Are these bootcamps worth paying for? I'm looking to get into Cybersecurity but have no previous IT experiences besides a GCSE and basis skills.
Training doesn't really do it. It's what you do with the training that counts. If you know everything academically then that means nothing in the real world if you can't apply it.
I'd suggest you have a look at Udemy - loads of different courses on there and many provide 'hands on' lessons. BUT you then need to apply these yourself and work with the concepts to create something that actually does something and works.
If you have an old laptop, look at getting ubuntu (or other linux) on it and you can download and run stuff like kubernetes (microk8s), fortinet or palo alto virtual firewalls on it. Then you want to look at stuff like Wireshark and maybe have a look into getting an AWS (or other cloud) account and go through things like IaM, DNS, Edge networking, VPC, VPN, Route53, routing, loadbalancers and the like.
You can set up quite a lot of stuff for free or you can look at getting something like aCloudGuru that lets you spin up AWS/Azure/GCP environments and do real world stuff on the cloud without incurring costs.
Doing a course is the very, very first step. Being able to use and work with stuff and create things that do something from scratch is where your learning comes in.
I've got three Ubuntu machines running kubernetes (microk8s - on two nodes), virtual firewalls, AWS (Localstack) and a ton of other stuff that allows me to use Istio (mesh) and wireshark (to probe security) and the other stuff around this that you need to know.
One note. If you have an old machine that's fine, but I'd seriously recommend that you replace the harddrive with an SSD and up the memory (My kubernetes nodes have both got 2TB drives and the combined memory is 96GB) - the SSD and the spare memory really, really speed stuff up. Stuff like Microk8s lets you create a master then slave nodes and stuff like Istio and other microservices really let you get into stuff. My firewalls are in k8s and my other tools and utilities run in there two - which means it's all a lot more 'joined up' as the tools complement each other.
For instance, on my k8s nodes I also have Prometheus (Metrics), Loki (Logging), Kiali (Networking with Istio Mesh), ArgoCD (For deployments), Grafana (For reporting/graphing), Alert Manager (For alerting), node-exporter (For exporting custom metrics) and Jaeger (Tracing).
As these things are all in the mesh then the reporting and security stuff goes hand in hand with wiresharking it and catching packets. Even seeing its routine stuff gives you plenty of scope to learn and build)