Cyber Security Analyst (SOC), Incident Responder & IT

Cyber Security Analyst (SOC), Incident Responder & IT Practitioner

A unique course to train absolute beginners who wish to become junior SOC Analysts and master the essentials of IT en-route to

acquiring a core profession in cybersecurity

professions, and includes five discrete modules: Microsoft Servers, Computers Networking (Cisco CCNA), Linux

Essentials (LPI), Introduction to cybersecurity (Check Point CCSA) and a full Cyber SOC Analyst module for the

CompTIA CySA+ certification.

So why do we do that? Because this is not an IT course. It is your entrance ticket to the world of cybersecurity!

1 Jabotinsky St, Ramat-Gan, Israel, Phone: +972 (0) 3 6122 831

www.see-security.com [email protected]

2

A unique course to train absolute beginners who wish to become Cyber SOC Analyst and IT

professionals en-route to acquiring a core profession in the field of cybersecurity

Cyber Security Analyst (SOC), Incident Responder & IT Practitioner

About See Security College

See Security College is a highly specialized and

international cybersecurity college. One of seven

colleges of its kind, our college offers training

programs aimed at absolute beginners to more

advanced professionals. The college delivers its

study programs worldwide through the See Security

International brand as well as through well-known

government and special cybersecurity agencies.

The CEO of See-Security, Mr. Avi Weissman, is one

of the leaders of the Israeli cyber community and

serves as an advisor and commentator to the Israeli

government on the regulation of cyber professions.

In addition, Mr. Weissman was the co-founder of the

Israeli Forum for Information Security (IFIS)

together with Maj. Gen. (Res.) and former head of

National Security Council, Yaakov Amidror. In

addition to his role in leading the college, Avi is also

a co-CEO at See- HR, a human resources company

and See Secure Consulting, a managed SIEM-SOC

and consultancy firm.

About the Program

This unique program was designed for absolute

beginners who lack prior knowledge in IT and / or

cybersecurity. The program covers all the essential

knowledge you must have before proceeding to the

‘second floor’ of the cybersecurity professions, and

includes five discrete modules: Microsoft Servers,

Computer Networking (Cisco CCNA), Linux

essentials (LPI), Essentials of cybersecurity

(Check-Point CCSA) and SOC Analyst (tier 1) for

the CompTIA-CySA+ certification.

This program is your entrance ticket to the

world of cybersecurity!

Key Features

Audience Absolute beginners

Orientation Technical, theoretical, and applicative knowledge

Objectives

To train absolute beginners who wish to become IT professionals en-route to acquiring a core profession in cybersecurity.

Entry requirements

High-School graduation diploma, Knowledge of English, Admission Interview.

Associated Certifications

Cisco-CCNA, Check-Point CCSA; LPI- Linux Essentials; CompTIA-CySA+

Academic hours 255 training sessions

Homework 320 homework assignments

Course format Online lectures accompanied with 1-on-1 session with the lecturers

The program is intended for those interested in the

profession of system administrator as well as those

who wish to stand out and evolve in the

cybersecurity industry as junior SOC Analysts. To

do so, you must learn all five modules before

moving to the next step and mastering one of the

advanced professions of the field.

See Security College has built this program for

those who wish to specialize in one of the core

cyber professions. We did so by integrating core IT

knowledge and hands-on experience with the

understanding of the art of Incident Response (IR)

and the world of Security Operating Centers (SOC)

to train junior cyber analyst.

http://www.see-security.com/

mailto:[email protected]



3

About the Associated Certifications

The external IT and SOC certifications associated

with this program are an elite way to demonstrate

your knowledge, advance your career and become

a member of a community of IT and cybersecurity

leaders. It shows you have all it takes to design,

implement, and function as a vital professional in

organizations.

Key Information of the Associated

Certifications

The CCNA certification validates your skills and knowledge in network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability.

Essential certification for IT Admins who manage daily operations of Check Point Security solutions.

The LPIC-1 will validate the candidate’s ability to perform maintenance tasks on the command line, install and configure a computer running Linux and configure basic networking.

CompTIA Cybersecurity Analyst (CySA+) is an IT workforce certification that applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats through continuous security monitoring.

In addition to the above certifications, the course

covers Microsoft 2019 servers' topics in depth.

However, following the cancellation of the

international MCSA certifications, the students will

be assessed internally by writing a comprehensive

project which will integrate the required skills and

knowledge an IT specialist is expected to master.

Target Audience

This unique program was designed for absolute

beginners who lack prior knowledge in IT and / or

cybersecurity.

The program is intended for those interested in the

profession of system administration as well as

those who wish to stand out and evolve in the

cybersecurity industry as junior SOC analysts.

Entry Requirements

You will not be tested on these requirements for

enrolment. However, we emphasize that without the

background knowledge it will be difficult to keep up

with the materials covered throughout the course

and even more challenging to pass the exams and

assignments. The following are expected:

a. High School Graduation Diploma

b. Good command of the English language

c. Passing an Admission Interview

d. Willingness to engage in a challenging course,

accompanied by intensive homework

assignments

Pedagogical Requirements

a. Participation in at least 85% of the sessions

b. Passing grade (70% and above) in each of the

exams and assignments

c. In technical modules - hands-on practical labs

in class and at home.

Certifications

See-Security certificates will be awarded to

students who fulfil the pedagogical requirement.

System & Network Practitioner & Cyber

Security Preparation





4

Cyber SOC Analyst

Academic Staff

Such a multi-disciplinary program requires

uncompromising and dedicated experts. The

lecturers include industry cybersecurity leaders, who

have a passion for the subject and for forming the

next generation of IT and Cybersecurity experts.

Format

The course is held twice a week, in the evenings.

There is a total of 255 hours via Zoom (7 months).

There are 320 hours of supervised homework

assignments.

Remarks

a. Registration for external examinations is the responsibility of the student.

b. The program will open only if there are enough enrolled students.

c. The registration fee is not refundable.





5

Curriculum

Introduction to Networking | 30 hrs

This module gives an overview of elementary components of hardware, Windows Server operating system and Active Directory.

▪ Hardware Overview

▪ Networks Topology Overview

▪ 7 layers' model Overview

▪ TCP/IP model Overview

▪ Domain Services Overview

Microsoft Servers | 45 hrs Module 1: Introduction to Active Directory Domain

Services

This module covers the structure of Active Directory Domain Services (AD DS) and its various components, such as forest, domain, and organizational units (OUs). It is also giving an overview of domain controllers, in addition to choices that are available with Windows Server 2019 for installing AD DS on a server.

▪ Windows Server 2019 Overview

▪ Installing Windows Server 2019

▪ Post-Installation Configuration of Windows

Server 2019

▪ Overview of Windows Server 2019 Management

▪ Introduction to Windows PowerShell

Module 2: Managing Active Directory Domain

Services Objects

This module describes how to manage user accounts and

computer accounts, including how to manage various

consumer devices that employees use. The module also

covers how to manage an enterprise network by

managing groups, and how to delegate administrative

tasks to designated users or groups.

▪ Overview of AD DS

▪ Overview of Domain Controllers

▪ Installing a Domain Controller

Module 3: Managing Active Directory Domain

Services Objects

This module describes how to manage user accounts and

computer accounts, including how to manage various

consumer devices that employees use. The module also

covers how to manage an enterprise network by

managing groups, and how to delegate administrative

tasks to designated users or groups.

▪ Managing User Accounts

▪ Managing Groups

▪ Managing Computer Accounts

▪ Delegating Administration

Module 4: Automating Active Directory Domain

Services Administration

This module describes how to use command line tools and

Windows PowerShell to automate AD DS administration. It

discusses various command-line tools and Windows

PowerShell commands, and then describes how to use

these tools and commands to modify objects individually

and in bulk operations.

▪ Using Command-line Tools for AD DS

Administration

▪ Using Windows PowerShell for AD DS

Administration

▪ Performing Bulk Operations with Windows

PowerShell

Module 5: Implementing IPv4

This module discusses using IPv4, which is the network

protocol used on the Internet and on local area networks.

In this module, students learn how to implement an IPv4

addressing scheme and how to troubleshoot network

communication. This module also covers how to

determine and troubleshoot network-related problems.

▪ Overview of TCP/IP

▪ Understanding IPv4 Addressing

▪ Subnetting and Supernetting

▪ Configuring and Troubleshooting IPv4

Module 6: Implementing Dynamic Host Configuration

Protocol

This module covers supporting and troubleshooting a

Windows Server–based network infrastructure by

deploying, configuring, and troubleshooting the Dynamic

Host Configuration Protocol (DHCP) server role.

▪ Overview of the DHCP Server Role

▪ Configuring DHCP Scopes

▪ Managing a DHCP Database

▪ Securing and Monitoring DHCP

Module 7: Configuring and Troubleshooting Domain

Name System

This module explains how to configure and troubleshoot

DNS, including DNS replication and caching.

▪ Configuring the DNS Server Role

▪ Configuring DNS Zones

▪ Configuring DNS Zone Transfers

▪ Managing and Troubleshooting DNS

Module 8: Maintaining Active Directory Domain

Services





6

This module explains how to implement virtualized

domain controllers and read-only domain controller

(RODCs). It is also explaining how to perform common

AD DS administrative tasks and manage the AD DS

Database.

▪ Implementing Virtualized Domain Controllers

▪ Implementing RODCs

▪ Administering AD DS

▪ Managing the AD DS Database

Module 9: Managing User and Service Accounts

This module explains how to create, configure and

automate the creation of user accounts. It also explains

how to configure account-related properties of user

objects. It is further explaining how to create and

administer Managed Service Accounts.

▪ Configuring Password Policy and User Account

Lockout Settings

▪ Configuring Managed Service Accounts

Module 10: Implementing a Group Policy

Infrastructure

This module explains how to implement a GPO infrastructure. This also teaches how to perform common GPO management tasks and manage GPOs by using Windows PowerShell. It is also focusing on troubleshooting the application of GPOs.

▪ Introducing Group Policy

▪ Implementing and Administering GPOs

▪ Group Policy Scope and Group Policy Processing

▪ Troubleshooting the Application of GPOs.

Module 11: Managing User Desktops with Group Policy This module explains how you can use Group Policy Objects (GPOs) to implement desktop environments across your organization by using Administrative Templates, Folder Redirection, Group Policy preferences, and where applicable, use software deployment to install and update application programs. It is important to know how to use these various GPO features so that you can configure your users’ computer settings properly.

▪ Implementing Administrative Templates

▪ Configuring Folder Redirection and Scripts

▪ Configuring Group Policy Preferences

▪ Managing Software with Group Policy

Module 12: Installing, Configuring, and

Troubleshooting the Network Policy Server Role

This module explains how to install and configure NPS,

RADIUS Clients and servers. It is also describing NPS

authentication methods. It describes NPS authentication

methods and how to monitor and troubleshoot NPS.

▪ Installing and Configuring a Network Policy

Server

▪ Configuring RADIUS Clients and Servers

▪ NPS Authentication Methods

▪ Monitoring and Troubleshooting a Network Policy

Server

Module 13: Implementing DNS

This module describes name resolution for Windows

operating system clients and Windows Server servers. It

is also covers installing and configuring a DNS Server

service and its components.

▪ Name Resolution for Windows Clients and

Servers

▪ Installing a DNS Server

▪ Managing DNS Zones.

Module 14: Implementing IPv6

This module discusses the features and benefits of IPv6,

how IPv6 affects IPv4 networks, and how to integrate IPv6

into IPv4 networks by using various transition

technologies.

▪ Overview of IPv6

▪ IPv6 Addressing

▪ Coexistence with IPv4

▪ IPv6 Transition Technologies

Module 15: Implementing Local Storage

This module introduces several different storage

technologies. It discusses how to implement the storage

solutions in Windows Server 2019, and how to use the

new Storage Spaces feature, which enables you to

combine disks into pools that you can configure for

automatic management.

▪ Overview of Storage

▪ Managing Disks and Volumes

▪ Implementing Storage Spaces

Module 16: Implementing File and Print Services

This module discusses how to provide le and print

resources with Windows Server 2012. It describes how to

secure les and folders, how to protect previous versions

of les and folders by using shadow copies, and how to

give workers remote access to corporate les by

implementing the new Work Folders role service. It is also

describing new network printing features that help

manage the network printing environment.

▪ Securing Files and Folders

▪ Protecting Shared Files and Folders by Using

Shadow Copies

▪ Configuring Work Folders

▪ Configuring Network Printing.





7

Module 17: Implementing Group Policy

This module provides an overview of Group Policy and

provides details about how to implement Group Policy.

▪ Overview of Group Policy

▪ Group Policy Processing

▪ Implementing a Central Store for Administrative

Templates

Module 18: Securing Windows Servers Using Group

Policy Objects

This module describes Windows Server 2019 operating

system security. It covers how to identify security threats,

plan your strategy to mitigate security threats, and secure

your Windows Server 2019 infrastructure.

▪ Security Overview for Windows Operating

Systems

▪ Configuring Security Settings

▪ Restricting Software

▪ Configuring Windows Firewall with Advanced

Security

Module 19: Implementing Server Virtualization with

Hyper-V

This module describes virtualization technologies

available on Windows, specially focusing on the Hyper-V

role in Windows Server 2019 and Windows Server 2019

R2. It covers the components of the Hyper-V role,

configuring and deploying the role, in addition to and how

to configure and manage key components of a Hyper-V

implementation, such as Storage and Networking.

▪ Overview of Virtualization Technologies

▪ Implementing Hyper-V

▪ Managing Virtual Machine Storage

▪ Managing Virtual Networks.

Module 20: Implementing Advanced Network

Services

In this module students will be able to configure advanced

features for Dynamic Host Configuration Protocol (DHCP)

and Domain Name System (DNS), and configure IP

Address Management (IPAM).

▪ Configuring Advanced DHCP Features

▪ Configuring Advanced DNS Settings

▪ Implementing IPAM

▪ Managing IP Address Spaces with IPAM

Module 21: Implementing Advanced File Services

In this module students will be able to configure file

services to meet advanced business requirements.

▪ Configuring iSCSI Storage

▪ Configuring BranchCache

▪ Optimizing Storage Usage

Module 22: Implementing Dynamic Access Control

In this module students will be able to plan and implement

an Active Directory Domain Services (AD DS) deployment

that includes multiple domains and forests.

▪ Overview of DAC

▪ Implementing DAC Components

▪ Implementing DAC for Access Control

▪ Implementing Access Denied Assistance

▪ Implementing and Managing Work Folders

Module 23: Implementing Distributed Active Directory

Domain Services Deployments

In this module students will be able to configure advanced

features for Dynamic Host Configuration Protocol (DHCP)

and Domain Name System (DNS), and configure IP

Address Management (IPAM).

▪ Overview of Distributed AD DS Deployments

▪ Deploying a Distributed AD DS Environment

▪ Configuring AD DS Trusts

Module 24: Implementing Active Directory Domain

Services Sites and Replication

In this module students will be able to plan and implement

an AD DS deployment that includes multiple locations.

▪ AD DS Replication Overview

▪ Configuring AD DS Sites

▪ Configuring and Monitoring AD DS Replication

Module 25: Implementing AD CS

In this module students will be able to implement an

Active Directory Certificate Services (AD CS)

deployment.

▪ Using Certificates in a Business Environment

▪ PKI Overview

▪ Deploying CAs

▪ Deploying and Managing Certificate Templates

▪ Implementing Certificate Distribution and

Revocation

▪ Managing Certificate Recovery

Module 26: Implementing Active Directory Rights

Management Services

In this module students will be able to implement an AD

RMS deployment.

▪ AD RMS Overview

▪ Deploying and Managing an AD RMS

Infrastructure

▪ Configuring AD RMS Content Protection

▪ Configuring External Access to AD RMS

Module 27: Implementing and Administering AD FS





8

In this module students will be able to implement an

Active Directory Federation Services (AD FS)

deployment.

▪ Overview of AD FS

▪ Deploying AD FS

▪ Implementing AD FS for a Single Organization

▪ Deploying AD FS in a Business-to-Business

Federation Scenario

▪ Extending AD FS to External Clients

Module 28: Implementing Network Load Balancing

In this module students will be able to provide high

availability and load balancing for web-based applications

by implementing Network Load Balancing (NLB).

▪ Overview of NLB

▪ Configuring an NLB Cluster

▪ Planning an NLB Implementation

Module 29: Implementing Failover Clustering

In this module students will be able to provide high

availability for network services and applications by

implementing failover clustering.

▪ Overview of Failover Clustering

▪ Implementing a Failover Cluster

▪ Configuring Highly Available Applications and

Services on a Failover Cluster

▪ Maintaining a Failover Cluster

▪ Implementing a Multi-Site Failover Cluster

Module 30: Implementing Failover Clustering with

Hyper-V

In this module students will be able to deploy and manage

Hyper-V virtual machines in a failover cluster.

▪ Overview of Integrating Hyper-V with Failover

Clustering

▪ Implementing Hyper-V Virtual Machines on

Failover Clusters

▪ Implementing Hyper-V Virtual Machine

Movement

▪ Lab: Implementing Failover Clustering with

Hyper-V

Module 31: Implementing Business Continuity and

Disaster Recovery

In this module students will be able to implement a backup

and disaster recovery solution based on business and

technical requirements.

▪ Data Protection Overview

▪ Implementing Windows Server Backup

▪ Implementing Server and Data Recovery

CISCO-CCNA | 55 hrs This section will enable students to understand QoS,

virtualization and cloud services, and network

programmability related to WAN, access, and core

segments. It will provide the foundational understanding

of network layers 1-3 that are applicable to core routing

and switching plus other advanced technologies. Several

topics have been added including understanding the

interactions and network functions of firewalls, wireless

controllers, and access points, along with additional focus

on IPv6 and basic network security. The configuration

commands are introduced through examples and

supported with lab exercises. A full suite of labs has been

developed using the virtual IOS environment with flexible

topologies that reinforce concepts with hands-on, guided

discovery and challenge labs that align to each lesson

module.

Further, students will gain the knowledge and skills

needed to install, configure, operate, and troubleshoot a

small enterprise network. It will ensure that students

understand and are ready to deploy the latest shifts in

technologies and solutions as follows:

▪ Understanding of Quality of Service (QoS)

elements and their applicability

▪ How virtualized and cloud services will interact

and impact enterprise networks

▪ An overview of network programmability and the

related controller types and tools that are

available to support software defined network

architectures.

Module 1: Building a Simple Network

▪ Exploring the Functions of Networking

▪ Understanding the Host-to-Host Communication

Model

▪ Introducing LANs

▪ Operating Cisco IOS Software

▪ Starting a Switch

▪ Understanding Ethernet and Switch Operation

▪ Troubleshooting Common Switch Media Issues

Module 2: Establishing Internet Connectivity

▪ Understanding the TCP/IP Internet Layer

▪ Understanding IP Addressing and Subnets

▪ Exploring the Functions of Routing

▪ Configuring a Cisco Router

▪ Exploring the Packet Delivery Process

▪ Enabling Static Routing

▪ Learning the Basics of ACL

▪ Enabling Internet Connectivity





9

Module 3: Summary Challenge

▪ Establish Internet Connectivity

▪ Troubleshoot Internet Connectivity

Module 4: Building a Medium-Sized Network

▪ Implementing VLANs and Trunks

▪ Routing Between VLANs

▪ Using a Cisco IOS Network Device as a DHCP

Server

▪ Implementing RIPv2

Module 5: Network Device Management and Security

▪ Securing Administrative Access

▪ Implementing Device Hardening

▪ Configuring System Message Logging

▪ Managing Cisco Devices

▪ Licensing


▪ Implementing a Medium-Sized Network

▪ Troubleshooting a Medium-Sized Network

Module 7: Implement Scalable Medium-Sized

Networks

▪ Troubleshooting VLAN Connectivity

▪ Building Redundant Switched Topologies

▪ Improving Redundant Switched Topologies with

EtherChannel

▪ Understanding Layer 3 Redundancy

Module 8: Troubleshooting Basic Connectivity

▪ Troubleshooting IPv4 Network Connectivity

▪ Troubleshooting IPv6 Network Connectivity

Module 9: Implementing an EIGRP-Based Solution

▪ Understanding OSPF

▪ Implementing Multiarea OSPF IPv4

▪ Implementing OSPFv3 for IPv6

▪ Troubleshooting Multiarea OSPF


▪ Implementing and Troubleshooting Scalable

Medium- Sized Network

▪ Implementing and Troubleshooting Scalable

Medium- Sized Network 2

Module 11: Implement a Scalable OSPF-Based

Solution

▪ Understanding OSPF

▪ Implementing Multiarea OSPF IPv4

▪ Implementing OSPFv3 for IPv6

▪ Troubleshooting Multiarea OSPF

Module 12: Wide-Area Networks

▪ Understanding WAN Technologies

▪ Understanding Point-to-Point Protocols

▪ Configuring GRE Tunnels

▪ Configuring Single-Homed EBGP

Module 13: Network Device Management

▪ Implementing Basic Network Device

Management and Security

▪ Evolution of Intelligent Networks

▪ Introducing QoS

Essentials of Cybersecurity - CCSA | 50 hrs Check Point Security Administration (R77 GAiA) provides

you with an understanding of the basic concepts and skills

necessary to configure Check Point Security Gateway

and Management Software Blades. During this course,

you will configure a Security Policy and learn about

managing and monitoring a secure network, upgrading

and configuring a Security Gateway, and implementing a

virtual private network.

Module 1: Check Point Security Management

▪ Check Point Security Management

▪ Architecture (SMART)

▪ SmartConsole

▪ Security Management Server

▪ Security Gateway

Module 2: The Check Point Firewall

▪ OSI Model

▪ Mechanism for controlling

▪ Network traffic

▪ Packet Filtering

▪ Stateful Inspection

▪ Application Intelligence

Module 3: Security Gateway Inspection Architecture

▪ INSPECT Engine Packet Flow

Module 4: Deployment Considerations

▪ Standalone Deployment

▪ Distributed Deployment

▪ Standalone Full HA

▪ Bridge Mode

Module 5: Check Point SmartConsole Clients

▪ SmartDashboard

▪ Smartview Tracker

▪ SmartLog

▪ SmartEvent

▪ SmartView Monitor

▪ SmartReporter

▪ SmartUpdate

▪ SmartProvisioning

▪ SmartEndpoint

Module 6: Security Management Server

▪ Managing Users in SmartDashboard

▪ Users Database





10

Module 7: Securing Channels of Communication

▪ Secure Internal Communication

▪ Testing the SIC Status

▪ Resetting the Trust State

LPI – Linux Essentials | 35 hrs This section teaches the basic concepts of processes,

programs and the components of the Linux operating

system. You learn the basic knowledge of computer

hardware, gain an understanding of open-source

applications in the workplace, and learn to navigate

systems on a Linux desktop rudimentary commands to

navigate the Linux command line.

This course is a prep course for the Linux Essentials

exam from Linux Professional Institute and is meant to

help those without Linux experience to pass their first

Linux certification.

Module 1: The Linux Community and a Career in Open

Source

▪ Linux Evolution and Popular Operating Systems

▪ Major Open-Source Applications

▪ Understanding Open-Source Software and

Licensing

▪ ICT Skills and Working in Linux

Module 2: Finding Your Way on a Linux System

▪ Command Line Basics

▪ Using the Command Line to Get Help

▪ Using Directories and Listing Files

▪ Creating, Moving and Deleting Files

Module 3: The Power of the Command Line

▪ Archiving Files on the Command Line

▪ Searching and Extracting Data from Files

▪ Turning Commands into a Script

Module 4: The Linux Operating System

▪ Choosing an Operating System

▪ Understanding Computer Hardware

▪ Where Data is Stored

▪ Your Computer on the Network

Module 5: Security and File Permissions

▪ Basic Security and Identifying User Types

▪ Creating Users and Groups

▪ Managing File Permissions and Ownership

▪ Special Directories and Files

Cyber SOC Analyst (Tier 1) | 40 hrs The domains covered in this comprehensive training

programme relates to the core skills and knowledge you

need to know to work and operat a SOC & IR centers.

The graduates of this training shall understand the

theoretical and practical components associated with

their roles as SOC analysts. Therefore, the course is rich

in hands-on practices which closely accompanied the

theoretical topics addressed in this training.

Students can also attempt the CCNA-Cyber Ops and / or

the CompTIA-CySA+ and / or the EC Council- ECIH

certifications.

Module 1: Threat & Vulnerability Management

1. The importance of threat data and intelligence

▪ Intelligence sources

▪ Confidence levels

▪ Indicator management

▪ Threat classification

▪ Threat actors

▪ Collection

▪ Commodity malware

▪ Information sharing and analysis communities

▪ Reconnaissance Techniques

▪ Network Reconnaissance

▪ Response and Counter Measures

▪ Securing Corporate Environments

▪ Implementing the Information Security

Vulnerability Management Process

▪ Analyze Output of Vulnerability Scan

▪ Compare and Contrast Common Vulnerabilities

2. Utilization of threat intelligence to support

organizational security

▪ Attack frameworks

▪ Threat research

▪ Threat modeling methodologies

▪ Threat intelligence sharing with supported

functions

3. Vulnerability management activities

▪ Vulnerability identification

▪ Validation

▪ Remediation/mitigation

▪ Scanning parameters and criteria

▪ Inhibitors to remediation

4. Vulnerability assessment tools

▪ Web application scanner

▪ Infrastructure vulnerability scanner

▪ Software assessment tools and techniques

▪ Enumeration

▪ Wireless assessment tools

▪ Cloud infrastructure assessment tools

5. Threats and vulnerabilities

▪ Mobile

▪ Internet of Things (IoT)

▪ Embedded





11

▪ Real-time operating system (RTOS)

▪ System-on-Chip (SoC)

▪ Field programmable gate array (FPGA)

▪ Physical access control

▪ Building automation systems

▪ Vehicles and drones - CAN bus

▪ Workflow and process automation systems

▪ Industrial control system

▪ Supervisory control and data acquisition

(SCADA) – Modbus

6. Threats and vulnerabilities in cloud environment

▪ Cloud service models

▪ Cloud deployment models - Public - Private -

Community – Hybrid

▪ Function as a Service (FaaS)/ serverless

architecture

▪ Infrastructure as code (IaC)

▪ Insecure application programming interface

(API)

▪ Improper key management

▪ Unprotected storage

▪ Logging and monitoring

7. Implementation of controls

▪ Attack types

▪ Vulnerabilities

Module 2: Software and Systems Security

1. Solutions for infrastructure management

▪ Cloud vs. on-premises

▪ Asset management

▪ Segmentation

▪ Network architecture

▪ Containerization

▪ Identity and access management

▪ Cloud access security broker (CASB)

▪ Honeypot

▪ Monitoring and logging

▪ Encryption

▪ Certificate management

▪ Active defense

2. Software assurance best practices

▪ Software development life cycle (SDLC)

integration

▪ DevSecOps

▪ Software assessment methods

▪ Secure coding best practices

▪ Static analysis tools

▪ Dynamic analysis tools

▪ Formal methods for verification of critical

software

▪ Service-oriented architecture

3. Hardware assurance best practices

▪ Hardware root of trust

▪ eFuse

▪ Unified Extensible Firmware Interface (UEFI)

▪ Trusted foundry

▪ Secure processing

▪ Anti-tamper

▪ Self-encrypting drive

▪ Trusted firmware updates

▪ Measured boot and attestation

▪ Bus encryption

Module 3: Security Operations and Monitoring

1. Analyze data as part of security monitoring

activities

▪ Heuristics

▪ Trend analysis

▪ Endpoint

▪ Network

▪ Log review

▪ Impact analysis

▪ Security information and event management

(SIEM) review

▪ Query writing

▪ E-mail analysis

2. Hardening controls to improve security

▪ Permissions

▪ Allow list (previously known as whitelisting)

▪ Blocklist (previously known as blacklisting)

▪ Firewall

▪ Intrusion prevention system (IPS) rules

▪ Data loss prevention (DLP)

▪ Endpoint detection and response (EDR)

▪ Network access control (NAC)

▪ Sinkholing

▪ Malware signatures - Development/rule writing

▪ Sandboxing

▪ Port security

3. Proactive threat hunting

▪ Establishing a hypothesis

▪ Profiling threat actors and activities

▪ Threat hunting tactics - Executable process

analysis

▪ Reducing the attack surface area

▪ Bundling critical assets

▪ Attack vectors





12

▪ Integrated intelligence

▪ Improving detection capabilities

4. Automation concepts and technologies

▪ Workflow orchestration

▪ Scripting

▪ Application programming interface (API)

integration

▪ Automated malware signature creation

▪ Data enrichment

▪ Threat feed combination

▪ Machine learning

▪ Use of automation protocols and standards

▪ Continuous integration

Module 4: Incident Response

1. Incident response process .

▪ Response coordination with relevant entities

▪ Factors contributing to data criticality

2. Incident response procedure

▪ Preparation

▪ Detection and analysis

▪ Containment

▪ Eradication and recovery

▪ Post-incident activities

3. Potential indicators of compromise .

▪ Network-related

▪ Host-related

▪ Application-related

4. Basic digital forensics techniques

▪ Network

▪ Endpoint

▪ Cloud

▪ Virtualization

▪ Legal hold

▪ Procedures

▪ Hashing

▪ Carving

▪ Data acquisition

5. Forensics Tools and Investigation

Module 5: Windows Security Monitoring

1. Introduction to Windows Security Monitoring

▪ Windows Auditing Subsystem

▪ Security Monitoring Scenarios

▪ Local User Accounts

▪ Local Security Groups

▪ Microsoft Active Directory

▪ Active Directory Objects

▪ Authentication Protocols

▪ Operating System Events

▪ Logon Rights and User Privileges

▪ Windows Applications

▪ Filesystem and Removable Storage

▪ Windows Registry

▪ Network File Shares and Named Pipes



Documents

Cyber Security Analyst (SOC), Incident Responder & IT