Edit of 03/09/2019
Six months have passed since I originally posted this article and two notable things happened, that I feel fair to update.
The company sent me first an email, then comment in the Disqus forum under the article to give a semi-official statement. Please read it to see two different perspectives.
But what makes me happy is that after my article Cybrary stopped writing similar posts, you will read about on their official blog
Before I start, I would like to emphasize that this is my opionion.
I am seeking answers, to things that just don’t add up.
I also want to be fully transparent. I wish any ethical Cyber company or trainer lots of success to help to shape the cybersecurity world.
Recently I am creating a new section called cyber glossary where I want to explain the InfoSec most commonly used terms.
A cyber glossary is absolutely nothing new, but I want to create this with my approach and style. For sure, I don’t want to be seen as a copycat, and I would be upset to be seen as a guy that just regurgitates anything that I find online. At the same time, I also like to have inspiration and look at what is already available.
When doing a simple “Cyber Glossary” internet research, I came across Cybrary for the first time. I’ve looked into their glossary, clicked some keywords and moved over.
But when I continued my research, I kept bumping in this company, so I was intrigued.
I’ve never heard about them before, so I started to look at the company information.
Accordignly to the website info, Cybrary is a place where you can build your Cyber Security ot IT career for free.
One first thing that struck me was that they were showing quite high statistics on how much this platform was used by the top 1000 companies of Forbes.
I’ve been close to InfoSec for many years and I’ve never heard about them.
Why I never came across such a popular company. I felt I needed more information.
In comparison Plural sight, a popular learning platform has way more web views, and it is known in the professional business. That’s how I became suspicious.
Then I looked at the Awards that Cybrary gained during the last couple of years.
I’ve never heard about those awards. I looked closely into who is backing this award system, and I found it’s an InfoSec Linkedin Group.
Information was scarce on the internet page. So I created an account hoping to find more answers. And I did. It’s quite easy to nominate someone if you pay a $500 fee. After that, any user can vote for with a thumbs up for the company. And those voting accounts are free of charge. Such awards didn’t really prove that the website is top of the class.
After that, I did more background research on the company. I’ve looked into the history of the company, the founder’s social presence, video interviews with one of the founders, and I understood that the company is new to the market, as it started in 2015 and it’s gaining popularity.
I analyzed their business model. Cybrary provides free InfoSec training, like Ethical Hacking and all that certified stuff that I still do not get. To join, you just need to create a free account. The revenue for the company comes from a more tailored experience called Pro.
What I didn’t like about the free model was that you are encouraged to write blog posts for Cybrary in the open section. And when you do that you totally wave out any copyrights of what you created.
This short clause made me uncomfortable. But of course, you are not forced to do that.
I believe that this could be a tactic to create keywords and online traffic to attract more views to the website. Anyhow, this clause added up to the odd feeling I have about Cybrary.
Additionally, they do partnerships with Cyber Security companies where they merge the webinar, articles and more to give them more exposure.
It looks like the long-term strategy of the company is t help cybersecurity companies find the right talent based on the performance of students on the site. From a personal point of you, I am not a big fan of such an approach because I don’t think that a certification or proper grading is a good indication if a person is right or wrong for the job, but that’s just my opinion.
I looked into the official Cybrary blog, the one curated by Cybrary employees and not the site users. And it is here that I found out what bothers me the most.
I found four success stories that are written in a way to make you believe that if you move from free to the paid learning experience, then you’ll achieve great success.
Each one of the articles shows a different angle of success like from being a zero to be hired, to have acquired some big pay raise or just having life-changing experience all, of course, thanks to the Pro membership.
And this is when I became even more suspicious that Cybrary is deceiving its users and potential customers and maybe also their business partners.
If you read those stories, you’ll find that in one case they portray a person with full name and surname.
In another, it’s just the name.
Another is the name and dotted name. Why? For privacy reasons?
And in another, the person is described as she. No name no reference at all.
What is important to note is that such success stories are on the front page and you will receive them in the welcoming email from the founder.
All articles are linked to the pro membership and want to give you the impression that the people portrayed in the picture are the ones described in the story. But there is no evidence they really are true, and the interview form is quite odd.
I did a simple image reverse search, and I found out that they were just stock photos.
Stock photos are not a crime, but with if you add the dubious stats, shady awards and those odd stories I was growing in confidence that this company is doing a lot to try to convince you that they are the real deal, the solution for your Cyber career.
But one of those cases was particularly curious because it was not a stock photo. After some efforts, I could eventually find it was a developer in Russia.
I was very close to contact this person to ask and clarify if he was the guy portrayed in the picture and if he was the one described in the story when something incredible happened.
During my research, the picture of the article changed. How happy I was that I did my screenshots before that. I took a look at the picture source file. It’s called New Justin.
So then my confidence grew even stronger. Cybrary wants you to believe those stories.
I hypothesize that the company, although it’s been successfully gaining free users, it might have a problem in increasing Pro subscription and generate revenue. Lately, Cybrary received more funds from angel investor and were granted a conditinal loan from the Maryland government. Now the pressure to generate revenue might be even higher, and this could be the motive behind such dubious actions.
If we compare Pluralsight and Cybrary again, they both have risks but form different angles. Pluralsight’s competitors are increasing, and the company acknowledge that such threats come also from free content. Pluralsight needs to put more efforts to expand its business and stay competitive. And at the same time companies like Cybrary see a big growth in users mainly because of the free treat, but they might struggle in converting them in paying users.
I would like to conclude with what I stated at the beginning of the article.
Cybersecurity is a fascinating subject, many people all around the world are passionate about it as I am. Together we can help shape this environment and improve it by inspiring, learning from each other, collaborating and much more.
But if you are deceiving and manipulating user awareness to capitalize on the ever-growing Cyber Security market, you are intoxicating the environment.
You can find all the gathered information in one chart here.
During my research, that was far from being fun, I found a small gem.
When you take courses, you can earn points, and I didn’t see exactly what their goal. But for sure you can donate them to Cybrary. Now it seems that one user hacked the website added himself a massive amount of points and then left in his bio that his skills are cross-site scripting. Epic.