An Open Letter to INE about Cyber Security Pass

Update (10/27/2020): Since writing this letter on Oct. 21st, a number of positive changes have taken place on INE’s Cyber Security Pass. INE has taken community feedback and made some changes, here are the main points:

• The “Penetration Tester Student” (PTS) course will be FREE of charge for members who sign up for the INE Starter Pass (https://checkout.ine.com/starter-pass). INE is working on rolling out unlimited lab time included in the starter pass (I’ve heard unlimited labs should be ready in a week or two). It’s also worth noting that the eJPT exam voucher is $200 (https://elearnsecurity.com/product/ejpt-certification/) . In my opinion - eJPT is now the best value cybersecurity certification on the market (free course content with unlimited labs, and the voucher is only $200).
• INE/eLearnSecurity rolled out a 40% discount code for the Cyber Security Pass. This was originally intended for only eLearnSecurity members, but they have decided to roll it out to all customers. Use the discount code “ELS-CYBER” in the cart to get the Security Pass for 2 years for $1199 (previously $2000).
• A special coupon code was rolled out to all eLearnSecurity members who purchased a course in the last 6 months with a special offer of 1 year subscription for $99.
• For those who want a monthly membership option, the option is available but is hidden from view in the cart https://checkout.ine.com/. You can find it somewhere in the cart/checkout area pretty easily if you know how the coupon codes validate. Not to spoil the surprise, but when you find it, the monthly option is $200/mo. Happy hacking!

With these changes I think INE is taking a positive step towards keeping the eJPT widely available and at a very low cost. The 40% off coupon code now allows room for up to 2 certifications ($800) compared to the normal pricing model. If that is too expensive for you, I would recommend looking into the monthly plan. If you focus on finishing course material in 2 months, you can save major money compared to many other certifications on the market ($200 * 2 months + $400 for any exam voucher).

The original open letter remains unedited below.

Dear INE,

eLearnSecurity has been a growing certification choice for Information Security professionals over the last few years. eLearnSecurity offered a myriad of options and flexible payment plans which allowed information security professionals to gain practical hands-on skills in a lab environment that was applicable to the exams, and also was unique in its simple but effective lab offerings.

However, INE’s new “Cyber Security Pass” is a betrayal of the customer faith eLearnSecurity has built, and also misses an opportunity that would have allowed INE to become a leading-edge and affordable cybersecurity training organization.

tldr; INE could become the leading-edge cybersecurity certifying body by including 2–4 free exam vouchers per year in the Cyber Security Pass, as well as rolling out a $100–150/month subscription plan focused on a “beginner to expert” training path. For example, the “Pentester Path” could include course materials for eJPT, PTP, and PTX and 1 exam voucher for each certification which accrues every 6 months and/or when the student “completes” the course materials.

To put it simply, there are a few things that made eLearnSecurity unique:

1. Additional exam attempts were free of charge. In the old eLearnSecurity model, additional exam attempts if you fail the first time were free of charge. This builds faith in the community and most importantly, focuses on LEARNING as opposed to being a “money grab” for additional exam attempts. Other companies - including EC-Council, Offensive Security, and ISC2 charge additional money for exam attempts. There is no other way to put this model than it is intentionally made to “sell” attempts to the customer, often for “course material” that was not quality enough to pass the exam in the first attempt. eLearnSecurity was different because it allowed you to learn from your mistakes and try again with the course materials if you missed a particular area. The eLearnSecurity course materials are high quality, and from my experiences in the eJPT and eMAPT certifications — the course material is NECESSARY to pass the exam. The new model of charging $400 for an ala carte certification attempt goes against everything eLearnSecurity built. It is true some users will be able to pass a certification ala carte. Don’t get me wrong, $400 is a reasonable price for a certification, however, in my experience eLearnSecurity course material is tightly bound to the certification exam. INE needs to ask themselves: what is the purpose of course material if you do not receive a certification? The mentality of providing course material without a certification attempt, is only applicable when the certification is issued by a third party provider like ISC2, Cisco, or another party. In this case INE is the certifying body and ALSO the training provider, thus it makes no sense for their training material to be separated from the exam by an extra payment.
2. The labs were small in scope and applicable to the exam. The Hera Lab environment of eLearnSecurity is (and was) excellent, and allowed the concepts to be broken down into individual labs. Unlimited lab time is a great aspect of the Cyber Security pass that is an added value. The lab material is quality and the ability to “spin up” and “spin down” labs on demand is a great benefit.
3. The eLearnSecurity certification costs were reasonable and able to paid easily from a set corporate budget on a quarterly or bi-quarterly basis. In the eLearnSecurity model it was easy to fit a $1500 charge for a certification attempt and training materials into a quarterly corporate budget. Corporations tend to allocate $x per quarter for training allowance (lets say for example that dollar amount is $1500 every 6 months). Under the new plan, it is going to be difficult to convince corporate training budget approvers to approve 3 charges on a corporate credit card per year, for a return on investment of only 2 certifications. For example, if I were to charge INE’s Security pass to my corporate budget I would need to charge $2000 to access the pass, and then an additional $400 for each exam attempt. For quarters one and two, this is a total charge of $2400, and for quarter three and four, that is a total of $400. I’m over budget in the first half of the year and under budget in the second half. The cybersecurity pass forces corporations to frontload additional spending into the budget for quarters one and two. This complicates matters compared to the previous scenario where I was able to charge to a pre-defined budget for each individual course (say $1500 for PTP elite) and be within the defined bounds of that budget without having to justify a “yearly renewal fee” or a “yearly access fee” in addition to certification attempts.

My Proposed Changes to the INE Cyber Security Pass

In my opinion, these changes will change INE’s Cyber Security Pass into one of the most affordable cybersecurity training companies providing maximum value and flexibility to the student, while allowing INE to “cash in” on students looking to get started in cybersecurity.

1. Provide 2–4 certification vouchers per year, included free-of-charge in the Cyber Security Pass when paid on a yearly basis ($2000/year). For those who are flexible learners and want to jump from a blue team to a red team certification, this plan would provide that intended flexibility. In addition, this plan would provide the absolute best value of any cybersecurity training on the market. Most certification exams are around $1000 — $2000 per attempt, this $2000 per year plan would provide the absolute best value for cybersecurity professionals as well as maintain maximum flexibility in what you can learn and be certified in. Additional vouchers and even “retake” vouchers can be charged at full price of $400 for those who want to be certified in more than 2 things per year.
2. Create a $100–150/month “subscription plan” based on a training path. This would be considered a “from beginner to expert” path in each of INE’s Cybersecurity silos. Allow users a free certification voucher when a course’s material is marked as “complete”. For example, INE could create a “Penetration Tester” path which includes the course materials for PTS, PTP, and PTX as well as a certification attempt for each. When the course material has been marked as complete by the student for each certification they should be allowed to take it. The math for the price will work out — some students will take longer on a course while others will breeze through it. For example, one student may take 6 months to take the eJPT exam, another may take 2 months. INE would still receive $800 from these students over the course of the materials, but it also supports more knowledgeable students to pursue the advanced certifications. eJPT is a very unique certification which is a very well received beginner level certification in the penetration testing community. eJPT should be the gateway to the more advanced courses, or perhaps subscribing to the Cyber Pass for $100 per month gets you one free eJPT voucher. INE has excellent unleveraged potential with the eJPT as this is one of the only “beginner level” pentesting certifications available on the market.
3. Go ahead — charge full price for certification retakes. If a student is unprepared for an exam AFTER taking your course material - that is either the student’s issue or the course materials. Many security professionals already know that eLearnSecurity course material is high quality. I know I said exam retakes were free from eLearnSecurity, but if you offer the value mentioned above, I personally would be fine to pay for a retake.

In the cyber security world, course material alone is useless without the certification to prove you know your stuff. The certifications are what hold value for recruiters, making a move to a new career area, or proving your knowledge. No one will pay $2000 for course materials and labs alone when there are far cheaper options like HackTheBox, TryHackMe, and Udemy. INE has an opportunity to trailblaze with an affordable learning plan that includes up-and-coming industry recognized certifications, but those certifications will only continue to grow in recognition if they are accessible and affordable to INE’s students.

Peace,

L0r3nz0