Cyber Security Analyst
COURSE CONTENTS & DURATION
Security Breaches have caused both financial and operational losses to many organizations in the world. The stories of Hackers causing disruption in the functioning of computer systems resulted in security awareness among the users as well as insurers. This has resulted in high demand for professionals who could plan, design, deploy and support applications for the protection of data, networks, and communications channels.
Duration: 40 Hours
Module 1: Cyber Security Fundamentals
0.1) Introduction to the instructor and the course objectives
0.2) Expectations of the students
1.1) What is Cyberspace?
1.2) What is Cybersecurity?
- Cybersecurity vs. Information Security
1.3) Why Cyber Security is important?
- What are we trying to protect?
1.4) Different types of threat actors
- Who are we trying to defend against?
- The “Hacker” is just the tip of the spear!
Module 2: Network Protocols & Fundamentals
2.1) Network basics &; Types of Networks
- Why is a good understanding of networking important for a cybersecurity analyst?
2.2) Network Topologies &; Implementation
2.3) Various Network Protocols &; Ports
2.4) OSI &; TCP/IP Reference Model
2.5) Various Network Protocols &; Ports
- Recognizing those important to everyday security work
- http vs. https, ftp vs. ssh, dns, ntp, Kerberos and so on
Module 3: Linux Fundamentals and Windows Command Line
3.1) Introduction to Linux OS, History, Architecture
- Why is good understanding of Linux important for a cybersecurity analyst?
3.2) Various Linux Directories and built-in tools
- Firewall, networking, file transfer and web tools
3.3) Files &; Directories Commands
- Tar, Untar, Zip etc.
3.4) Introduction to Shell & various useful commands
3.5) Windows command line (CMD)
3.6) Directory navigation and built-in tools
3.7) Comparisons and overlap with Linux
Module 4: Active Threats - Types of Malware &; Security Breaches (Existing)
4.1) Worms, Viruses, Spyware, Trojans, Malware and Ransomware
- How are they similar and how are they different?
- How to quickly identify which is which
4.2) Phishing and Email Attacks
4.3) Network and Wi-Fi
4.4) Social Engineering and Identity Theft
4.5) Password Attacks and Denial of Service
4.6) Insider Threat
4.7) Command and Control (C2)
Module 5: Prevention Software and Techniques (Existing)
5.1) Firewalls, Network Security
5.2) VPN – Virtual Private Network
- Site to Site vs. SSL
- Hardware vs. Cloud vs. Data Center Direct Connections
5.3) Anti-Virus, Anti Spyware and Anti-malware
5.4) Endpoint Detection Response (EDR) Tools
5.5) Periodic and Random checks
5.6) Versions and Upgrades
5.7) User Awareness Training
- Security is NOT everyone’s responsibility! But basic understanding and common sense should
be required of all users
Module 6: Analysis, Review, and Investigation
6.1) What is the primary role of a cybersecurity analyst?
- Day in the life of a cybersecurity analyst or threat hunter
6.2) Firewall and Networking Logs
6.3) Email Analysis and MS Exchange Logs
6.4) Local Network and Application Connections
6.5) Log Aggregation and Correlation
- What is a Security Information Event Management (SIEM) Platform?
- Why is so important?
6.6) Basic Shortcuts and Automations
- Organization, process, and note-taking are crucial!
- Python and PowerShell
Module 7: Vulnerability Assessment
7.1) Fundamentals of Vulnerability assessment
7.2) Approaches of Vulnerability assessment
- Application, Internal and External
7.3) Introduction to Various tools and Techniques
- Opensource vs. Enterprise
- Active vs. Passive
7.4) Dealing with Vulnerability Results
- Reporting and Executive Summary
- Clear communication and expectations
7.5) Patching and SLAs for Remediation
7.6) What is a Zero Day (0 Day)?
- 0 Day + Exploit in the wild
Module 8: Advanced Assessment, Testing and Exploitation
8.1) Penetration Testing Fundamentals
- Black Hat, White Hat, and Grey Hat
8.2) Internal, External and Web Application Testing
8.3) Ongoing Assessment
- Blue Team vs. Red Team vs. Purple Team
8.4) Techniques and Tools
- Kali Linux Basics
- Opensource tools
- Metasploit basics
8.6) Reporting and Findings
Module 9: Cloud Security – The New Cybersecurity Frontier
9.1) What is the Cloud?
9.2) Cloud and Hybrid Architectures
- On-premise vs. Cloud vs. Hybrid
- Public vs. Private
9.3) “Insert Here” as a Service
- Software as a Service (SaaS) vs. Infrastructure as a Service (IaaS)
- Shifting threats and security responsibilities to the cloud. Not getting rid of them
9.4) Major Cloud Infrastructure Providers
- AWS, Azure, and GCP
9.5) Cloud Security Tools and Techniques
- Firewalls, Web Application Firewalls (WAF), Networking and Logging
- Provider-specific platforms
Module 10: Compliance, Audit, and Policy
10.1) What is the purpose and why are they important?
10.2) Common compliance standards
- NIST, CIS, PCI, HIPAA, FedR, GDPR
10.3) Tools and techniques to determine compliance
- Application vs. Environment
10.4) Internal and External Audit
- Your friend or your enemy?
- What does it really accomplish?
- How does policy prevent breaches?
Module 11: Quick Wins – Stop the Breach Before it Happens
11.1) Multi-factor Authentication (MFA) and Ridiculous Password Requirements
11.2 Administrative Rights and Permissions
- Least privilege fundamentals. If you don’t absolutely need it, you don’t get it
11.3) Password and Secret Management Tools
11.4) Data Encryption
- Data at rest vs. in transit
11.5) System and Environment Hardening
11.6) Continuous Monitoring and Alerting
11.7) Backups and Segmentation
11.8) Play Well with Others
- Security configuration transcends just the security team
Module 12: let's Build a Security Program! Capstone Project
Scenario = You are a cybersecurity consultant hired by a new technology startup that has no in-house
cybersecurity team or tools of any kind. You have been tasked with the implementation of an end-to-end
security program that will ensure they are safe from breaches and attacks. What do you do?
12.1) Planning and Scoping
12.2) Architecture and Design
12.5) Demonstrating Effectiveness
Module 12.1: Wrap-up
12.1.1) Where to go from here?
12.1.2) Additional Resources
12.1.3) Program and Instructor Reviews