There’s a cybersecurity skills shortage, and lots of companies and creators are working to fill the market demand for high quality content. Last week, I wrote about the Offensive Hacking Education Landscape and this week I share my thoughts on top trends in the space.
- Signal to noise will continue to be a challenge for the learner. If you're a consumer of educational content, when in doubt, default to the core creators and platforms for value and always do your own due diligence.
- Cohort courses will come to this space, it’s just a matter of time. Huge opportunity for the creators that do this well. Currently, no-one that I see is tapping into this trend that is being led by OnDeck, Reforge, Write of Passage, Akimbo, Maven and many others. Community-based learning is the disruption in modern learning. From Udemy to Masterclass, self-directed learning only gets you so far. You need accountability and collaboration. The best thing college offers today is group-learning. In the offensive hacking space, I don’t see any of the major players doing this - that will change and the first few to do it well will make a lot of money. The first-mover advantage is still there for the taking, who will be the one to grasp it?
- More and more hackers will learn to hack in the crypto/blockchain/web3 arena: smart contracts, solidity auditing, etc. There’s just too much inertia and pull of web3 in terms of talent and tech and dollar signs. This will especially be evident in top web2 hacking talent today that are looking to upskill in web3. There is a current gap for educational content that is focused on high-end, accelerated learning experiences. The platform or creator that builds this best-in-class premium learning experience can do very well. Good lead gen would be to curate or create the basic how to content for free and upsell to the premium learning product. Offensive hackers familiar in web2 will start by focusing on the web2 attack surface of web3 companies. But the pay isn't there, even though the business risk to the crown jewels can be. So that dynamic will show up with hackers searching for more dense web3 hacking training.
- Capture the Flag (CTFs) will continue to grow in demand with enterprises. With the shifting left of security and the attractiveness of putting fun puzzles in front of development teams with live security risks, I remain convinced this is a hot space. Hack The Box is probably the most well-positioned platform provider to execute on this market opportunity.
- Content creators will collaborate more. One thing I’d love to see amongst the community is content collaboration amongst top content creators. A great marriage of content providers would be say STÖK creating top of funnel Burp Suite basic content as a feeder into a cohort-driven learning experience on Burp Suite with Agarri. That would provide an additional revenue stream for both creators and be a nice match of talent. As the space shakes out, things will move from “help me create my brand by talking on my twitch stream” to “let’s build this course and business together”.
- More niche content creators will emerge. As the demand for content grows, so will the specialists. There are riches in niches as they say. Learning DFIR from @4n6lady, recon from Nahamsec, and Burp Suite from Agarri is just the start.
- The establishment of SANS and others will be disrupted or forced to adapt. Right now there are cloud pentesting courses going for $8K. Over time, the community will sort out the cheaper (but still pricey) version of that and again - the most successful will do it with a cohort model. In-person trainings at conferences may be a thing of the past. Those experiences and dollars have default moved to virtual, but the experience will remain suboptimal. Those who are new and digital native are more likely than ever to disrupt entrenched providers. The only thing to unlock is the continuing education credits, certifications.
Exciting times ahead. I tip my hat to all the creators out there and course owners, keep doing your thing! At HackerOne, I was proud that we built Hacker101.com into a community of over 50K active learners and produced dozens of videos and CTF labs, available for free. I will be continuing my passion for education and community at Lightspin, with the focus shifting to cloud security (so stay tuned!).