5 essential programming languages for cybersecurity pros 16 common types of cyberattacks and how to prevent them

Top 12 online cybersecurity courses for 2024

Our panel of experts picked the best free and paid online cybersecurity courses for working professionals looking to advance their careers and for newbies breaking into the field.

With so much online courseware on cybersecurity today, it can be a daunting task to narrow the top choices. To create this list of cybersecurity courses online, we talked to leading security professionals about what they recommend to newbies, computer science students, businesspeople and security pros looking to advance their careers.

When it comes to free cybersecurity courses online, keep in mind there’s no free lunch. Many free courses make students pay for a certificate on the back end, and online groups sometimes offer short seven-day or 30-day trials followed by a monthly subscription charge. Federal agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), are great sources of free security information. And those new to the field should check out the National Cyber Security Alliance (NCSA).

For paid courses, we started with some of the favorites among hackers and security researchers and refer readers to MIT cyber training courses, as well as online courses at the University of Maryland Global Campus (UMGC), Western Governors University (WGU) and Cybrary. As a bonus, we also linked to the NSA's Centers of Academic Excellence (CAE) courses. While not exclusively online, people seriously pursuing careers in security need to be aware of these courses and the fact that many programs offer online options in the wake of COVID-19.

Best of the free cybersecurity courses online

1. TryHackMe

TryHackMe features content for people new to cybersecurity and covers a broad range of topics, including training for offensive and defensive security. TryHackMe also has Capture the Flag exercises with walk-through write-ups by contributing users that let members see how to approach and solve problems. Four levels are available:

  1. Complete Beginners. For those with no computing knowledge and who are unsure of where to start.
  2. Early Intermediates. For those who have basic computing knowledge and have used Linux.
  3. Intermediates. For those who know how computers work and have basic security experience.
  4. Advanced. For those who work in cybersecurity and penetration testing.

TryHackMe also has modules on Linux, network security, web hacking and Windows fundamentals, as well as courses on cryptography, shells, privilege escalation and basic computer exploitation.

2. Hack The Box

Hack The Box is geared toward offensive security and offers a live training area for hackers to practice their skills without harming systems in production. The course has retired boxes with write-ups by other members of the Hack The Box community for those who want to be guided through the process. It also has active boxes where the solutions are not published. Hacking into these boxes gives users points toward improving their rank in Hack The Box. Note that the site includes free and paid tiers, which include an inventory of intentionally vulnerable platforms that emphasize and illustrate vulnerabilities, exploits and attack patterns, ranging in difficulty and sophistication.

3. Bugcrowd University

Bugcrowd University is an excellent community resource from one of the leaders in the bug bounty field for those who want to level up their bug bounty skills. The site has a lot of good, approachable content with the stated objective of developing a wider talent pool in the bug bounty field. It ranges from a basic on-ramp into the material to more sophisticated content even some seasoned practitioners might find useful. Bugcrowd University operates as a free and open source project to help improve the skills of the industry's security researchers. It includes content modules to help researchers find the most critical and prevalent bugs that affect customers. Each module has slides, videos and labs for researchers to master the art of bug hunting with the aim of creating a new standard for security testing training.

4. SANS Cyber Aces Online

SANS Cyber Aces Online operates as a philanthropic organization operated by SANS Institute, which donates the training courses. SANS manages one of the highest quality security training organizations in the world, so Cyber Aces can unlock the security basics for professors, teachers, businesspeople and security pros who want to learn more about security for free. The self-paced courses are selected from the SANS professional development curriculum and include a mix of tutorials and videos that students can learn at their convenience. The programs cover the three foundational areas of information security: OSes, networking and system administration.

5. Federal Virtual Training Environment

Federal Virtual Training Environment (FedVTE) offers its cybersecurity courses online at no charge for federal government personnel and veterans. The security industry can use the background of former military personnel. Managed by CISA, FedVTE contains more than 800 hours of training on topics including ethical hacking and surveillance, risk management and malware analysis. Course proficiency ranges from beginner to advanced levels. Several courses align with a variety of IT certifications, such as CompTIA's Network+ and Security+ and Certified Information Systems Security Professional.

Additional free online cybersecurity courses

The National Initiative for Cybersecurity Careers and Studies' Education and Training Catalog lets people search for more than 5,000 cybersecurity-related courses. The National Cyber Security Alliance (NCSA) offers a link to CyberQuest, a free online training program. NCSA also serves as a good general clearinghouse for cybersecurity information and training. In addition, Coursera offers an excellent free course sponsored by IBM called Introduction to Cybersecurity Tools & Cyber Attacks, which provides a history of cybersecurity, teaches attacker motives and types of attacks, and gives an overview of basic cybersecurity tools and systems. Fortinet has also extended its free courses program, and for the foreseeable future will offer more than 30 free courses.

Best of the paid cybersecurity courses online

1. Pentester Academy

Pentester Academy offers excellent courses at an even better price. Students have access to dozens of interactive labs and courses on broad subjects. Many cybersecurity training programs are narrowly focused, but Pentester Academy exposes students to a broad array of technical cybersecurity courses online. Popular courses include topics on Python, x86_64 shellcoding, Linux forensics and buffer overflows.

An annual subscription fee is $299.

2. Cybersecurity for Managers

Cybersecurity for Managers: A Playbook is a well-known MIT offering developed for business leaders, managers and executives in technical and nontechnical positions looking to build an action plan for a more cyber-resilient and cyber-aware organization. Technology and business consultants and those acting as liaisons between technology and business units will also benefit. The program has no technical prerequisites. According to the MIT website, the course offers technical leaders frameworks that lay out a strategic view of an organization's quantitative and qualitative cybersecurity risk management; covers the leading approaches to managing cybersecurity, including defense in depth and the NIST Cybersecurity Framework; and offers a practical interpretation of the tradeoffs between security and privacy, as well as a method for understanding an organization's priorities in attaining secure systems.

For business leaders, the course will help executives build a culture of cyber awareness in their organizations; develop the vocabulary of cybersecurity to support informed conversations with the company's CISO, CTO, data scientists and other technology leaders; and deliver an appreciation of how decisions made by technology leaders can affect the company's business strategy.

The online course runs for six weeks, five to six hours per week, and the fee is $2,950.

3. Cybrary Insider Pro

Cybrary Insider Pro is perfect for working professionals who want to advance their careers or newcomers interested in learning more about cybersecurity. Insider Pro makes the most sense for individuals, while companies can also consider Cybrary for Teams. For those who want to prepare for exams and earn certifications, become an industry expert in a specific security topic, get new employees up to speed on cyber awareness, improve employee retention and develop or monitor cybersecurity skills development over time, Cybrary offers the tools and an online cyber community that will help students reach their goals.

Students can receive a seven-day free trial. The course fee for Insider Pro is $59 per month for individuals.

4. Western Governors University

WGU's Master of Science in Cybersecurity and Information Assurance offers a master's degree program for professionals who are ready to take the next step in their security industry careers and need a flexible, self-paced online course. WGU works closely with NIST's National Initiative for Cybersecurity Education with input from cybersecurity experts and leading information technology employers to meet the most recent Department of Homeland Security and NSA guidelines. Students can complete the program in one year or multiple years, and course costs increase accordingly. But students working in the field typically have the knowledge to move through the course quickly.

The course fee is $4,555 per six-month term.

5. University of Maryland Global Campus

UMGC offers excellent courses for beginners and working professionals who want to improve their cybersecurity skills. Given its proximity to the NSA and the national security establishment, students have access to some of the best practitioners and security policymakers in the U.S. University officials recommended two cybersecurity courses online in particular:

  1. Ethical Hacking CMIT 321 helps students prepare for the International Council of Electronic Commerce Consultants (EC-Council) Certified Ethical Hacker (CEH) certification. The three-credit course is based on the official EC-Council curriculum, including an individual and team Capture the Flag competition. Materials for the course include iLabs hands-on hacking labs. Students get a substantial discount if they take the actual EC-Council CEH exam and qualify without a waiver for taking the official course at UMGC.
  1. Threat Management and Vulnerability Assessment CMIT 421 helps prepare students for the CompTIA Cybersecurity Analyst (CySA+) certification as an entry-level analyst. CySA+ is a newer CompTIA certification that has gained traction. The three-credit course features hands-on labs and practice tests from uCertify, enabling students to analyze different vulnerability assessment reports.

The fee for the standard program is $499 per credit ($318 per credit in the fall, winter and spring for Maryland residents, $324 in the summer).

6. Fullstack Academy

The Fullstack Academy Cybersecurity Analytics Bootcamp offers both a full-time schedule -- 32.5 hours per week for 12 weeks -- and a part-time schedule -- 9 hours per week for 26 weeks. Through extensive curriculum, labs and group exercises, this program lets students engage in various in-demand cybersecurity applications. Once students have learned the fundamentals of cybersecurity, course topics include asset and inventory management, network systems, Python programming and more.

The course requires prospective students to fill out an application, and then take a 30-minute logic-based assessment before receiving an entrance decision. Tuition for accepted students is $13,495.

7. NSA Center of Academic Excellence in Cybersecurity

NSA CAE in Cybersecurity (CAE-CO) is certified at 21 colleges by the NSA. The various programs are deeply technical, interdisciplinary, higher education courses firmly grounded in the computer science, computer engineering and electrical engineering disciplines. The programs offer extensive opportunities for hands-on applications via labs and exercises. While security pros consider CAE-CO the most hands-on technical program, the CAE course also offers concentrations in Cyber Defense Education and Cyber Research. The course fees vary depending on the college and region.

The making of the top 10 online courses

Special thanks to our expert panel of security professionals who helped recommend the best of the online cybersecurity programs.

Ryan Corey, CEO and managing director, 7833 Capital Partners; Terence Jackson, chief security advisor, Microsoft; Simone Petrella, president and co-founder, N2K, formerly CyberVista; Lisa Plaggemier, executive director, NCSA; Tarik Saleh, senior security engineer, malware and forensics, Amazon; Tim Wade, office of CTO, technical director, Vectra AI; Jesse Varsalone, associate professor of computer networks and cybersecurity, University of Maryland Global Campus.

Steve Zurier is an independent freelance technology writer covering IT security, networking and cloud computing.

Next Steps

How to develop a cybersecurity strategy: Step-by-step guide

Essential programming languages for cybersecurity pros

Common types of cyber attacks and how to prevent them

Essential open source cybersecurity tools

What is the future of cybersecurity?

Dig Deeper on Careers and certifications

Enterprise Desktop
Cloud Computing