Given the constant changes affecting today's security industry — whether it's the explosion of big data, the global shift to cloud-based business models, or the hundreds of technical innovations that occur each day — keeping your security knowledge up-to-date has never been more important. Whether you're a security professional, a security provider, or a security consumer, there's a massive need for immediately available, ongoing education.
I recently watched James Mickens' presentation at NDC Oslo 2015. In that talk, Mickens lampooned many aspects of computer security and also took a little detour to lash out at MOOCs (Massive Open Online Courses).
The jab achieved its point by getting a chuckle out of the audience, but in my view, it took an unfair shot at a very valuable resource. I admit that MOOCs do not provide a drop-in replacement for traditional education, and I also believe that experience through mentorship yields the best results. Having said that, the problems of need, opportunity, and scale are ever present and have to be addressed.
So while I don't want to rehash arguments from a few years ago or try to bring about a second "year of the MOOC," I do want to highlight some resources that are available to those of you who want to further your security education.
Based on my own experience, I recommend taking a look at the following types of resources as a starting point:
Many organizations provide frameworks, tooling, and resources for MOOCs. Coursera, a Threat Stack customer, provides a whole category of courses and specializations on computer security and networks. I have done a few classes through them and found it a useful way to broaden my exposure. They are not the only MOOC provider, of course, and both edX and Udacity provide a cyber security course.
Although not actual MOOCs, podcasts can be wonderful educational tools as well. Unfortunately, finding shows that combine education, entertainment, and professionalism can be problematic. I am always looking for new shows to check out, but I suggest starting your search with Security Now and Security Weekly. Let me know what you find after that!
A number of online resources can help you earn a security certificate with credentials. This usually requires more commitment and focus than the previously mentioned individual classes. It also typically assumes that you have a little more background knowledge. LearnKey and ITProTV are two providers of this type of material, although many others exist.
Should you be stuck in the Windows world, Microsoft provides "courseware" for securing their stack. I listened to an excellent set of lectures on Thinking about Cybersecurity (from The Great Courses), although it was somewhat Beltway-focused and now a little stale. Even Khan Academy provides some coursework for cryptography.
Listening to a couple of podcasts on the way to work each day may not make you a top-of-the-line pen tester; and taking a few online courses won't make you an advanced cryptographer, but additional exposure to important security topics can only strengthen your ability to stay relevant in this digital age. We also have roles as teachers and coaches. As much as we need to keep ourselves up to date, it's also important to pass on what we learn. Colleagues, prospects, and customers can then expand their knowledge and make better-informed decisions about security. Take a few minutes and check these things out.