7 Free Information Security Training Resources For IT Professional

The amount of free information security training is growing daily, but whittling your choices to the good stuff isn’t always easy. Take a look at our list of the best no-cost Information Security training courses, study guides, practice exams and simulators.

There are all kinds of free training resources available for information security professionals. They typically come in two flavors — those designed to help prepare you for a security certification or to fill in security knowledge gaps. While some courses require you to sign up, others start with just one click, so you can browse and decide pretty quickly if they’re right for you.


1. Cybrary

Cybrary is a free and open source, online information technology (IT), computer training and cyber security training environment for the world. We are dedicated to keeping the world’s IT professionals prepared for this ever changing industry and its technologies. You can learn almost anything IT and security related for free, and you can help others to do the same.

Longtime IT and cybersecurity trainers, Ralph P. Sita, Jr. and Ryan J. Corey, launched Cybrary in January 2015. The Cybrary course catalog is impressive — it contains over 20 courses spread across systems administration, network administration and cybersecurity. The bulk of the courses are geared toward some IT certification, such as the Certified Ethical Hacker (CEH), (ISC)2 CISSP and Microsoft Certified Solutions Associate (MCSA); while other courses focus on skills, like using the Metasploit Framework, Python for security professionals and malware analysis and reverse engineering.

All courses are delivered online, and they include lectures, interactive lab demonstrations and study guides.

2. Information Assurance Support Environment (IASE)

Information Assurance Support Environment (IASE) offers a bevy of interactive web-based training courses that cover cybersecurity awareness, cybersecurity for senior leaders, professionals and technical professionals, cyber law, NetOps and DoD cyber tools. Each course takes 20 minutes to over one hour to complete.

IASE also offers CyberProtect, a DoD game-like simulator that puts you in charge of security for an IT infrastructure. You choose security tools and deploy them on the simulated network, and then make decisions about mitigating risks, threats and vulnerabilities.

3. InfoSec Institute

The InfoSec Institute offers a multi-module video-based course on CISSP cryptography, typically the most challenging part of the CISSP exam for most candidates, as well as a free, downloadableCISSP study guide. As of this writing, the guide covers ten CISSP domains, however, (ISC)2announced the switch to only eight domains for the CISSP in April 2015, although much of the information within the domains did not change.

InfoSec Institute site visitors can also take progressive, custom and simulated CISSP practice exams through Skillset.

4. National Institutes of Health (NIH)

The National Institutes of Health offers mini training courses on information security, privacy and security awareness. All courses take less than one hour to complete. Here’s the complete course list as of this writing:

  • 2015 NIH Information Security and Privacy Awareness Refresher
  • Entire NIH Information Security Awareness Course
  • Entire NIH Privacy Awareness Course
  • Securing Remote Computers
  • FDCC Systems Administrator Training
  • HHS Information Security for Executives
  • HHS Information Security for Managers
  • HHS Information Security for IT Administrators

5. Offensive Security Metasploit Unleashed

If you’re interested in learning how to use the Metasploit Framework and Metasploit Pro for penetration testing, check out Offensive Security’s Metasploit Unleashed course, put together in part by the authors of Metasploit: The Penetration Tester’s Guide (No Starch Press, 2011). Although the course is free to all, Offensive Security asks that satisfied course takers make a small donation to Hackers for Charity.

6. SANS Cyber Aces Online

The folks at the highly regarded SANS Institute offer information security courses and tutorials through SANS Cyber Aces Online. Geared toward high school and college students, instructors, military vets and pretty much anyone looking for a job in the information security industry, the courses are designed to help people gain essential security knowledge.

To date, three courses are available, each of which consist of several video-based modules (with or without quizzes):

  • Introduction to Operating Systems
  • Networking
  • System Administration

SANS states that the courses “are the same as those offered to information security professionals around the world,” which we assume means via SANS training events.

7. FEMA National Training and Education Division

FEMA’s National Training and Education Division includes a number of free self-study courses on cybersecurity for non-technical workers and IT professionals. The free courses cover digital forensics, cyber law and cyber ethics, information risk management, and more. The only downside is that you have to apply for each training course you want to take and the process might vary slightly by state.

You may also like...