Let’s face it, your organization does not handle severe cyber-attacks on a daily basis. SOC operators and incident response teams can spend months responding to simple cyber incidents, without facing even a single severe attack. To keep your teams updated and alert, the most productive activity you can undertake is to invest in more cyber security training.

The best way to train your team is in a dedicated cyber security training and simulation center. Although it should be a part of your SOC training regimen, your access to such training may be limited. Cyber security training centers require a budget and taking your team offsite. In the interim, provide them with training opportunities they can perform right from their desk in the SOC.

Cyberbit’s incident response training team gathered the top 5 free online cyber security training courses and tools, so you can scale up your SOC training activity without taking your team to an offsite simulator.

5 Free Cyber Security Training Online Courses and Tools

Cybrary.it

Cybrary launched on January 13, 2015, with the goal to provide the opportunity to learn Cyber Security, to anyone, anywhere, online. Cybrary is a growing community that provides open source collaboration to improve cyber security training and educational opportunities, for free.

Cybrary provides a large variety of online courses, divided by skill type and career level. Cybrary also offers micro certification courses, which allow analysts to learn and improve specific skills such as vulnerability management, dynamic malware analysis and much more. These are backed up by practice labs, tests and assessments, giving your team online hands-on training without leaving the office. Most of Cybrary is free and accessible for all to use, yet there are business solutions available for a fair annual fee for team training and business purposes.

Open Security Training

Though the design is simple, OpenSecurityTraining.info is one of the most comprehensive, professional and robust online cyber training directories out there, dedicated to sharing training material for computer security classes on any topic. On the website, you can find over 63 days of open source class materials, 29 different classes taught by 24 different instructors. The classes are divided into three levels – beginners, intermediate and advanced, each featuring lessons for the desired skill level.

Courses and classes on OpenSecurityTraining.info touch many cyber security subjects starting from network forensics and hunting, secure coding and up to exploit research and malware reverse engineering. Unlike other tools, OpenSecurityTraining.info allows you to focus your incident response team on improving specific skills relevant to their day to day activity.

All materials on OpenSecurityTraining.info is licensed under an open license, allowing anyone to use the material however they see fit, as long as they share modified works back to the community.

ICS-CERT Virtual Learning Portal

Every enterprise out there has industrial control systems – either at the heart of their business, like energy or automotive companies, or just as supporting infrastructures that command building access control and data center air-conditioning systems. It doesn’t matter which type of organization you are, your team needs to be familiar with these systems, and know how to respond to industrial incidents.

The ICS-CERT works to reduce risks within and across all critical infrastructures. The Virtual Learning Portal (VLP) is a one of a kind e-learning system that sheds light on one of the most difficult, and neglected topics of cyber security and provides online training for those involved in the security of Industrial Control Systems (ICS).

There are 11 online sessions, each about two hours long, exploring the bits and pieces of industrial cyber security – from current trends and threats up to secure deployment and architecture of ICS, securing the convergence between IT and OT and revealing different attack methods and vulnerabilities in these environments. These courses were built by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (DHS ICS-CERT) and are free for all to use.

Open Cyber Challenge Platform

The Open Cyber Challenge Platform (OCCP) is a free, configurable, open-source virtualization platform for cyber security educators and challenge event coordinators. Unlike other resources we have shared in this blog, using OCCP requires a bit of IT expertise to install and prepare the virtualization environment and scenarios. Nonetheless, OCCP offers thorough and elaborative documentation which provides all necessary information regarding the environment and its installation.

Once the OCCP is up and running, it allows you to run immersive training scenarios mimicking real life attacks. You can train your incident response team both in blue teams and red teams scenarios that teach, demonstrate, and evaluate cyber security skills including; network defense, penetration testing, incident response, malware analysis, digital forensics, and secure programming. The OCCP platform is open and customizable, allowing your team to upload and create new scenarios from scratch, or modify existing ones, which in turn can be uploaded to the OCCP database, for others to use.

The OCCP is developed by the University of Rhode Island, which has the current grant from the National Science Foundation to oversee and progress the development of the OCCP, enrich its capabilities and add more scenarios.

Software Engineering Institute CERT Division Training

The CERT Division of the software engineering institute is a trusted provider of operationally relevant cybersecurity solutions for the United States cybersecurity challenges. Working together with the department of homeland security, the SEI CERT division publishes free exercises, courses, and systems that were designed, implemented, and delivered to DHS and its customers as part of the SEI’s mission to transition SEI capabilities to the public and private sectors and improve the practice of cybersecurity.

In their course database, the SEI CERT provides three different training categories: Incident handling (7 courses), Network and software security (13 courses) and Risk assessment and Insider threat (17 courses). Each course includes video trainings and online exercises, allowing your team to enjoy both frontal training sessions as well as hands on training activities. SEI CERT also provides certificates with their courses, giving a formal stamp to the skills acquired by your team members.

Next Steps Towards Ongoing Cyber Security Online Training

Now is the time to begin building and planning your cybersecurity training framework. Start today by mapping your security challenges and the skills needed to meet them. Then, map the gaps between your incident response team’s current skills and those needed to successfully meet the challenges.

Spend a month collecting relevant courses, exercises, and hands-on trainings, and schedule them in your team calendar. Make sure each team member participates in a training session at least once a month in one of his/her core skills (network security, malware research, etc.) and the team has a team exercise once every two-months examining their coordinated incident response capabilities.

Make sure to set both individual goals and team targets to measure the improvement from one training session to the next. By next year you should start creating your own training courses and scenarios that focus on different parts of your employee development process – onboarding, certification and skill maintenance. This process will allow you to build a flexible, updated training program for your incident response team, fit to face the cybersecurity challenges of your organization.

Download The Ultimate Cyber Training Framework

Yaniv Bar-Dayan is Cybersecurity Evangelist at Cyberbit.