Somewhere in 2020.
In the last years, free knowledge has become more and more present online.
We have websites that collect courses [0], Academies are publishing internal lectures [1] [2], independent researcher publish courses on github [3] or through blog series[4] or via youtube [5]. Not speaking about bug bounty hunters that blog or live stream on twitch.

That’s a very good thing, because knowledge should be free to everybody have the will to learn (and hopely give back).

The downside is that it’s very easy to lose focus, jump from an argument to another, and quite difficult (ok, this one is not so true anymore) to find a “serie” that fully covers a topic. But also tutorials often don’t have the proper balance between theory and practice, and the student is forced to jump from one to another.

Don’t take me wrong: a determined person will surely learn from free resources everything he would using paid ones, and actually I think all the “expert” people I know just started with a commercial one - if they took any - to continue studying on books or free-knowledge.

But that’s were Corp found their room: well organized, complete, balanced training course. With the certification plus (certificate of course completion, or after passing an exam, whatever).
We all agree that a certificate doesn’t make a skiddy a man, but it’s still a cheap way to prove skills (well, just if exams are vetted AND you didn’t cheated. lies have short legs) and sometimes to cope with policies/regulations.

My take is that any course should be just the beginning of a trip: free, paid, with or without an exam.
A course alone, for example, cannot fully cover every single details of a topic and also be bleeding edge.
Also a course alone doesn’t teach you how to deal with a topic in real life, at least no course I’ve taken. The best ones make you develop a method, that you WILL apply in real situation, and make you cry meanwhile so you will be though later.

You have to practice yourself during the course and later. Once a friend said: This is the best course I’ve taken even if there is no exam: the exam is the life.
And that’s exactly what I think: there is no value in collecting stamps if you stop practicing after having passed the exam.

About exams, I actually see a lot of value in handling this event itself: anxiety control, face unexpected situation, being asked things you thought you had clear for but you hadn’t, timing, know when it’s time to take rest, possible failure, and so on).

I still go for certs because:

  • I love the exam’s thrill
  • employers re-sells stamps
  • I must admit that sometimes I prefer a well organized PDF as a starting point, or a good “summary” to recap the knowledge, before to start my solo trip

Be ready to jump into the well known rabbit hole after the course, or you just lose money and time.

P.S.: answering a question, this reply made me smile: you’re not here just for the stamps, but also for the knowledge.
Keep it in mind ;)


Just to have some examples:
[0]: Open Security Training
[1]: UC Malware Analysis
[2]: RPISEC Modern Binary Exploitation
[3]: guyinatuxedo nightmare
[4]: Corelan Exploit Writing Tutorials
[5]: OAlabs