With so much online courseware on cybersecurity today, it can be a daunting task to narrow the choices to a top 10. To create this list of cybersecurity courses online, we talked to leading security professionals about what they recommend to newbies, computer science students, businesspeople and security pros looking to advance their careers.
When it comes to free cybersecurity courses online, keep in mind that there's no free lunch. Many free courses make students pay for a certificate on the back end, and online groups will sometimes offer short seven-day or 30-day trials followed by a monthly subscription charge. Federal agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), are great sources of free security information. And those new to the field should check out the National Cyber Security Alliance.
For paid courses, we started with some of the favorites among hackers and security researchers and refer readers to MIT cyber training courses, as well as online courses at the University of Maryland Global Campus (UMGC), Western Governors University (WGU) and Cybrary. As a bonus, we also linked to the NSA's Centers of Academic Excellence (CAE) courses. While not exclusively online, people seriously pursuing careers in security need to be aware of these courses and the fact that many programs offer online options in the wake of COVID-19.
Best of the free cybersecurity courses online
TryHackMe features content for people new to cybersecurity and covers a broad range of topics, including training for offensive and defensive security. TryHackMe also has Capture the Flag exercises with walk-through write-ups by contributing users that let members see how problems are approached and solved. There are four levels:
- Complete Beginners have no computing knowledge and are unsure of where to start.
- Early Intermediates have basic computing knowledge and have used Linux.
- Intermediates know how computers work and have basic security experience.
- Advanced is for those who work in cybersecurity and penetration testing.
There are also modules on Linux, network security, web hacking and Windows fundamentals, as well as courses on cryptography, shells, privilege escalation and basic computer exploitation.
Hack The Box
Hack The Box is geared toward offensive security and offers a live training area for hackers to practice their skills without harming any production systems. The course has retired boxes with write-ups by other members of the Hack The Box community for those who want to be guided through the process. It also has active boxes where the solutions are not published. Hacking into these boxes gives users points toward improving their rank in Hack The Box. Note that the site includes free and paid tiers, which include an inventory of intentionally vulnerable platforms that emphasize and illustrate vulnerabilities, exploits and attack patterns, ranging in difficulty and sophistication.
Bugcrowd University is an excellent community resource from one of the leaders in the bug bounty field for those who want to level up their bug bounty skills. The site has a lot of good, approachable content with the stated objective of developing a wider talent pool in the bug bounty field. It ranges from a basic on-ramp into the material to more sophisticated content that even some seasoned practitioners may find useful. Bugcrowd University operates as a free and open source project to help improve the skills of the industry's security researchers. It includes content modules to help researchers find the most critical and prevalent bugs that impact customers. Each module has slides, videos and labs for researchers to master the art of bug hunting with the aim of creating a new standard for security testing training.
SANS Cyber Aces Online
SANS Cyber Aces Online operates as a philanthropic organization operated by SANS Institute, which donates the training courses for free. SANS manages one of the highest quality security training organizations in the world, so Cyber Aces can unlock the security basics for professors, teachers, businesspeople and security pros who want to learn more about security for free. The self-paced courses are selected from the SANS professional development curriculum and include a mix of tutorials and videos that students can learn at their convenience. The programs cover the three foundational areas of information security: OSes, networking and system administration.
Federal Virtual Training Environment
Federal Virtual Training Environment (FedVTE) offers its cybersecurity courses online at no charge for federal government personnel and veterans. The security industry can use the background of former military personnel. Managed by CISA, FedVTE contains more than 800 hours of training on topics like ethical hacking and surveillance, risk management and malware analysis. Course proficiency ranges from beginner to advanced levels. Several courses align with a variety of IT certifications, such as CompTIA's Network+ and Security+ and Certified Information Systems Security Professional.
Additional free online cybersecurity courses
The National Initiative for Cybersecurity Careers and Studies' Education and Training Catalog lets people search for more than 5,000 cybersecurity-related courses. The National Cyber Security Alliance (NCSA) offers a free course on Protecting Yourself While Connected to the Internet. NCSA also serves as a good general clearinghouse for cybersecurity information and training. In addition, Coursera offers an excellent free course sponsored by IBM called Introduction to Cybersecurity Tools & Cyber Attacks, which provides a history of cybersecurity, teaches attacker motives and types of attacks, and gives an overview of basic cybersecurity tools and systems. Fortinet has also extended its free courses program, and for the foreseeable future will offer more than 30 free courses.
Best of the paid cybersecurity courses online
Pentester Academy offers excellent courses at an even better price. Students have access to dozens of interactive labs and courses on broad subjects. Many cybersecurity training programs are narrowly focused, but Pentester Academy exposes students to a broad array of technical cybersecurity courses online. Popular courses include topics on Python, x86_64 shellcoding, Linux forensics and buffer overflows. Here's a full list of available courses, as well as testimonials.
An annual subscription fee is $249.
Cybersecurity for Managers
Cybersecurity for Managers: A Playbook is a well-known MIT offering developed for business leaders, managers and executives in technical and nontechnical positions looking to build an action plan for a more cyber-resilient and cyber-aware organization. Technology and business consultants and those acting as liaisons between technology and business units will also benefit. There are no technical prerequisites for this program. According to the MIT website, the course for technical leaders offers frameworks that lay out a strategic view of an organization's quantitative and qualitative cybersecurity risk management; covers the leading approaches to managing cybersecurity, including defense in depth and NIST Cybersecurity Framework; and offers a practical interpretation of the tradeoffs between security and privacy, as well as a method for understanding an organization's priorities in attaining secure systems. For business leaders, the course will help executives build a culture of cyber awareness in their organizations; develop the vocabulary of cybersecurity to support informed conversations with the company's CISO, CTO, data science and other technology leaders; and deliver an appreciation of how decisions made by technology leaders may affect the company's business strategy.
The online course runs for six weeks, five to six hours per week, and the fee is $2,800.
Cybrary Insider Pro
Cybrary Insider Pro is perfect for working professionals who want to advance their careers or newbies interested in learning more about cybersecurity. Students can take the seven-day free trial. Insider Pro makes the most sense for individuals, while companies can also consider Cybrary for Teams. For those who want to prepare for exams and earn certifications, become an industry expert in a specific security topic, get new employees up to speed on cyber awareness, improve employee retention, and develop or monitor cybersecurity skills development over time, Cybrary offers the tools and an online cyber community that will help students reach their goals.
The course fee for Insider Pro is $59 per month for individuals.
Western Governors University
WGU's Master of Science in Cybersecurity and Information Assurance offers a master's degree program for professionals who are ready to take the next step in their security industry careers and need a flexible, self-paced online course. WGU works closely with NIST's National Initiative for Cybersecurity Education with input from cybersecurity experts and leading information technology employers to meet the most recent Department of Homeland Security and NSA guidelines. Students can complete the program in one year or multiple years, and course costs increase accordingly. But students working in the field typically have the knowledge to move through the course quickly.
The course fee is $4,190 per six-month term.
University of Maryland
UMGC offers excellent courses for beginners and working professionals who want to improve their cybersecurity skills. Based on its proximity to the NSA and the national security establishment, students have access to some of the best practitioners and security policymakers in the U.S. University officials recommended two cybersecurity courses online in particular:
- Ethical Hacking CMIT 321 helps students prepare for the International Council of Electronic Commerce Consultants (EC-Council) Certified Ethical Hacker (CEH) certification. The three-credit course is based on the official EC-Council curriculum, including an individual and team Capture the Flag competition. Materials for the course include iLabs hands-on hacking labs. Students get a substantial discount if they take the actual EC-Council CEH exam and qualify without a waiver for taking the official course at UMGC.
- Threat Management and Vulnerability Assessment CMIT 421 helps prepare students for the CompTIA Cybersecurity Analyst (CySA+) certification as an entry-level analyst. CySA+ is a newer CompTIA certification that has gained traction. The three-credit course features hands-on labs and practice tests from uCertify, enabling students to analyze different vulnerability assessment reports.
The fee for the standard program is $499 per credit ($300 per credit for Maryland residents).
NSA Center of Academic Excellence in Cyber Operations
NSA CAE in Cyber Operations (CAE-CO) is certified at 21 colleges by the NSA. The various programs are deeply technical, interdisciplinary, higher education courses firmly grounded in the computer science, computer engineering and electrical engineering disciplines. The programs offer extensive opportunities for hands-on applications via labs and exercises. While security pros consider CAE-CO the most hands-on technical program, the CAE course also offers concentrations in Cyber Defense Education and Cyber Research. The course fees vary depending on the college, region and commitment to online learning programs in the wake of COVID-19.
The making of the top 10 online courses
Special thanks to our expert panel of security professionals who helped recommend the best of the online cybersecurity programs.
- Ryan Corey, CEO and co-founder, Cybrary
- Terence Jackson, chief information security and privacy officer, Thycotic
- Simone Petrella, CEO and co-founder, CyberVista
- Lisa Plaggemier, chief strategy officer, MediaPRO
- Tarik Saleh, senior security engineer, malware and forensics, Amazon
- Tim Wade, office of CTO, technical director, Vectra AI
- Jesse Varsalone, associate professor of computer networks and cybersecurity, University of Maryland Global Campus