10 easy ways to learn about cybersecurity without being bored to tears - Lacework

10 easy ways to learn about cybersecurity without being bored to tears

Allie Fick, Security Reporter

November 7, 2022

Abstract architectural photo shot from the ground. Features a lot of modern windows and steel.No one likes the tedious, outdated cybersecurity trainingtrainings that companies often require you to complete—you know the ones that won’t let you move onto the next section until you’ve watched an entire video or stayed on the page for a few minutess. While online courses can be useful learning tools, many of them don’t hold our attention, require a lot of our time, or are too complicated. This is why a lot of organizations are using new methods to teach their customers and employees about cybersecurity, and many of them are free. We’ve compiled a list of our favorite learning tools for anyone who wants to learn about security. Whether you prefer reading, watching videos, playing games, or practicing skills as you learn them, there are a lot of interesting resources out there that you probably haven’t heard of. 

  1. Cybersecurity AwarenessAmazon

Amazon’s cybersecurity training uses realistic scenarios that apply to your own life to help you understand the most common cyber risks along with actions you can take to protect yourself. There are three ways to complete the training: you can watch short videos and answer questions, read the text transcript, or go straight to the test if you think you already know all the answers (but you have to score 100% on your first try to pass). You can even download this training and upload it to your organization’s learning management system. 

Learn about: Secure communication, data classification, phishing, physical security, social engineering, data privacy, third-party/application security

Structure: Videos, text transcript, or test

Complete in: 15 minutes

  1. Protect & Connect National Cybersecurity Alliance and Amazon

The National Cybersecurity Alliance partnered with Amazon this year to launch the “Protect & Connect” campaign, with 1–2 minute films starring an “internet bodyguard” who teaches you about the different kinds of scams out there, and to remind you that anyone is susceptible to them, regardless of how internet-savvy you are. These short videos will show you some of the most common cyber risks, how to identify phishing attempts, and protect your digital identity with multi-factor identification.  

Learn about: Phishing, multi-factor authentication

Structure: Videos, Q&A

Complete in: 10 minutes

  1. Cybersecurity Fundamentals IBM

If you prefer reading over watching videos, this course is perfect for you. This concise, well-organized training from IBM SkillsBuild will help you understand the key elements of cybersecurity with relatable examples. You can click, scroll, and read through the modules at your own pace—each one is about 5 to 15 minutes long. In addition to the basics, the course takes you a step further and explains the different types of attacker groups and tactics, the impacts attacks can have, and how you can prevent and detect them. The course also has a few modules that explain how to get started in a career in cybersecurity along with the skills and certifications required for the various job roles. 

Learn about: Cybersecurity basics, laws and ethics, cyber crime, security strategies, cybersecurity careers

Structure: Text, activities, quizzes

Complete in: 6 hours

  1. Pre Security Learning Path – TryHackMe

If you understand the basics and want to put your knowledge into practice, TryHackMe’s training is beginner friendly but focuses more on the technical aspects of cybersecurity. Their unique approach to explaining security is to teach you how to be a hacker. Their “Pre Security” learning path includes several free modules, including “Intro to Offensive Security,” where you can hack a fake website. They break it down step-by-step with videos and instructions, so even if you have no coding or security experience, you’ll be able to easily learn as you go. Behaving like a hacker will give you insight on how they operate, and understanding their tactics and motivations can help you stay one step ahead of them. Other free modules in the learning path will teach you about Linux and Windows fundamentals, network basics, and how the web works. 

Learn about: Hacking, offensive security, cybersecurity careers, Windows, Linux

Structure: Web application, videos, quizzes

Complete in: 6 hours

  1. Security Awareness for Families – Wizer

Security starts at home, which is why Wizer put together these 30-second to 1-minute videos with security tips for you and your families. In an Instagram-story format, they give quick advice for creating strong passwords, provide real-life examples of how people were scammed, and show you what a text-message scam can look like. These are easy to watch and an informative, relatable way to share cybersecurity concepts with your entire family. 

Learn about: Phishing, passwords, personal safety, personal information, scams

Structure: Videos

Complete in: 15 minutes

  1. OWASP Juice Shop

Developers are technically minded, and many prefer to go in-depth on one thing instead of learning a bunch of high-level concepts. The OWASP Top Ten is an awareness document for developers and web application security professionals that explains the most critical security risks. The OWASP Juice Shop is a fake online store with vulnerabilities deliberately planted in the platform, so developers (or anyone interested in the technical aspects of application security) can hack their way into the systems and reverse engineer what the security controls should be. The OWASP Juice Shop is great for people who learn best by doing. Instructions on how to use the resources and complete the challenges to identify and resolve the vulnerabilities can be found in the companion guide

Learn about: Phishing, passwords, personal safety, personal information, scams

Structure: Web application

Complete in: Varies depending on your skill level 

  1. Cybersecurity Ops: Terminal

IBM’s browser-based game simulates a cyber breach and puts you in various security roles at an airport, beginning with IT analyst, then as a manager, and ending as an executive. As you hold the different positions, you have to make decisions to tackle various issues as they arise while trying to prevent cybercriminals from taking over. Your actions are analyzed at the end of the game, when you’re provided with a performance graph that shows you how the choices you made affected different groups.

Learn about: Cybersecurity roles, cyber attacks, security tools, communication, incident response 

Structure: Web application

Complete in: 30 minutes

  1. Security SideQuest! – AWS

“How do I hone my cloud security skills by yesterday?” is the question that Dr. Watty wants to help you answer in Security SideQuest, a new Twitch series from AWS. The series helps people who are looking for somewhere to start on their AWS cloud security journey. The host, Dr. Watty, covers a variety of topics for new cloud users, including security best practices and how the cloud makes it easier and faster to stay secure. Season 1 Episode 10, “I’m Something of a Security Professional,” is a great episode to start with because it’s a “speed-run” that highlights key points from the previous nine episodes. 

Learn about: The shared responsibility model, AWS security-related services 

Structure: Twitch (video recordings)

Complete in: 30 minutes

  1. CISO Series: Defense in Depth

Defense in Depth is a 25-minute weekly advice podcast, with each episode focused on a different cybersecurity topic. Listening to a podcast is a great option if you don’t have time to sit down and read something or watch a video. The hosts (technology journalist David Spark; Geoff Belknap, CISO, LinkedIn; Steve Zalewski, former CISO, Levi Strauss) thoughtfully discuss popular or controversial cybersecurity topics that the security community has been discussing and shown interest in. Some recent episodes include cybersecurity burnout, how to minimize damage from a breach, and how to start cybersecurity departments from scratch. 

You’ll learn about: Security programs, cybersecurity careers, breaches, data protection, cybersecurity culture

Structure: Podcast

You can complete it in: 25 minutes

  1. Musical Security Awareness Videos – SocialProof Security

This list wouldn’t be complete without our favorite resource to learn about security—short, catchy music videos. The “friendly hackers” at SocialProof Security worked with individuals from American Idol, VH1/MTV, and viral Tik Tok songwriters to create this music-training series that covers security topics like phishing and passwords. Although these aren’t free, they’re well worth your investment if you’re looking for a unique and interesting way to understand cybersecurity. 

You’ll learn about: Phishing, ransomware/malware, passwords, social media, social engineering, MFA

Structure: Videos

You can complete it in: 2–3 minutes (per video)

Even if you only have a minute or two to dedicate to sharpening your skills, taking small steps whenever possible helps keep cybersecurity at the forefront of your mind, which in turn will help you make better decisions to protect yourself, your family, and your organization. Don’t waste your time reading something boring when there are plenty of great resources out there. Taking a few minutes to look for a video or article that you find compelling (and will actually remember) is much better than taking a nap during a training session.