11 Respected Providers of IT Security Training – Tripwire

We at The State of Security are committed to helping aspiring information security professionals to reach their full potential. Towards that end, we compiled a two–part list of the top 10 highest paying jobs in the industry. Back in 2017, we even highlighted the U.S. cities that rewarded security personnel with the best salaries, amenities and other benefits.

Knowing what job title you’d like and where you’d like to live goes a long way towards advancing an infosec career. But there’s something missing. IT security folks also need to know which training providers they can use to hone their skills in the field.

Don’t worry. We’ve got that covered, too!

Here is a list of 11 respected IT security training providers ranging from free to paid-per-class providers. Our list does not rank those organizations. Instead, it lists them alphabetically.

1. Cybrary

Format: Online

Cost: Free

Website: https://www.cybrary.it/

Cybrary is an open-source community where information security professionals can advance their skills for free. All Cybrary’s educational content is online, which means members can complete courses by skill type (Beginner, Immediate and Advanced) or career level anywhere they have Internet access. They can even take tests designed by the company’s education committee to certify their skills in key industry areas. For more intensive training, Cybrary also enables organizations to design training programs for their entire IT security teams.

2. EC-Council

Format: Online

Cost: Pay-per-course

Website: https://www.eccouncil.org/

The International Council of E-Commerce Consultants, otherwise known as EC-Council, has helped train and certify over 220,000 information security professionals in 145 countries. The Council offers numerous degree programs, including “Certified Network Defender” and “Certified Ethical Hacker.” Most of these programs offer paid-for training in live classes conducted online as well as computer-based self-learning. EC-Council also offers consulting and advisory services on topics ranging from vendor risk management to IT governance ranging from cloud security to PCI DSS compliance.

3. FedVTE

Format: Online

Cost: Free

Website: https://fedvte.usalearning.gov/

The Federal Virtual Training Environment (FedVTE) is a system that provides U.S. government employees, members of the military and veterans with free online training in multiple fields. For instance, members can access more than 800 hours of training on risk management, malware analysis and other topics relating to digital security. Managed by the U.S. Department of Homeland Security, these courses of varying difficulty align with industry certifications such as Certified Information Systems Security Professional (CISSP).

4. Global Information Assurance Certification

Format: Hybrid

Cost: Pay-per-course

Website: https://www.giac.org/

One of The State of Security’s top technical resource providers for industrial control system (ICS) security professionals, Global Information Assurance Certification (GIAC) is an organization that offers more than 30 certifications to aspiring information security professionals. Interested parties can choose an education and enrollment track such as forensics or software security. They can then pay to take an exam for their desired certification and use the GIAC online portal to schedule a certification attempt at a Pearson VUE Testing Center near them. Depending on their test results, members may pay for attempt retakes as well as time extensions. Professionals can even use GIAC to renew their existing security certifications.

5. Infosec Institute

Format: Online

Cost: Pay-per-course

Website: https://www.infosecinstitute.com/

InfoSec Institute has been in operation since 1998. Since then, it’s helped train tens of thousands of individuals interested in honing their IT security skills. Today, InfoSec Institute offers more than 60 boot camps and over 700 courses for certifications offered by vendors such as (ISC)2, CERT, Metasploit, and others. Trainees can complete these courses on their own schedule. Alternatively, they can enroll in a version of the course that uses live two-way communication with their instructor and other students.

6. (ISC)2

Format: Multiple

Cost: Pay-per-course

Website: https://www.isc2.org/

(ISC)2 is a non-profit organization that offers multiple certifications for information security professionals. It’s been in operation for 30 years. Today, (ISC)2 boasts a membership of over 150,000 trained IT security professionals. To help grow its base, the organization offers certification training in systems security, digital forensics, information security, cloud security and other topics. Aspiring professionals can study for these certifications including the acclaimed Certified Information Systems Security Professional (CISSP) certification in the classroom, in Live Online courses, at their own pace in an online format and even with other team members.

7. MIS Training Institute

Format: Multiple

Cost: Paid-per-course

Website: https://misti.com/

MIS Training Institute (MISTI) has helped train more than 200,000 students across five continents since its founding in 1978. It now offers certificate programs in internal audit, fraud and data analytics, risk and compliance, IT audit and information security. Students can complete these programs through a series of live webinars and/or online self-study courses. With the aim of reaching as wide an audience as possible, MISTI hosts events for CISOs and other executives.

8. Offensive Security

Format: Multiple

Cost: Paid-per-course

Website: https://www.offensive-security.com/

Offensive Security believes that the best way for organizations to protect themselves is to undergo real-world intrusion simulations. As such, it has designed a training program whose learning materials challenge students to think creatively as they explore the tools and tactics of offensive security. Students can learn these exercises to achieve certification as a web expert (OSWE), certified professional (OSCP), certified expert (OSCE), wireless professional (OSWP) or exploitation expert (OSEE). They can do so either live or in person, but if additional people at a given company are interested, Offense Security can lead in-house training to build an entire team’s or department’s collective skills.

9. The SANS Institute

Format: Multiple

Cost: Paid-per-course

Website: https://www.sans.org/

SANS has educated 165,000 information security professionals since its inception in 1989. Today, aspiring security personnel can receive training in the classroom from a SANS-certified instructor, a self-paced program that is conducted online or a mentored setting. As part of its in-person training, SANS offers more than 400 multi-day courses in over 90 cities worldwide. It also maintains a partnership with GIAC and the National Security Workforce through which it offers dozens of digital security courses to professionals as part of the National Initiative for Cybersecurity Education (NICE) Framework.

10. SecureNinja

Format: Multiple

Cost: Paid-per-course

Website: https://secureninja.com/

Founded in 2003, SecureNinja provides professional training, certifications and services on topics relating to information technology and digital security. The organization has worked with Lockheed Martin, Northrop, Bitdefender as well as several U.S. government agencies. It’s also a partner of Microsoft and EC-Council. Many of SecureNinja’s training programs, which cover topics including ethical hacking, hacking forensics and the CompTIA Security+ program, involve hands-on training via lab work. However, the organization does run a testing center in Washington DC.

11. Security University

Format: Multiple

Cost: Paid-per-course

Website: https://www.securityuniversity.net/reg.php

Security University has been serving information security professionals since 1999. Today, it offers numerous qualified professional programs including Q/ISP (Qualified Information Security Cert Program of Mastery), Q/IAP (Qualified Information Assurance Cert Program of Mastery), Q/SSE (Qualified SW Security Expert Certificate), Q/WP (Qualified Wireless Cert Program of Mastery) and Q/CDA (Qualified Cyber Defense Analyst Certificate). These programs help professionals obtain standard certifications in the industry. Some of these programs’ courses are available online; students can complete the other courses in classroom locations with Security University.

Do we get all the right IT Security Training Providers?

We hope the IT security training providers listed above will help information security professionals everywhere reach their goals.

Did we miss a provider? If so, let us know on Twitter – @TripwireInc.