While there are a ton of security education offerings out there, finding the RIGHT cybersecurity training and certification option for your particular goals (and budget!) can be daunting. With a range of options from free resources to costlier certifications, we aim to guide you through some helpful choices available, with a special focus on ICS/OT security education.

Considerations When Choosing Cybersecurity Training 

Before investing in cybersecurity training or earning a certification, it's important to keep a few things in mind. For most of us, time and money are both limited resources, so be intentional when investing one or both to further your career. 

First, be very clear about your end goal. Pursuing an academic career will be very different from pursuing a specific career goal, so only take the certifications or training that may actually get you where you want to end up. 

Secondly, remember certifications are not magic. They may help get a foot in the door with some organizations that like to see that sheet of paper, but there is no "right cert" that will land you your dream job or help you achieve your individual end goal. 

Finally, remember even a free course will be a time investment. Don't pursue any cybersecurity training you can't make a serious commitment to. Ultimately, your time investment will reflect how much benefit you receive from the training, regardless of whether it’s free or has a cost. 

Quality Cybersecurity Training and Certification Resources 

The online learning platform edX offers many free courses and curriculums that are worth looking into. You can take courses from MIT, Stanford, and other respected institutions completely free (though you can pay to audit the courses if you choose). 

Of particular interest for cybersecurity professionals is the RITx Computer Forensics course taught by Dr. Yin Pan, a comprehensive and free course. While you can pay to receive course credit, the free version still grants access to all the course materials. The eight-week class covers everything from Unix and Windows forensic fundamentals to more advanced topics like rootkits and stenography.

We couldn't mention quality cybersecurity training without pointing out our own training, Insane Cyber Tech Talk Tuesday. Our 10-20 minute educational videos cover everything from talking through real-world attacks to MITRE attack techniques and APT groups. The videos are short but densely packed with relevant, quality information that elevates your forensics and security knowledge with practical techniques. Mike Holcomb also has a great set of playlists and training videos about getting started in ICS/OT security on his YouTube channel.

DFIR Diva Training offers a large selection of both free and paid training. General topics in both IT and cybersecurity, such as Linux or Windows topics, are well done. More specific cybersecurity training courses cover programming, scripting, and purple teaming. Her affordable courses can cost upwards of $1,000, but she also has more specific premium content. 

For anyone who is just entering the industrial cybersecurity space, Robert M. Lee's Getting Started in ICS/SCADA is an invaluable resource list of posts, videos, and other high-quality information. Lee posted the original text in 2016 but has kept it regularly up to date. Everything from great introductory information to conference recommendations can be found in this phenomenal resource. 

Idaho National Labs and CISA offer a host of free, publicly funded cybersecurity training courses online. Each class is about an hour and a half long and covers an impressively wide array of topics, ranging from attack methodologies and risk assessment to foundational ICS topics. 

For those who prefer learning via video, the YouTube channel 13Cubed is one you'll want to check out. The videos explore many forensic topics in-depth, including memory, data extraction, and forensic fundamentals. This is a very talented technologist sharing quality information for free, so it's worth scrolling through the playlist. 

Most people in this space will be familiar with SANS training, but what you may not know is that they post many of the talks from their signature summits online. These are divided into two main channels that focus on DFIR and ICS, respectively. The highly technical, information-dense talks will live up to the respected SANS name. Given the investment many people make to get SANS cybersecurity training or attend these conferences, leveraging their online resources for free is a no-brainer.

ICS Village, a nonprofit organization focused on workforce development (and Insane Cyber partner), frequently sets up shop at conferences like DEF CON, where it hosts training, talks, and CTF events. It also has its own conference, Hack the Capitol, which typically takes place in May and is often available to attend virtually. If you can, attending one of these events is a great opportunity to network and learn. 

Finally, if your employer will cover the cost – though the GI Bill is also accepted – a SANS Technology Institute degree or certificate is a great investment. These are, however, fairly expensive courses. For example, the Incident Response graduate certificate is over $22,000 but also includes four certifications. That said, there are a whole range of individual courses that cover the same material you can buy individually at less cost. 

Insane Cyber OT Office Hours Offer More Education Options

We hope this rundown helps you find some options for furthering your security education. You can also sign up for one of our upcoming virtual OT Office Hours sessions where we dive into different OT cybersecurity topics and take questions from attendees live. Register here!