Premium courses and e-learning should be FREE

That Random Guy

I've always thought of it as a very stupid thing to purposefully block people from information that will enable them to be a better resource, person, professional, etc.

This is true for things like closed-off library/journal databases, course-ware sites like Udemy and LinkedinLearning, etc.

(ISC)2 keeps listing numbers in their magazines about how companies keep falling prey to cyber attacks and about how so much of the workforce is lacking in infosec knowledge and or stature (there's probably a conflict of interest there but let's not visit that).

TL;DR:

I shouldn't have to pay (ISC)2 to learn about CCSP concepts, I shouldn't have to pay Cisco or Juniper to learn IOS or JunOS, I shouldn't have to pay courseware "instructors" for learning things like Linux, programming, etc. These things and "products" should be readily available to the public where even top quality platforms and solutions should be FREE.

EDIT:

This is not to argue that there aren't free solutions everywhere. Anyone with an internet connection and access to the majority of the web can see practically anything. The problem with this is that speed-reading through random information alone does nothing for anyone. That's why FB has seen such a fiasco that it has. There needs to be format that can be used, much like e-learning and e-courses. This is also not to suggest that free options available now are lackluster, but rather that the ones that are PREMIUM and therefore NOT FREE should be in fact FREE if they have been created with the intent to actually pass on knowledge to people. Nobody should have to pay to have knowledge transferred. Nobody asked people to create top-notch course-ware on Udemy. They did so on their own volition. Why then charge people for this work? You could benefit so many people by just making it readily available from the internet WITHOUT a paywall. Yet, all these organizations and countries wonder why on earth they can't obtain people with valid credentials, knowledge, experience, etc. Maybe if companies like CompTIA and ISC2 stopped putting a paywall on their magazines, club-only resources, and CBKs, maybe people wouldn't be so out of the loop.

chrisone

I always liked this quote. 

"I don't work for free, just like food isn't put on my table for free, and how a roof is not guaranteed to me." - anyone 

People need to earn a living, it comes in many forms and that includes selling information on how to secure information systems. It seems like you don't really have a problem with people earning a living but you do have a problem with people earning a living off of securing information systems. 

E Double U

That Random Guy said:

I've always thought of it as a very stupid thing to purposefully block people from information that will enable them to be a better resource, person, professional, etc....

TL;DR:

I shouldn't have to pay (ISC)2 to learn about CCSP concepts, I shouldn't have to pay Cisco or Juniper to learn IOS or JunOS, I shouldn't have to pay courseware "instructors" for learning things like Linux, programming, etc. These things and "products" should be readily available to the public where even top quality platforms and solutions should be FREE.

I am not a fan of the word "should". I prefer saying they "could" make this available for free or it would be nice if this information did not have a cost. But I don't expect or demand that it be free of charge so I refrain from using the word should. 

No one is purposely blocking you or anyone else from learning the material. They are purposely trying to profit from what they have to offer. If you don't want to pay (ISC)2, Cisco, or Juniper then don't. 

roninkai

You could also do your taxes yourself, or pay a tax professional for knowledge, skills, expertise, and advice. Is your tax professional obligated to give you free advice/information? Absolutely not. Same concept. We all have to make a living some how. It's no different in information security. Nothing is blocked either. You could learn just about everything you ever wanted to know about infosec from freely available resources. But if you want credentials to accompany that knowledge, well that's where the cert authorities come in, for a fee. I think someone may be feelin' the "Bern" a bit too much. As they say though, there's no such thing as a free lunch. In the end, there is always a cost associated with we perceive to be "free".

Hawk321

That Random Guy said:

I've always thought of it as a very stupid thing to purposefully block people from information that will enable them to be a better resource, person, professional, etc.

This is true for things like closed-off library/journal databases, course-ware sites like Udemy and LinkedinLearning, etc.

(ISC)2 keeps listing numbers in their magazines about how companies keep falling prey to cyber attacks and about how so much of the workforce is lacking in infosec knowledge and or stature (there's probably a conflict of interest there but let's not visit that).

Well the lack of expertise has nothing to do if an employee has a valid CISSP or not...I spent some weeks for applying to a new job here in germany and denied MANY offers just because even the basic stuff are not maintained by the people. It has nothing to do with certification or a degree....
it is the mindset.
I give you some examples:
A small Op team were complaining that they have so much work and need a new Op in their team (100% Linux)...in the interview I asked some questions like:
- Do you maintain a documentation system like confluence and do you maintain a detailed logical network plan ?
ANSWER: We have shared folder with text files
MyNoteInMyHead: FAIL

- Do you use git for your scripts ?

ANSWER: Git ? Heard of it...

MyNoteInMyHead: FAIL

- Do you code in clean code manner ?

ANSWER: We don't code

- What Linux distribution is used ?

ANSWER: PLESK, we are not into the CLI thing

MyNoteInMyHead: FAIL

- How many Server are you managing ? 

ANSWER: 80...and we can't keep up

MyNoteInMyHead: FAIL

And this was not the only interview that went into that direction...people get lazy and even if a company hires an real expert...the environment becomes toxic so long the "expert" is not in a leading position. --> Chicken Egg Problem
So long those people don't change their mindset, nothing will change. In Germany we had some scandalous news the last weeks...along a well known car rental company had its customer DB public...without further protection --> MEGA FAIL
This means, a certification (even for free) would not prevent this...rather a huge butt kick COULD !

I shouldn't have to pay (ISC)2 to learn about CCSP concepts, I shouldn't have to pay Cisco or Juniper to learn IOS or JunOS, I shouldn't have to pay courseware "instructors" for learning things like Linux, programming, etc. These things and "products" should be readily available to the public where even top quality platforms and solutions should be FREE.

Most stuff is free, no one forces you to visit a live course. Books, Videos etc. must cost money --> production. And the exams ...well I've no problem with that. Critical is the hardware you mostly need to build labs.
INE, Udemy etc. are worth the money most times.

But I agree, that general education should be free like colleges  including options to pursue a degree and its classes 24/7 and not only between 8-5

PC509

You don't need to pay for a lot of information. Get a copy of the exam topics and outline. There is TONS of free documentation out there. It's just not tailored to the exams. From individuals blogs, writeups, forums, study guides, etc. to official vendor documentation (some is behind a registering site, some is behind a paywall site which is an exception). 

The information is out there for free. If someone else compiles it and prepares it to teach it to you, they want to be compensated for that time and effort. 

thomas_

I usually can find the documentation online for free.  My only gripe is that Cusco is removing the documentation for all of their EoL/EoS equipment from their website, but is somehow maintaining their web rankings.  I really wish google still had the feature where you could remove unhelpful content.  If Cisco doesn’t want to supply the docs, then they whouldn’t get the web traffic.

Danielm7

That Random Guy said:

There needs to be format that can be used, much like e-learning and e-courses. This is also not to suggest that free options available now are lackluster, but rather that the ones that are PREMIUM and therefore NOT FREE should be in fact FREE if they have been created with the intent to actually pass on knowledge to people. Nobody should have to pay to have knowledge transferred. Nobody asked people to create top-notch course-ware on Udemy. They did so on their own volition. Why then charge people for this work? You could benefit so many people by just making it readily available from the internet WITHOUT a paywall. Yet, all these organizations and countries wonder why on earth they can't obtain people with valid credentials, knowledge, experience, etc. Maybe if companies like CompTIA and ISC2 stopped putting a paywall on their magazines, club-only resources, and CBKs, maybe people wouldn't be so out of the loop.

I read this thinking.. oh they added an edit, I guess they realized that the concept makes no sense. Oh wait, that's not the case. 

Let us know when you spend thousands of hours writing books or doing courses and then are asked to not be paid for doing that work. The concept that they did a course without being asked, so they shouldn't be paid, is silly. In that case we'd never get any future development on almost anything, because few people would be creating anything new, because no one would already be demanding it. 

Also, the idea that if all learning material was free that suddenly people would just read it all and all security issues would go out the window is so far from reality. For example, I manage a security team, I provide a lot of information to my team, most of them don't look at most of it. I've gotten demos of expensive learning platforms and said, "hey guys we need to check this out, please demo some courses, virtual labs, etc, and let me know what you think" Weeks later, I had looked at far more than anyone else and they all just didn't get around it, not because they were too busy, but because there is so much free information out there it's like overload that when given yet a new premium source it wasn't even all that exciting. I've come home from a few SANS courses like.. wow that was amazing! Anyone want to hear about.. oh, nothing? OK then, carry on. 

One of the platforms forgot to even turn off the demo, I went back months later and logged in, surprised, still no one had bothered using it. And these are actual security engineers, not random people on the web who would suddenly get access to a higher quality video course. 

SteveLavoie

Danielm7 said:

Also, the idea that if all learning material was free that suddenly people would just read it all and all security issues would go out the window is so far from reality. For example, I manage a security team, I provide a lot of information to my team, most of them don't look at most of it. I've gotten demos of expensive learning platforms and said, "hey guys we need to check this out, please demo some courses, virtual labs, etc, and let me know what you think" Weeks later, I had looked at far more than anyone else and they all just didn't get around it, not because they were too busy, but because there is so much free information out there it's like overload that when given yet a new premium source it wasn't even all that exciting. I've come home from a few SANS courses like.. wow that was amazing! Anyone want to hear about.. oh, nothing? OK then, carry on. 

Same experience here, I provided accounts to my team for many learning platform and either there is no interest, or they want the login and never log on. I also offered almost unlimited books, video, Udemy course (with approbation).  I came to realize that most people dont study on their own, they are learning organically by being exposed to stuff and Google search. Only "special" people have the drive to take a book, video, or whatever to really learn something by themself, and fewer will be able/want to do the certification associated with that subject.    

LonerVamp

This sounds like a gross generalization based on some specific triggering event.

Anyway, first of all, don't pay for these things. Go on your own to learn things.

Second, people who go through the effort to supply information and give you good learning, advice, knowledge are also trying to earn a living.

Third, all that free stuff online? Can you trust it? Is it good advice? Over the past 3-4 years, at least here in the US, we've reached this tipping point of people online where these last dredges of society have found the Internet; the people who don't know how to determine proper factual sources and will happily turn around and repeat bad advice. Paying for something doesn't ensure it is better, but it does often suggest such. Those with bad advice? They won't get far once a few catch on and out them.

Fourth, your argument is very flawed. Basically you're saying if someone created something for everyone else, then it should be free? Does this apply to novels, works of art, music as well?

Hawk321

SteveLavoie said:

Danielm7 said:

Also, the idea that if all learning material was free that suddenly people would just read it all and all security issues would go out the window is so far from reality. For example, I manage a security team, I provide a lot of information to my team, most of them don't look at most of it. I've gotten demos of expensive learning platforms and said, "hey guys we need to check this out, please demo some courses, virtual labs, etc, and let me know what you think" Weeks later, I had looked at far more than anyone else and they all just didn't get around it, not because they were too busy, but because there is so much free information out there it's like overload that when given yet a new premium source it wasn't even all that exciting. I've come home from a few SANS courses like.. wow that was amazing! Anyone want to hear about.. oh, nothing? OK then, carry on. 

Same experience here, I provided accounts to my team for many learning platform and either there is no interest, or they want the login and never log on. I also offered almost unlimited books, video, Udemy course (with approbation).  I came to realize that most people dont study on their own, they are learning organically by being exposed to stuff and Google search. Only "special" people have the drive to take a book, video, or whatever to really learn something by themself, and fewer will be able/want to do the certification associated with that subject.    

I'm the "special" one...am I now the good one ?

JDMurray

@SteveLavoie People want to learn different things at different times in their lives and careers. You can only lead a horse to water; you can't make it drink--unless mandated as part of the job.

LordQarlyn

Training materials, books, learning courses cost resources and man hours to produce. Things have to be paid for. As you said, there are plenty free materials out there. But free doesn't mean it's a good value.

SteveLavoie

JDMurray said:

@SteveLavoie People want to learn different things at different times in their lives and careers. You can only lead a horse to water; you can't make it drink--unless mandated as part of the job.

Exactly, that's something I am learning as a new team manager.  I am realizing that not everyone is like me, in my case, you just have to tell me that there is some water over there.. and I am running toward . I thought that offering water was enough to have people come to drink (because I would have jumped on every opportunity). 

E Double U

SteveLavoie said:

JDMurray said:

@SteveLavoie People want to learn different things at different times in their lives and careers. You can only lead a horse to water; you can't make it drink--unless mandated as part of the job.

Exactly, that's something I am learning as a new team manager.  I am realizing that not everyone is like me, in my case, you just have to tell me that there is some water over there.. and I am running toward . I thought that offering water was enough to have people come to drink (because I would have jumped on every opportunity). 

I am the same way. I have taken advantage of every dime my employer puts up for trainings and certifications without a second thought while some of my colleagues have to be convinced that it is beneficial for them. Still hard to wrap my head around. 

UnixGuy

Nothing in this life is free.

E Double U

UnixGuy said:

Nothing in this life is free.

But the poster’s argument is that it should be (well, at least training). Do you think you should have to pay to learn? 

thomas_

E Double U said:

UnixGuy said:

Nothing in this life is free.

But the poster’s argument is that it should be (well, at least training). Do you think you should have to pay to learn? 

Even if you have all the training for free it still "costs" you time to go through said training.  In that sense you are paying to learn.  The time you spend learning something is time that you can't spend doing something else.

UnixGuy

E Double U said:

UnixGuy said:

Nothing in this life is free.

But the poster’s argument is that it should be (well, at least training). Do you think you should have to pay to learn? 

you're paying with your time and efforts. Even if it's 'free', say your employer pays for it - it's a tax write off (and you're paying for it indirectly). Or if governments pay for it, you gonna pay it back in tax. Plenty of 'free' content on Youtube that are paid for by Ads that you watch.

Some has to pay the instructors, they're not charity workers.

But I understand the poster's point, and it reminds me a bit of the philosophy of "free open source software".

Neil86

There ain't no such thing as a free lunch

tedjames

I really get tired of hearing people gripe about how they have to do something themselves. I've known some that let certifications expire because their company/agency won't pay to have them renewed. I look at it this way; you have to invest in yourself if you want to get ahead, be it with money or time. Yes, there are plenty of free resources. Find something that works for you that was created by someone with a good reputation. If you've never heard of The Cyber Mentor, you should check out all of his free offerings on YouTube and other places. He also recently launched an extremely comprehensive penetration testing course on Udemy that sells for cheap. What's $10-$20 in the overall scheme of things? Five years ago, my former agency wouldn't pay $250 for my SSCP exam, so I paid for it myself. A few months later, I got a new job with a bigger paycheck. My small investment paid off. Stop complaining about cost and just do it. Otherwise, you can sit around in the same position doing the same work until they replace you with automation (or a guy fresh out of college who is willing to do the work for less). Don't wait around for something to happen. If the boss won't pay for it, do it yourself and then move on to a better job.

E Double U

tedjames said:

I really get tired of hearing people gripe about how they have to do something themselves. I've known some that let certifications expire because their company/agency won't pay to have them renewed. I look at it this way; you have to invest in yourself if you want to get ahead, be it with money or time. Yes, there are plenty of free resources. Find something that works for you that was created by someone with a good reputation. If you've never heard of The Cyber Mentor, you should check out all of his free offerings on YouTube and other places. He also recently launched an extremely comprehensive penetration testing course on Udemy that sells for cheap. What's $10-$20 in the overall scheme of things? Five years ago, my former agency wouldn't pay $250 for my SSCP exam, so I paid for it myself. A few months later, I got a new job with a bigger paycheck. My small investment paid off. Stop complaining about cost and just do it. Otherwise, you can sit around in the same position doing the same work until they replace you with automation (or a guy fresh out of college who is willing to do the work for less). Don't wait around for something to happen. If the boss won't pay for it, do it yourself and then move on to a better job.

Couldn't have said it better myself. I started my certification journey paying everything out of packet which included training, materials, and exams for CompTIA, Microsoft, and more. Because I didn't have an employer paying for things in the beginning I never expected it later in my career. So when I finally landed with employers that would foot the bill I felt very grateful and have taken full advantage of the opportunity since it wasn't always there. If I want something that my employer won't cover then I'll do it myself (except for SANS training lol). No one owes me anything so no sense of entitlement on my end. 

cyberguypr

I've typed 3 responses and ended up deleting them because I just couldn't make sense of this logic. Like LonerVamp said, something must've triggered this. We are here if OP wants to sensibly  discuss further.

SteveLavoie

@cyberguypr  don't try, there is no logic in that post. I am feeling some frustration in his post about not getting some training/information and surely something specific is causing this. We all agree that life is not free, good trainer/author cost money and investing in ourself is the best way to improve our career, I think the OP just want to improve himself but he is thinking that only premium training can get him the training he deserves.

   

Iristheangel

There are tons of free documents out there. For example for ISE, I could pull up the free Admin Guide and read all 2,000 pages of it or browse to a topic but reading manuals tend to be a little drier. Same with standards: You can go read RFCs, ISOs, NIST, etc but it's going to be a dry read. Many vendors provide some videos online, the manuals, blogs, etc etc and even technology enthusiasts will create their own blogs and videos if they feel like it (i.e. I have a blog) but if you want quality content that follows a certification path and an individual contributor works their butt off to make that content, I think it's fair that they ask to be paid for their work just like you expect to get a paycheck based on the work you do.  I do enjoy teaching but at some point, I also have bills to pay just like you do. 

Iristheangel

That Random Guy said:

EDIT:

 Nobody asked people to create top-notch course-ware on Udemy. They did so on their own volition. Why then charge people for this work? You could benefit so many people by just making it readily available from the internet WITHOUT a paywall. Yet, all these organizations and countries wonder why on earth they can't obtain people with valid credentials, knowledge, experience, etc. Maybe if companies like CompTIA and ISC2 stopped putting a paywall on their magazines, club-only resources, and CBKs, maybe people wouldn't be so out of the loop.

They did so on their own volition because they thought they would get paid for the work they did. Much like when you do work for your employer on your own volition under the pretense you would be paid for said work. In fact, I'm pretty sure most of that content would not exist on Udemy if it weren't for the fact these people were getting paid for taking the time out of their lives to produce tens or hundreds of hours of content. For the content creators who actually edit their videos, it actually takes probably 5-to-10 minutes of editing for every minute of video that's produced. So if the creator made 40 hours of content, they probably put weeks of work into it with the expectation of getting paid for it.

If you don't feel you should pay for it, go read the manuals and free content out there in protest. If someone works hard to produce paid content, you're not obligated to it for free. 

roninkai

tedjames said:

I really get tired of hearing people gripe about how they have to do something themselves. I've known some that let certifications expire because their company/agency won't pay to have them renewed. I look at it this way; you have to invest in yourself if you want to get ahead, be it with money or time. Yes, there are plenty of free resources. Find something that works for you that was created by someone with a good reputation. If you've never heard of The Cyber Mentor, you should check out all of his free offerings on YouTube and other places. He also recently launched an extremely comprehensive penetration testing course on Udemy that sells for cheap. What's $10-$20 in the overall scheme of things? Five years ago, my former agency wouldn't pay $250 for my SSCP exam, so I paid for it myself. A few months later, I got a new job with a bigger paycheck. My small investment paid off. Stop complaining about cost and just do it. Otherwise, you can sit around in the same position doing the same work until they replace you with automation (or a guy fresh out of college who is willing to do the work for less). Don't wait around for something to happen. If the boss won't pay for it, do it yourself and then move on to a better job.

I've recently discovered the Cyber Mentor and really enjoying the Udemy course. Good content that won't break the bank. I've been thinking for a long time to create something similar. Not in the pentest space, but perhaps something not yet plastered all over Udemy. Last I checked, he had over 11,000 paying students, and only recently has this hit th $30/mark. So do the math, teaching this stuff is where some serious money is to be made.

Danielm7

@tedjames is dead on above. You need to take an interest in developing your own career. I've paid for all my past training on my own and it's drastically helped my career. At my old position 4 guys all wanted to do the CISSP together, 3 of them didn't crack the book and thought 600 for an exam was crazy. I did it, and then shortly after added tens of thousands of dollars a year to my income. I'd say it's worth it. 

The only certs I've had work cover have been SANS, and I've done them via work study. Work wouldn't even pay for the certs themselves but I trade off the extra work of the program so I can bundle in the exam cost and, tada, now I'm trading effort for qualifications that I otherwise couldn't get approved. 

changlinn

I agree. "When planning for a year, plant corn. When planning for a decade, plant trees. When planning for life, train and educate people."

While we're working in a capitalist system, people need money to live. So certification vendors need to make money, as do training centers, and book authors.
However, I'd like to see more free base or entry level certs and courses. Then get the eventual employer or the now employed person to pay for higher ones. LPIC did this at one stage for LPIC 101, I think you still need to pay for the cert but it is cheap and they used to give some away in the developing world and to unemployed. But how good would it be for Security+ or CEH to be free. Heck EC-council could make the CEH version minus 1 free, and allow people to at least say they are certified for 12 months. Then they need to pay to be certified longer or something.

My work cover all security certifications for myself and my staff. As it should be. They aren't covering my Uni degree, but I'm getting that on near interest free loan from the Government here in Australia.

SteveLavoie

Well most entry level certification are about or less than 250$. Add a few book and a practice exam, so each entry level certification can be added to your resume for 500$. It is not that much even if you pay from your own pocket.  Also most companies would at least reimburse some part or all of it.   

JDMurray

I've said this before and I'll  say it again: Certification exams are not priced for individuals; they are priced for businesses to purchase.