For the purpose of this site, “affordable” is under $1,000
I will try to keep up with price changes, however, the prices listed here may not always be accurate.
| Name & Direct Link | Platform/Instructor | Price in US Dollars | Price Frequency | Topics |
|---|---|---|---|---|
| Hands-On Incident Response Fundamentals | Pluralsight - Ryan Chapman | 29 | Monthly (There are also $299 and $449 yearly options) | Defining Incident Response, Common Incident Response Tasks, Analyzing Files, Base64, Threat Intelligence, IOCs |
| Operationalizing Cyber Threat Intel: Pivoting & Hunting | Pluralsight - Ryan Chapman | 29 | Monthly (There are also $299 and $449 yearly options) | Cyber Threat Intelligence (CTI), IOC Extraction, IOC Pivoting, IOC Hunting, Intel Management |
| Security Event Triage Path | Pluralsight - Various Instructors | 29 | Monthly (There are also $299 and $449 yearly options) | Analyzing Network, Application, Machine & Endpoint Data, TTPS, KSAs, Tools, Detecting Malicious Traffic, Monitoring Assets and Topology, Detecting Anomalies, Statistical Baselining with SIEM Data |
| Streamlining Your Incident Response Process with Splunk | Pluralsight - Aaron Rosenmund and Ryan Chapman | 29 | Monthly (There are also $299 and $449 yearly options) | Introduction to Splunk, Log Data, Aggregation, Splunk Resources, Using Splunk. Note: In addition to this one, there are a lot of Splunk courses on Pluralsight including certification paths. |
| Investigation Theory | Applied Network Defense - Chris Sanders | 647 | One Time | Mental Models for Approaching an Investigation, Interpreting Evidence, Asking Investigative Questions, Open Source Intel, Strategies for Tracking the Investigation Process, Finding Leads Without Alerts, Recognizing Negative Bias, Reporting |
| ELK for Security Analysis | Applied Network Defense - Chris Sanders | 497 | One Time | Elasticsearch, Logstash, Kibana, Beats, JSON, Collecting and Manipulating Structured and Unstructured Data, Searching Data, Building Dashboards, Building Data Pipelines, Logs, Netflow, IDS Alerts, CSV Files |
| Building Virtual Labs | Applied Network Defense - Tony Robinson | 197 | One Time | This is a choose your own adventure style course where you can chose to build a lab with Snort, Suricata, or Splunk. IDS/IPS, SIEM, Log Aggregation. |
| Practical Threat Hunting | Applied Network Defense - Chris Sanders | 647 | One Time | Hunting Frameworks, MITRE ATT&CK, Common Types of Anomalies, Effective Note Taking, ELK, Hands-On Threat Hunting Labs |
| Practical Packet Analysis | Applied Network Defense - Chris Sanders | 797 | One Time | How Networking Works at the Packet Level, Interpreting Packet Data, Wireshark, Filters, Network Protocols, Application Layer Protocols, Packet Carving Techniques, How Malware Communicates on the Network |
| Osquery for Security Analysis | Applied Network Defense - Josh Brower | 397 | One Time | Crafting SQL Queries, Interrogating Processes to Determine if They're Malicious, Uncovering Persistence and Lateral Movement, MITRE ATT&CK, Kolide, ELK Stack, Generating Alerts |
| Intrusion Detection with Suricata | Applied Network Defense - Open Information Security Foundation | 497 | One Time | Installing and Configuring Suricata, Techniques for Capturing Network Data, Rules, EveBox, JQ, Alerts |
| Demystifying Regular Expressions | Applied Network Defense - Darrel Rendell | 197 | One Time | How to Apply Regex, Building and Testing Regular Expressions, Writing Host-Based Detection with YARA, Grep, Snort Rules, Matching Host Logs in SIEMs |
| Project Ares | Circadence | 90 | Per Month (There is also a $900/Annual Option) | This is a Hands-On gamified learning platform with paths that include Cyber Defense Analyst. There are also battle rooms that include forensics, Linux, and scripting as well as games to learn about protocols, Regex, and the Cyber Kill Chain. |
| LetsDefend | LetsDefend | 15 | Per Month | This is a SOC Simulation Environment including alerts, case management, log search, endpoint security and threat intelligence. Save 15% off right now using code DFND15. Proceeds using that code go to the Innocent Lives Foundation. |
| Mastering Wireshark (Video) | Packt | 9.99 | Per Month (For everything on Packt) There is also a one time $124.99 purchase option for this course. | Network Forensics, Wireshark Customization, Capturing and Examining Traffic, Analyzing Network Protocols, Analyzing Application Protocols, Command Line Tools, Expanding & Troubleshooting Wireshark |
| An Introduction to Network Analysis | Security Blue Team | 26.71 | One Time | Networking 101, Wireshark, TCPDump, PCAP Analysis |
| Introduction to Threat Hunting | Security Blue Team | 26.71 | One Time | Threat Hunting Explained, IOCs, Hunting for Malware, Hashing, Mandiant Redline, File Properties |
| Blue Team Level 1 (Training and Certification) | Security Blue Team | 601.07 | One Time (The price includes training and two BTL1 certification exam attempts) | Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Incident Response, SIEM |
| Hands-On Incident Response Analysis | Packt - Suni Gupta | 9.99 | Per Month (For everything on Packt) There is also a $124.99 one time purchase option for the course. | Incident Response Strategy Formulation, Communication, Containment, Documentation, Forensics and Eradication. Detecting and Preventing Attacks, Handling Malicious Code, Insider Threats |
| Introduction to Malware Analysis for Incident Responders | Packt - Jason Dion | 9.99 | Per Month (For everything on Packt) There is also a $188.99 one time purchase option for the course. | Symptoms and Activities, Types of Malware, Infection Vectors, Malware Analysis, FlareVM, |
| Incident Handler Career Path | Cybrary | 49.50 | Per Month - There is also a $299 per year option | Incident Response Steps, Incident Response Planning, Implementing an Incident Response, Log Correlation & Analysis, Recovery, Chain of Custody, Documentation, Legal Concerns |
| SOC Analyst 1, 2, and 3 Career Paths | Cybrary | 49.50 | Per Month - There is also a $299 per year option | Threat Intelligence, Log Analysis, Wireshark, Cryptography, Attack Mitigation, Splunk, SIEM, Incident Response, Digital Forensics, Intrusion Detection, Reverse Engineering |
| The Complete Splunk Enterprise Certified Admin Course | Udemy - Adam Frisbee | 29.99 | One Time | Splunk Admin Basics, License Management, Configuration Files, Indexes, User Management, Authentication Management, Getting Data In, Distributed Search, Forwarders, Monitor Inputs, Network and Scripted Inputs, Agentless Inputs, Fine Tuning Inputs, Parsing Phase and Data, Manipulating Raw Data. |
| The Complete Splunk Beginner Course | Udemy - Adam Frisbee | 29.99 | One Time (Prices on udemy change but they have sales often) | Setting up a Splunk environment, Creating Reports and Dashboards, Understanding SPL (Search Processing Language), Building datasets and data models. |
| MDFIR - Certified DFIR Specialist | Mosse Cybersecurity Institute | 450 | One Time | File Analysis, Windows Forensics, Memory Forensics, Applications Forensics, Network Forensics, Malware Analysis, Enterprise Investigations, Threat Intelligence, Writing Digital Forensics and Incident Reports |
| MBT - Certified Blue Teamer | Mosse Cyber Security Institute | 450 | One Time | Deploy and Manage Incident Mitigation Strategies and Tools, Investigate and Contain Security Intrusions on Windows Systems, Analyze Suspicious Binaries and Malware Samples, Identify Unknown Attacks, Produce Threat Intelligence, Write Custom Tools |
| MTH - Certified Threat Hunter | Mosse Cyber Security Institute | 450 | One Time | Capturing Logs in Large-Scale Computer Networks, Using Python to Hunt for IOCs, Using YARA to Hunt for Malicious Binaries at Scale, Perform Deep-Dive Digital Forensics Investigations and Write Rapid Incident Response Reports |
| Blue Team Boot Camp: Defending Against Hackers | CodeRed | 24.99 | Per Month - There is also a $249 per year option. Both options include access to all courses on CodeRed. | Risk Analysis, Threat Intelligence, Cyber Kill Chain, Endpoint Security, EDR, Windows Hardening, OSQuery, PowerShell, WMI, Linux Hardening, ClamAV, Chkrootkit, HIDS in Linux, MITRE ATT&CK, Network Security, Firewalls, VLAN, Proxy Servers, Log Aggregation & Correlation, Windows Logs, Linux Logs |
| SOC Analyst Prep Workshop | Cover6 Solutions - Tyrone Wilson | 199 | One Time | Threat Management, Vulnerability Management, Cyber Incident Response, Security Architecture and Tool Sets. This is a live, virtual workshop. Dates vary. |
| CompTIA CySA+ Training | Dion Training | 399 | One Time | CySA+ Training, Practice Exams, and Hands-On Labs. |
| Cyber Defense Path | TryHackMe | 10 | Per Month | Security Operations and Monitoring, Threat Emulation, Incident Response, Forensics, Malware Analysis and Reverse Engineering |
| CyberChef for Security Analysts | Applied Network Defense | 397 | One Time | CyberChef, Character Encoding and Encryption, Data Formatting and Parsing, Defeating Malware Obfuscation, Log File and Forensic Analysis Techniques, Image Manipulation, HTTP Requests, JSON Data |
| INE - Incident Handling & Response | INE - Dimitrios Bougioukas | 49 | Monthly (There is also a $499 and $749/year option) | Incident Handling & Response Overview, Network Traffic & Flow Analysis, Practical Incident Handling, SOC 3.0 Operations & Analytics |
| Udemy - Balazs Lendvay | 39.99 | One Time | Investigate Wannacry behavior, Triage and identify IOCs, Static Analysis, Create a summary report of the incident |
