20 Top Cybersecurity Training Programs
Interest in cybersecurity has skyrocketed in the 21st century. In the past five years alone, Google searches for the term have more than quintupled due to a slew of high profile hacks — at Equifax, Capital One and others — and a corresponding burst of interest in preventing them.
“The volume of attacks and sophistication of attacks from around the world continue to increase,” ISC2 CEO David Shearer told CNBC. “We have nation-state types of attacks, criminal activity types of attacks and individuals that are just trying to do fraud and cybercrime. [But] as these activities on the web continue to grow, there continues to be less and less of the qualified people that we need to conquer those attacks.”
Top Cybersecurity Trainings
- Cybrary’s “Introduction to IT & Cybersecurity”
- Open Security Trainings’ “Introduction to Vulnerability Assessment”
- SANS Institute’s “Introduction to Cybersecurity”
- University of Washington’s “Essentials of Cybersecurity” on EdX
- IBM’s “IT Fundamentals for Cybersecurity Specialization” on Coursera
- Stanford’s Advanced Computer Security Professional Program
- Harvard's "Cybersecurity: Managing Risk in the Information Age”
- Jason Dion’s CompTIA CySA+ Prep on Udemy
- ISC(2)’s CISSP Trainings
- Black Hat Trainings
In other words, there’s a skills gap. Plenty of employers are on the perpetual lookout for cybersecurity specialists — often to no avail. The demand for these professionals is growing 12 times faster than the overall job market — faster than people can train for available roles. In 2019, roughly 300,000 American cybersecurity positions went unfilled; by 2022, analysts project that number could grow to 1.8 million.
Which makes it an excellent time to train for a career in cybersecurity. Here are 20 top cybersecurity courses, ranging from free online InfoSec introductions to highly technical in-person bootcamps.
The Cybersecurity Basics
These free courses offer total novices an overview of cybersecurity. They cover the basics of the industry and break down the various professional roles within it.
Cybrary’s “Introduction to IT & Cybersecurity”
Hosted on the Cybrary, a free IT education hub popular among Fortune 500 companies, this 4.5-hour course walks newbies through cybersecurity’s four subfields: system administration, network engineering, incident response and forensics — i.e., identifying attacks and figuring out how they happened — and penetration testing, a.k.a. white hat hacking. Led by an instructor who has worked for the U.S. Department of Defense, the course helps students pick a subfield for further study.
Open Security Trainings’ “Introduction to Vulnerability Assessment”
Open Security Trainings’ repository of 29 cybersecurity courses caters to all skill levels, but skews towards beginner-level courses like this one: a three-day course on vulnerability assessment. The curriculum covers the art of running automated scans for security gaps, mapping out network topology and testing network firewalls. Its creators can lead the class in person, but all the course materials can also be downloaded straight from the course site as PowerPoints or PDFs.
Department of Homeland Security’s FederalVTE 101 Courses
Price: Free for veterans and government employees
The Federal Virtual Training Environment (FederalVTE) connects users to hundreds of hours of cybersecurity certificate courses. The three 101-level courses introduce the essentials. A five-hour course teaches coding through a series of interactive, gamified challenges; a two-hour course lays out the macro threats and strategies that make cybersecurity necessary and functional; and a two-hour course on reverse engineering teaches students to parse how and why hardware and software was designed.
Professional Training for Beginners
These courses and programs also cater to beginners, but require a bigger investment of time and money. They presume participants want to build careers cybersecurity.
SANS Institute’s “Introduction to Cybersecurity”
This roving, five-day cybersecurity workshop has touched down in cities from San Francisco to Brussels. In each city, students flock to the course site to delve into field fundamentals. Class time breaks down into a mix of lectures and hands-on labs on topics like strong passwords, firewall-building and cryptography. The curriculum is appropriate for anyone who can use a computer but has never studied cybersecurity in-depth. Assembled by an industry veteran with more than 30 years of experience, the course is ideal for those who are considering a career change. In addition to the 15 pounds of required textbooks, audio of lectures is available for further study.
University of Washington’s “Essentials of Cybersecurity” on EdX
Price: Free; $99 for completion certificate
This digital University of Washington sequence spans four classes and awards a cybersecurity certificate. Kicking off with a brief introduction, which gets students up to speed on core concepts, it then delves into typical organization-wide security protocols and best practices. After some hands-on practice with cybersecurity tools, the sequence culminates in a self-assessment, which matches students to cybersecurity concentrations that suit their strengths. The whole sequence takes about two months total, assuming between two and five hours of work per week.
IBM’s “IT Fundamentals for Cybersecurity Specialization” on Coursera
This four-course sequence trains novices for roles as junior cybersecurity analysts. It starts with foundational questions: What motivates cyberattackers, and which techniques do they use to wreak havoc? From there, students pursue more technical lines of inquiry, exploring compliance standards, virtualization applications and methods (like patch management) for keeping networks security up to date. Before students earn their certificates, they also learn about encryption, local area networks and more.
Stanford’s Advanced Computer Security Professional Program
This cybersecurity program focuses on the art of designing secure systems and responding to suspicious digital events. Students must take six courses to graduate: four required, two electives, all online. (The program includes a free intro course, too, but that doesn’t count towards the degree.) Geared towards students with the equivalent of a BS in computer science, the course often attracts people who are already working in security. Requiring about 50 hours to complete, the sequence involves coursework on topics like secure coding, encryption and mobile device security issues.
Evolve’s Cybersecurity Bootcamp
Price: $12,500 for in person; $10,500 for remote
This 16-week bootcamp requires is a basic command of computer science, networking and Linux commands. But it doesn’t require students to quit their jobs. Classes takes place on weeknights or Saturdays; students can pick the schedule that best suits their needs, whether they learn remotely, via live webinars or in person at Chicago’s Merchandise Mart. Material-wise, instruction covers topics like security architecture, secure scripting and the modern threat landscape. Participants graduate with a CompTIA Security+ certification (a widely used professional certification; more on that later), and the bootcamp staff helps with job placement. So far, graduates have gone on to work at cybersecurity behemoths like Carbon Black.
American Cyber Alliance’s Cyber Training Bootcamp
Price: $15,500 (which can be paid by an employer sponsor)
Based in Little Rock, Arkansas, this 14-week apprenticeship program was designed to close the skills gap that plagues the cybersecurity field — and the Arkansas tech scene in particular. For the first eight weeks, the modular curriculum covers topics like penetration testing and attack forensics, imparting essential information through a mix of in-class lectures and immersive cyberattack simulations. In the final six weeks, students move into the field, gaining hands-on cybersecurity role at local tech companies.
Berkeley Cybersecurity Bootcamp
This part-time, 24-week bootcamp located in Belmont, California — near Silicon Valley — focuses on the skills information security leaders most often seeks in job candidates. Through a mix of independent work and collaboration with peers, students build expertise on cybersecurity topics like vulnerability assessment and malware analysis. The course covers cybersecurity-adjacent topics, too, like Bash scripting and systems administration.
Continuing Education for Professionals
These courses cater to those who have several years of experience working in cybersecurity-related roles.
Harvard's “Cybersecurity: Managing Risk in the Information Age”
This online course, a collaboration between Harvard and online education platform GetSmarter, imparts the structural expertise leaders need to protect their organizations from hackers. Course leader Eric Rosenbach, of Harvard’s Kennedy School, covers skills like creating a risk mitigation strategy, complying with relevant regulations and identifying the organizational systems at the highest risk. The self-paced class takes roughly eight weeks, assuming about 10 hours of work per week.
Jason Dion’s CompTIA CySA+ Prep on Udemy\
Price: $199.99 (though can be heavily discounted)
A Udemy bestseller, this intermediate-level course prepares students for the CompTIA CySA+ exam, a cybersecurity competency exam co-signed by the US Department of Defense. Geared towards students with a basic knowledge of cybersecurity, including entry-level incident response workers, it consists of 10.5 hours of self-paced video lectures punctuated by quizzes. It also comes bundled with a full-length practice CompTIA exam, so participants can try their hand at the real thing before test day.
CompTIA’s PenTest+ Certification Training
Prices: $159 and up
The technological association behind the above exam, CompTIA, hosts trainings itself on a variety of topics. One preps users for the CySA+ exam; another option focuses on the association’s PenTest+ certification, which gauges penetration testing savvy specifically. The customizable digital course splits its focus between tools of the trade, ethical attack methodology and training on professional skills like report-writing. Students can build their own learning plans, set their own pace and complement the basic course with an optional illustrated study guide.
SANS Institute’s “Cloud Security Architecture and Operations”
Taught by Dave Shackelford, head of Voodoo Security, this five-day digital course addresses a key security problem: more and more organizations are moving to the Cloud, and Cloud security is a bear. It’s tough to customize — partly because the servers’ built-in security measures aren’t always clearly specified and partly because newer technologies are just more difficult to wrangle. Designed for current security professionals, this curriculum digs into AWS-based Cloud security solutions. By the end, students will know not only how to automate security with Ansible and Chef, but also how to collaborate effectively with DevOps teams so that constant updates don’t lead to constant security headaches.
ISC2’s CISSP Trainings
Getting credentialed as a CISSP — a.k.a. a Certified Information Systems Security Professional — isn’t for beginners or the faint of heart. Those who earn certificates are qualified to design a best-in-class security system, so it’s no surprise that registration requires extensive work experience and a sponsor, not to mention extensive preparation. Trade association ISC2 runs various in-person and digital prep courses in eight languages. Its 120-day self-paced online prep course, for instance, consists of a mix of video lectures, interactive flashcard exercises and games. For those who prefer face-to-face tutelage, the organization also occasionally runs five-day prep workshops.
E-Council’s Certified Ethical Hacker iClass
Price: $1,889 and up
Passing this course’s 140 labs feels like weathering 140 real-life cyberattacks. Students must respond to the labs’ simulated digital hreats in real time, sealing off pseudo-breaches designed by real hackers. The comprehensive course’s 20 modules cover more than 270 popular attack techniques and technologies, providing rigorous preparation for the four-hour Certified Ethical Hacker exam. Like CISSP certification, though, this white hat hacking credential isn’t for novices. The CEH expects students to have the equivalent of at least two years of professional InfoSec experience.
AWS’s Security Training Path
Amazon hosts a sequence of four courses that walk students through through the specific security features and functions in the AWS Cloud. Designed for current security professionals, the first course focuses on fundamentals, the second on security architecture and the third on security management. The fourth and final course readies students for Amazon’s Certified Security Specialist exam, dissecting sample questions and arming students with test-taking strategies. The test isn’t for everyone, though — Amazon recommends it only for pros with at least two years of hands-on experience in AWS security.
Black Hat Trainings
Price: $3,900 and up
Black Hat hosts multi-day labs in urban centers (like Las Vegas and Singapore) that are focused on topics like penetration testing and web application vulnerabilities. The professional organization for cybersecurity vendors and professionals has hosted those types of educational events for more than two decades. (They form the backbone of Black Hat’s annual conference, which attracted a crowd of nearly 20,000 in 2019.) Led by experts in the field, the workshops often cater to experienced professionals, though some of them are also suited to novices.
Cisco’s CCNA Security Training
The CCNA Security certification assesses the ability of test-takers to protect networks outfitted with Cisco hardware and software. Designed for associate-level employees, the popular professional credential focuses on competency in day-to-day network maintenance. The exam itself is being revamped and by February 2020 will cover a broad array of networking fundamentals, including network access controls, security and automation of key functions. To prep aspiring test-takers, Cisco offers a variety of resources: peer study groups, practice exams, and a five-day workshop on implementing Cisco network resources.
Microsoft’s 365 Security Administrator Trainings
Microsoft 365 mashes up Microsoft Office with the Cloud. That means it has familiar Word, Excel and Powerpoint features, while its Cloud-enabled back end allows for seamless collaboration between users and across devices. Anything Cloud-based takes some finesse to secure, though — hence this sequence of four online courses, which teaches users to lock down their organization’s 365 security and proactively respond to threats. The courses explore topics like access controls and data governance, and cover both Cloud and hybrid environments. The sequence culminates in an exam and certification.
Images via Shutterstock, social media and company websites.