Every day, new types of cyberattacks are causing escalating damage to companies, governments, and individuals. Security professionals are often under pressure to keep up and understand new cyberattacks and tricks. Addressing this need in cybersecurity skills requires foundational training resources that can be referenced regularly. Luckily, there are numerous websites that offer practical online courses for beginners to develop and enhance their cybersecurity skills.
This blog is designed to highlight five of the best resources for security professionals. These resources help security professionals develop and hone their skills through continuous training about threat actors and their modus operandi. Furthermore, what I have found personally useful is finding a mentor or an experienced threat analyst who can show you additional resources and tools you can add to your arsenal.
Let's also not forget that taking your Google search directly to your community can provide you with the expertise you won't find online. Searching Google for "cybersecurity training resources" might seem naive, but Google is where most of us start. A few things became apparent to me very quickly. The first was that casting such a general search will lead to a very wide array of content on the topic. You will find cybersecurity awareness, forensics, pentesting, malware analysis, incident response, intel lifecycle management, and the list goes on. I needed to narrow down to the training I was truly looking for. Next, I realized that this is a hot topic, with a multitude of sources claiming to provide the resources I need. A long (and constantly growing) list of companies offer up cybersecurity skills assessments and training, but are those resources accurate? Do they offer a depth of training, or is it just high-level information that I already have? I needed to determine the sources that would provide me with the quality of training I was looking for.
I recently read a great article on LinkedIn, “The Perfect Cyber Analyst.” This article served as a complement to my skills enhancement journey; enlightenment comes in many forms. It reminds us that critical thinking skills and a desire to continuously learn are just as important as technical skills when looking for an ideal cyber threat analyst. Coincidentally, this profile is similar to the ideal law enforcement officer, another potential pool of recruits. This was a wonderful article that really caught me off guard and made me stop and think about why I got into security in the first place and how much it has changed in the past 20 years. After 20 years of networking security, I still put myself through skills gap analyses in order to find where my gaps in knowledge are and how to fill them.
For the intent of this blog, resources identified will have training courses to encompass any of the areas above, in an attempt to provide almost one-stop-shopping. Without further ado, here are my top five picks.
To kick things off, an assessment might assist you in determining which skills roadmap you should embark down. Companies like Circadence or CYBRscore offer assessments and training to get that initial foundation to build upon.
Resource 3: SANS: Cybersecurity Courses
Next, anyone who has been in security for any amount of time will find SANS as a valuable resource. They have an extensive array of courses, including complete cybersecurity skills roadmaps, in a wide variety of delivery methods.
Resource 4: Cybermerc: Executive Cyber Enablement
This resource is great for executives who need to understand better what your cyber experts are telling them and what it means to their organization. Outfits like Cybermerc offer courses like Executive Cyber Enablement for non-technical managers. They cover topics such as "Why do bad guys value your data even if you don't" and "Understanding mandatory data breach laws."
Here's one for those with security experience who want even more. Anomali has partnered with Treadstone 71, which focuses on building and delivering cyber and threat intelligence programs. The difference is that, most commonly, other training focuses on a defensive posture, while Treadstone 71 builds training that focuses on the intent and capabilities that forecast and estimate adversary actions. Treadstone delivers the Cyber Intelligence Tradecraft certification, which lasts five days in person, eight weeks online. Colleagues who have taken the track stated that it's well worth the time.
Like any other discipline or current job role, future opportunities are offered by the usual influencers with a multitude of resources available on the internet. I've only listed a few in this post, but I am positive that there are many other valuable options available. I invite you to do your own research while remaining self-aware of your current skills. That's all part of the personal growth journey. Please feel free to leave a comment below, suggest links, and offer comments. The more we all share, the more we all learn, and the better we all become.
David has been deeply involved in security since the late 90's when he started in security information and event management with one of the 3 pioneering SIEM vendors. Over the years, David has held positions both in software engineering and professional services. Within the last 6 years he made the move to sales and architecture to help customers of all sizes and verticals with solutions that will assist them in improving their security posture and mitigating risk to the business.