Learn Subscriptions: Course Structure and New Courses

With the Offsec Training Library (OTL) being a growing platform for continuous cybersecurity workforce development, we remain committed to delivering new content and expanding into new areas (dare we say, defensive security?).

Read on to learn more about cybersecurity workforce development, our new content structure, and the new courses for SOC Analysts, Penetration Testers, Web Application Developers, and Threat Hunters.

Cybersecurity Workforce Development With the OTL

A skills gap exists in the cybersecurity field between the demand for talent and the supply of talent available. With the urgency of this skills gap, we asked, what role could we play in improving these circumstances for the infosec community?

The sheer scale of the challenge in cybersecurity workforce development meant that it was time for us not just to bring attention to the skills gap, but play our part in providing a solution.

The OffSec Training Library (OTL) is a continuous cybersecurity workforce development platform that provides on-demand training for entry-level to advanced positions for roles such as: SOC Analyst, Penetration Tester, Web Application Developer, and Threat Hunter. The purpose of the OTL is grounded in the ongoing process of educating and empowering students so that they can tackle the problems of tomorrow. The training content in the OTL is delivered in atomic learning units, organized in easy-to-navigate learning paths for a number of cybersecurity job roles.

When we say continuous, we mean it. Our training library grows with our students. New content is added monthly on a rolling basis, in real-time. 

Not ready for 200-level courses?

Map icon

Start with beginner-friendly, 100-level Fundamental content. Our 100-level training provides all the prerequisites you need to move on to the 200-level course in the training path preparing you to earn the certifications.

Rocket icon

Need a platform that helps you plan your infosec career trajectory? Start from 100-level content, and work your way up to foundational 200-level and advanced 300-level certifications.

Person at work icon

Are you looking to acquire a certain job role? Each of our courses provides real-world training for specific positions within infosec. The job positions (i.e SOC Analyst, Penetration Tester, Web Application Developer, and Threat Hunter) our certifications cater to have broadened even more with the addition of WEB-200 and SOC-200 (our first defense course).

Now that we've elaborated on the value of the OTL as a continuous cybersecurity workforce development platform, let's discuss how its creation also led us to rethink how new course content should be structured.

Content Structure

Historically, our 200-level foundational courses and 300-level advanced courses have always included a rather dense PDF as one of the primary learning mediums. These PDFs tend to take students quite a while to read through and absorb.

The launch of the Offsec Training Library (OTL) gave us the opportunity to intentionally consider new ways of publishing and structuring content.

The launch of the Offsec Training Library (OTL) gave us the opportunity to intentionally consider new ways of publishing and structuring content. Ultimately, our two goals are to 1) structure content in the ways that are easiest for students to learn from, and 2) publish content timely and frequently to the OTL in a way that best supports the continuous delivery of materials.

PEN-100 content is the first addition to the OffSec Training Library that embodies a structure designed to: 

  • Contain smaller learning units that help students learn more quickly and efficiently
  • Guide students with predictable Learning Objectives and Learning Times

Here is an example of our new content structure: Download Graphic

    • TOPIC eg. Linux Basics I
      • LEARNING UNIT eg. Introduction to Linux
          1. Understand what Linux is
          2. Describe the origins of the Linux kernel

Students will find this structure in the following content (when they subscribe to the OffSec Training Library): PEN-100, SOC-200, WEB-200, and new upcoming content. 

Courses are structured so that the basic Unit of learning is shorter and more absorbable. We know that not everyone can devote 10+ hours each week to study. These shorter Units allow a wide range of students to fit learning into their schedules. 

With Fundamental, 100-level content, we break down the learning into smaller Learning Units, each with Learning Objectives, and each with hands-on exercises for students to learn and master a concept. This is especially helpful for entry-level students that need to learn new concepts, one at a time.

Topics and Learning Units

A Topic consists of a group of Learning Units. Though we aim to keep a Topic length to an average of 10 hours, we understand how much this can vary depending on experience levels and time constraints. Thus, 10 hours is more of a guideline to help students understand how much time they could expect to devote to learning. As we develop the OTL, we plan to take into account students’ direct experiences with each Learning Unit to continuously improve estimated Learning Time accuracy.

Each Topic is standalone. That is, it doesn’t inherently have a dependency on another Topic, except in specific instances. Let’s assume that a student is in PEN-100 content and has a strong background in Networking. They may skip the Networking Basics Topic entirely and fill other specific gaps in knowledge. Students can be modular in their approach to choosing content.

The material that we might want to fit into a specific Topic may be too large to fit in a 10-hour learning block. In such scenarios, we have created multiple Topics on the same subject to better organize and structure the Topics’ Learning Units. For example, Linux Basics 1 covers the very essentials of using a Linux-based command line, while Linux Basics 2 begins to dive into concepts like user management and permissions.

Learning Units are individual allotments within Topics that have clear learning objectives.

Learning Units are individual allotments within Topics that have clear learning objectives. Each Learning Objective is a “verb statement”, giving students a precise description of the knowledge, skills, and abilities that they are taking away from a particular Learning Unit. With PEN-100 as the example, Learning Objectives could be, “Understand how the TCP/IP protocol works” or “Learn to write a Linux file using the command line.”


Two kinds of exercises will help students determine if they have met a Learning Objective.

The first kind of exercise is informational and memorization-based. These exercises help students to recall and understand the material they’ve read or watched. For example, in PEN-100 a student can read the text of a particular Learning Unit, and then answer some questions to make sure they have absorbed the information.

In the “Piping and Redirection” Learning Unit of “Linux Basics – 1”, one such informational question is: “What is the full path of the device we can use to redirect uninteresting output?”. The student would have to read the text and perhaps perform some additional research to obtain the answer to the solution.

In our experience, cybersecurity often involves not-knowing things. We’re hoping to get students to encounter this reality as soon as they start learning. We provide additional guidance by referring students to specific external links that enrich the learning experience. Students should understand that research is an integral part of infosec, no matter what one’s experience level is.

The second kind of exercise is lab-based. Let’s again assume that a student is in the Linux Basics I Topic, and they’re working through the “Command Line Basics” Learning Unit. One of the Learning Objectives of this Unit is to create a file with the touch command. An exercise will test their ability to do this, and they’ll run a binary to confirm if they’ve succeeded. Throughout this learning process, we’ll teach the student what a binary is and how to run it. The general idea is that a student does X and then checks to see if X was performed correctly. In doing so, they will retrieve a flag (a value unique for that exercise) that signifies the completion of that exercise. Once again, they will be able to submit this value into the OTL to verify and track their results.

New Courses

Our new course structure isn't the only thing worth celebrating. We're excited to announce that the OffSec Training Library now includes two brand new courses and an update to an existing course!

   New defense course: SOC-200 (Security Operations and Defensive Analysis)
   New web app assessment course: WEB-200 (Web Attacks with Kali Linux)
   Updated course: WEB-300 (Advanced Web Attacks and Exploitation)


Yes, we said defense! Security Operations and Defensive Analysis (SOC-200) reveals the consequences of common attacks from a defensive perspective.

Students who complete this path and pass the exam earn the Offensive Security Defense Analyst (OSDA) certification, demonstrating their ability to detect and assess security incidents. A certified OSDA candidate is prepared to join and participate in a Security Operations Center (SOC) as a Junior Analyst.


Security Operations and Defensive Analysis (SOC-200)

Students will:

  • Learn how attackers navigate with The Cyber Kill Chain® by Lockheed Martin
  • Learn how attackers operate with the MITRE ATT&CK® framework
  • Audit Windows endpoints using Windows Event Log, Sysmon, and PowerShell
  • Investigate Linux endpoints using Syslog, Audit and via custom scripting
  • Review common attacks for client and server-side systems
  • Use a Security Information and Event Management system (SIEM)
  • Track adversaries movements throughout a network

What job roles would be interested in this course?

  • Security Operations Center (SOC) Analysts
  • Jr. roles in Threat Hunting and Threat Intelligence Analysts
  • Jr. roles Digital Forensics and Incident Response (DFIR) Analysts


Learn the foundations of web application assessments with Web Attacks with Kali Linux (WEB-200).

WEB-200 teaches students how to discover and exploit common web vulnerabilities, and how to exfiltrate sensitive data from target web applications.

Students who complete the course and pass the associated exam earn the Offensive Security Web Assessor (OSWA) certification, demonstrating their ability to leverage web exploitation techniques on modern applications. A certified OSWA candidate is prepared to take on the Advanced Web Attacks and Exploitation (WEB-300) course.


Web Attacks with Kali Linux (WEB-200)

Students will:

  • Learn how to use tools such as Burp Suite, wfuzz, nmap, gobuster
  • Perform stored and reflected XSS on both the server and client-side
  • Understand Cross-Origin requests and when they can be exploited
  • Attack four common database management systems with SQLi
    • MySQL
    • PostgreSQL
    • MS SQL Server
    • Oracle
  • Discover and exfiltrate configuration information via Directory Traversal
  • Acquire several different techniques for exploiting XXE
  • Exploit six different templating engines often leading to RCE with SSTI

What job roles would be interested in this course?

  • Web Penetration Testers
  • Web Application Developers
  • Application Security Analysts
  • Penetration Testers in general

WEB-300: Updated

Advanced Web Attacks and Exploitation (WEB-300) is an advanced web application security review course. We teach the skills needed to conduct white box web application assessments.

Students who complete the course and pass the exam earn the Offensive Security Web Expert (OSWE) certification, demonstrating mastery in exploiting front-facing web apps.

This course includes three new Topics that focus on vulnerability discovery:

  • Cross-Origin Resource Sharing (CORS) with CSRF and RCE
  • JavaScript Prototype Pollution
  • Advanced Server Side Request Forgery

Advanced Web Attacks and Exploitation (WEB-300)

Topic — Learning Unit — Objective

Both SOC-200 and WEB-200 are written with the Topic/Learning Unit/Learning Objective structure in mind.

The OffSec Training Library will continuously deliver new content on a rolling, monthly basis. This means that if a student subscribes to Learn One and starts on either the WEB-200 or SOC-200 learning path, they’ll have access to new content that’s yet to be released for their chosen course.

Subscribing also means that a student will have access to all Fundamental, 100-level content (hint hint: this means access to current content like PEN-100…and soon-to-come beginner-level content that preps students for the WEB and SOC tracks).


Connect with others who are already OffSec certified, or on their journey in the OffSec community Discord.

You can also keep up to date with us by signing up to be an OffSec Insider, or follow our social media:


More Questions?

If you have more questions about WEB-200 or SOC-200, you can:

  • Visit the course help section on our FAQ page

Contact us (if you have an OSID, please include this with your message)