For anyone considering this course, it's well worth the price of admission. Especially if your company pays :) Cody challenges each student to think like a breaker. The course is very hands on. I'd plan to spend at least 5 hours a week on the coursework.
As a result of what I've learned, I've found numerous bugs within internal apps at my company, bugs within random email survey links, bugs within vendor code. Bugs, bugs everywhere!
My only nitpick with the course was that there were some unforeseen scheduling issues that affected the pace and caused it to extend out to > 12 weeks in length. But I attribute most of those to being part of the first/beta run. I have confidence that Cody will get everything worked out in future iterations.
It doesn't take long to see that Cody really does have a genuine interest in teaching others about security. His willingness to share his knowledge is a benefit to anyone willing to learn.
Now, since this is HN, I feel like I should give a little bit of 'inside' info on how things really went. As I mention on the site, feedback was uniformly positive, but that doesn't mean there weren't missteps aplenty. From Paypal freezing my funds (man, that was a bad idea) to emails being lost in the mix over and over, to infrastructure problems with video streaming.
But the key problem was always disorganization and communication. There were 65 students in the first run, and communication happened over email, IRC, and the forums. Having all those options for communication seemed like a good idea -- flexibility is never wrong, right? -- it backfired. It meant that scheduling changes, homework information, etc was always being lost in the mix. That was the biggest problem in the course, as identified by pretty much every student in the class.
But I've spent the last month and a half working my ass off on a brand new platform for communication. While the IRC channel will still exist, this new site is where all homework, exams, lecture videos, scheduling info, etc will be distributed. I believe this will solve the core problem of the first run and make this the best course ever.
As a first-time teacher, I was nervous as hell going into this. But I could never have imagined it going this well. Every single student that finished the course (there were quite a lot of dropouts due to a lack of time -- natural consequence of a class for people who are typically quite busy) passed successfully. One student passed with an incredible 99.8% overall score, despite no background in security going in. If the next batch of students is even half as awesome as the previous one, I have no doubt that they will succeed just as impressively.
I can't thank my students enough for making this a success; I wouldn't be here writing this right now if not for them.
So as a huge thank you to HN and everyone who has supported me in this, I'm offering a 20% discount to everyone here: https://breaker101.daeken.com/?code=hn
Seriously, I can't thank you all enough. Breaker 101 is going to make the world a more secure place and none of this would be happening if not for all of you.
Try to register and you're surprised by a $2,200 fee. Now you have my email address and had I known upfront, I'd not to have given it to you.
> The only way to go from developer to security professional in 12 weeks.
The Offensive Security "Pentesting with Kali Linux" course and its accompanying OSCP certification is very well-regarded in the industry and only half the cost of Breaker 101 at $1,150 for the course materials, 90 days of lab time, and certification.
Everyone in the industry knows about the OSCP course. It's very hands-on. There's a wide breadth of areas it covers. You're doing everything from OSINT to breaking into lab machines to crafting your own web/win32/linux32 exploits. You will become comfortable with a debugger and x86 CPU registers by the end of it.
Disclaimer: Satisfied customer of OffSec who went through the course.
OffSec's course is good for a very broad-strokes overview of security, but it doesn't dive deep, which is -- I believe -- Breaker 101's strength. The goal is that you come out of the course fully able to perform well in a web security environment, and I believe it does that.
> That statement should've read "web security professional"
> OffSec's course is good for a very broad-strokes overview of security, but it doesn't dive deep,
Your course claims to require a time commitment of 2-3 hours a week, but let's up it to 5 hours required. That's still only 60 hours of (expected) course time.
Contrast that with the OSCP course (35 days 12) of 180 hours. 60 hours to cover and do hands-on for a broad range of web attacks and also deal with "in-depth" crypto breaking? And this course is targeted at a beginner?
You make a lot of claims and charge a lot of money but they don't seem to stand up and that's going to arouse a lot of perceptions like mine from the security world. Everyone is very suspicious of snake oil claims.
Sorry, I don't mean to rain on your parade. I hope you are successful and push the security industry forward. It's just rather annoying to see you show up to the party and make rather bold claims that don't seem to hold up to scrutiny.
What is the price?
The first 10 seats are priced at $2000 or 2.2BTC. Each subsequent seat is $2500 or 2.7BTC.
I'm not saying that I don't think it's worth it. Maybe I'm just surprised since I've become used to free MOOCs and other educational sites that cost less than $100/month. Still, this looks really cool. Best of luck to you.
Currently I'm looking at Offensive Security's OSWE or SANS Advanced Web Pentesting, but I like the idea of an extended course with 1 on 1 interaction.