“How can I learn cyber security for free?”
This is a popular question, and honestly, the amount of education that is available for free is immense. The old (or new) adage that “we walk around today with the Library of Alexandria in our pockets” is not that far off from the truth. That said, just because access to information exists does not mean that it is conveyed understandably, valuable, or even correct.
We are flooded with information and the cream does not always rise to the algorithmic top. Considering the source is an important lesson in cyber security (and life in general), and one that should be implemented when evaluating or consuming training or information. Just because a resource is free does not mean that it is the best use of your most valuable resource: time.
TL;DR You can learn many of the base concepts and methodologies of cyber security through various free sources, and while you can find some more advanced or hands-on training that is also free, most will have a price attached to them.
What’s Free and What’s Not
There are MANY options for learning about cyber security; university classes, focused bootcamps, on-demand courses, live training, YouTube, books… And all of these options have varying degrees of quality, cost, and value associated with them, and as with most things, they have a direct relationship. As quality or value increases, so does the cost.
SANS offers some of the most highly valued training with the widest recognition in the world of cyber security, but is priced outside of most individuals’ range (there are small preview sections of courses available for free). A YouTube video is free, but the quality can be hit or miss, it could be hard to follow, and putting it on a resume will likely not move the needle (in the right direction at least) toward getting you a job. This isn’t to say that a YouTube video can not teach you the skills you need to perform the functions of a cyber security professional, you may just have to sift much sand to find what you’re looking for.
One of my favorite lines from the movie Good Will Hunting goes “you dropped 150 grand on an education you could have got for a dollar fifty in late charges at the public library.”
Now, this doesn’t directly translate to constantly evolving technical disciplines, and traditional education has benefits you can’t get at a local library. Still, the idea of starting with free or cheaply acquired fundamental knowledge is sound. Having a teacher or course to follow can be optional if you have lots of extra time and above-average levels of discipline. Or you’re a genius, which helped a lot in Will’s case.
For the rest of us, a lot of time spent chasing down helpful, up-to-date training could be saved by going with a researched and established curriculum from a reputable source.
The following are a few helpful tips and resources for finding free cyber security courses and then moving on to the next level of training with some low-cost, high-quality options.
Free: Basic IT and Cyber Security
If you’re in the initial stages of developing your cyber knowledge foundations and looking for some good low-investment options for getting started, YouTube can be a great resource. Good content creators and instructors produce free material in that space, so check out lists or communities for recommendations and begin to soak it in.
(A list of content creators to follow is available in Heath’s annual How to be an Ethical Hacker blog post)
One such personal recommendation is Professor Messer, who is a stable legend in the world of studying for entry-level certifications, such as the CompTIA trifecta. He offers an enormous amount of material for free, including live study sessions, so checking out his YouTube live streams and extensive library is a good place to start.
While this next suggestion isn’t free, Mike Meyers is another oft-cited guru of IT training whose Udemy courses have been the starting point for many looking to learn and certify in the field of IT. Udemy often has sales, so you will likely be able to get a good deal on the training.
I would be remiss not to mention Antisyphon Training, the education wing of Black Hills Information Security, in this category. They offer webinars and training on the regular, covering relevant topics in cyber security that can further develop your skills and knowledge.
We also humbly suggest TCM’s free tier of fundamental training courses, aimed at giving cyber security hopefuls a path of quality training that would help them develop the skills and knowledge necessary to perform an entry-level IT job.
The free tier is comprised of:
- Linux Fundamentals
- Programming 100
- Soft Skills for the Job Market (don’t sleep on this one)
- Practical Help Desk
- Practical Security Fundamentals
These courses cover the essential base knowledge to work in IT and the foundations of a cyber security position. The culmination of these courses is the Practical Help Desk Certification, our entry-level IT cert that puts you in the seat of a Help Desk professional for a hands-on practical exam.
The TCM YouTube channel also contains a 75-hour playlist of significant portions of several of our Academy subscriber courses, including Practical Ethical Hacking and SOC 101. This is a way to gain some higher-level cyber security knowledge and try out our subscription courses without the cost.
Less Free: Hands-On Cyber Disciplines
Beginner courses are plentiful, and learning the basics of Information Technology can be accomplished with little monetary investment, but as you progress and make the decision to further pursue a job in cyber security, finding the next level of education and training can become more expensive (ie: not free).
One popular method for further learning is CTF-style subscription-based platforms like HackTheBox and TryHackMe. Both of these are ‘box pwning’ learning systems where text-based modules present the information necessary to accomplish tasks and uncover hidden flags that allow progression to the next module. This affords a gamified learning experience to practice cyber security techniques for a moderate investment and is widely used in the cyber security learning community.
The TCM Academy is a subscription-based training platform that offers on-demand video/lab courses in offensive and defensive cyber security. These courses not only train the student in cyber disciplines but also prepare them for practical certification exams if they are seeking a means to prove their skills to a potential employer.
Thoughts on Career Start and Career Switch
Career Start
As a place to begin you’re cyber security journey, we’ve previously covered how starting in IT Help Desk is a natural and beginner-friendly way to gain knowledge and experience that translates to cyber security. Taking full advantage of free resources is a great way to get your feet wet before making monetary commitments in a career you may not fully understand.
If you have the flexibility that often accompanies the stage of life when one is starting a career, you can likely afford the lower salary that is typical of entry-level IT work. From here, you can advance within the department and organization and keep training and taking on more cyber security-related duties, working your way into that position.
While there is no set path for getting into cyber from position zero, this is not a bad blueprint.
Don’t forget to network within the community, though, as this is the best way to eventually find a job.
Career Switch
If you are already established in a career, it is likely that you have a cost of living or responsibilities that will require more of a paycheck than the median IT help desk job (which is the ideal starting out). If you can’t swing the pay cut then you will likely want to aim at an entry-level cyber security position (read: “mid-level IT position”).
This is difficult.
Those positions are going to be sought after by MANY people, and some of them have the professional experience to get to the top of the resume heap. Is it impossible? No. But it is difficult. Your best shot is to learn as much as you can, demonstrate your skills and abilities, and, above all, network within the industry.
As for the learning bit, once you have a grounding in the IT basics, you’ll want to move on to fundamental cyber security concepts and practice the TTPs. Gaining certifications is not a bad way of demonstrating competency in skills.
The TCM Academy offers courses with on-demand training that provide practical instruction and hands-on scenarios that closely imitate real-world cyber security job responsibilities. If you want the experience of a penetration tester, SOC analyst, or other jobs in the cyber security field, that is the experience we strive to provide.
In Parting
You can learn a lot about cyber security on your own, but it will take an amount of time that most people can not spare. Having a course to follow, an experienced guide, and a community make that journey a lot easier. You will still need time and discipline, but it takes much more to try and go it alone.
Where courses are involved, you are trading money for someone to collate the information, prepare a curriculum, take you through that curriculum, set up labs and walk you through those, etc. All things you could potentially do on your own, but this way takes less time. Do your research. Don’t trust the ‘too good to be true’ offer. Make good use of your resources.
Good Luck out there!
About the Author: Josh Daniels
Josh is an avid storyteller and writer who loves learning about the behind-the-scenes of the digital world we live in. While his professional experience is in content marketing, Josh began pursuing a career in cybersecurity in 2022, gaining a Sec+ certificate along with other training from industry professionals and a life long learner attitude.
When he is not writing, Josh enjoys outdoor adventures with his family, watching movies, reading, and an unofficial (unpaid) side gig as a Game Master Consultant for several friends who play table top RPGs. At TCM, Josh has found a home where his passion for storytelling and cybersecurity meet.
“Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.”
– Frank Herbert
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers. Pentest Services: https://tcm-sec.com/our-services/ Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: [email protected]
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.