Today I want to talk about a hot topic for anyone looking to break into cybersecurity or progress their career… free vs paid training.
Cybersecurity is an ever evolving industry which is in a constant battle to keep up with, and secure, the latest and greatest technologies. If a new blockchain technology is released then cybersecurity needs to be there to make sure it’s safe. If a new AI algorithm is taking the world by storm then cybersecurity needs to be there to make sure it is not abused. If some brilliant savant manages to crack the cryptography that secures our interactions on the Internet then you better hope cybersecurity is there to save the day.
The foot soldiers fighting this battle are the cybersecurity professionals whose job it is to protect and secure systems, which is ultimately everyone in the industry who performs some technical role. As such, all professionals require some level of ongoing training as the world around them changes and new threats emerge. This could be in the form of awareness training, industry certifications/accreditations, or on the job training to keep up with the latest developments.
If you are in the cybersecurity industry then your employer will usually pay for this training for you (so long as it falls within your job description). However, if you are looking to break into the industry or make a significant progression (either laterally or horizontally) then you may have to invest in this training for yourself as you look to upskill.
There are two types of training you can use to develop your skills: free and paid. Many people will say that you can learn everything you need to online for free, whilst others will be evangelical about paid alternatives. With this dichotomy of opinions raving rampant in the world of cybersecurity, let’s explore both options so you can decide which is right for you!
Free Training
Free cybersecurity training is any resource you can access without the exchange of money. There are no paywalls blocking your access and no subscription fees or one-off payments. Instead, this training can be found online on platforms like; YouTube, Udemy, Skillshare, Medium (or other blog websites), TryHackMe, and many more.
Now you may ask “Why do people put out free training?” Content creators will post free training on various platforms for a number of reasons. Some of these include:
- To showcase their knowledge and skills
- To build their following online (to sell advertisements)
- To entice you into buying their paid content (the freemium model) — most of the online platforms operate on a freemium model where they offer both free and paid options in the hope that if you like the free content enough then you will be willing to invest in the paid stuff.
- To help newcomers to the industry
These reasons are not particularly important to you, the consumer, as you are only after free content that teaches the skills you need. This leads us into the pros of free training.
Pros of Free Training
There are two main benefits of free training.
Pro #1: There is no requirement for you to make any financial commitment
For some people paying for content can be a huge financial burden that acts as a gatekeeper for their transition into cybersecurity. Cybersecurity training can be expensive at best and extortionate at worst.
Many job descriptions will list certifications they require and candidates will be expected to fork out huge sums of money to obtain these certifications in order to bypass the HR filter and qualify for the job. This is meant to screen potential candidates so employers don’t waste their time, however it can often make entry into the cybersecurity impossible for people who don’t come from an affluent background.
Free training options can bypass this filter. When you undertake a free course you should always try to showcase what you have learned on a blog or personal website to demonstrate your skills to perspective employers.
Pro #2: You can pick and choice what content you consume without worrying that the stuff you miss is hurting your back pocket
Many paid options now work on a subscription model where you pay a monthly/annual fee to access all of their content. This is great in terms of exposure to learning material, however you quickly realise that it is impossible for you to effectively learn all the stuff that is on offer within a month or a year.
The high price tag for admission is justified by the provider based on the sheer volume of content you can access, but this can be a poor return on investment for you because, in reality, you can only consume (or are interested in) ~25% of the content.
When it comes to free training options you can simply peruse the options available to you on a variety of platforms and make a decision about what to consume in the moment. There is no fee hanging over your head that ties you down to one content provider.
These two main benefits of free training both revolve around the idea of freedom, be it financial freedom or freedom of choice, and this is where free training excels. That said, there are some significant drawbacks to free training.
Cons of Free Training
The freedom of free training comes at a price with three major drawbacks.
Con #1: Free training is often too limited
Free training is great up to the point where you can’t find someone who is teaching the skills you need for free. If you need training for a specific skill or technology then you may have no choice but to pay for it. This could be because the free training options don’t exist or because the free options are out-of-date.
Often content creators pushing out free learning material have no obligation to update their previous learning materials (there is no benefit to them), so new content creators are required to cover new/updated concepts.
For instance, Dave may have covered tool XYZ but then two years later a new component is added to this tool that is not covered in Dave’s course. Dave has since moved onto other things and the course never gets updated. This often happens with freemium content, particularly when the skill you want to learn is niche.
Con #2: Free training is often shallow and overpopulated
For popular skills/tools there is an over abundance of courses that cover it. The quality of these courses can vary dramatically from one to the next and often a student will waste their time trying to find a course that can succinctly teach them the skills they seek.
Many of the free training options are taught by beginners who are just learning the topics they are teaching. They may lack extensive experience with the skills or technology they are teaching or may not even have expertise in said area of cybersecurity.
This is overcome by paid training because there is usually a barrier of entry for content creators whereby they need to prove their credentials for teaching a course.
Con #3: There is no clear path to follow
Free training is diverse and often atomic. Content creators who put out free material don’t spend their time writing course outlines or focus on building progressive steps to teach complex topics. They release atomic courses that focus on one skill or one tool and leave it up to the student to chain together these courses to create a path for learning a complex topic.
Take reverse engineering as a example. One course may teach you how to use a debugger, another a decompiler, another some assembly language, and so on. Then it is left up to the student to chain this knowledge together so that they can become proficient at reverse engineering a complex malware binary.
This may work for some but often a beginner does not know the the best path to take to learn a skill and needs to be guided. Paid training often has a progressive learning methodology that builds a student’s knowledge by breaking down a complex topic into many simpler steps that compound.
Paid Training
Paid cybersecurity training refers to any training programme or course that you pay for to learn cybersecurity skills and technologies. Whereas free training tends to be predominately online, these programmes can range from online courses and certifications to in-person training sessions and boot camps.
Like free training, paid cybersecurity training can cover a wide range of topics, such as network security, web application security, data protection, penetration testing, and incident response. However, this training can be designed to help individuals, small teams, or entire organizations develop their knowledge and skills.
This is because paid training is is often conducted by companies who specialise in cybersecurity training and have dedicated resources to train at scale. These resources include dedicated lab environments to simulate real-world threats, online learning platforms where students can perform hands-on exercises, and in-person tuition.
The cost of cybersecurity training varies depending on the type and level of training, the duration of the programme, and the training provider. The paid training market was predominately dominated by a few companies up until not long ago. These companies had a monopoly on the market and could charge exuberant fees.
In recent years, bespoke training providers have emerged who offer the same level of service at a fraction of the cost. This is particularly true in the field of offensive security with training providers like TCM Academy, Zero-Point Security, and Sektor 7 Institute.
The rise of cloud computing (Snap Labs) and online training platform providers (Teachable, LearnDash, etc.) allowed these smaller vendors to scale their content to a mass market and compete with the old goliaths. This ultimately has made paid training a much more affordable option for many so let’s start by discussing it’s pros.
Pros of Paid Training
There are several tangible benefits of paid training.
Pro #1: A student support service
Any good paid training provider will offer their students a support service that allows them to get the most out of their course material. The level of support varies between providers from email to the in-person help offered at live training events.
This support is not part of the freemium model offered by free training and can be incredibly useful to get you back on track when a concept becomes unclear or a technology fails to work. You can overcome this hurdle with free training but it might take hours of Google searches that divert you off track from what you actually want to learn.
Pro #2: Almost guaranteed expert tuition
To create a training course requires some level of domain knowledge. To create a training course that people are willing to keep buying requires that you are able to teach this domain knowledge. This is what separates free training (where someone knows the thing) from paid training (where the teacher knows how to teach the thing because it’s their profession).
Paying for someone to teach you content rather than just show you it can be invaluable in the learning process.
Pro #3: Access to curated learning environments
Many training providers supply their students with a curated learning environment where they can practice the skills being taught and get hands-on experience. Free training is, usually, unable to offer this experience as there is a cost associated and students are often required to build their own learning environment.
Although this can be very useful as a learning experience in itself, it does add another barrier that a student must overcome to learn the skills they are after. The less barriers a student needs to overcome often leads to a more effective learning experience.
Pro #4: A guided learning experience at the macro level
Paid training usually has a well thought out course structure for you to follow. This structure should include incremental progressions that build on previous material taught to make difficult topics easily digestible to the student. This process of accumulating knowledge and breaking a difficult topic into bitesize pieces makes teaching and learning manageable.
It also acts as a form of tracking so the student can see their progress. By having a structure in-place, the burden of developing a learning pathway is placed on the training provider and not the student, which makes the learning process more effective by removing barriers.
These advantages make paid training a more “user-friendly” and palatable option than free training. Yet there can be some drawbacks if you don’t invest the time and effort into making sure you choose the right paid training for you.
Cons of Paid Training
There are a few drawbacks of paid training.
Con #1: Not all paid training is created equal
The quality of paid training can vary substantially between training providers. Some will offer great support, expert tuition, and a dedicated hands-on learning environment, whereas some will offer no more than you can get from free training.
As a general rule, if the training provider has a dedicated platform they are likely to offer greater quality and provide support, whereas if they sell their training through a third-party platform (Udemy, Skillshare, etc.) then it is harder to prejudge the quality of their training.
Con #2: Sometimes it’s just not worth the cost
On occasion there will be free training available that is on par or better than the paid training out there. I am a big proponent of using the free stuff first and always recommend doing some due diligence before parting with your hard earn money.
Have a look to see if you can learn about a topic/concept/technology for free first, evaluate if this training is good enough to teach you what you want to learn, and then, if you must, move onto evaluating the best paid options. There is tons of free training available online ready to use whenever you are able. Make the most of it!
Con #3: It adds up very fast
Buying one course may be fine. Buying two may not hurt your bank account that badly. But what about the third, forth, and fifth!
Many newcomers to cybersecurity make the mistake of thinking they need to buy a plethora of courses to learn things and greatly underestimate how much time it will take them to complete a course.
A good quality course could take anywhere from a month to six months to complete if you have a fulltime job and family to take care of. Don’t be drawn in by the fancy marketing or promises the course offers. Spend time researching which paid training you believe will be most beneficial to your career. Then invest in that course and make the most of it’s content.
This may mean going through it dozens of times so the concepts fully solidify in your brain or writing tens of blog posts about the topics it covers (teaching is the best way to learn something). It’s far better to fully commit to one course than half commit to a dozen and not be any further along in your learning six months later.
These cons of paid training mainly relate to how it is being used. Paid training can be great when used correctly. Unfortunately, there are too many people who waste their money not doing their diligence before purchasing or feeling they need to invest in hundreds of courses.
Final Thoughts
Free training and paid training compete on different playing fields and are best thought of as filling different student needs.
- Free training is best to fill a specific gap in a student’s knowledge or to act as a refresher on a topic. It is best used to supplement a paid training course that is guiding you through a topic.
- Paid training acts as a guide to help you learn a new topic. It provides a framework for learning related concepts in a structured way through a qualified instructor.
As a an analogy think of going to the gym.
To get the best results, efficiently, you want an expert to create a training programme for you that addresses all areas of your fitness and nutrition that (if you follow) will guide you to success — paid training.
Along with this training programme you may want to add in supplements like protein powder, pre-workout, or vitamins that will aid you in your recovery. These supplements help you in the process of becoming fitter and make the process easier — free training.
With this in mind, if you want to learn a new topic (something you have no familiarity with) I would recommend finding a good paid training course to guide you to success. As you are going through this course you can then use free training courses to aid in your learning (e.g. if you are having trouble understanding a concept) and use this material to expand your knowledge on concepts being taught through your paid training course.
Stay consistent and you can learn anything you want in cybersecurity. Good luck and keep on learning!
