According to Statistica, the global cost of cybercrime is expected to reach a staggering $24 trillion by 2027. But here's the catch-- while cyber threat skyrocket, the pools of cybersecurity talent remains painfully shallow, leaving companies vulnerable to devastating attacks.
Dave Stapleton, CISO of CyberGRX and ProcessUnity, believes we need to develop cybersecurity talent. In an era of tech layoffs, he suggests nurturing cybersecurity talent from the ground up - hiring entry-level enthusiasts and cultivating their skills through continuous education. Additionally, you've got to consider the ongoing education of your existing staff, to further their skills and provide a path for career advancement.
Cyber threat mutate daily and cybersecurity talent is in short supply; continuous learning is not a luxury but a necessity.
However, given the sheer number of training options available, teams can quickly get overwhelmed by the volume and variety of choices. To help streamline the process, we've collected 21 excellent cybersecurity training resources to build a savvy team.
Cybersecurity Training Resources
Cybrary offers a wide range of free cybersecurity training resources and paid courses. Popular options include training programs to help staff prepare for certification exams, such as those for CompTIA Security+ or the Certified Ethical Hacker (CEH) course.
2. SANS Institute
The SANS Institute provides both in-person and online training programs on various cybersecurity topics. Staff can take scheduled classes or opt for on-demand training on specific topics. The SANS Institute also offers training roadmaps to help staff maximize their cybersecurity education.
OffSec offers over 5,000 hours of written content, 1,500+ videos, and more than 2,200 hands-on courses, including the popular "Penetration Testing with Kali Linux" course. The combination of practical and hands-on options means your staff can find the type of training that best suits their learning style and delivers optimal results.
eLearnSecurity provides online training programs, including practical penetration testing and incident response courses. The company also offers scenario-based IT certifications, which help demonstrate staff knowledge in real-world situations. Popular certifications include eJPT, eCCPTv2, and eMAPT.
Coursera collaborates with more than 300 universities and companies worldwide to offer various courses, certification programs, and degree-track options for staff. Individuals can try Coursera for free, while Coursera for Business can help companies create consistent, organization-wide training programs.
Udemy provides a wide range of cybersecurity courses, including ethical hacking, network security, penetration testing, Kubernetes management, and more. And wide variety is no exaggeration: Udemy has more than 210,000 online video courses with new videos added every month.
Pluralsight offers a vast library of expert-led assessments and self-managed cybersecurity courses covering different skill levels and specialties. The Pluralsight program is designed to help employees accelerate their security skills by determining exactly what staff members need to know and providing the fastest path to learn, practice, and apply their new skills in risk-free environments.
8. LinkedIn Learning
Not just for connecting with present and former colleagues, the LinkedIn Learning platform provides a collection of cybersecurity courses taught by industry professionals. IT leaders can try out their first month of LinkedIn Learning for free and then purchase full access for their teams if they like the results. LinkedIn Learning has more than 21,000 courses available, with more added monthly to help keep teams ahead of attackers. LinkedIn also offers US veterans a free one-year Premium Career subscription– view eligibility criteria and how to enroll.
9. Cisco Networking Academy
The Cisco Networking Academy started in 1997 and has helped more than 17 million students improve their technology skills. Over 11,000 organizations worldwide offer Cisco courses ranging from beginner options, such as their Introduction to Cybersecurity, to more advanced options, such as Networking Security. The Academy also offers the popular CCNA Cyber Ops certification. As one of the most popular names in the cybersecurity space, Cisco is constantly developing new cybersecurity tools and training to bolster network defense.
10. CompTIA Certifications
One of the best-known names in cybersecurity training and certifications, CompTIA provides various certifications such as Security+, CySA+, and CASP, along with study resources and training options. CompTIA offers multiple training paths for learners, including self-study, virtual classes, interactive labs, and practice exams. Network+ and Security+ certifications are especially popular for teams building wide-reaching protective frameworks that defend against common cyberattacks.
OWASP offers free web application security training, resources, and community-driven projects. This community-led security site provides accessible security resources such as dependency checkers to help IT teams pinpoint key reliances within their organizations and security knowledge frameworks to help companies create consistent security policies. OWASP is also well-known for its "Top 10" lists of Web Application security vulnerabilities, which can help teams proactively act against potential threats.
12. National Initiative for Cybersecurity Education (NICE)
A part of the National Institute of Standards and Technology (NIST), NICE provides a comprehensive list of cybersecurity training resources and programs. In addition, the NICE framework (NIST Special Publication 800-181, revision 1) helps companies pinpoint the skills and knowledge they need to create effective cybersecurity policies and programs within their organizations.
TrainACE offers a host of training and certification courses from popular infosec providers. These for-pay options include courses from CompTIA, Cisco, the Project Management Professional (PMP) association, and ISC2. Classes are offered in-person or live online, allowing teams to expand their knowledge without sacrificing operational performance.
14. Hack The Box
Hack The Box describes itself as "Hackers at Heart" whose mission is to redefine the standards of cybersecurity expertise using a community-based approach. They offer a variety of cybersecurity training programs designed to uplevel your organization’s cybersecurity skills, keep track of your team’s development, and identify knowledge or skill gaps quickly and easily.
15. National Initiative for Cybersecurity Careers and Studies (NICCS)
For those just beginning their cybersecurity career journey, NICCS is a good starting point. NICCS is an online hub offering cybersecurity training, education, and career information for professionals working in Government, Education, or have a military background. The site includes over 6,000 cybersecurity training resources plus career guidance. Training is offered in various delivery methods, from classroom instruction to online instructor-led to self-paced, and courses vary in proficiency levels, from novice to expert.
16. MITRE ATT&CK
The MITRE ATT&CK framework is a free knowledge base of malicious actor tactics and techniques. This resource is a great starting point for companies looking to pinpoint potential vulnerability paths and define defensive structures capable of reducing total risk. MITRE is continually updated with new techniques and tactics to help businesses make the most of their IT security efforts.
17. Infosec Institute
The Infosec Institute provides role-based cybersecurity training and certifications to help businesses improve their security posture. Companies can access a 7-day free trial to see what's available in over 190 learning paths, then upgrade to for-pay options to access cybersecurity boot camps led by live instructors. Infosec Institute offers more than 1,400 courses.
CISA provides no-charge cybersecurity training for federal employees, private-sector professionals, and the general public. One of CISA's most popular offerings is its incident response training curriculum, which is designed to help beginner and intermediate cyber professionals develop basic cybersecurity awareness and equip them with the knowledge to create best practices for their organization.
19. EC Council
The EC Council offers a wide variety of cybersecurity certifications to help professionals increase their knowledge and better defend against potential attacks. Popular options include certified ethical hacking (CEH), certified penetration testing (CPENT), and the Blockchain Developer Certification. In addition, the EC Council offers degree programs, including a graduate certificate program, a Bachelor of Science in Cyber Security, and a Masters degree in Cyber Security.
ISACA offers a variety of training and credentials to help companies make the most of cybersecurity programs. With more than 300,000 certifications awarded and a 90% renewal rate for certifications, ISCAA remains one of the world's most popular cybersecurity training platforms. Popular certifications include CISA, CISM, CRISC, CDPSE, and CGEIT. ISACA also offers in-person, online, and customized training to help companies expand their cybersecurity knowledge.
(ISC)2 offers some of the world's most popular and well-known certifications, including CISSP, CCSP, CGRC, CSSLP, and HCISSP. In addition, (ISC)2 offers a Cybersecurity Qualification Pathfinder to help professionals find the most efficient path to improving their cybersecurity knowledge, either in their current role or in preparation for a new one. And to help close the cybersecurity workforce gap and encourage diversity in cybersecurity, (ISC)2 has generously pledged free training and exams to one million people who have a passion for cybersecurity and the drive to enter this demanding but rewarding field.
Continuing Your Cybersecurity Training
Cybersecurity training is never one and done. As attacks evolve and attackers look for new ways to compromise corporate networks, security teams need ongoing education to keep pace. From skills- and scenario-based training to hands-on courses and sought-after certifications, the right training can help companies create effective cybersecurity policies and adapt them as needs change.
No matter where you're starting or where you're headed, our list of 21 training resources can help set the stage for solid cybersecurity best practices in any organization.
Want to maximize the efficiency of your staff? Book time with our team to see how the CyberGRX platform can save time in vetting new vendors and identifying, evaluating, and mitigating your third-party risks.