Throughout my time working in Cyber Security, I have attended a variety of different security training courses that have helped me to successfully attain a selection of professional qualifications. There are four main training options available to you. Before committing to one you’ll want to consider what options are available and assess the suitability of each to your needs.
In the following article I have assessed each of the training options and rated them according to cost, speed and convenience factors. These have been ordered with the lowest cost options first.
If you are unsure if security qualifications justify the commitment I suggest reading a supporting article I produced covering this topic.
Self-study
In 2017 I successfully passed the Cloud Security Alliance CCSK qualification and more recently the ITIL Foundation exam in 2020. This option is well worth considering but despite the low cost may not be suitable for everyone.
| Cost | Speed | Convenience | |
|---|---|---|---|
| Rating | Low | Slow | High |
| Description | This just includes the cost of the study materials. |
This is driven by your self-motivation and the amount of time you can commit to study. From personal experience it has taken up to 6 months to prepare for an exam through self-study. |
You get to take the training at times that suit you rather than committing to set dates / times. |
Suitability
This is ideal if you:
- Are looking for a low-cost option
- Are able / willing to commit the time and effort required
- Can balance the training around your other commitments
- Can self learn without support / guidance from an instructor
- Don't have time pressures to achieve a qualification quickly
Assessment
This is by far the most cost-effective option but its highly dependent on your ability to motivate yourself and commit to undertake the study.
If you're struggling for motivation I suggest booking the exam in advance but give yourself enough time to complete your preparation. This gives you a timeline to work towards and the deadline acts as a great motivating factor!
Whilst you don't have support from an instructor there is likely to be wealth of materials available to you and online communities that provide a level of support / guidance.
On-demand training
I have attended several on demand training courses through SANS including web application security, ethical hacking and incident management. Of the three courses I only took an exam in web application security and passed this in 2012. I had an incredibly positive experience in the use of the SANS platform.
As an alternative to specialist training providers like SANS I have experience working with learning platforms such as those provided by Pluralsight and Percipio. They cover a broad range of training topics at a far lower cost. These type of platforms are ideal for supplementing your self study but be aware that the quality of training offered can be highly variable.
| Cost | Speed | Convenience | |
|---|---|---|---|
| Rating | Low to Medium | Medium | High |
| Description |
The cost of this option will vary according to the vendor you attend the training with. Dedicated training such as that provided by SANS is comparable in cost to instructor led training. Learning platforms come at a much lower cost but should be considered as a supplement rather than replacement for self study. |
You can do the courses at your own set speed. This is likely to be at a slower pace than instructor led training especially if you are having to balance multiple commitments. |
This is the main selling point of this option. You get to take the training at times that suit you rather than committing to set dates / times. Learning platforms provide you with access to a range of courses for an ongoing monthly fee. Specific courses you sign up to will give you access to the on-demand training materials for a set duration (i.e. 3 months) with the potential to extend access at a cost. |
Suitability
This is ideal if you:
- Are able / willing to commit the time and effort required
- Can balance the training around your other commitments
- Can self learn with minimal support / guidance
- Don't have time pressures to achieve a qualification quickly
Assessment
This is an ideal alternative to self-study as the training is far more engaging. There is a significant difference between booking a particular course on demand and subscribing to a learning platform. If you book a particular course the costs can be comparable to instructor led training.
If you opt to use a Learning Platform I would advise using this as a supplement to rather than replacement of self study.
Instructor led (in person or virtual) training
I have had the opportunity to attend a selection of in person and virtual training courses. Most recently I attended ISACA hosted training for CRISC in 2020 and went onto successfully pass the exam.
| Cost | Speed | Convenience | |
|---|---|---|---|
| Rating | Medium | Medium | Medium |
| Description |
The cost of this option will vary according to the vendor you attend the training with and whether its in person or virtual. Even at the top end cost this is likely to be at a lower cost to the bootcamp equivalent. |
The courses are less intensive than doing through a bootcamp equivalent. From experience they tend to span a typical working day (i.e 9 – 5). For the major cyber security qualifications expect to do significant self-study to supplement what you learn in the training sessions. |
The shift to remote / virtual training has improved the overall convenience of attending this type of training although you do lose the additional benefits of learning in person in a class room setting. |
Suitability
This is ideal if you:
- Want to supplement your own self study with instructor led training
- Need support with understanding / learning the material
- Can commit to attending fixed time / date sessions
- Struggle to motivate yourself through personal study
Assessment
Instructor led training will help you to understand the more complicated topics and will support you in preparing for the exam.
You should consider this as a supplement to self-study. From experience I have had to commit to far more personal study prior to the exam than was required after attending bootcamp training.
Bootcamp
I have only had the opportunity to attend one training bootcamp. This was back in 2016 when I was preparing for the ISACA CISM exam. The course was held by Firebrand. Overall, I had a positive experience and went onto successfully pass the exam a week after finishing the course.
| Cost | Speed | Convenience | |
|---|---|---|---|
| Rating | High | Fast | Low |
| Description | Given the intensive nature of the courses you should expect to have to cover the cost of food and accommodation as well as the course fee. This is the most expensive option. |
Bootcamps provide an intensive experience that forces you focus and study in preparation for the exam. This is by far the quickest option.
It would be difficult to personally motivate yourself to emulate this through self-study. Well, certainly from my own experience! |
The likes of CISM and CISSP have respective bootcamps spanning between 4 and 6 days. These courses require you to dedicate your time across long days with the addition of self study in the evening. |
Suitability
This is ideal if you:
- Can cover the higher expense, or this is being picked up by your company
- Need to achieve the certification quickly
- Can commit to dedicating up to 6 days intensive study
- Struggle to motivate yourself through personal study
Assessment
This is a great option to pass an exam quickly but comes at significant cost. It also requires a high level of your commitment over a period of up to a couple of weeks.
Even though these courses will cover all the topics within the exam I would still advise you to do some study in advance of the course as this will help you to maximise the value of your training.
Final thoughts
The below table summarises the training options and shows you the trade offs between the cost, speed and convenience factors.
| Cost | Speed | Convenience | |
|---|---|---|---|
| Self-study | Low | Slow | High |
| On-demand | Low to medium | Medium | High |
| Instructor led | Medium | Medium | Medium |
| Bootcamp | High | Fast | Low |
In reality I have always taken a hybrid approach combining multiple training options rather than any one in isolation. The key is in finding an approach that works for you whilst balancing each of the factors to fit your needs.
Some of the training options will include the cost of the exam. The exam cost alone can be considerable.
Its important to note that the quality of study materials, training courses and instructors can vary considerably even within one particular vendor. I advise doing some research on a given vendor and ideally speaking to others in the Cyber Security community to get an idea of who's good and who should be avoided.
Nice article, which you have shared here. Your article is very informative and I liked your way to express your views in this post. The article you have shared here is very informative and the points you have mentioned are very helpful. Thanks for sharing this article here. Private Cyber Investigator India
ReplyDelete