

porup learning 8NO STARCH PRESS
porup learning 7NO STARCH PRESS
Meet the alien and the light bulb

Books. Remember them? Those inexpensive resources for self-directed learning. Few publishers offer better technical bang for the buck than No Starch Press, whose Hacking & Computer Security titles feature some of infosec’s leading experts. Georgia Wiedman’s Penetration Testing and Sikorski and Honig’s Practical Malware Analysis (a.k.a. “the alien book,” after the cover image) are both indispensable learning resources for the ambitious infosec up-and-comer.

Copies of No Starch books come with a DRM-free electronic edition at no additional charge. Plus, you can always put the alien book on your coffee table when family comes to visit.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co