304 North Cardinal St.
Dorchester Center, MA 02124
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
304 North Cardinal St.
Dorchester Center, MA 02124
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
If you prefer guided learning, then cyber security certifications might be the best choice for you!
While they aren’t always required, cyber security certifications can help with career growth. I have taken a lot of these myself and can break down the differences between stuff like Udemy and actual certs. When it comes to information security courses, there are still plenty that you can take for free if that is a concern.
While they usually aren’t free, information security courses might be the best way to learn penetration testing.
One of my favorite parts of these certification courses is that everything is bundled in a nice and orderly fashion. While self-directed learning is great, it can be nice to learn topics and techniques in a specific order.
In addition to actual courses, earning the certification can be a great boost to your resume and career.
Finally, if you want to wait for the BEST cyber security certifications, then stay tuned for some DoylerSec Academy courses!
If you want certifications, then you can’t go wrong with OffSec.
They might not have the best instruction, but they have the most industry recognition.
I’m excited about their new subscription model, but you’ll need to be able to take 2+ courses a year to make it worth it.
I also want to take the OSEE course still, but it’s hard with how quickly it sells out every year.
The OSCP is THE standard for penetration testing certifications and with good reason.
While this won’t be the easiest course that you can take, if you want to get into pentesting, then this should be a goal of yours.
I finished mine a few years ago, but it led to my current career.
I have also considered creating either a cheat sheet or a supplementary course for the OSCP. Plenty of people struggle with this course, and I’d love to help increase the pass rate for it.
If exploit development is your scene, then the OSCE was the course for you.
That said, as of October 15, 2020, the version of this course that I took has since been retired.
Previously, the OSCE was a slightly outdated intermediate exploit development course. It covered encoding, space issues, and bypassing protections like DEP and ASLR.
The new OSCE certification consists of the following three courses: Advanced Web Attacks and Exploitation, Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. Based on what I can tell, Windows User Mode Exploit Development should be a similar course to the old OSCE, but should also be more up-to-date.
While I haven’t registered for the new OSCE courses yet, it is something that I’m considering for the future.
I have only taken one of their certifications so far, but SecurityTube is a great option.
In addition to the inexpensive certification courses, SecurityTube has a ton of free content that you can consume.
If you want to watch their free content, then check out the PentesterAcademy YouTube channel.
The SLAE course was my first experience with x86 assembly, and it was awesome.
I don’t think that everyone needs to know assembly, but I enjoyed this course.
You can benefit from this course if you are working in exploit development or red teaming, or just want to learn assembly in general.
I wrote a ton of posts for this course, but a lot of them are required for the exam. If you are considering taking an exploit development course like the OSCE, then starting with the SLAE is SUPER useful.
The first cyber security certification I got was the eCPPT from eLearnSecurity, and it definitely kicked off my career.
These certs are even cheaper than they used to be with the new INE subscription model. You can now sign up for a subscription that covers ALL of the courses and buy individual certification vouchers as needed.
While eLS certs aren’t quite as widely recognized as OffSec, I prefer their course materials. They also have a wider range of courses, which is nice for network defenders, or testers who primarily focus on web applications.
Like I said above, the eCPPT was the first infosec cert that I ever obtained. I took the course back in 2014, and it helped to kick off both this blog as well as my security career.
They are now on v2 of this course, and I cannot recommend it enough to entry-level penetration testers. There is more industry recognition for it than there was when I first took it, and it is a great course to take before trying out the OSCP.
If you can only pay for one larger certification at the start of your career, then the eCPPT is probably the best bet.
I’d wait to get the OSCP until you are a little further in your career, and a company might be more willing to pay for it.
While my eCPPT posts are already some of my most popular, stay tuned for even more eCPPT content soon!
The eLearnSecurity eWPT was a certification that I got a bit further into my penetration testing career, but it was still a good one.
Most offensive security careers are going to be web-focused, so it’s a good idea to brush up on these techniques. When I was a consultant, as well as on internal teams, web application security assessments were at least 70% of my engagements.
The eWPT was a bit more entry-level of a certification, but I still learned a few new tools and techniques that I could use. If you are wanting to get into web penetration testing, then I’d consider this course before moving on to the eWPTX.
If you’re already an advanced web application penetration tester, or have finished the eWPT, then the eWPTX might be for you!
The eWPTX was an awesome course, and I learned a ton of new stuff from it.
Unless you are intimately familiar with advanced web attacks, or the Web Application Hacker’s Handbook, then this will be a harder course.
While I’ve only written one eWPTX post so far, I would still like to publish more. I have ideas, not for the course itself, but for techniques and attacks that I learned during it.
The eMAPT course is eLearnSecurity’s mobile application penetration testing offering, although it might be one of their most disappointing.
The course material does cover several mobile attacks and techniques, which is nice. That said, a lot of the tools and methodologies are out-of-date at best for a large portion of the course.
Last, but certainly not least, the exam for this version of this course is still awful. Unlike the other eLearnSecurity courses, you don’t perform a mobile penetration test and write up a report. Instead, the course has you developing a mobile application of your own to exploit vulnerabilities in the target application.
Unfortunately, this requires a lot more Android development experience than any portion of the course and causes a lot of confusion and failures that it likely shouldn’t have.
While I don’t love the eMAPT, it’s still one of the better mobile assessment certifications for the money, and they will HOPEFULLY be improving it soon.
If you feel like throwing away some money, or your company will pay for training, then you can consider SANS.
While they do have a ton of industry recognition, each course is going to run you over $7000 without the certification exam.
That said, I did take SANS660 myself, so I have some experience with them.
There are plenty of other courses and certifications that you can take for less than half the price.
But, if you have your heart set on SANS and the money isn’t a concern, then they do have some good material
It is also sweet how you get to keep the “books” afterward, although I wish they’d stop mailing me those posters.
I wasn’t originally planning on including them in this post, but someone mentioned CompTIA.
As it turns out, CompTIA is more than just the Security+ course nowadays.
I have not looked into these courses yet, but they offer an entire cybersecurity curriculum.
While the Security+ wasn’t a super informational choice, it’s still a nice entry-level cert to bypass HR filters.
Plus, if it’s a path you are concidering, the Security+ will count for some of the DoD 8570 certifications.
In addition to all of the standard cyber security certifications and courses, there are also various online learning academies.
My personal favorite, and the one that I’ve taken the most courses on, is Udemy.
While I don’t have any reviews for courses JUST yet, I am currently registered for the following courses.
In the meantime, why not consider using my Udemy affiliate link and supporting us!
I’m honestly not sure what cyber security courses that Coursera offers, but I know that it’s a good platform.
That said, I am currently taking the Machine Learning with Andrew Ng course, so maybe I can work on some offensive tooling/techniques using Machine Learning!
In the meantime, I’m still waiting on acceptance into their affiliate program, so this section will be a little light for now.
I actually didn’t realize that Skillshare had cyber security courses until recently!
I’m not familiar with most of these creators yet, but there could be a few good security courses.
Skillshare works on a subscription basis, so for only $180/year, you can have access to most/all of their courses.
Let me know if you have any recommendations, and I’ll try to add them here! I was rejected from their affiliate program though, so they might not like this blog/hacking content.
I recently got access to LinkedIn Learning as part of a purchase through work.
While it’s corporate-focused, there are a ton of information security courses here.
I want to give a few a try, to at least see if I like the platform. If you have any recommendations, then reach out to me.
While this will serve as a living resource like my other navigation posts, hopefully, it was helpful.
If you want to see what I was considering back in 2018, then check out this post.
I plan on trying to monetize this post and the courses that I’ve already taken a little more, so stay tuned. Beyond that, I’m finally working on some DoylerSec Academy courses, but am always open to more instructors or materials!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.