How far can you go for free? It’s an interesting question if you’re traveling, but it can be critical if you’re trying to build a career in cybersecurity. In the last few months, a number of vendors and organizations have announced new or expanded rosters of free cybersecurity classes. Would it be possible to launch a career based only on the not-for-charge offerings?
From the Ground Up
There’s no question that our industry is dramatically short of skilled and trained professionals to deal with the daily onslaught of attacks and attempted exploits. There is a very real question about the best way to close the gap between open positions and available talent.
One potential method of closing the talent gap isn’t a realistic option: There is no way to put enough human beings through formal certification training to meet the need. When I talk to executives at training companies, all admit that, as good as they are, there’s just not enough time/bandwidth/money for them to take all the necessary candidates through the process. And that conversation doesn’t even begin to look at the question of whether the candidates could afford the time and investment to take the courses.
Among the answers offered to this question is the availability of free training classes in cybersecurity. Recent months have seen a wave of new no-cost options for those interested in getting into cybersecurity. Among the options are:
- FedVTE: The Federal Virtual Training Environment offers free courses on many topics for US military veterans along with federal, state, local, tribal, and territorial government employees, and federal contractors.
- IBM: IBM SkillsBuild uses Coursera to deliver training for cybersecurity analyst as well as a wide variety of other IT professional positions. Some courses leading to “badges” are free; some certification requires payment.
- Cybrary: In February, Cybrary announced that more than 500 hours of cybersecurity courses were being made available at no charge. These courses cover topics ranging from cybersecurity fundamentals to professional certification prep as well as role-based material for professional development.
- SANS: SANS offers courses beginning with the Cyber Aces program on awareness, continuing with free workshops and the ability to “test drive” courses that will be paid offerings. Membership in the SANS.org community is also free and provides access to information from many cybersecurity professionals and instructors.
- Oxford Home Study: Based in the UK, this organization offers a number of different cybersecurity courses at no cost, some leading to the possibility of certification in cybersecurity.
There are others, of course, but all present the same question to would-be cybersecurity professionals: How far can I go with free courses?
The answer lies as much in what they don’t provide as in what they do. With rare exceptions, the free courses can provide knowledge but not credentials. And while that is not the issue in cybersecurity that it might have been 10 years ago, it can’t be completely ignored.
So what is the aspiring cybersecurity professional to do? First, definitely take advantage of free knowledge. Though they may take you only so far, free courses can take a budding cybersecurity professional beyond a first step. Next, get some hands-on experience. For those who are not employed in cybersecurity (and even those who are), capture-the-flag (CTF) exercises can be a valuable and accessible way to gain experience in the hands-on details of the field.
Next, the free courses can be a valuable tool when deciding whether or not it would be worthwhile to invest in a paid course in cybersecurity. In too many cases, the only way to find out whether a field is right for an individual is to spend money to become educated in that field. In cybersecurity, though, individuals have the opportunity to find out whether they want to pursue a career without making a huge monetary investment.
And the Enterprise?
A business could be sorely tempted to turn employees toward free courses when the individuals ask for professional training. And if the individual says that they’re curious about cybersecurity, free courses could be an appropriate answer. But for professional training that will create an individual ready to step onto the beginning track of cybersecurity, there are paid courses of study that offer much more in the way of training, assessment, and accountability than do the free options.
Free courses in cybersecurity are good for the industry and for individuals, but they have a role to play in cybersecurity training and shouldn’t be asked to go wildly beyond that role. Keep expectations realistic and opportunities for hands-on experience readily available, and free courses can play a solid supporting role in early cybersecurity career development.