Cyber Security Analyst

COURSE CONTENTS & DURATION

​

Security Breaches have caused both financial and operational losses to many organizations in the world.  The stories of Hackers causing disruption in the functioning of computer systems resulted in security awareness among the users as well as insurers.  This has resulted in high demand for professionals who could plan, design, deploy and support applications for the protection of data, networks, and communications channels.  

​

Duration: 40 Hours

​

COURSE OUTLINE

​

Module 1: Cyber Security Fundamentals

0.1) Introduction to the instructor and the course objectives

0.2) Expectations of the students

1.1) What is Cyberspace?

1.2) What is Cybersecurity?

- Cybersecurity vs. Information Security

1.3) Why Cyber Security is important?

- What are we trying to protect?

1.4) Different types of threat actors

- Who are we trying to defend against?

- The “Hacker” is just the tip of the spear!

 

Module 2: Network Protocols & Fundamentals

2.1) Network basics &; Types of Networks

- Why is a good understanding of networking important for a cybersecurity analyst?

2.2) Network Topologies &; Implementation

2.3) Various Network Protocols &; Ports

2.4) OSI &; TCP/IP Reference Model

2.5) Various Network Protocols &; Ports

- Recognizing those important to everyday security work

- http vs. https, ftp vs. ssh, dns, ntp, Kerberos and so on

 

Module 3: Linux Fundamentals and Windows Command Line

3.1) Introduction to Linux OS, History, Architecture

- Why is good understanding of Linux important for a cybersecurity analyst?

3.2) Various Linux Directories and built-in tools

- Firewall, networking, file transfer and web tools

3.3) Files &; Directories Commands

- Tar, Untar, Zip etc.

 

3.4) Introduction to Shell & various useful commands

3.5) Windows command line (CMD)

3.6) Directory navigation and built-in tools

3.7) Comparisons and overlap with Linux

 

Module 4: Active Threats - Types of Malware &; Security Breaches (Existing)

4.1) Worms, Viruses, Spyware, Trojans, Malware and Ransomware

- How are they similar and how are they different?

- How to quickly identify which is which

4.2) Phishing and Email Attacks

4.3) Network and Wi-Fi

4.4) Social Engineering and Identity Theft

4.5) Password Attacks and Denial of Service

4.6) Insider Threat

4.7) Command and Control (C2)

 

Module 5: Prevention Software and Techniques (Existing)

5.1) Firewalls, Network Security

5.2) VPN – Virtual Private Network

- Site to Site vs. SSL

- Hardware vs. Cloud vs. Data Center Direct Connections

5.3) Anti-Virus, Anti Spyware and Anti-malware

5.4) Endpoint Detection Response (EDR) Tools

5.5) Periodic and Random checks

5.6) Versions and Upgrades

5.7) User Awareness Training

- Security is NOT everyone’s responsibility! But basic understanding and common sense should

be required of all users

 

Module 6: Analysis, Review, and Investigation

6.1) What is the primary role of a cybersecurity analyst?

- Day in the life of a cybersecurity analyst or threat hunter

6.2) Firewall and Networking Logs

6.3) Email Analysis and MS Exchange Logs

6.4) Local Network and Application Connections

6.5) Log Aggregation and Correlation

- What is a Security Information Event Management (SIEM) Platform?

- Why is so important?

6.6) Basic Shortcuts and Automations

- Organization, process, and note-taking are crucial!

- Python and PowerShell

 

Module 7: Vulnerability Assessment

7.1) Fundamentals of Vulnerability assessment

7.2) Approaches of Vulnerability assessment

- Application, Internal and External

7.3) Introduction to Various tools and Techniques

- Opensource vs. Enterprise

- Active vs. Passive

7.4) Dealing with Vulnerability Results

- Reporting and Executive Summary

- Clear communication and expectations

7.5) Patching and SLAs for Remediation

7.6) What is a Zero Day (0 Day)?

- 0 Day + Exploit in the wild

 

Module 8: Advanced Assessment, Testing and Exploitation

8.1) Penetration Testing Fundamentals

- Methodologies

- Black Hat, White Hat, and Grey Hat

8.2) Internal, External and Web Application Testing

8.3) Ongoing Assessment

- Blue Team vs. Red Team vs. Purple Team

8.4) Techniques and Tools

- Kali Linux Basics

- Opensource tools

8.5) Exploitation

- Metasploit basics

8.6) Reporting and Findings

 

Module 9: Cloud Security – The New Cybersecurity Frontier

9.1) What is the Cloud?

9.2) Cloud and Hybrid Architectures

- On-premise vs. Cloud vs. Hybrid

- Public vs. Private

9.3) “Insert Here” as a Service

- Software as a Service (SaaS) vs. Infrastructure as a Service (IaaS)

- Shifting threats and security responsibilities to the cloud. Not getting rid of them

9.4) Major Cloud Infrastructure Providers

- AWS, Azure, and GCP

9.5) Cloud Security Tools and Techniques

- Firewalls, Web Application Firewalls (WAF), Networking and Logging

- Provider-specific platforms

 

Module 10: Compliance, Audit, and Policy

10.1) What is the purpose and why are they important?

10.2) Common compliance standards

- NIST, CIS, PCI, HIPAA, FedR, GDPR

10.3) Tools and techniques to determine compliance

- Application vs. Environment

10.4) Internal and External Audit

- Your friend or your enemy?

10.5) Policy

- What does it really accomplish?

- How does policy prevent breaches?

 

Module 11: Quick Wins – Stop the Breach Before it Happens

11.1) Multi-factor Authentication (MFA) and Ridiculous Password Requirements

11.2 Administrative Rights and Permissions

- Least privilege fundamentals. If you don’t absolutely need it, you don’t get it

11.3) Password and Secret Management Tools

11.4) Data Encryption

- Data at rest vs. in transit

11.5) System and Environment Hardening

11.6) Continuous Monitoring and Alerting

11.7) Backups and Segmentation

11.8) Play Well with Others

- Security configuration transcends just the security team

 

Module 12: let's Build a Security Program! Capstone Project

Scenario = You are a cybersecurity consultant hired by a new technology startup that has no in-house

cybersecurity team or tools of any kind. You have been tasked with the implementation of an end-to-end

security program that will ensure they are safe from breaches and attacks. What do you do?

 

12.1) Planning and Scoping

12.2) Architecture and Design

12.3) Implementation

12.4) Testing

12.5) Demonstrating Effectiveness

 

Module 12.1: Wrap-up

12.1.1) Where to go from here?

12.1.2) Additional Resources

12.1.3) Program and Instructor Reviews

​