Duration: 5 days – 35 hrs
Overview
This course focuses on providing IT professionals with the skills needed to excel in cybersecurity roles, such as Security Operations Analyst, Associate Security Analyst, and Security Executive. Participants will learn about the latest tools, techniques, and best practices in cybersecurity attack and defense.
This comprehensive 5-day training course is designed to equip IT professionals with the essential skills and knowledge required to identify, analyze, and defend against cyber threats. Participants will gain hands-on experience in conducting vulnerability assessments, deploying security tools, responding to attacks, and performing network forensics. By the end of the course, attendees will have a strong understanding of cybersecurity risks, threats, and challenges, as well as the ability to effectively monitor, analyze, and mitigate potential attacks.
Objectives
- Understand and identify cybersecurity risks, threats, and challenges within organizations.
- Conduct effective vulnerability assessments using the PICERII framework.
- Deploy and troubleshoot HIDS/NIDS/SIEM systems for comprehensive asset protection.
- Develop strategies to respond and contain common attack vectors, leveraging MITRE ATT&CK.
- Master continuous security threat monitoring and proactive threat hunting techniques.
- Gain proficiency in network forensics investigation and incident response.
- Generate, analyze, and manage cybersecurity incident reports.
- Create and implement cybersecurity policies, ensuring compliance and readiness.
Audience
- IT professionals responsible for or transitioning to cybersecurity roles, including Security Operations Analysts, Associate Security Analysts, and Security Executives.
Prerequisites
- Proficiency in TCP/IP networking, including IP addressing, DNS, switching, routing, and NAT
- Familiarity with Windows and Linux environments, including command line interface (CLI) for file and user management and text editing (vim, nano)
- Basic understanding of firewalls, IDS/IPS, VPNs, and other security devices
Course Content
Module 1: Define & Identify Cybersecurity Risks, Threats, and Challenges in an Organization
- Introduction to Cybersecurity Risks and Threat Landscape
- Network Security Best Practices and Risk Management
- The principle of “Assume Breach” and Compromise
- Security Monitoring and Security Intelligence
Module 2: Conduct Asset Vulnerability Scans Using the PICERII Framework
- Overview of Asset Management
- Vulnerability Assessment Techniques and Tools
- Understanding the PICERII Framework (Preparation, Identification, Containment, Eradication, Recovery)
- Leveraging Security Threat Intelligence Sources and Exchanges
Module 3: Deploy HIDS/NIDS/SIEM and Troubleshoot Log Forwarding for Windows and Linux Assets
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Security Information and Event Management (SIEM) Essentials
- Handling Alarms, Events, Logs, and Tickets
- Event Processing Workflow and Network Data Management
- Introduction to Elastic Stack for Log Management
Module 4: Identify Strategies to Respond and Contain Common Attack Vectors
- Indicators of Compromise (IoC) Analysis
- Behavioral Analysis and Anomaly Detection
- Understanding Tactics, Techniques, and Procedures (TTPs)
- Exploring the MITRE ATT&CK Framework
Module 5: Conduct Continuous Security Threat Monitoring
- Importance of Continuous Security Monitoring
- Correlation and Cross-Correlation of Security Data
- Threat Hunting Techniques and Best Practices
Module 6: Conduct Network Forensics Investigation
- Introduction to Cybersecurity First Responder and Forensic Investigation
- Network Forensics Fundamentals and Methodologies
- Practical Hands-on Network Forensics Exercises
Module 7: Run, Schedule, and View Final Cybersecurity Incident Reports
- Cybersecurity Incident Management Process
- Generating and Analyzing Incident Reports
- Developing Incident Response Plans
Module 8: Create Policies or Directives to Alert on Critical Events and Transform Them into Organizational Assets
- Policy and Directive Management for Cybersecurity
- Standards Compliance (e.g., PCI DSS) and Regulatory Frameworks
- Table-top Exercises and Cyber Range Simulations
Course Review and Final Assessment:
- Review of Key Concepts and Skills Covered in Each Module
- Final Assessment to Evaluate Participants’ Understanding and Proficiency
Course Conclusion:
- Recap of Course Objectives and Key Takeaways
- Acknowledgment of Completion and Certificates
- This training course provides participants with the necessary theoretical knowledge and practical skills to excel in various cybersecurity roles, enabling them to effectively identify, respond to, and mitigate cyber threats within an organization’s IT infrastructure.