An online provider of cybersecurity training programs has added new bundles of lower-priced offerings to make it easier for smaller firms, individuals and students to access.
RangeForce calls the new packages Battle Paths. They include access to 30 of the 500 cloud-based training sessions the company offers. Organizations that want IT staff to access all 500 modules would buy a package called Battle Skills.
Battle Paths is “a way for someone trying to get into the [cyber] field to purchase a subset of a full Battle Skills licence,” RangeForce president Gordon Lawson said in an interview.
While fewer modules are included in Battle Paths, the company says they are for eight of the most in-demand cybersecurity positions: SOC Analyst 1, SOC Analyst 2, Threat Hunter, Web Application Security (OWASP), Microsoft Core Security with Secure Coding, and Cloud Security.
Those passing a Battle Path program get a RangeForce Badge showing hiring managers that they have mastered the real-world skills and are qualified for the position, the company says.
All courses include interactive, hands-on training, a virtual teaching assistant, software and network emulation with leading security tools, learner goals and objectives tracking.
RangeForce also offers an attack simulation range called Battle Fortress that enables staff to execute realistic blue and red team exercises.
Each of the eight Battle Paths is priced between US$200 and US$250 per person. The price difference depends on whether the purchaser is an individual or a student. A full Battle Skills licence, including access to all 500 modules, costs US$1,500 per person per year. A combined Battle Skils and Battle Fortress licence would cost US$5,000 per person per year.
Licences can be purchased direct or through channel partners. In Canada, the most recently-signed partners are Herjavec Group and Softchoice.
There’s also a free community edition with access to 20 modules.
Only a handful of Canadian organizations have bought RangeForce training. One of them is Green Shield Canada, which sells supplementary health benefits to organizations and individuals, such as access to an online doctor, online pharmacy, digital exercise coach and virtual physiotherapist.
It has an IT security team of around eight or nine, with a managed security provider giving Level 1 and 2 network monitoring. But the company wanted to increase training so signed up for the Battle Fortress simulator and some training modules, said senior security analyst Nishant Chougule.
“It’s great of us in terms of getting the teams trained on different aspects,” he said in an interview. “It’s very exciting for different teams, whether it be the technology team handling servers or databases because each team we assign is pretty much specialized in terms of how to handle security incidents or eliminate threats. So it gives them real-time experience on how a real attack would look like.”
The cybersecurity training industry has no shortage of players, with CISOs and individuals having a wide range of choices, including free or paid, learn-on-your-own or with some personal assistance. Some are tied to vendor certifications, while others relate to infosec standards.
Tripwire recently listed 11 including:
Cybrary, an open-source provider of free content of courses arranged by skill type (beginner, intermediate and advanced). Organizations can also design training programs. On March 25, Cybrary said it would offer a new training and certification program for those who want to show expertise in the MITRE ATT&CK cybersecurity framework.
The initial catalogue will include three courses:
- ATT&CK Fundamentals – how ATT&CK and a threat-informed mindset can help focus understanding and improving defences actually fare against real-world adversaries
- ATT&CK SOC Assessments – how to leverage ATT&CK to conduct security operations center (SOC) assessments
- ATT&CK Cyber Threat Intelligence – how to apply ATT&CK to improve threat intelligence practices.
EC-Council, short for the International Council of E-Commerce Consultants. Offers paid training in live classes.
Global Information Assurance Certification (GIAC) for industrial control system security professionals.
The Infosec Institute, which offers over 700 courses for certification from a number of vendors. There are courses available with an instructor and other students.
ISC2, for those who want a Certified Information Systems Security Professional (CISSP) certification.
SANS Institute, which offers multi-day courses in over 90 cities around the world and online courses.
SecureNinja, which offers live instructor-led online courses and classroom courses in San Diego and the Washington, D.C. area.
Security University, which offers a combination of online and classroom courses.
Another option is Pluralsight, which offers courses in information and cybersecurity and courses in software development, cloud computing, machine learning, IT operations, and data management.
Those wanting online attack simulators can consider Cloud Range and Cyberbit.