Overview
This intensive and practitioner-focused training is designed to help you gain the knowledge, skills, abilities, and confidence required to protect and defend organizational information systems against cyber adversaries
Course description
In addition to the full videos of the cyber defense analyst course, this associate course comes with 10 hands on exercises - completed in our cyber defense lab - and a cyber defense project, which will not be graded. Students will also have the opportunity to attempt the certification exam after paying the appropriate fee.
Prerequisite
Basic knowledge of how computers and the Internet work
Who can take this course?
- Cyber Enthusiasts
- IT Professionals
- Students & Graduates
- Cybersecurity Internship Seekers
This course includes
- Self-paced; over 13 hours of on-demand video
- Approximately 9 hours of lab exercises
- Anytime access (from computer, tablet or mobile phone)
- Labs and Ungraded Project
Learning Objectives
At the end of this course, learners will be able to
✓ Discuss different types of cyber threats and their relevance in today’s threat landscape
✓ Categorize cyber threat actors based on their objectives
✓ Discuss threat modelling and its importance to cyber defense
✓ Demonstrate good understanding of vulnerabilities in general and their important elements
✓ Derive a unique identifier for any particular vulnerability based on its published date
✓ Remember how vulnerabilities are rated
✓ Understand the role of vulnerability in cyber attacks
✓ Recall common types of vulnerabilities
✓ Understand and remember common sources of vulnerabilities intelligence
✓ Explain the vulnerability management lifecycle
✓ Discuss cyber-attack tactics, techniques, and procedures
✓ Briefly explain the cyber kill chain model
✓ Briefly explain the Mandiant attack lifecycle
✓ Discuss the MITRE ATT&CK framework while recalling its key tactics and techniques
✓ Discuss each of the data breach incidents covered in terms of what happened, how it happened, why it happened, the business impact, and how it could have been prevented
✓ Discuss the NIST cybersecurity framework and recall its functions and major categories
✓ Describe each of the five functional areas of the framework and the respective key categories
✓ Categorize various cyber security vendors in accordance with the security domains addressed by their specific products
✓ Recall the various layers of cyber defense and their respective security technology solutions
✓ Demonstrate good understanding of the people, process, and technology elements of a (SOC)
✓ Itemize key log sources and explain the logging and log collection process
✓ Discuss the importance of the SIEM to a SOC
✓ Recall the key players in the SIEM market space
✓ Express their career progression options if they ever end up working in a SOC
✓ Demonstrate good understanding of security alerts
✓ Define alert use cases and describe how they are developed
✓ Discuss actionable reports and how to derive the best value out of them
✓ Demonstrate good understanding of the tasks undertaken by SOC analysts on daily basis
✓ Recall all the phases of incident response and what goes on in each phase
✓ List some of the important tools to have in an incident response jump kit
✓ State and discuss some of the key factors that affect incident categorization
✓ Interpret an incident response workflow
✓ Demonstrate good understanding of the values that managed security service providers (MSSPs) bring to the table and key considerations for outsourcing
✓ Differentiate between an MSSP and a managed detection and response (MDR) service provider
✓ State key reasons why an organization might want to consider subscribing to an incident response retainer service
✓ List the features and benefits of an internally developed and delivered threat intelligence service
✓ Define cyber law and demonstrate basic understanding of intellectual property law and different types of intellectual property
✓ Recall elements of the cybersecurity enhancement act of 2014 and how it contributes to the efforts to protect the U.S. businesses and government agencies against cyber threats
✓ Recall elements of the national cybersecurity protection act of 2014 and how it contributes to the efforts to protect the U.S. businesses and government agencies against cyber threats
✓ Demonstrate an understanding of the key aspects of the Sarbanes-Oxley act and how to support related audit and compliance efforts from a cyber security standpoint
✓ State the objectives of the Federal Information Systems Modernization Act of 2014 and key improvements over its predecessor (FISMA 2002)
✓ Demonstrate good understanding of HIPAA and mastery of the key cyber security activities required to keep an organization compliant
✓ Recall key elements of the European General Data Protection Act (GDPR)
Course Curriculum
- Lecture 1: Introduction (2:32)
- Lecture 2: Overview of NICE Workforce Framework (5:42)
- Lecture 3: Important NICE Framework Elements (2:32)
- Lecture 4: What is Cyber Security? (8:17)
- Lecture 5: Professional Certifications (14:15)
- Lecture 6: Knowledge Acceleration Channels (4:03)
- Lecture 7: Why Does it Even Matter? (3:35)
- Lecture 8: Financial Services: JP Morgan Chase (2:56)
- Lecture 9: Healthcare: John Hopkins Medicine (2:03)
- Lecture 10: News & Media: The BBC (2:09)
- Lecture 11: Oil and Gas: Exxon Mobil (2:28)
- Lecture 12: Retail: Tesco (1:17)
- Lecture 13: Technology: Facebook (2:11)
- Lecture 15: Overview (2:08)
- Lecture 16: People, Process and Technology (2:49)
- Lecture 17: Governance Structure (1:30)
- Lecture 18: Overarching Security Policy (2:55)
- Lecture 19: Business Aligned Issue-Specific Policies (1:59)
- Lecture 20: Security Standards (2:14)
- Lecture 21: Fundamentals of Networking (5:46)
- Lecture 22; Common Networking Services and Protocols (8:50)
- Lecture 23: Overview of the OSI Model (5:20)
- Lecture 24: IP Addressing Basics (3:30)
- Lecture 25: IP Subnetting Basics (10:47)
- Lecture 26: TCP 3-Way Handshake Process (10:13)
- Lecture 27: Network Traffic and Packet Analysis - Wireshark Demo (11:23)
- Lecture 28: Key Elements of an Enterprise Network (3:07)
- Lecture 29: Understanding Cisco Three-Layer Hierarchical Model (4:40)
- Lecture 30: Introduction to the Defense-In-Depth Model (5:38)
- Lecture 31: Summary (4:03)
- Module 1 - Practice Questions
- Lecture 32: Cyber Threat Essentials (3:01)
- Lecture 33: Overview of Cyber Threats (8:44)
- Lecture 34: Global Cyber Threat landscape (3:05)
- Lecture 35: Types of Threat Actors (2:24)
- Lecture 36: Cybercriminals (3:17)
- Lecture 37: Non-Adversarial Employee (3:51)
- Lecture 38: Nation State Actors (3:50)
- Lecture 39: Hacktivists (2:19)
- Lecture 40: Adversarial Employee (2:14)
- Lecture 41: Threat Modelling Fundamentals (5:25)
- Lecture 42: Threat Modelling - STRIDE (5:17)
- Lecture 43: Overview of Vulnerabilities (8:27)
- Lecture 44: Vulnerability Naming Standard (4:59)
- Lecture 45: Vulnerability Scoring System (8:52)
- Lecture 46: Role of Vulnerability in the Attack Triangle (4:34)
- Lecture 47: Common Types of Vulnerabilities – Part 1 (7:45)
- Lecture 48: Common Types of Vulnerabilities – Part 2 (6:24)
- Lecture 49: Sources of Vulnerability Intelligence (4:58)
- Lecture 50: The Vulnerability Management Lifecycle (5:33)
- Lecture 51: Practical Demonstration of Vulnerability Discovery and Analysis (6:05)
- Lecture 52: Cyber Attack Tactics, Techniques and Procedures (2:37)
- Lecture 53: Cyber Kill Chain (6:51)
- Lecture 54: Mandiant Attack Lifecycle (2:58)
- Lecture 55: MITRE ATT&CK Framework (6:39)
- Lecture 56: The Hacking Team (12:56)
- Lecture 57: Capital One (6:12)
- Lecture 58: Ashley Madison (5:14)
- Lecture 59: British Airways (4:10)
- Lecture 60: American Medical Collection Agency (AMCA) (3:43)
- Lecture 61: Equifax (5:47)
- Lecture 62: Section 2 Summary (3:51)
- Module 2 - Practice Questions
- Lecture 63: Section 3 Overview (3:47)
- Lecture 64: The NIST Cybersecurity Framework (6:45)
- Lecture 65: Identify (3:47)
- Lecture 66: Protect (3:52)
- Lecture 67: Detect (1:47)
- Lecture 68: Respond (1:47)
- Lecture 69: Recover (2:16)
- Lecture 70: The "Protect" Categories and Technologies (2:46)
- Lecture 71: Application Security Overview (12:25)
- Lecture 72: Web Application Firewall (12:25)
- Lecture 73: Application Security Testing Techniques and Products (13:09)
- Lecture 74: Data Security Overview (6:08)
- Lecture 75: Data Encryption and Key Management (7:20)
- Lecture 76: Data Masking and Tokenization (7:34)
- Lecture 77: Data Leakage Prevention (DLP) (10:09)
- Lecture 78: Digital Rights Management (3:47)
- Lecture 79: Endpoint Protection Platform lock (16:34)
- Lecture 80: Application Whitelisting (4:19)
- Lecture 81: File Integrity Monitor (3:54)
- Lecture 82: Full Disk Encryption (2:30)
- Lecture 83: Network Security Overview (10:44)
- Lecture 84: Intrusion Protection Systems (IPS) (5:51)
- Lecture 85: Network Access Control (NAC) (3:06)
- Lecture 86: Secure Web Gateway (8:56)
- Lecture 87: Secure Email Gateway (5:43)
- Lecture 88: Cloud Security Overview (9:30)
- Lecture 89: Cloud Access Security Broker (CASB) (7:20)
- Lecture 90: Cloud Security Posture Management (5:33)
- Lecture 91: Section 3 Summary (4:25)
- Module 3 - Practice Questions
- Lecture 92: Overview of the SOC (7:59)
- Lecture 93: Log Sources and Events Collection (10:27)
- Lecture 94: Security Information and Events Management (SIEM) (7:20)
- Lecture 95: Career Progression Path in a SOC (5:18)
- Lecture 96: SOAR (6:26)
- Lecture 97: Maintaining Situational Awareness (5:19)
- Lecture 98: Security Alerts (3:04)
- Lecture 99: Alerts Use Cases: Privileged account (2:48)
- Lecture 100: Alerts Use Cases: Data Leakage Prevention (1:50)
- Lecture 101: Alerts Use Cases: Lateral Movement (2:28)
- Lecture 102: Alerts Use Cases: C2 (2:32)
- Lecture 103: Actionable Reports (10:39)
- Lecture 104: A Day in the Life of a SOC Analyst (6:09)
- Lecture 105: Overview of Incident Response (4:31)
- Lecture 106: Incident Response: Prepare (4:28)
- Lecture 107: Incident Response: Detect & Analyze (3:21)
- Lecture 108: Incident Response: Containment, Eradication, Recovery (3:01)
- Lecture 109: Incident Response: Post Incident (1:38)
- Lecture 110: Incident Response Jump Kit (3:33)
- Lecture 111: Incident Categorization and Process Workflow (5:36)
- Lecture 112: Using a SIEM - Practical Demonstration
- Lecture 113: Incident Response Scenarios
- Lecture 114: Managed Security Services Provider (MSSP (7:10)
- Lecture 115: Managed Detection and Response (MDR) Service (4:12)
- Lecture 116: Incident Response Retainer Service (5:02)
- Lecture 117: Cyber Threat Intelligence Service (3:13)
- Lecture 118: Section 4 Summary (6:15)
- Module 4 - Practice Questions
- Lecture 119: Key Terms and Definitions (3:42)
- Lecture 120: Cyber Risk in Enterprise Risk Management (5:10)
- Lecture 121: Conducting Risk Assessment (6:02)
- Lecture 122: Risk Analysis - Overview (9:07)
- Lecture 123: Risk Analysis – Rating Matrix (7:06)
- Lecture 124: Understanding Risk Tolerance and Appetite (11:30)
- Lecture 125: Risk Response Actions (6:30)
- Lecture 126: Risk Assessment Reports (RARs) (3:46)
- Lecture 127: Risk Monitoring (5:12)
- Lecture 128: Intellectual Property and Introduction to Cyber Laws (11:16)
- Lecture 129: Cybersecurity Enhancement Act (2014) (5:59)
- Lecture 130: National Cybersecurity Protection Act (2014) (1:49)
- Lecture 131: Sarbanes Oxley (SOX) Act (6:03)
- Lecture 132: Federal Information Systems Modernization Act (2014) (4:54)
- Lecture 133: Health Information Portability and Accountability Act (HIPAA) of 1996 (7:43)
- Lecture 134: General Data Protection Regulation (GDPR) (7:38)
- Lecture 135: Cybercrime Act of 2015 (12:15)
- Lecture 136: NDPR (7:37)
- Lecture 137: Elements of Cyber Security Governance (7:55)
- Lecture 138: Cyber Security Business Drivers (6:30)
- Lecture 139: Security Steering Committee (4:46)
- Lecture 140: Compliance (3:07)
- Lecture 141: Cyber Security – Internal Audit (7:45)
- Lecture 142: Section 4 Summary (4:06)
- Module 5 - Practice Questions
- Scenario 1 - External Attack Against A Webserver
- Scenario 2 - Unauthorized Changes
- Scenario 3 - Suspected Unauthorized Access to Web Server
- Scenario 4 - Suspected Unauthorized Access to Web Server
- Scenario 5 - DDOS SYN Flood Attack
- Scenario 6 - Webshell Attack Detection and Analysis
- Scenario 7 - Client Side Attack - Drive by Download
- Scenario 8 - Suspicious Email Received From an Unknown Party
- Scenario 9 - Detection and Analysis of Reverse Shell Traffic
- Scenario 10 - Data Breach Notification
Cyber Defense Lab
Our lab environment closely mirrors the real-world business environment where students get to play the role of a cyber security professional.
10 Unique Cyber Security Challenges!
Solve real world cyber security challenges by following structured incident response steps