This post has been prepared with the invaluable (and necessary) help of Maite Moreno (@mmorenog) and the cybersecurity team of S2 Grupo.

One of the good things that Information Security shares with other IT disciplines is the wide variety of training resources available, both free and for tight budgets.

Without a large financial investment, anyone with time and desire (and a minimum knowledge of technical knowledge, for which there is another large number of resources that we will not cover here) can be trained from practically zero to expert levels in practically any area of cybersecurity.

Below are some of the resources available on the Internet for free or for a reduced cost, bearing in mind that:

• This list is not intended to be exhaustive. Feel free to comment on any content you think is missing and we will add it as soon as we can.
• Some platforms have a freemium approach, combining free content and functionalities with paid ones.
• Although the less technical areas of Information Security such as GRC are less (very little) represented in the list, the more generalist training sites include courses on data protection, control frameworks, risk management, etc.
• Most of the courses are in English, so a minimum level is required to understand instructions and texts. This level is essential nowadays in the field of information technology.
• Blogs, vblogs and podcasts on Information Security are left out, but there are plenty of extremely useful resources. This includes the thousands of webinars on every conceivable topic.
• Nor have we included more general platforms such as edX or Coursera, which nonetheless contain many courses from prestigious universities and organizations.
• Finally, we have not included courses from the device manufacturers, software or cloud providers, which in some cases are free, and which sometimes also provide free versions (with limitations) of their products. AWS, Tenable or Splunk come to mind, but there are many others.