In January 2026 I started the Google Cybersecurity Professional Certificate on Coursera. The lectures for Informatics and Communications Security (SIC), a 3rd year course at the University of Aveiro, had got me interested in going deeper into the field, and with an exam coming up I figured I’d combine both. SIC covers a lot of the same ground: cryptography from scratch (digest functions, symmetric, asymmetric, PKI), authentication protocols, IPSec, SSH, firewalls, OS hardening. There was enough overlap to make the Google course useful as exam prep and worth doing in its own right.

The certificate has 9 courses:

  1. Foundations of Cybersecurity
  2. Play It Safe: Manage Security Risks
  3. Connect and Protect: Networks and Network Security
  4. Tools of the Trade: Linux and SQL
  5. Assets, Threats, and Vulnerabilities
  6. Sound the Alarm: Detection and Response
  7. Automate Cybersecurity Tasks with Python
  8. Put It to Work: Prepare for Cybersecurity Jobs
  9. Accelerate Your Job Search with AI

Coursera offers a 7-day free trial. In January I used it to get through courses 1 to 4, then other exams got in the way and I let it expire rather than pay $49/month, which is steep. Courses 5 through 9 had to wait. A few days ago I came back, grabbed another trial (I am NOT paying 49$), and finished everything. The first 5 I had already done so they went fast, about 1 day, and the last 4 took another 2. All 9 done within a week.

What’s good

Videos

Short, 2 to 8 minutes each, and consistently well produced. Each concept gets its own clip, so you can move quickly through things you already know and slow down where you need to. I took a lot of notes on Course 6 (detection and response) and skimmed most of the rest.

Quizzes

4 to 10 questions per module, conceptual rather than tricky. With a CS background they are not a challenge, but they do make you check whether you actually absorbed the video or just had it on in the background while doing something else (not that I would know anything about that).

What’s bad

Repetition

The biggest issue by far. SIEM (Security Information and Event Management, basically a tool that aggregates logs from across your infrastructure and helps you detect threats) is introduced in Course 2, reappears in Course 3’s network security section, and then Course 6 dedicates an entire module to it. Brute force attacks (trying every possible password combination until one works) show up in Course 3 and again in Course 5. OWASP (Open Worldwide Application Security Project, the organisation behind the well-known Top 10 list of most critical web vulnerabilities) principles are in Course 2, and the OWASP Top 10 is back in Course 5. None of it builds on what came before, it is just the same explanation with slightly different slides. By Course 6 you notice it, and by Course 7 you start wondering if the authors have a SIEM-shaped hole in their hearts.

Course 7 (Python)

Python 101: variables, loops, functions, strings, lists, regex, file handling. If you have written any code before, skip it entirely. I took zero notes and finished it faster than it takes to make coffee.

Courses 8 and 9

Mostly career prep: how to escalate incidents, how to communicate with stakeholders, how to use AI for job hunting. Course 9 is literally called “Accelerate Your Job Search with AI.” Fine if you are entering the field from a non-technical background, but if you are doing this alongside a CS degree it feels like the course ran out of technical content and needed to fill two more modules.

More broadly, a lot of the material (Python, SQL, web vulnerabilities) is not difficult with any programming background. The course is built for people without one, which makes sense, but it does mean you will spend more time than you would like on things you already know.

How it compares to SIC

The UA course goes into depth that Google does not touch: the math behind cryptographic primitives, how PKI (Public Key Infrastructure, the system of certificates and authorities that makes encrypted communication on the web possible) works at the protocol level, SSH internals, IPSec (the protocol suite that secures traffic at the network layer, used in most VPNs), the full evolution of wireless security standards from WEP to WPA3. Google covers VPNs, firewalls, brute force, phishing, and IDS/IPS (Intrusion Detection and Prevention Systems, which monitor network traffic for suspicious activity), but at a surface level. The difficulty gap is significant.

The parts that were actually useful for the exam were network security and threat modeling, where the Google course gave me a slightly different framing of concepts I had already seen in the UA lectures. Not a large difference, but occasionally helpful.

Is it worth it?

At $49/month, probably not, unless you need the certificate for a job application. For anyone with a CS background, courses 1 to 5 are where the value is: they actually focus on cybersecurity, and the 7-day trial is enough to get through them if you commit to it. Courses 6 to 9 are where the repetition and career fluff kick in, and the returns drop off quickly.

As a broad introduction to the cybersecurity field before going deeper elsewhere, it is worth doing once. Just use the trial.

Google’s certificate is a good starting line, not a destination :)