I’m the developer of a commercial penetration testing product, Cobalt Strike. People are often amazed that I have a free 9-part Penetration Testing course on my website. This 9-part course is all of the material from my paid two-day class: Advanced Threat Tactics.

Why do I give away my training product, for free?

I know my business model. I sell software licenses. This is how my company brings in revenue and pays for my work. Anything that helps sell software licenses or encourage renewals is a valid business activity.

By making my training available for free and with no registration—I provide a friction free and controlled experience for anyone to learn about my product. Anyone can go through my course and decide if my product is of interest to them or not. This helps sell new licenses to the right customers.

For my existing customers—the online training provides a way to bring their Cobalt Strike users up to speed. This reduces my support burden greatly. In general–my customers know how to use my product. Customers who know how to use a product are customers that are more likely to renew it when the time comes. This is a win too.

Lectures by themselves are fine—but real learning happens by doing. I cater to this too. I put together a mini-penetration testing environment and wrote step-by-step labs that map to this online course. I give away thousands of DVDs with this lab environment at security conferences each year. It’s the easiest sales pitch in the world: “would you like a free penetration testing lab?” “sure” “great, come back if you have any questions”. That’s it.

If you ever wanted to know how I sell my enterprise software—this is it. I share what I want others to know about my product—in a friction free and scalable way. This makes it easy for potential users to understand what I offer and make a good decision based on their needs.