Upload
others
View
12
Download
1
Embed Size (px)
Citation preview
Cyber Security Analyst (SOC), Incident Responder & IT Practitioner
A unique course to train absolute beginners who wish to become junior SOC Analysts and master the essentials of IT en-route to
acquiring a core profession in cybersecurity
professions, and includes five discrete modules: Microsoft Servers, Computers Networking (Cisco CCNA), Linux
Essentials (LPI), Introduction to cybersecurity (Check Point CCSA) and a full Cyber SOC Analyst module for the
CompTIA CySA+ certification.
So why do we do that? Because this is not an IT course. It is your entrance ticket to the world of cybersecurity!
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
2
A unique course to train absolute beginners who wish to become Cyber SOC Analyst and IT
professionals en-route to acquiring a core profession in the field of cybersecurity
Cyber Security Analyst (SOC), Incident Responder & IT Practitioner
About See Security College
See Security College is a highly specialized and
international cybersecurity college. One of seven
colleges of its kind, our college offers training
programs aimed at absolute beginners to more
advanced professionals. The college delivers its
study programs worldwide through the See Security
International brand as well as through well-known
government and special cybersecurity agencies.
The CEO of See-Security, Mr. Avi Weissman, is one
of the leaders of the Israeli cyber community and
serves as an advisor and commentator to the Israeli
government on the regulation of cyber professions.
In addition, Mr. Weissman was the co-founder of the
Israeli Forum for Information Security (IFIS)
together with Maj. Gen. (Res.) and former head of
National Security Council, Yaakov Amidror. In
addition to his role in leading the college, Avi is also
a co-CEO at See- HR, a human resources company
and See Secure Consulting, a managed SIEM-SOC
and consultancy firm.
About the Program
This unique program was designed for absolute
beginners who lack prior knowledge in IT and / or
cybersecurity. The program covers all the essential
knowledge you must have before proceeding to the
‘second floor’ of the cybersecurity professions, and
includes five discrete modules: Microsoft Servers,
Computer Networking (Cisco CCNA), Linux
essentials (LPI), Essentials of cybersecurity
(Check-Point CCSA) and SOC Analyst (tier 1) for
the CompTIA-CySA+ certification.
This program is your entrance ticket to the
world of cybersecurity!
Key Features
Audience Absolute beginners
Orientation Technical, theoretical, and applicative knowledge
Objectives
To train absolute beginners who wish to become IT professionals en-route to acquiring a core profession in cybersecurity.
Entry requirements
High-School graduation diploma, Knowledge of English, Admission Interview.
Associated Certifications
Cisco-CCNA, Check-Point CCSA; LPI- Linux Essentials; CompTIA-CySA+
Academic hours 255 training sessions
Homework 320 homework assignments
Course format Online lectures accompanied with 1-on-1 session with the lecturers
The program is intended for those interested in the
profession of system administrator as well as those
who wish to stand out and evolve in the
cybersecurity industry as junior SOC Analysts. To
do so, you must learn all five modules before
moving to the next step and mastering one of the
advanced professions of the field.
See Security College has built this program for
those who wish to specialize in one of the core
cyber professions. We did so by integrating core IT
knowledge and hands-on experience with the
understanding of the art of Incident Response (IR)
and the world of Security Operating Centers (SOC)
to train junior cyber analyst.
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
3
About the Associated Certifications
The external IT and SOC certifications associated
with this program are an elite way to demonstrate
your knowledge, advance your career and become
a member of a community of IT and cybersecurity
leaders. It shows you have all it takes to design,
implement, and function as a vital professional in
organizations.
Key Information of the Associated
Certifications
The CCNA certification validates your skills and knowledge in network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability.
Essential certification for IT Admins who manage daily operations of Check Point Security solutions.
The LPIC-1 will validate the candidate’s ability to perform maintenance tasks on the command line, install and configure a computer running Linux and configure basic networking.
CompTIA Cybersecurity Analyst (CySA+) is an IT workforce certification that applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats through continuous security monitoring.
In addition to the above certifications, the course
covers Microsoft 2019 servers' topics in depth.
However, following the cancellation of the
international MCSA certifications, the students will
be assessed internally by writing a comprehensive
project which will integrate the required skills and
knowledge an IT specialist is expected to master.
Target Audience
This unique program was designed for absolute
beginners who lack prior knowledge in IT and / or
cybersecurity.
The program is intended for those interested in the
profession of system administration as well as
those who wish to stand out and evolve in the
cybersecurity industry as junior SOC analysts.
Entry Requirements
You will not be tested on these requirements for
enrolment. However, we emphasize that without the
background knowledge it will be difficult to keep up
with the materials covered throughout the course
and even more challenging to pass the exams and
assignments. The following are expected:
a. High School Graduation Diploma
b. Good command of the English language
c. Passing an Admission Interview
d. Willingness to engage in a challenging course,
accompanied by intensive homework
assignments
Pedagogical Requirements
a. Participation in at least 85% of the sessions
b. Passing grade (70% and above) in each of the
exams and assignments
c. In technical modules - hands-on practical labs
in class and at home.
Certifications
See-Security certificates will be awarded to
students who fulfil the pedagogical requirement.
System & Network Practitioner & Cyber
Security Preparation
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
4
Cyber SOC Analyst
Academic Staff
Such a multi-disciplinary program requires
uncompromising and dedicated experts. The
lecturers include industry cybersecurity leaders, who
have a passion for the subject and for forming the
next generation of IT and Cybersecurity experts.
Format
The course is held twice a week, in the evenings.
There is a total of 255 hours via Zoom (7 months).
There are 320 hours of supervised homework
assignments.
Remarks
a. Registration for external examinations is the responsibility of the student.
b. The program will open only if there are enough enrolled students.
c. The registration fee is not refundable.
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
5
Curriculum
Introduction to Networking | 30 hrs
This module gives an overview of elementary components of hardware, Windows Server operating system and Active Directory.
▪ Hardware Overview
▪ Networks Topology Overview
▪ 7 layers' model Overview
▪ TCP/IP model Overview
▪ Domain Services Overview
Microsoft Servers | 45 hrs Module 1: Introduction to Active Directory Domain
Services
This module covers the structure of Active Directory Domain Services (AD DS) and its various components, such as forest, domain, and organizational units (OUs). It is also giving an overview of domain controllers, in addition to choices that are available with Windows Server 2019 for installing AD DS on a server.
▪ Windows Server 2019 Overview
▪ Installing Windows Server 2019
▪ Post-Installation Configuration of Windows
Server 2019
▪ Overview of Windows Server 2019 Management
▪ Introduction to Windows PowerShell
Module 2: Managing Active Directory Domain
Services Objects
This module describes how to manage user accounts and
computer accounts, including how to manage various
consumer devices that employees use. The module also
covers how to manage an enterprise network by
managing groups, and how to delegate administrative
tasks to designated users or groups.
▪ Overview of AD DS
▪ Overview of Domain Controllers
▪ Installing a Domain Controller
Module 3: Managing Active Directory Domain
Services Objects
This module describes how to manage user accounts and
computer accounts, including how to manage various
consumer devices that employees use. The module also
covers how to manage an enterprise network by
managing groups, and how to delegate administrative
tasks to designated users or groups.
▪ Managing User Accounts
▪ Managing Groups
▪ Managing Computer Accounts
▪ Delegating Administration
Module 4: Automating Active Directory Domain
Services Administration
This module describes how to use command line tools and
Windows PowerShell to automate AD DS administration. It
discusses various command-line tools and Windows
PowerShell commands, and then describes how to use
these tools and commands to modify objects individually
and in bulk operations.
▪ Using Command-line Tools for AD DS
Administration
▪ Using Windows PowerShell for AD DS
Administration
▪ Performing Bulk Operations with Windows
PowerShell
Module 5: Implementing IPv4
This module discusses using IPv4, which is the network
protocol used on the Internet and on local area networks.
In this module, students learn how to implement an IPv4
addressing scheme and how to troubleshoot network
communication. This module also covers how to
determine and troubleshoot network-related problems.
▪ Overview of TCP/IP
▪ Understanding IPv4 Addressing
▪ Subnetting and Supernetting
▪ Configuring and Troubleshooting IPv4
Module 6: Implementing Dynamic Host Configuration
Protocol
This module covers supporting and troubleshooting a
Windows Server–based network infrastructure by
deploying, configuring, and troubleshooting the Dynamic
Host Configuration Protocol (DHCP) server role.
▪ Overview of the DHCP Server Role
▪ Configuring DHCP Scopes
▪ Managing a DHCP Database
▪ Securing and Monitoring DHCP
Module 7: Configuring and Troubleshooting Domain
Name System
This module explains how to configure and troubleshoot
DNS, including DNS replication and caching.
▪ Configuring the DNS Server Role
▪ Configuring DNS Zones
▪ Configuring DNS Zone Transfers
▪ Managing and Troubleshooting DNS
Module 8: Maintaining Active Directory Domain
Services
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
6
This module explains how to implement virtualized
domain controllers and read-only domain controller
(RODCs). It is also explaining how to perform common
AD DS administrative tasks and manage the AD DS
Database.
▪ Implementing Virtualized Domain Controllers
▪ Implementing RODCs
▪ Administering AD DS
▪ Managing the AD DS Database
Module 9: Managing User and Service Accounts
This module explains how to create, configure and
automate the creation of user accounts. It also explains
how to configure account-related properties of user
objects. It is further explaining how to create and
administer Managed Service Accounts.
▪ Configuring Password Policy and User Account
Lockout Settings
▪ Configuring Managed Service Accounts
Module 10: Implementing a Group Policy
Infrastructure
This module explains how to implement a GPO infrastructure. This also teaches how to perform common GPO management tasks and manage GPOs by using Windows PowerShell. It is also focusing on troubleshooting the application of GPOs.
▪ Introducing Group Policy
▪ Implementing and Administering GPOs
▪ Group Policy Scope and Group Policy Processing
▪ Troubleshooting the Application of GPOs.
Module 11: Managing User Desktops with Group Policy This module explains how you can use Group Policy Objects (GPOs) to implement desktop environments across your organization by using Administrative Templates, Folder Redirection, Group Policy preferences, and where applicable, use software deployment to install and update application programs. It is important to know how to use these various GPO features so that you can configure your users’ computer settings properly.
▪ Implementing Administrative Templates
▪ Configuring Folder Redirection and Scripts
▪ Configuring Group Policy Preferences
▪ Managing Software with Group Policy
Module 12: Installing, Configuring, and
Troubleshooting the Network Policy Server Role
This module explains how to install and configure NPS,
RADIUS Clients and servers. It is also describing NPS
authentication methods. It describes NPS authentication
methods and how to monitor and troubleshoot NPS.
▪ Installing and Configuring a Network Policy
Server
▪ Configuring RADIUS Clients and Servers
▪ NPS Authentication Methods
▪ Monitoring and Troubleshooting a Network Policy
Server
Module 13: Implementing DNS
This module describes name resolution for Windows
operating system clients and Windows Server servers. It
is also covers installing and configuring a DNS Server
service and its components.
▪ Name Resolution for Windows Clients and
Servers
▪ Installing a DNS Server
▪ Managing DNS Zones.
Module 14: Implementing IPv6
This module discusses the features and benefits of IPv6,
how IPv6 affects IPv4 networks, and how to integrate IPv6
into IPv4 networks by using various transition
technologies.
▪ Overview of IPv6
▪ IPv6 Addressing
▪ Coexistence with IPv4
▪ IPv6 Transition Technologies
Module 15: Implementing Local Storage
This module introduces several different storage
technologies. It discusses how to implement the storage
solutions in Windows Server 2019, and how to use the
new Storage Spaces feature, which enables you to
combine disks into pools that you can configure for
automatic management.
▪ Overview of Storage
▪ Managing Disks and Volumes
▪ Implementing Storage Spaces
Module 16: Implementing File and Print Services
This module discusses how to provide le and print
resources with Windows Server 2012. It describes how to
secure les and folders, how to protect previous versions
of les and folders by using shadow copies, and how to
give workers remote access to corporate les by
implementing the new Work Folders role service. It is also
describing new network printing features that help
manage the network printing environment.
▪ Securing Files and Folders
▪ Protecting Shared Files and Folders by Using
Shadow Copies
▪ Configuring Work Folders
▪ Configuring Network Printing.
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
7
Module 17: Implementing Group Policy
This module provides an overview of Group Policy and
provides details about how to implement Group Policy.
▪ Overview of Group Policy
▪ Group Policy Processing
▪ Implementing a Central Store for Administrative
Templates
Module 18: Securing Windows Servers Using Group
Policy Objects
This module describes Windows Server 2019 operating
system security. It covers how to identify security threats,
plan your strategy to mitigate security threats, and secure
your Windows Server 2019 infrastructure.
▪ Security Overview for Windows Operating
Systems
▪ Configuring Security Settings
▪ Restricting Software
▪ Configuring Windows Firewall with Advanced
Security
Module 19: Implementing Server Virtualization with
Hyper-V
This module describes virtualization technologies
available on Windows, specially focusing on the Hyper-V
role in Windows Server 2019 and Windows Server 2019
R2. It covers the components of the Hyper-V role,
configuring and deploying the role, in addition to and how
to configure and manage key components of a Hyper-V
implementation, such as Storage and Networking.
▪ Overview of Virtualization Technologies
▪ Implementing Hyper-V
▪ Managing Virtual Machine Storage
▪ Managing Virtual Networks.
Module 20: Implementing Advanced Network
Services
In this module students will be able to configure advanced
features for Dynamic Host Configuration Protocol (DHCP)
and Domain Name System (DNS), and configure IP
Address Management (IPAM).
▪ Configuring Advanced DHCP Features
▪ Configuring Advanced DNS Settings
▪ Implementing IPAM
▪ Managing IP Address Spaces with IPAM
Module 21: Implementing Advanced File Services
In this module students will be able to configure file
services to meet advanced business requirements.
▪ Configuring iSCSI Storage
▪ Configuring BranchCache
▪ Optimizing Storage Usage
Module 22: Implementing Dynamic Access Control
In this module students will be able to plan and implement
an Active Directory Domain Services (AD DS) deployment
that includes multiple domains and forests.
▪ Overview of DAC
▪ Implementing DAC Components
▪ Implementing DAC for Access Control
▪ Implementing Access Denied Assistance
▪ Implementing and Managing Work Folders
Module 23: Implementing Distributed Active Directory
Domain Services Deployments
In this module students will be able to configure advanced
features for Dynamic Host Configuration Protocol (DHCP)
and Domain Name System (DNS), and configure IP
Address Management (IPAM).
▪ Overview of Distributed AD DS Deployments
▪ Deploying a Distributed AD DS Environment
▪ Configuring AD DS Trusts
Module 24: Implementing Active Directory Domain
Services Sites and Replication
In this module students will be able to plan and implement
an AD DS deployment that includes multiple locations.
▪ AD DS Replication Overview
▪ Configuring AD DS Sites
▪ Configuring and Monitoring AD DS Replication
Module 25: Implementing AD CS
In this module students will be able to implement an
Active Directory Certificate Services (AD CS)
deployment.
▪ Using Certificates in a Business Environment
▪ PKI Overview
▪ Deploying CAs
▪ Deploying and Managing Certificate Templates
▪ Implementing Certificate Distribution and
Revocation
▪ Managing Certificate Recovery
Module 26: Implementing Active Directory Rights
Management Services
In this module students will be able to implement an AD
RMS deployment.
▪ AD RMS Overview
▪ Deploying and Managing an AD RMS
Infrastructure
▪ Configuring AD RMS Content Protection
▪ Configuring External Access to AD RMS
Module 27: Implementing and Administering AD FS
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
8
In this module students will be able to implement an
Active Directory Federation Services (AD FS)
deployment.
▪ Overview of AD FS
▪ Deploying AD FS
▪ Implementing AD FS for a Single Organization
▪ Deploying AD FS in a Business-to-Business
Federation Scenario
▪ Extending AD FS to External Clients
Module 28: Implementing Network Load Balancing
In this module students will be able to provide high
availability and load balancing for web-based applications
by implementing Network Load Balancing (NLB).
▪ Overview of NLB
▪ Configuring an NLB Cluster
▪ Planning an NLB Implementation
Module 29: Implementing Failover Clustering
In this module students will be able to provide high
availability for network services and applications by
implementing failover clustering.
▪ Overview of Failover Clustering
▪ Implementing a Failover Cluster
▪ Configuring Highly Available Applications and
Services on a Failover Cluster
▪ Maintaining a Failover Cluster
▪ Implementing a Multi-Site Failover Cluster
Module 30: Implementing Failover Clustering with
Hyper-V
In this module students will be able to deploy and manage
Hyper-V virtual machines in a failover cluster.
▪ Overview of Integrating Hyper-V with Failover
Clustering
▪ Implementing Hyper-V Virtual Machines on
Failover Clusters
▪ Implementing Hyper-V Virtual Machine
Movement
▪ Lab: Implementing Failover Clustering with
Hyper-V
Module 31: Implementing Business Continuity and
Disaster Recovery
In this module students will be able to implement a backup
and disaster recovery solution based on business and
technical requirements.
▪ Data Protection Overview
▪ Implementing Windows Server Backup
▪ Implementing Server and Data Recovery
CISCO-CCNA | 55 hrs This section will enable students to understand QoS,
virtualization and cloud services, and network
programmability related to WAN, access, and core
segments. It will provide the foundational understanding
of network layers 1-3 that are applicable to core routing
and switching plus other advanced technologies. Several
topics have been added including understanding the
interactions and network functions of firewalls, wireless
controllers, and access points, along with additional focus
on IPv6 and basic network security. The configuration
commands are introduced through examples and
supported with lab exercises. A full suite of labs has been
developed using the virtual IOS environment with flexible
topologies that reinforce concepts with hands-on, guided
discovery and challenge labs that align to each lesson
module.
Further, students will gain the knowledge and skills
needed to install, configure, operate, and troubleshoot a
small enterprise network. It will ensure that students
understand and are ready to deploy the latest shifts in
technologies and solutions as follows:
▪ Understanding of Quality of Service (QoS)
elements and their applicability
▪ How virtualized and cloud services will interact
and impact enterprise networks
▪ An overview of network programmability and the
related controller types and tools that are
available to support software defined network
architectures.
Module 1: Building a Simple Network
▪ Exploring the Functions of Networking
▪ Understanding the Host-to-Host Communication
Model
▪ Introducing LANs
▪ Operating Cisco IOS Software
▪ Starting a Switch
▪ Understanding Ethernet and Switch Operation
▪ Troubleshooting Common Switch Media Issues
Module 2: Establishing Internet Connectivity
▪ Understanding the TCP/IP Internet Layer
▪ Understanding IP Addressing and Subnets
▪ Exploring the Functions of Routing
▪ Configuring a Cisco Router
▪ Exploring the Packet Delivery Process
▪ Enabling Static Routing
▪ Learning the Basics of ACL
▪ Enabling Internet Connectivity
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
9
Module 3: Summary Challenge
▪ Establish Internet Connectivity
▪ Troubleshoot Internet Connectivity
Module 4: Building a Medium-Sized Network
▪ Implementing VLANs and Trunks
▪ Routing Between VLANs
▪ Using a Cisco IOS Network Device as a DHCP
Server
▪ Implementing RIPv2
Module 5: Network Device Management and Security
▪ Securing Administrative Access
▪ Implementing Device Hardening
▪ Configuring System Message Logging
▪ Managing Cisco Devices
▪ Licensing
Module 6: Summary Challenge
▪ Implementing a Medium-Sized Network
▪ Troubleshooting a Medium-Sized Network
Module 7: Implement Scalable Medium-Sized
Networks
▪ Troubleshooting VLAN Connectivity
▪ Building Redundant Switched Topologies
▪ Improving Redundant Switched Topologies with
EtherChannel
▪ Understanding Layer 3 Redundancy
Module 8: Troubleshooting Basic Connectivity
▪ Troubleshooting IPv4 Network Connectivity
▪ Troubleshooting IPv6 Network Connectivity
Module 9: Implementing an EIGRP-Based Solution
▪ Understanding OSPF
▪ Implementing Multiarea OSPF IPv4
▪ Implementing OSPFv3 for IPv6
▪ Troubleshooting Multiarea OSPF
Module 10: Summary Challenge
▪ Implementing and Troubleshooting Scalable
Medium- Sized Network
▪ Implementing and Troubleshooting Scalable
Medium- Sized Network 2
Module 11: Implement a Scalable OSPF-Based
Solution
▪ Understanding OSPF
▪ Implementing Multiarea OSPF IPv4
▪ Implementing OSPFv3 for IPv6
▪ Troubleshooting Multiarea OSPF
Module 12: Wide-Area Networks
▪ Understanding WAN Technologies
▪ Understanding Point-to-Point Protocols
▪ Configuring GRE Tunnels
▪ Configuring Single-Homed EBGP
Module 13: Network Device Management
▪ Implementing Basic Network Device
Management and Security
▪ Evolution of Intelligent Networks
▪ Introducing QoS
Essentials of Cybersecurity - CCSA | 50 hrs Check Point Security Administration (R77 GAiA) provides
you with an understanding of the basic concepts and skills
necessary to configure Check Point Security Gateway
and Management Software Blades. During this course,
you will configure a Security Policy and learn about
managing and monitoring a secure network, upgrading
and configuring a Security Gateway, and implementing a
virtual private network.
Module 1: Check Point Security Management
▪ Check Point Security Management
▪ Architecture (SMART)
▪ SmartConsole
▪ Security Management Server
▪ Security Gateway
Module 2: The Check Point Firewall
▪ OSI Model
▪ Mechanism for controlling
▪ Network traffic
▪ Packet Filtering
▪ Stateful Inspection
▪ Application Intelligence
Module 3: Security Gateway Inspection Architecture
▪ INSPECT Engine Packet Flow
Module 4: Deployment Considerations
▪ Standalone Deployment
▪ Distributed Deployment
▪ Standalone Full HA
▪ Bridge Mode
Module 5: Check Point SmartConsole Clients
▪ SmartDashboard
▪ Smartview Tracker
▪ SmartLog
▪ SmartEvent
▪ SmartView Monitor
▪ SmartReporter
▪ SmartUpdate
▪ SmartProvisioning
▪ SmartEndpoint
Module 6: Security Management Server
▪ Managing Users in SmartDashboard
▪ Users Database
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
10
Module 7: Securing Channels of Communication
▪ Secure Internal Communication
▪ Testing the SIC Status
▪ Resetting the Trust State
LPI – Linux Essentials | 35 hrs This section teaches the basic concepts of processes,
programs and the components of the Linux operating
system. You learn the basic knowledge of computer
hardware, gain an understanding of open-source
applications in the workplace, and learn to navigate
systems on a Linux desktop rudimentary commands to
navigate the Linux command line.
This course is a prep course for the Linux Essentials
exam from Linux Professional Institute and is meant to
help those without Linux experience to pass their first
Linux certification.
Module 1: The Linux Community and a Career in Open
Source
▪ Linux Evolution and Popular Operating Systems
▪ Major Open-Source Applications
▪ Understanding Open-Source Software and
Licensing
▪ ICT Skills and Working in Linux
Module 2: Finding Your Way on a Linux System
▪ Command Line Basics
▪ Using the Command Line to Get Help
▪ Using Directories and Listing Files
▪ Creating, Moving and Deleting Files
Module 3: The Power of the Command Line
▪ Archiving Files on the Command Line
▪ Searching and Extracting Data from Files
▪ Turning Commands into a Script
Module 4: The Linux Operating System
▪ Choosing an Operating System
▪ Understanding Computer Hardware
▪ Where Data is Stored
▪ Your Computer on the Network
Module 5: Security and File Permissions
▪ Basic Security and Identifying User Types
▪ Creating Users and Groups
▪ Managing File Permissions and Ownership
▪ Special Directories and Files
Cyber SOC Analyst (Tier 1) | 40 hrs The domains covered in this comprehensive training
programme relates to the core skills and knowledge you
need to know to work and operat a SOC & IR centers.
The graduates of this training shall understand the
theoretical and practical components associated with
their roles as SOC analysts. Therefore, the course is rich
in hands-on practices which closely accompanied the
theoretical topics addressed in this training.
Students can also attempt the CCNA-Cyber Ops and / or
the CompTIA-CySA+ and / or the EC Council- ECIH
certifications.
Module 1: Threat & Vulnerability Management
1. The importance of threat data and intelligence
▪ Intelligence sources
▪ Confidence levels
▪ Indicator management
▪ Threat classification
▪ Threat actors
▪ Collection
▪ Commodity malware
▪ Information sharing and analysis communities
▪ Reconnaissance Techniques
▪ Network Reconnaissance
▪ Response and Counter Measures
▪ Securing Corporate Environments
▪ Implementing the Information Security
Vulnerability Management Process
▪ Analyze Output of Vulnerability Scan
▪ Compare and Contrast Common Vulnerabilities
2. Utilization of threat intelligence to support
organizational security
▪ Attack frameworks
▪ Threat research
▪ Threat modeling methodologies
▪ Threat intelligence sharing with supported
functions
3. Vulnerability management activities
▪ Vulnerability identification
▪ Validation
▪ Remediation/mitigation
▪ Scanning parameters and criteria
▪ Inhibitors to remediation
4. Vulnerability assessment tools
▪ Web application scanner
▪ Infrastructure vulnerability scanner
▪ Software assessment tools and techniques
▪ Enumeration
▪ Wireless assessment tools
▪ Cloud infrastructure assessment tools
5. Threats and vulnerabilities
▪ Mobile
▪ Internet of Things (IoT)
▪ Embedded
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
11
▪ Real-time operating system (RTOS)
▪ System-on-Chip (SoC)
▪ Field programmable gate array (FPGA)
▪ Physical access control
▪ Building automation systems
▪ Vehicles and drones - CAN bus
▪ Workflow and process automation systems
▪ Industrial control system
▪ Supervisory control and data acquisition
(SCADA) – Modbus
6. Threats and vulnerabilities in cloud environment
▪ Cloud service models
▪ Cloud deployment models - Public - Private -
Community – Hybrid
▪ Function as a Service (FaaS)/ serverless
architecture
▪ Infrastructure as code (IaC)
▪ Insecure application programming interface
(API)
▪ Improper key management
▪ Unprotected storage
▪ Logging and monitoring
7. Implementation of controls
▪ Attack types
▪ Vulnerabilities
Module 2: Software and Systems Security
1. Solutions for infrastructure management
▪ Cloud vs. on-premises
▪ Asset management
▪ Segmentation
▪ Network architecture
▪ Containerization
▪ Identity and access management
▪ Cloud access security broker (CASB)
▪ Honeypot
▪ Monitoring and logging
▪ Encryption
▪ Certificate management
▪ Active defense
2. Software assurance best practices
▪ Software development life cycle (SDLC)
integration
▪ DevSecOps
▪ Software assessment methods
▪ Secure coding best practices
▪ Static analysis tools
▪ Dynamic analysis tools
▪ Formal methods for verification of critical
software
▪ Service-oriented architecture
3. Hardware assurance best practices
▪ Hardware root of trust
▪ eFuse
▪ Unified Extensible Firmware Interface (UEFI)
▪ Trusted foundry
▪ Secure processing
▪ Anti-tamper
▪ Self-encrypting drive
▪ Trusted firmware updates
▪ Measured boot and attestation
▪ Bus encryption
Module 3: Security Operations and Monitoring
1. Analyze data as part of security monitoring
activities
▪ Heuristics
▪ Trend analysis
▪ Endpoint
▪ Network
▪ Log review
▪ Impact analysis
▪ Security information and event management
(SIEM) review
▪ Query writing
▪ E-mail analysis
2. Hardening controls to improve security
▪ Permissions
▪ Allow list (previously known as whitelisting)
▪ Blocklist (previously known as blacklisting)
▪ Firewall
▪ Intrusion prevention system (IPS) rules
▪ Data loss prevention (DLP)
▪ Endpoint detection and response (EDR)
▪ Network access control (NAC)
▪ Sinkholing
▪ Malware signatures - Development/rule writing
▪ Sandboxing
▪ Port security
3. Proactive threat hunting
▪ Establishing a hypothesis
▪ Profiling threat actors and activities
▪ Threat hunting tactics - Executable process
analysis
▪ Reducing the attack surface area
▪ Bundling critical assets
▪ Attack vectors
1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831
www.see-security.com [email protected]
12
▪ Integrated intelligence
▪ Improving detection capabilities
4. Automation concepts and technologies
▪ Workflow orchestration
▪ Scripting
▪ Application programming interface (API)
integration
▪ Automated malware signature creation
▪ Data enrichment
▪ Threat feed combination
▪ Machine learning
▪ Use of automation protocols and standards
▪ Continuous integration
Module 4: Incident Response
1. Incident response process .
▪ Response coordination with relevant entities
▪ Factors contributing to data criticality
2. Incident response procedure
▪ Preparation
▪ Detection and analysis
▪ Containment
▪ Eradication and recovery
▪ Post-incident activities
3. Potential indicators of compromise .
▪ Network-related
▪ Host-related
▪ Application-related
4. Basic digital forensics techniques
▪ Network
▪ Endpoint
▪ Cloud
▪ Virtualization
▪ Legal hold
▪ Procedures
▪ Hashing
▪ Carving
▪ Data acquisition
5. Forensics Tools and Investigation
Module 5: Windows Security Monitoring
1. Introduction to Windows Security Monitoring
▪ Windows Auditing Subsystem
▪ Security Monitoring Scenarios
▪ Local User Accounts
▪ Local Security Groups
▪ Microsoft Active Directory
▪ Active Directory Objects
▪ Authentication Protocols
▪ Operating System Events
▪ Logon Rights and User Privileges
▪ Windows Applications
▪ Filesystem and Removable Storage
▪ Windows Registry
▪ Network File Shares and Named Pipes