As I've been working towards making my career be more security-centric again, I have been overwhelmed by just how much the infosec space has changed since I was last an active participant in it. What once were top of the line certifications are now the industry standard for getting your foot in the door. Along with the costs associated with obtaining certifications, there is also the cost of preparing for them. The barrier to (re)-entry continues to climb.
Since late last year, I have been going through numerous trainings in preparation for earning some new certs, getting my hands dirty, and hopefully landing a job in the coming months. But given that I am currently employed, I couldn't justify the costs of some of these live trainings or even higher end certification trainings (like what OffSec offers) because my time has been pretty limited post-launch of Palia, and even more-so post the layoffs and my team going from a healthy number of engineers down to 2, myself included. So I'd been seeking out trainings that were more affordable, both in regards to up front costs, but also trainings that I could take in my own time, around my own schedule.
That led me to joining TCM Academy back in November. I'd casually taken some of the trainings before, but not within their newer learning platform. It has been great so far. While many of the courses I've taken have been covering material I'm already mostly familiar with, it has been a really great refresher. I am also looking forward to digging into some of their other courses that will be entirely new areas of expertise for me. The pricing for their annual membership runs $300 USD/year, but they seem to regularly hold discounts (I managed to snag a year's sub for 50% off during Black Friday/Cyber Monday last year and am grateful I was able to).
A thing I really appreciate with TCM Sec outside of their affordable and accessible trainings is their certifications. The prices for their certs come with the trainings (if you don't want to sub to their full platform), as well as exam retakes. These exams are no joke from what I've heard, being incredibly hands-on oriented, including often presenting a final debrief at the end of the assessments you conduct. They're also adding new trainings and certifications on a fairly regular basis. Their latest one, Practical Junior IoT Tester (PJIT) is one that has definitely garnered my interest and I look forward to signing up for that once I have a bit more knowledge and experience under my belt.
Outside of TCM Academy, I have also been going through the courses offered by Semgrep on their newly opened Semgrep Academy, which focus mostly on application security and are taught by the wonderful Tanya Janca (at least the ones that I have taken so far). I truly wish that the "Application Security Foundations" courses were available a year or two ago, as I feel they would have really helped me as I tried to organize and start up an application security program at my place of work. Tanya's style of teaching is both entertaining and incredibly informative. Best of all, the trainings are offered free of charge! Another thing that I really appreciate with these trainings is that there is an emphasis on doing some "homework". The reason I bring this up is because a lot of the material, it can be seen as almost theoretical, but when you put pen to paper and sit down and think about what your goals are for an application security program, how you would measure success of the program, what steps you could take to improve things incrementally, etc. it all becomes the more real. These exercises are practical, not just in the context of the course work, but also when building a real world appsec program. I am eagerly looking forward to going more in depth as I read Alice and Bob Learn Application Security in the coming weeks.
That's all for now. I just wanted to write out my thoughts and appreciation for folks who work hard to lower the barrier to entry for the infosec industry and I have the utmost respect for what they do. I look forward to giving back when and where I can.