Cofense PhishMe vs. Offensive Security Cybersecurity Courses and Certifications

Cofense PhishMe is an excellent solution for scenarios where it will be sold as a managed service. I believe that PhishMe is too expensive for many clients and instead would benefit from the economies of scale where an MSSP sells it as part of a whole service, which offers the analysts and reporting included. PhishMe is excellent for training and awareness of Phishing, but shouldn't replace mandatory training for new joiners or yearly refreshers, it should only be used as an additional training option.

Incentivized

For cybersecurity practitioners interested in advancing their skillset in deeply technical matters, Offensive Security Cybersecurity Courses and Certifications offers some of the most well respected, up to date, technically challenging and comprehensive training courses out there; however, users must be very disciplined, determined and resourceful in order to make the most of the high quality content on offer since good time management is critical and "Try Harder" isn't just a motto for Offensive Security Cybersecurity Courses and Certifications given the content could frustrate some inexperienced users that may be pressed for time and don't have enough drive to spend learning a good amount of possibly unfamiliar but essential content and concepts

Incentivized

• It gives clear-cut segregation of different parts of an email, header, text and HTML body, URL, attachments, HTML preview and some analytical insight like "similar reports." This distinctive approach actually helps reduce data overload during an analysis.
• The URLs captured here pass through an automatic reputation check [in our case VirusTotal] and add a tag of the reputation. If it is a well-known bad URL the tag helps us take the decision fast.
• For creating automation rules on the reported emails the "Recipes" section is really helpful. We can create easy recipes [or rules ] to handle a huge flow of reports and also we can create more sophisticated rules depending on the Cyber intelligence feed to catch the really bad currently less known attack attempts by malicious emails.
• The "Threat Indicators" section is also useful to use as a threat intelligence source to check the URLs for their maliciousness.

Incentivized

• Content is comprehensively laid out in a clear manner
• Content is regularly kept up to date with the latest techniques seen today
• Content doesn't assume too much about the reader's existing knowledge levels
• Labs are representative and designed to emulate what could happen in real life
• Certifications are well respected and widely recognised in the security industry
• Prices are not that expensive compared to other vendors etc.

Incentivized

• Completely switching to the new UI - Most is redesigned, but some old elements remain
• Ability to spoof known brands - limited in scope now and you are not allowed to use fully "convincing" campaigns that we are seeing in the wild
• Ability to own and manage own domains - right now adding a new company domain requires a ticket, allow us to add/verify ourselves

Incentivized

• The exams are quite hard to pass and some require a lot of hours to be spent on them which might leave some exhausted
• Some of the content can be hard to remember since there is a lot of syntax that might be intimidating to users not familiar with something similar from before
• Perhaps consider more specific, tailored courses rather than courses which cover many topics at once which might not necessarily be within the same niche
• More human to human interaction could be beneficial to prepare for the exams sometimes

Incentivized

Its built with UX in mind and is aimed at non-tech people, to ensure that almost everyone can run the campaign. But if we go deeper - sometimes you will need an HTML editor or support in order to figure out some advanced edits you might want to add in your scenarios.

Incentivized

I have not had to use their support for pretty much anything. The software works well, and is very intuitive. I would imagine their support would be rather basic as there is not too much that can go wrong with a report phishing button, and if it were I would probably consider a different software.

Incentivized

It's a must, even if you are never going to use the tool. Cofense aims to provide phishing training first and tool second.

Incentivized

There are some hiccups, but there are meant to be, when you implement something in a large scale enterprise.

Incentivized

Cofense PhishMe was the first choice for us as the user interface as well as their bundle package with Cofense Triage and Vision has helped the organisation to alleviate the overall security awareness posture. The other vendors did not provide a vast range of phishing scenarios as compared to Cofense PhishMe platform.

Incentivized

Offensive Security Cybersecurity Courses and Certifications are very comprehensive, regularly kept up to date and, unlike some other courses out there, are quite challenging and technically demanding even for industry colleagues who've been in the field for many years; for this reason, Offensive Security Cybersecurity Courses and Certifications is excellent for your more senior cyber security analysts/engineers as it will enable these technical experts in your organisation to further enhance their knowledge and learn some new tricks that they can then bring back to the workplace to share with the rest of the team

Incentivized

• Recipes in the system are capable of handling almost 2x what an analyst does, which cuts down the efforts [of] an analyst and provides more time for accurate strategies.
• With roughly 90% false positives coming through, the remaining 10% of true positives need as much attention as they can get for the full investigation and analysis.
• 1,500 or more phishing messages can come through in a given week and the amount of time/employees required to review this without a tool like Cofense is surely beyond [the] expected/anticipated budget.

Incentivized

• Labs have allowed us to safely test new offensive as well as defensive techniques
• Certifications are widely recognised and allow us to showcase our team's maturity to external parties when required
• Content is very comprehensive so this lessens the need for covering the same topics in our internal knowledgebases
• The platforms that Offensive Security Cybersecurity Courses and Certifications have setup helped showcase the benefits and drive adoption of infrastructure as code in our own organisation

Incentivized