The Double-Edged Sword of Free Cybersecurity Training

Amid the rapidly evolving digital landscape, one trend has grabbed considerable attention: the offering of free cybersecurity training as an alternative to traditional college education. The National Initiative for Cybersecurity Education (NICE), SANS Cyber Aces Online, Cybersecurity and Infrastructure Security Agency (CISA), CompTIA, and (ISC)2 provide free training and learning materials for those looking for a range of cybersecurity topics.

In an age where technology permeates nearly every aspect of our lives, the threat of cyberattacks looms large. While all segments of society are susceptible to such attacks, it is essential to acknowledge and address the disproportionate impact these vulnerabilities have on marginalized communities. As we explore the reasons that this is the case, we must consider how socioeconomic disparities, systemic discrimination, and insufficient cybersecurity education, coupled with intersectional identities, create a perfect storm of risks for marginalized communities.

Socioeconomic factors play a significant role in exposing marginalized communities to cyberthreats. Poverty, limited access to digital resources, and lack of digital literacy magnify the impact of the attacks, as these populations are more reliant on technology for health care, education, and employment opportunities. A study conducted by the Pew Research Center found that low-income individuals are at a 50% higher risk of experiencing online attacks than others.

Organizations, driven by a progressive instinct to foster inclusivity in this critical profession, are delivering free training programs. It’s a noble endeavor, isn’t it? After all, making cybersecurity education accessible to all seems like a promising path toward a more secure digital world.

Unveiling the Reality: The State of Diversity in Cybersecurity

A 2022 Workforce study from the International Information System Security Certification Consortium (ISC)2 illustrated the sad state of diversity in cybersecurity: 78% of respondents identified as male, while only 17% identified as female. Transgender and nonbinary respondents made up 0.3%, and intersex respondents 0.2%; the remaining respondents chose not to disclose their gender.

Given these figures, free cybersecurity training might seem like a good remedy. But as we dig beneath these seemingly benevolent initiatives, we find nuanced realities we cannot afford to ignore.

The world of cybersecurity can be both thrilling and daunting, especially for newcomers who are eager to embark on a career in this rapidly evolving field. Amid the genuine opportunities, unfortunately, are deceptive practices that can leave aspiring professionals feeling betrayed and disheartened. It is essential to shine a light on these deceitful tactics, empathizing with those who have fallen victim and providing insights to help people avoid scams and choose reputable cybersecurity training programs.

In researching this article, I spoke to a member of Hacking the Workforce, a Washington D.C.-based nonprofit I founded to increase meaningful cybersecurity opportunities for LGBTQIA+ people of color. This person shared a tumultuous experience navigating the cybersecurity training landscape that is just one of many I have heard in recent years. They noted common ploys that include the allure of free training, “hands-on training” and “pay-to-learn” on-the-job programs that come with exorbitant price tags, guarantees of effortless certification passes, and often do not allow the use of student loans. These organizations exploit the excitement and urgency of people seeking a foothold in an industry with ample job opportunities, preying on their vulnerabilities and bypassing genuine educational and career development.

The free training programs members describe involve a grueling, short program of about six months, and promise comprehensive knowledge and career services support. However, upon completion, members were left disappointed and frustrated as the program fell short of delivering tangible job prospects. This experience is just one of many that highlights the risks associated with free training programs that overpromise and underdeliver.

The Unsettling Paradox: Free Training vs. Gainful Employment

The stark truth is that free training doesn’t necessarily equate to gainful employment. The path from training to employment entails multiple hurdles — job market saturation, competition and the unspoken biases that cloud hiring practices. As a result, these initiatives might inadvertently foster a paradox of discrimination, where even after receiving free training, individuals find themselves still staring at closed doors.

What’s more, the model of free training that does not lead to gainful employment can actually make things worse for people from marginalized communities. Why? Because time equals money. For someone working an hourly wage job, every moment spent on training is a moment not earning needed income. The result is a cybersecurity industry whose continuing inequities are masked by cosmetic changes.

So how do we address this? How do we ensure that the cybersecurity field is not just a club for the privileged, but an arena accessible to all? The answer lies in looking beyond the “free” training model and toward strategies devised not only to train, but also to empower our most vulnerable populations.

Redefining the Narrative: Strategies for an Inclusive Cybersecurity Future

Investing in scholarships, creating supportive platforms for continued learning, and developing systems that address systematic obstacles to the cybersecurity industry are all good starting points. Companies and government bodies must commit resources — not just in terms of financial aid, but importantly in time, mentoring, and real employment opportunities – to truly level the playing field.

We can’t just throw money at the problem and expect it to go away; rather, we must work with individuals who have been historically denied access, support them in their continued learning, and ensure that they have access to opportunities once they have completed training.

At the heart of it all, we must remember: Cybersecurity isn’t a bubble — it’s a reflection of our society. We must ensure that people from all groups, especially the disenfranchised, see themselves represented in its critical industries. Only then will the promise of free training truly realize its potential to include every “byte” of our dynamic society, crafting a stronger, more secure, equitable, and inclusive digital future for us all.