Hands-on Learning Resources for Cybersecurity

A thousand articles and videos, but where are the labs and practical exercises? That's why I started digging around and put this article together.

If you search for cybersecurity resources you will find lists of sites that teach about hacking, offensive security and pen-testing. For example, Aman Hardikar has an amazing  Hacking Practice Lab list and is particularly useful if you are looking for pen-testing, capture the flag or hacking resources.

That subsection of cybersecurity gets all the glory of course, however you may be looking for more, maybe on the defensive side, or broader. That is why I decided to search out and collect a list of free information security and cybersecurity learning resources.

If you want to see the big list you can simply jump to the bottom of the article. Otherwise I'll point out resources useful for a few specific situations you may be in.

You are already in school for infosec or cyber and looking for hands-on practice

ImmersiveLabs is free if you have a college or university E-mail address. They have an extensive amount of hands-on labs ranging from fundamentals to advanced topics, from network security to secure coding and even management. Their model is a combination of reading and practical labs. Honestly, it is polished and straightforward.

There is a lite version if you don't have a university E-mail, but otherwise you would have to pay for their premium version.

You have general IT experience, but are completely new to security

Interested in Network Security? NDG Labs for Palo Alto Networks. The PAN8 Cybersecurity Essentials and PAN8 Cybersecurity Gateway labs are free at the moment. They constitute about 30 hours of lab training. These labs are specific to Palo Alto Networks next-generation firewalls, but the concepts learned apply to pretty much all products in that category. I'd consider it a good introduction to fundamental network security concepts around firewalls and security gateways. Network security skills are crucial in almost every environment.

Interested in Secure Coding or Software Security? Coursera's free Secure Coding Practices specialization has four courses and culminates in a hands-on project. They do recommend 1 to 2 years programming experience and theory as a prerequisite for the course. That may not be an issue depending on where you are in your education. Cousera has a ton of free programming courses if you need to fill some prerequisites.

You are one of: federal, state, local, tribal and territorial government employees, federal contractors, and veterans.

FedVTE is a completely free training environment for the above populations. I haven't accessed this one directly, but I believe it is a mix of e-learning, text and video and does include some labs. I don't know anyone personally who has used this resource, however reviews on the web look good. There appears to be some learning resources for Department of Defense related tooling in there which is great if you are looking for government or defense contracting jobs.

Everyone

Everyone should check out the list below. I've included as many free practical labs and practice environments as I can find. They should be labeled Practical or Both. If you have an additional resource and want me to list it here, you can submit them via this typeform link.