Training

There is no 'must have' training for a cybersecurity professional. It is really dependent on what your short-term and long-term goals are. Most of these recommended trainings and exercises are focused on the penetration testing side of cybersecurity, and can be found in the cybersecurity subreddit. If you're focused on more on policy and regulations, its recommended to navigate to Cybersecurity Career Paths & Certs for your specific focus.

Penetration Testing

Like most of cybersecurity, penetration testing is a hard topic to cover as it is incredibly broad. For those reasons, this is a dedicated penetration testing sub-section to not only hone your skills, but give you a place to start if you're a beginner. For those reasons, it is recommended to check out Hackthebox's free penetration testing beginners course. https://academy.hackthebox.com/

Metasploit is one of the go-to tools for a penetration tester. Metasploit Unleashed has created a comprehensive in-depth Metasploit guide, with contributions from the authors of the No Starch Press Metasploit Book. https://www.offensive-security.com/metasploit-unleashed/

Hack.me is a community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of "runnable" vulnerable web applications, code samples and CMS's online. The platform is available without any restriction to any party interested in Web Application Security. https://hack.me/

Hacker101 - Free classes for web security - https://www.hacker101.com/

Hacking the Cloud - Free cloud security assessment and penetration testing resources - https://hackingthe.cloud/

Capture the Flags

To continue practicing your penetration testing knowledge, it is recommended cybersecurity professionals check out Capture the Flags. CTF101 describes Capture the Flags as: A computer security competition.

Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill.

Very often CTFs are the beginning of one's cyber security career due to their team building nature and competitive aspect. In addition, there isn't a lot of commitment required beyond a weekend.

hackthebox https://hackthebox.com
TryHackMe https://tryhackme.com/
Parrot CTFs https://parrot-ctfs.com/
Vulnhub https://www.vulnhub.com/
HackXOR WebApp CTF https://hackxor.net/

Governance Risk Compliance - GRC

There are a few GRC resources out there, mostly regulatory and compliance documententation. The hard part is really finding something specific to your industry while being consolidated in one place. Here is a good start for tracking down GRC related resources:

https://github.com/Arudjreis/awesome-security-GRC

Threat Hunting

KC7 Cyber has 13 training modules designed to encapsulate what it takes to be a threat hunter. Designed in a gaming format, the modules are modeled after real-world scenarios to give the player as much practical experience as possible.

KC7 Cyber lists some of the concepts you'll learn while engaging in their modules:

How to apply foundational security analysis skills to analyze security log data.
How to “pivot” between datasets using indicators or patterns of interest.
How to identify tactics, techniques, and procedures (TTPs) based on observed threat activity.
How to cluster patterns of threat activity based on overlaps in adversary tradecraft and TTPs.

https://kc7cyber.com/

General Training

General tips and tricks on leveling up your cybersecurity career. Some highlights are "How to build a security career roadmap" and "What to do if you security career isn't taking off". https://www.cyberproclub.com/

Udemy - Online learning course platform "collection from the free courses in our learning marketplace" https://www.udemy.com/courses/free/

"Using ATT&CK for Cyber Threat Intelligence Training" - 4 hour training The goal of this training is for students to understand the following: at: https://attack.mitre.org/resources/training/cti/

Cybrary's accessible, affordable training platform provides curated career paths, threat-informed training, and certification preparation for professionals at all levels. https://www.cybrary.it/

With over 850 hours of course content, the Federal Virtual Training Environment (FedVTE) offers no cost online cybersecurity training on topics such as cloud security, ethical hacking and surveillance, risk management, malware analysis, and more. https://niccs.cisa.gov/education-training/federal-virtual-training-environment-fedvte

Hoppers Roppers - Community built around a series of free courses that provide training to beginners in the security field. https://www.hoppersroppers.org/training.html

Stanford University Webinar - Hash, Hack, Code: Emerging Trends in Cyber Security Join Professor Dan Boneh as he shares new approaches to these emerging trends and dives deeper into how you can protect networks and prevent harmful viruses and threats. 50 minute cyber lecture from Stanford. https://www.youtube.com/watch?v=544rhbcDtc8

CYBER INTELLIGENCE ANALYTICS AND OPERATIONS Learn the ins and outs of all stages of the intelligence cycle from collection to analysis from seasoned intel professionals. https://www.shadowscape.io/cyber-intelligence-analytics-operat

Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729

Cybersecurity Essentials (30 hours) Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses. https://www.netacad.com/portal/web/self-enroll/c/course-1003733

Cloudbreach training is focused on cloud security. They offer Azure and AWS focused training at a fairly low cost. https://cloudbreach.io/

Xintra offers a variety of training, but their Attacking and Defending Azure & M365 is a go-to course for cloud security professionals. https://training.xintra.org/attacking-and-defending-azure-m365

Vendor Training

AWS Cloud Certified Get skills in AWS to be more marketable. Training is quality and free. https://www.youtube.com/watch?v=3hLmDS179YE Have to create an AWS account, Exam is $100.

WebSecurity Academy Free online web security training from the creators of Burp Suite https://portswigger.net/web-security

ElasticStack - Free on-demand Elastic Stack, observability, and security courses. https://training.elastic.co/learn-from-home

IBM Security Learning Academy Free technical training for IBM Security products. https://www.securitylearningacademy.com/

Fortinet https://www.fortinet.com/training/cybersecurity-professionals

Google https://cloud.google.com/learn/training/networking-security#security-engineer-learning-path

Google Cloud - https://www.coursera.org/learn/security-best-practices-in-google-cloud

Microsoft Azure Fundamentals - Not exactly a "course" but a great resources for those new to Microsoft Azure https://learn.microsoft.com/en-us/azure/security/fundamentals/overview

Bug Bounties

Bug bounties have been all the rage the past few years. They can be extremely lucrative depending on what you find. Here are some recommended bug bounty programs: