In-House Expert Roundup: Top 18 Cyber Upskilling Resources

In today’s dynamic cyber landscape, the importance of continuing cyber education – “upskilling” in tech lingo – cannot be overstated. Cyber upskilling empowers professionals with the knowledge, tools and hands-on know-how to comprehend, thwart, and mitigate increasingly complex cyberattacks. And if there’s one constant in this industry, it’s that the threats are always changing. This means that cyber security professionals are literally on the digital frontlines and thus need to constantly hone skills for preemptively identifying vulnerabilities, establishing robust security protocols, and adeptly responding to breaches. 

While most of our cybersecurity gurus were gathered at the recent Black Hat convention in Las Vegas, we took the opportunity to talk to them about upskilling. We asked them to share their favorite cyber upskilling and training resources, from websites, to people on X/Twitter, to courses and podcasts. 

Here’s what they gave us:

XM Cyber’s Top Cyber Upskilling Resources

Matthew Quinn, Technical Director for Northern Europe 

HackTheBox – I like Hack the Box because it’s straightforward and no-nonsense. It offers tools for individuals and businesses to continuously improve their cybersecurity capabilities — all in one place.

TryHackMe – TryHackMe is great because it has what they call “byte-sized gamified lessons” – that are fun and a bit addictive. You gain points when you answer questions or take on challenges. They also have more structured learning paths to reinforce skills in a real-world environment.

Tobi Trabing, Technical Director, EMEA

On social media, LinkedIn is great for education as well – building a proper network with cybersecurity connections and professionals to follow is key. Also, don’t shy away from vendor training! Many vendors offer free introduction training, sometimes even with a lab or free subscription – why not take it?

Also, if you possibly can, build your own lab to test and try out things around security – be it offensive or defensive. True, a lot of groundwork has to go into this undertaking – you’ll need the right hardware, virtualization software, and all the right tools – but in the end it will become your ultimate playground to keep upskilling and improving your abilities.

Yishai Shor, Senior Sales Engineer

I prefer to learn via podcasts like Darknet Diaries and Risky Biz. (Ed Note: We have already covered a trove of amazing cyber podcasts in a previous blog, check it out.)

Additionally, websites like Krebs on Security and ZDnet offer some good articles to stay on track.

Shay Siksik, Vice President of Customer Experience 

Cybrary – Cybrary offers affordable, curated cybersecurity training online. This helps cyber professionals build out their career paths, obtain a threat-focused education, and gain certifications for all skill levels.

Hacker101 – Hacker101 offers free web security classes. Whether you’re a programmer exploring bug bounties or an experienced security pro, it provides valuable lessons for all.

Rinat Villeval, Manager of Technical Enablement

PortSwigger Web Security Academy – The Web Security Academy has comprehensive and free online training in web security. Curated by a world-class team and led by the author of The Web Application Hacker’s Handbook, this platform can create a robust foundation for a career in cybersecurity, with training that includes interactive labs that provide hands-on experience and the ability to track progress. 

Craig Boyle, MSSP Solutions Architect 

HackTricks Cloud – HackTricks has a great methodology that outlines techniques for pentesting both CI/CD infrastructure and cloud environments.

Dan Anconina, CISO & Head of Cybersecurity 

A Cloud Guru – Recently merged with PluralSight, A Cloud Guru is an online training platform for people interested in IT that prepares students to take certification exams for the major cloud providers (Microsoft Azure, Google Cloud Platform, and Amazon Web Services).

Zur Ulianitzky, VP Research

I prefer to follow experts on X/Twitter. Some of my favorites are:

• Bishop Fox – A leading provider of offensive #security solutions & contributor to the #infosec community. #pentesting #appsec 
• Dirk Jan – Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
• John Lambert – Corporate Vice President, Distinguished Engineer, Microsoft Security Research
• Karl Fosaaen – Co-author of “Penetration Testing Azure for Ethical Hackers” (https://t.co/RfqoBoO7kR).

The Bottom Line

As cyber pros, we’re expected to keep our finger on the pulse of a rapidly evolving cybersecurity landscape. Ongoing education – upskilling – is the key to this. To maintain an effective frontline defense against digital adversaries, you’ve got to continually refine your abilities in identifying vulnerabilities, establishing robust security protocols, and responding adeptly to breaches. 

This list obviously represents just a small portion of all the good stuff out there but use it as a jumping point along with other forms of learning. Taking a multifaceted approach to upskilling will help you stay ahead and augment your contribution to both your organization and the broader digital defense universe.