The Value of OffSec Subscriptions

The Value of Subscriptions
By Jim O’Gorman

We recently announced our new subscription products, Learn One and Learn Unlimited, and we are really excited about the response they have received. These subscription products represent a change from our traditional way of packaging and pricing our content. With these changes, we thought it would be helpful to provide more details about the Learn subscriptions, and the value they bring to our students.

A historical perspective




Live Classroom

When OffSec first started, information security training classes were designed to be taught in a live classroom for five days. If you wanted that training but were unable to attend a live session, you could get MP3s of lessons to listen to, and some books to work through the material. If that wasn’t an option, some certifications had an open body of knowledge, and you could work toward them off of various books that covered the topics.




Online Training

But OffSec was different. We had a course delivery model that was optimized for the online experience.

The stand-alone courses we sold included content, lab time, and a single exam attempt in 30, 60, and 90-day increments. More lab time or more exam attempts could be purchased separately. This is a packaging model that started at the beginning of the company, and has remained the same ever since.




Present Day

Years later, the internet as a delivery system has evolved, especially when we look at the students' knowledge and experience in the IT industry. This creates an opportunity to innovate our product offerings.



Goals of a subscription

There were a few goals we had when designing our subscription offerings:

1

Easy Purchasing

Streamline the purchase options, making it simple to pick the product that will be most likely to get you the certification, job, or promotion you are looking for.



2

Valuable savings

Ensure optimal value for students.



3

Easy packaging

Package the courses in a way that students do not need to purchase any additional products from OffSec or other companies beyond the subscription to successfully earn their certification.



4

Reduce stress and time restraint

Reduce stress and time pressure on students while they work through the course.



5

Frequent updates to content

Have the ability to update the content on a regular and frequent basis.

Let’s break that down some.

When we design a course, we ask, “What is the information you need to have to demonstrate this skill successfully in a job?”. This question could lead to the development of courses with vastly more content than the rest of the industry would typically create for a topic. Most training companies design content with a 1) price point and 2) time-allotment as targets that dictate success.

As the industry has advanced, the baseline level of knowledge you need to have has increased. This means that our foundational course, PEN-200 (PWK), may require a time commitment beyond the original 30/60/90 day periods. We realized that we had two options:

  • A) Reduce the content in PEN-200 to material that would only fit into a 90-day period of time. This would devalue the course and certification for current and future OSCPs, and students would be less qualified to work in the industry.
  • B) Find new ways of packaging PEN-200 that reflect the current reality.

We choose option B.

PWK365

When we break down how long most students need to earn the OSCP certification, we typically see six months. As an experiment earlier this year, we did a “PWK365” bundle that provided students with a year of lab time, and it was a success. We saw that students were less stressed when working through the material. They had the chance to take the time they needed, without feeling rushed. Before long, students were asking when we would introduce 365 versions for the 300-level courses.

Thus, in building our Learn One subscription, we understood the significance of giving students a whole year of lab time. Additionally, we wanted to include other products that have been helpful to students as they work towards their chosen certification:

1

KLCP Certification

Access to the Kali Linux Certificated Professional certification.



2

Proving Grounds

Access to the Proving Grounds Practice lab environment for some additional practice on various lab machines.



3

Penetration Testing with Kali Linux (PWK)

Access to PEN-100, our new introductory course that covers a number of PWK prerequisites.



4

OffSec Certification

An additional certification attempt.



With all that together, you have an ideal bundle of products that allow students to start their OSCP journey all in one place, with a known price, and plenty of course lab time.


What about 300-level courses?


300-Level Courses

“That’s great”, you might say. “There’s plenty of value for students going after the OSCP, but I already have that. I want to take a higher-level course, and I don’t need access to introductory content like PEN-100. So why should I care about Learn One?”

This is where we went back to the numbers. And again, we found that most students enrolled in 300-level courses took six months to clear the certification. The Learn One bundle can be as valuable to 300-level students as it is for beginners. Our research also showed that most students purchased an additional exam attempt.

Based on our research, you can now understand the all-in-one value of Learn One for 300-level students based on their time commitment, and how frequently extensions and exam retakes were purchased. A subscription has everything they need for less than the price of the traditional model.

We are pleased with how this subscription package works for both the 200 and 300-level students, giving each of them everything they need in a single purchase. The simplification of the purchasing process for students was a crucial goal for us. Do I buy 30, 60, or 90 days? Do I rush to get everything done in time, or just buy an extension? We understood how students could experience analysis paralysis with a variety of courses, lab times, and extensions to choose from.






Learn One subscription

With Learn One we can say: “This has everything you need.” A student can reduce the stress associated with a time crunch and feel confident about the value of this all-in-one solution (compared to purchasing a lab time extension and an exam extension separately).



With Learn One we can say: “This has everything you need.” A student can reduce the stress associated with a time crunch and feel confident about the value of this all-in-one solution (compared to purchasing a lab time extension and an exam extension separately).

Not only is the pricing less than what it would cost to buy the products separately, but we are also able to price them far under the industry norms for training at this level. Many employers provide a training budget of between US $5,000 to $6,000 per employee per year. This means a single Learn One subscription is around half of the typical corporate training budget.

What about Learn Unlimited?

All this is without discussing Learn Unlimited, where the value is quite apparent. Within that standard corporate training budget of $5000-$6000 per employee, you have access to ALL OffSec content and online courses*. No reason to pick and choose — you have everything.

* AWE is only taught in Live classes.

What’s next?

Those of you not yet in the industry and who don’t have an employer covering your training: we see you. We have not forgotten about you.

We are working on an unreleased package coming soon that is constructed and priced as an “Industry bootstrap”. It will be affordable on an individual basis and provide you with the content you need to secure an industry job. We still need to produce more content for this offering before releasing it, but it’s coming very soon.

Speaking of content production, this packaging system also solves other long-standing issues. Traditionally, we could only update courses on a “forklift” basis, with a major update after a period of time. We just finished the long process of refreshing all of our courses, and we need to be able to update them frequently. With the subscription packages, we can update content in real-time as new material is produced without having to wait for an update cycle.

It’s not just updated course content that opens up for us. Now, with a subscription to the OffSec Training Library, we can introduce content to the library that is not part of a course, so anyone with an active subscription can access it. We don’t have any of this material in the library yet, so we will talk more about it as that content is released. You have no idea how excited we are to have the ability to produce and release new content in real-time! And it’s not just the new content, but the frequency, as we are working towards doing monthly library updates.

We want to hear from you

These subscriptions are new, and we will continue to evolve them based on what we see from student needs, student feedback, and new capabilities that we are developing internally. If you have feedback, let us know! Join our Discord, interact with us directly, and let us know what you think. Keep an eye out on our site for announcements as we continue to release new and exciting content.


Jim (elwood) began his tech career as a network administrator with a particular talent for network intrusion simulation, digital investigations, and malware analysis. Jim started teaching for OffSec in 2009 as an instructor for the Penetration Testing with Kali Linux (PWK) course — a role he still enjoys. He went on to co-author Metasploit: The Penetration Tester’s Guide and Kali Linux Revealed: Mastering the Penetration Testing Distribution, and has developed and curated a number of OffSec courses. As the Chief Content and Strategy officer, he currently oversees the open-source Kali Linux development project and participates with OffSec’s Penetration Testing Team.

New for 2021

WINDOWS USER MODE EXPLOIT DEVELOPMENT (EXP-301)

Window User Mode Exploit Development (EXP-301)

Learn how to write your own custom exploits in this intermediate-level course.

Earn your OSED

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb