FedVTE Course Catalog

101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
CDM Training Environment Enrollment and Logon Process .5 HoursSkill Level: Beginner
+ Description
 

This is a 10-minute video explaining how to enroll and log onto the CDM Training Environment which is used in the live delivery of the CDM webinars. The Training Environment allows students to participate in lab activities and apply what they learn in the webinars in real-time.

Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.

Learning Objectives:

  • Learn how to enroll in the CDM Training Environment
  • Learn how to log onto the CDM Training Environment

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: N/A

+ Course Modules/Units
 
CDM Training Environment Enrollment and Logon Process
CDM 141 Introduction to the CDM Agency Dashboard - 2 HoursSkill Level: Beginner  
+ Description
 

This course is a recording of a virtual two-hour course which is the first of six webinars. This course provides participants with the essential knowledge of the ES-2 version of the CDM Agency Dashboard. It explains basic features and navigation within the environment, and includes demonstrations using the new CDM Agency Dashboard to identify and report on vulnerabilities.

Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.

Learning Objectives:

  • Understand CDM Agency Dashboard basic features and functionality
  • Instructor demonstrates the CDM Agency Dashboard

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Introduction to the CDM Agency Dashboard
CDM 143 Vulnerability Management with the CDM Agency Dashboard - 2 HoursSkill Level: Beginner  
+ Description
 

This course is a recording of a virtual two-hour course which is the second of six webinars covering the ES-2 version of the CDM Agency Dashboard. This course introduces participants to CDM Agency-Wide Adaptive Risk Enumeration (AWARE) and other vulnerability management topics. With the information provided, dashboard users can identify the most critical vulnerabilities and prioritize mitigation activities at their agency.

Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.

Learning Objectives:

  • Understand the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) Score
  • Walkthrough how to identify vulnerabilities in the CDM Agency Dashboard

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Vulnerability Management with the CDM Agency Dashboard
CDM 201 Identity and Access Management Capabilities within the CDM Agency Dashboard - 2 HoursSkill Level: Intermediate  
+ Description
 

This course is a recording of a virtual two-hour course which is the second of six webinars covering the ES-2 version of the CDM Agency Dashboard. This course introduces participants to the four identity management capabilities - PRIV, CRED, TRUST, and BEHAVE - and to the use of the new CDM Agency Dashboard to reduce risks associated with each.

Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.

Learning Objectives:

  • Overview of how the CDM Agency Dashboard addresses user-centric data in addition to hardware and software information
  • Strategies for integrating PRIV/CRED/TRUST/BEHAVE capabilities into routine processes workflows to drive increased risk awareness and mitigation.

Date: 2021

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Identity and Access Management Capabilities within the CDM Agency Dashboard
New Course OfferingIAM- Identity and Access Management with the CDM Agency Dashboard .5 HoursSkill Level: Intermediate  
+ Description
 

This 39 minute video is an interview recording of a Mr. Ross Foard, subject matter expert for DHS/CISA, and Identity and Access Management (IAM) . This video provides participants with the essential knowledge of IAM and the CDM Agency Dashboard.

Learning Objectives:

  • Understand CDM Agency Dashboard basic features and IAM functionality.

Date: 2021

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
IAM- Identity and Access Management with the CDM Agency Dashboard
New Course OfferingCDM 202 Managing Configuration Settings with the CDM Agency Dashboard - 2 HoursSkill Level: Intermediate 
+ Description
 

This 2 -hour course demonstrates the configuration settings management (CSM) capability within the new CDM Agency Dashboard. In this course students are shown the basic concepts associated with CSM, the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), how CSM scoring is incorporated into the AWARE calculations, and gain an understanding of how the CSM capability of the CDM Agency Dashboard can be used to reduce the misconfiguration of assets in their inventory.

Learning Objectives:

  • Overview of the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and how CSM scoring is incorporated into the AWARE calculations.
  • Walkthrough of how CSM scoring affect the AWARE algorithm and can reduce asset misconfiguration.

Date: 2021

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
Managing Configuration Settings with the CDM Agency Dashboard
New Course OfferingCDM 203 CDM Dashboard Role-Based Training – System Security Analyst - 2 HoursSkill Level: Intermediate 
+ Description
 

This 2 -hour demonstrates the continuous monitoring and analysis capability with the CDM Agency Dashboard for those cybersecurity workforce staff that use the dashboard routinely. In this course students are shown concepts associated with continuous monitoring and analysis of the top issues that affect networks. Topics include an overview of the responsibilities of the Security analyst, continuous monitoring, how the CDM Agency Dashboard can be used to identify vulnerabilities, AWARE scoring, the reporting function, and possible courses of action.

Learning Objectives:

  • Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
  • Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.

Date: 2021

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
CDM Dashboard Role-Based Training – System Security Analyst
Advanced Computer Forensics 5 HoursSkill Level: Advanced 
+ Description
 

This course focuses on building skills to improve the ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.

Learning Objectives:

  • Develop an investigative process for the digital forensic investigation.
  • Explain methods of focusing investigations through analysis of multiple evidence sources.
  • Effectively prepare for incident response of both victim and suspect systems.
  • Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics.
  • Identify common areas of malicious software activity and characteristics of various types of malicious software files.
  • Confidently perform live response in intrusion investigation scenarios.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Exploitation Analysis Exploitation Analyst
Investigate Digital Forensics Cyber Defense Forensics Analyst
+ Course Modules/Units
 
Course Objectives
Introduction to Acquisition Preparation
The Preparation Phase
Known Executables
Collection Strategies
Once an Incident Has Occurred
Making Adjustments
Response
Acquisition Summary
Incident Information Gathering
Live Acquisitions
Acquisition Considerations and Risks
Acquisition Preparation and Identification
Using Live Disks, Bootable USBs, and Evidence Storage
Volatile Data Collection
Memory Collection
Memory Collection Tools
WinDD
Hard Drive Collection
Disk Encryption
Network Log Analysis
Log Analysis Tools and Wireshark
Fundamentals of Memory Analysis
Why Should You Care About Memory
Volatile System Information
Virtual Memory
Memory Acquisition Considerations and Tools
Benefits and Limitations of Memory Analysis
Mandiant Redline
Volatility
Using Volatility
Using Strings
Demo of Volatility 1_Using Volatility
Memory Analysis Flow and Techniques
Demo of Volatility 2_Comparing Memory and Volatile System Information
Advanced Memory Analysis
Understanding Attacks and Incidents
Anatomy of an Attack of Infection
Benefits of Malware Analysis
Using Antivirus
Introduction to Windows Artifacts
Prefetch Files
User Assist Entries
Recent, Link, and Shortcut Files
Most Recently Used Files
Shell Bags Entries
Page, Hibernation, and Autorun Files
Persistence
Hash Analysis
Registry Decoder
Timeline Analysis
Forensic Analysis of Timelines
Victim System Analysis
User Level Vs Kernel Level Rootkits
Correlating Incident Response with Forensics
Advanced Analysis Topics 1
Malware Versus Tools
Advanced Analysis Topics 2
Identifying a Suspect
Scanning and Fingerprinting the Suspect
Advanced PCAP Analysis and Signature Development (APA) 1 HourSkill Level: Intermediate  
+ Description
 

This course will introduce rules and go over example syntax, protocols, and expressions. It contains several supporting video demonstrations as well as lab exercises writing and testing basic rules.

Learning Objectives:

  • Identify poorly written signatures and revise them.
  • Write regular expressions.
  • Create signatures.
  • Identify information in PCAP data to use for creating alerts.

Date: 2011

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Collect and Operate Cyber Operations Cyber Operator
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
+ Course Modules/Units
 
Advanced Pcap Analysis And Signature Development
Packet Protocol Dns
Introduction To Rules
Examples Of Sourcefire Rules
Sourcefire Rule Syntax - Protocols
Sourcefire Rule Syntax - Message And Matching
Lab Exercise Writing And Testing Basic Rules
Lab Exercise Writing And Testing Basic Rules Video
Lab Exercise Writing And Testing Basic Rules Continued
Lab Exercise Continued
Regular Expressions
Editing A Poor Rule
How To Write An Ipv4 Regular Expression
Lab Exercise Writing Regular Expression
Lab Exercise Writing Regular Expression Continued
Malware Analysis Reports (Mar)
Demonstration of Mar 131751 Report
Demonstration Of Mar Report Continued
Lab Exercise Writing Rules From Malware Analysis Reports
Lab Exercise Writing Rules From Malware Analysis Reports Continued
Advanced Windows Scripting 6 HoursSkill Level: Beginner 
+ Description
 

This course focuses on advanced concepts for writing scripts for the Microsoft Windows operating system. The course covers how to string multiple commands together in traditional BATCH scripts, as well as leverage Visual Basic Scripting (VBS) to perform more complex tasks and includes reinforcing video demonstrations and final assessment.

Learning Objectives:

  • Understand the fundamentals of Visual Basic Scripting.
  • Recognize the concepts of redirection, piping, and how to conduct complex tasks with multiple commands.
  • Apply integration of Windows BATCH with Visual Basic Scripting.
  • Demonstrate how to access the Windows API from Visual Basic Scripting.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Software Development Software Developer
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Advanced Windows Scripting Introduction
Windows BATCH Scripting Overview
Windows BATCH Advanced Syntax Part 1 of 2
Windows BATCH Advanced Syntax Part 2 of 2
Windows Scripting Advanced Uses of FOR
Windows Scripting Syntax Tips and Tricks
Windows Scripting CALL and START Demo
Windows Scripting Subroutine Demo
Windows Scripting SET Demo
Windows Scripting PUSHD and POPD Demo
Manipulating In_Outputs
Stringing Multiple Commands Together
FOR Loop Generating List Demo
FOR Loop Recursive Listing Demo
Taking Action Based on Content of Output
Action Based on Content Output Demo
Scripts in Typical Penetration Testing Tasks Part 1 of 2
Scripts in Typical Penetration Testing Tasks Part 2 of 2
Visual Basic Scripting Syntax and Usage
Visual Basic Scripting Merge Demo
VBS Elements_Structure
VBS Elements_Variables, Arguments, and Conditionals
VBS Elements_Loops
VBS Elements_Functions and Operators
VBS Windows Scripting Host
VBS Elements_File I_O
VBS Windows Scripting Demo
VBS Error Handling and Troubleshooting
Visual Basic for Applications
Visual Basic for Application Elements
Visual Basic for Applications Working with Applications
VBA Working with Applications Demo
VBA Error Handling and Troubleshooting
VBA Error Handling and Troubleshooting Demo
Advanced Windows Scripting Quiz
Analysis Pipeline 6 HoursSkill Level: Intermediate  
+ Description
 

This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to create a better understanding of how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases.

Learning Objectives
At the completion of this course analysts will be able to:

  • Understand Analysis Pipeline and its role in network flow data streaming analytics and alerting.
  • Understand the Analysis Pipeline configuration language.
  • Develop and implement network flow data use cases with Analysis Pipeline.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operations Cyber Operator
Operate and Maintain Network Services Network Operations Specialist
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Introduction
Configuration Files
Running Pipeline
Logical Schematics
Pipeline and Timing and State
Alerts
Configuration File Basics
Filters
Filters (Exercises and Solutions)
Evaluations
Evaluations (Exercises and Solutions)
Statistics
Internal Filters
List Configurations
Configuration File Basics (Exercises and Solutions)
Threshold Examples
Special Evaluations
Building an Analytic
Server Profiling Analytic
Host Discovery Analytic
Advanced Configurations
NTP Anomalies
Unknown SSH Brute Force
Choose Your Own Adventure
ICMP Surveying: Thinking it Through
ICMP Surveying: Building it Out
DDoS Detection: Thinking it Through
DDoS Detection: Building it Out
SSH Compromise: Thinking it Through
SSH Compromise: Building it Out
Analysis Pipeline 5
Artificial Intelligence (AI) and Machine Learning (ML) for Cyber 1.5 HoursSkill Level: Intermediate 
+ Description
 

This course provides the foundational practices and ethical principles of artificial intelligence. Diving into each of the ethical principles along with other technical ethics, it is aimed at reducing risk and unwanted bias to create ethical, transparent, and fair artificial intelligence systems.

Learning Objectives:

  • Explain the harm with bias in artificial intelligence.
  • Discuss how to reduce risk and unwanted bias.
  • Cite several principles of AI and the goals of each.
  • Describe how principles are applied to create ethical, transparent, and fair AI.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operational Planning Cyber Ops Planner
Operate and Maintain Data Administration Data Analyst
+ Course Modules/Units
 
AI and ML for Cyber
Ethical Principles for AI Overview
Responsible Aspects of Ethics Part 1 of 2
Responsible Aspects of Ethics Part 2 of 2
Equitable Portion of the Ethics Principles
Traceable AI
Reliable AI Part 1 of 2
Reliable AI Part 2 of 2
How to Make AI Reliable Part 1 of 2
How to Make AI Reliable Part 2 of 2
Governable AI
AI and ML for Cyber Review
Course Test
Certified Ethical Hacker Version 10 (CEHv10) Prep 29 HoursSkill Level: Advanced 
+ Description
 

This self-study course focuses on preparing learners for the EC-Council Certified Ethical Hacker version 10 certification exam. This course contains materials on advanced network assessment techniques including enumeration, scanning, and reconnaissance. It is designed to use the same knowledge and tools as a malicious hacker, but in an ethical and lawful manner to examine an organization's network security posture. The course concludes with a practice exam.

Learning Objectives:

  • Learn how to perform a vulnerability analysis to identify security weakness in an organization's network structure.
  • Perform a security assessment of a cloud environment to understand cloud computing threats and attacks.
  • Understand risks and defensive strategies for IoT platforms and devices.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
CEHv10 Course Introduction
Information Security Reports
Ethical Hacking Defined
Ethical Hacking Terminology
Hacking Phases and Vul Research
Types of Attacks and Attack Vectors
Threat Modeling
Introduction to Physical Security
Incident Management Process
Incident Response Overview
Security Testing and Assessments
Pen Testing Phases and Methodology
Information Security Laws and Standards
Reconnaissance
Footprinting Methodologies - Passive
Footprinting Methodologies - Active
Advanced Google Hacking Techniques
Network Mapping
DEMO: WHOIS with BackTrack
DEMO: Active Footprinting with Traceroute
DEMO: Maltego for Information Gathering Part 1
DEMO: Maltego for Information Gathering Part 2
Footprinting Countermeasures
DEMO: Windows CMD Information Gathering
Scanning Essentials
DEMO: Colasoft Packet Builder
Port Scanning
DEMO: Banner Grabbing with Telnet
Covert Scanning
Covert Scanning with Proxies
DEMO: Scanning with Nmap
Common Enumeration Techniques
Enumeration Tools
Protocol Enumeration
DEMO: Scanning and Enumeration with Nmap
Understanding System Vulnerabilities
Passive and Active Vul Scanning
Vulnerability Assessment Lifecycle and CVSS
Common Vulnerabilities and Exposures (CVE)
Vulnerability Scanning
DEMO: Vulnerability Scanning with Nessus
Authentication Techniques
Microsoft Authentication
Password Cracking
Privilege Escalation
DEMO: Rainbow Table Lookup Sites
Keyloggers
Spyware and Activity Monitoring
Packet Sniffing Attacks
Covert Hacking
Hiding Files - Rootkits
DEMO: Kernel-Level Rootkits
Covering Tracks
Malware Awareness
Trojan Terminology and Techniques
Trojans and Backdoors
Virus Examples and Symptoms
Virus Classifications and Characteristics
Virus Making Tools
Other Malicious Code Types
Malware Countermeasures and Tools
DEMO: Bind and Reverse Shell
DEMO: Strings Analysis
Sniffers Terminology and Overview
Network Overview for Sniffer Placement
Basic Packet Analysis
Address Resolution Protocol (ARP)
DEMO: Viewing ARP Packets with Packet Builder
Spoofing and Flooding Sniffing Attacks
MITM Attacks Ports Vul to Sniffing
Wireshark Overview and Examples
Evasion in Network Sniffing
Sniffing Countermeasures and Tools
DEMO: Hping3
DEMO: Wireshark
Social Engineering Background and Examples
Human-Based Social Engineering
Computer-Based Social Engineering
Computer Based SE - Social Networking
Social Engineering with Mobile Applications
SE and Identity Theft Countermeasures
DEMO: Social Engineering Toolkit
DEMO: Leveraging Armitage in Phishing Attack
DoS Impacts and Classifications
Categories of Denial of Service
Botnets and Disruption Attacks
DoS Symptoms and Tools
Buffer Overflow Terminology and Background
Session Hijacking Overview and Examples
Compromising Session Attacks
Session Hijacking Techniques
Session Hijacking Tools
IPSec and Session Hijacking
Firewalls and Honeypots
Firewall Configurations
IDS Overview and Detection Methods
IDS, Firewall, and Honeypot Evasion
Evasion Techniques
Evasion Testing Techniques
DEMO: Intrusion Signs
Common Web Server Attack
Webserver Architecture
OWASP Top 10 and Beyond
Webserver Hacking Countermeasures
SQL and Command Injection Web App Hacking
Non SQL Injection Errors
Parameter and Form Tampering Web App Hacking
Cross-site Scripting and Obfuscation Web App Hacks
Cross-site Request Forgery and Cookies
Web Application Pen Test Methodology
Web App Tools and Countermeasures
Buffer Overflow Tools and Countermeasures
DEMO: BurpSuite
SQL Terminology and Example Statements
SQL Enumeration
SQL Injection Attacks
SQL Injection Tools and Countermeasures
DEMO: SQL Inject Attacks
Wireless Terminology and Standards
Wireless Terminology and Antennas
Wireless Authentication
Wireless-Based Attacks
Wireless Attack Methodology Part 1 of 2
Wireless Attack Methodology Part 2 of 2
WEP, WPA and Other Wireless Attacks
Bluetooth Communication Basics
Wireless Protocols and Signal Modulation
DEMO: SSID and Channels
DEMO: Wireless Hacking
Wireless Hacking Tools
Wireless Hacking Countermeasures
Mobile Platform Overview
OWASP IoT Vuls and Countermeasures
Mobile Device Operating Systems
Hacking Mobile Platforms
Mobile Device Management and Risks
Mobile Device Security
Internet of Things (IoT) Concepts
Internet of Things (IoT) Attacks and Mitigation
Introduction to Cloud Computing
Cloud Architectures and Deployment Models
Cloud Threats and Attacks
Cloud Security
Cloud Testing Tools
Cryptography Background and Terminology
Crypto Keys and Algorithms
SHA and TLS Algorithms
DEMO: Hashing with MD5 Sum
Cryptography Implementations
Public Key Infrastructure (PKI)
Cryptanalysis Techniques
Crypto Attacks
DEMO: Encryption with TrueCrypt
Digital Signatures
Certified Ethical Hacker Practice Exam
LAB: Using a Simulated Botnet to Conduct a Distributed Denial of Service
New Course OfferingNew CDM Agency Dashboard Videos (8 Videos) 1 HoursSkill Level: Intermediate 
+ Description
 

These short videos (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.

Learning Objectives:

  • Understand what are CDM and the CDM Agency Dashboard
  • Understand the New CDM Agency Dashboard
  • Provide an overview on the AWARE Scoring Algorithm 1.0
  • Become familiar with the Kibana User Interface
  • Understand the general architecture, data flow, and data structure and schema
  • Become familiar with JSON Documents

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
This course is to be broken up. Any completion data will be preserved in the new courses.
+ Course Modules/Units
 
What is CDM and the CDM Agency Dashboard?
Introduction to the New CDM Agency Dashboard
Introduction to the AWARE Scoring Algorithm 1.0
AWARE Scoring Algorithm 1.0 Details
CDM Agency Dashboard - Kibana User Interface
CDM Agency Dashboard Architecture and Data Flow
CDM Agency Dashboard Data Structure and Schema
Understanding JSON Documents
Course Lifetime ExpiringCDM 102: Introduction to Creating Queries & Reports Using the Legacy (Archer) CDM Agency Dashboard 2 HoursSkill Level: Beginner 
+ Description
 

Custom Searches and Reports: View demonstrations of navigating and searching the data within the CDM Agency Dashboard. See how that data can be used to create meaningful and visually appealing custom reports to communicate query results to leadership and stakeholders.

Learning Objectives:

  • Learn how to examine the standard operating view (SOV) and iView of the Legacy (Archer) CDM agency dashboard
  • Learn how to examine records and containers, browse and filter hardware records and build custom queries

Date: 2019

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
CDM 102: Course Introduction
CDM 102: What is the CDM Agency Dashboard?
CDM 102: CDM Data Architecture
CDM 102: Dashboard SOV and iViews
CDM 102: Revision 5 and Using Risk Scores
Demo: CDM 121 Lab Review
Demo: CDM 122 Lab Intro
Demo: CDM 122 Lab Review/CDM 123 Lab Intro
Demo: CDM 123 Lab Review
Demo: CDM 124 Lab Intro
Demo: CDM 124 Lab Review
CDM 102: Conclusion
CDM Agency Dashboard Introduction
CDM Lab 121: Examine the SOV & iViews
CDM Lab 121: Examine the SOV & iViews Knowledge check
CDM Lab 122: Examine Records and Containers
CDM Lab 122: Examine Records and Containers Knowledge Check
CDM Lab 123: Browse and Filter Hardware Records
CDM Lab 123: Browse and Filter Hardware Records Knowledge Check
CDM Lab 124: Build Custom Queries
Course Lifetime ExpiringCDM 103: Using Measurements & Metrics of Hardware & Software Assets with the Legacy (Archer) CDM Agency Dashboard 3 HoursSkill Level: Beginner 
+ Description
 

Custom Searches and Reports: View demonstrations of navigating and searching the hardware and software data within CDM and create reports.

Learning Objectives:

  • Learn how to find hardware by the FISMA container using the Legacy (Archer) CDM Agency Dashboard
  • Learn how to conduct a multi-filter query to find legacy software and unauthorized software
  • Learn how to create reports and iViews from custom queries

Date: 2019

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
CDM 103: Course Introduction
CDM 103: What is the CDM Agency Dashboard?
CDM 103: CDM Data Architecture
CDM 103: Using Queries and Reports
CDM 103: SOV Overview Demo
Demo: CDM126 Lab Review
Demo: CDM 127 Lab Intro
Demo: CDM 127 Lab Review
Demo: CDM 128 Lab Intro
Demo: CDM128 Lab Review
Demo: CDM 125 Lab Review
CDM 103: Conclusion
CDM Agency Dashboard Introduction
CDM Lab 125: Find Hardware by FISMA Container
CDM Lab 125: Find Hardware by FISMA Container Knowledge Check
CDM 126: Create Multi-Filter Query to find Legacy Software
CDM 126: Create Multi-Filter Query to Find Legacy Software Knowledge Check
CDM Lab 127: Find Unauthorized Software
CDM Lab 127: Find Unauthorized Software Knowledge Check
CDM Lab 128: Create Reports and iViews from Custom Queries
CDM Lab 128: Create Reports and iViews from Custom Queries Knowledge Check
Course Lifetime ExpiringCDM 104: Using the Legacy (Archer) CDM Agency Dashboard to Drive Your Vulnerability Management Work Plan 2 HoursSkill Level: Beginner  
+ Description
 

Learn how to use AWARE to prioritize vulnerability management activities to address the worst vulnerabilities first.

Learning Objectives:

  • Understand AWARE Risk Scoring using the Legacy (Archer) CDM Agency Dashboard
  • Learn how to identify vulnerabilities, components and mitigations

Date: 2019

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
CDM104: Course Introduction
CDM104: Part 2
CDM104: Part 3
CDM104: Part 4
CDM104: Part 5
CDM104: Conclusion
CDM Agency Dashboard Introduction
CDM 129: Understanding AWARE Risk Scoring Terminology and Constructs
CDM 129: Understanding AWARE Risk Scoring Terminology and Constructs Knowledge Check
CDM 130: Identifying Vulnerabilities and Mitigations using AWARE Scoring Knowledge Check
CDM 131: Identifying Vulns, Components and Mitigations Using AWARE Scoring Knowledge Check
Course Lifetime ExpiringCDM Module 1 : Overview 2 HoursSkill Level: Beginner  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course provides a high level overview of the CDM program. Topics covered include basic CDM concepts, how CDM relates to NIST 800-53 and other NIST SPs, CDM Concept of Operations, the CDM Environment, and CDM’s Phases and Capabilities.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the CDM program?
What problem does CDM address?
How does the CDM program support Departments and Agencies
Why does CDM focus on Automation?
What is the CDM "Desired State" Specification?
What is the Actual State?
What is a Defect Check?
What is an Assessment Object?
What is a Defect instance?
What is an Object Container?
What is a CDM Security Capability?
How Do 800-53 Controls Map to CDM Security Capabilities?
How do I use the CDM Security Capabilities to Improve Security?
How does CDM relate to NISTs 800-53 Catalogue of Controls?
How does CDM relate to NISTs 800-53 Suggested Control Assessment Methods?
How does CDM relate to NISTs guidance on ISCM (800-137)?
How does CDM relate to NIST guidance on Risk Management 800-30 and 800-39?
How does CDM relate to NISTs RMF?
How does CDM operate in a department or agency?
What is the CDM Concept of Operations?
Where does the "Desired State" Specification come from?
What does the actual state concept in CDM mean for our department or agency?
Where does the Actual State Data come from?
How does CDM discover defects?
How does Scoring work with CDM and how am I affected?
How does CDM know who is responsible for fixing defects?
Will the CDM "System(s)" be A&Aed?
How will CDM sensors affect my Network(s)? Performance? Security?
What are CDM shared services?
Why is CDM divided into phases?
How do the security capabilities fit into phases?
What are the Phase 1 capabilities?
What are the Phase 2 capabilities?
What are the Phase 3 capabilities?
What does the CDM D/A Dashboard provide?
How Does the CDM D/A Dashboard Work with Other D/A Dashboards?
How Do I Get the Information My D/A Needs from the CDM D/A Dashboard?
Course Lifetime ExpiringCDM Module 2: Hardware Asset Management 1 HourSkill Level: Beginner  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining Hardware Asset Management (HWAM) and why it is critical to the implementation of a robust cybersecurity program. The training highlights the criteria for monitoring and managing hardware assets using CDM. It then transitions into HWAM implementation criteria and discusses the generic CDM concept of operations specific to HWAM. Topics covered include Actual State, Desired State, and Defects.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is Hardware Asset Management (HWAM)?
What Are the Purpose and Results?
What Types of Attacks Does HWAM Thwart for Our Organization?
What Objects Does HWAM Assess?
How Does the HWAM Concept of Operations (CONOPS) work?
How Does HWAM Relate to Other Phase 1 Capabilities?
What HWAM Roles and Responsibilities Will My Organization Implement?
How Does an Organization Use the HWAM Capability?
What Techniques Are Used to Search for HWAM Devices?
What Types of Data Does the HWAM Actual State Collect?
What Types of Data Are Used to Identify Network Addressable Devices?
How Do Agencies Get Desired State Specification Data for the HWAM Capability?
What Types of Data Does the HWAM Desired State Specification Collect?
Can Agencies Specify How to Group Results?
What Are the HWAM Defect Checks?
Which HWAM Defect Checks Are at the Federal Level?
Which HWAM Defect Checks Are at the Local Level?
Course Lifetime ExpiringCDM Module 3: Software Asset Management 1.5 HoursSkill Level: Beginner  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining SWAM and why it is critical to the implementation of a robust cyber-security program. It covers new roles and responsibilities which the department or agency (D/A) must implement. It then transitions into SWAM implementation criteria, and discusses the generic CDM concept of operations specific to SWAM Actual State, Desired State, and Defects. It includes high level discussions of software lists (white, gray, black) and how software can be identified and tracked in CDM through the use of Common Platform Enumeration (CPE) and Software Identification (SWID) tags by Software package down to executables.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the Software Asset Management (SWAM) Capability?
What Purpose Does SWAM Serve?
What Types of Results Will SWAM Accomplish?
What Types of Attacks Does SWAM Thwart?
What Objects Does SWAM Assess?
How Does the SWAM Concept of Operations (CONOPS) Work?
How Does SWAM Relate to Other Phase 1 Capabilities?
How Does SWAM Block Many Zero Day and APT Attacks?
What Techniques Are Used to Search for SWAM Devices?
How Does CDM Identify Software Products and Executables?
How Does CDM Use Digital Fingerprints?
What Is a Whitelist?
How Do I Use a Software Whitelist?
What Is a Graylist?
How Do I Use a Software Graylist?
What Is a Blacklist?
How Do I Use a Software Blacklist?
What Does Locational Whitelisting Mean to Me?
What Is a Trust Library and How Does SWAM Use It?
How Is Desired State Specification Determined for Mobile Code in CDM?
How Does SWAM Use Hashes?
How Does SWAM Use Common Platform Enumeration (CPE)?
How Does SWAM Use Software IDs (SWIDs)?
What Are the SWAM Defect Checks?
Which SWAM Defect Checks Are at the Federal Level?
Which SWAM Defect Checks Are at the Local Level?
What Mitigation Options Might My Department or Agency Use with SWAM?
Course Lifetime ExpiringCDM Module 4: Configuration Settings Management .5 HoursSkill Level: Beginner  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by outlining the Cyber Security Manager position (CSM) and highlighting the types of attacks CSM can help prevent. It then transitions into CSM methods and criteria, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how CSM builds upon the other capabilities and how defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Configuration Settings Management Security Capability?
What Types of Results Will CSM Accomplish?
How Does CSM Thwart Attacks?
What Objects Does the CSM Security Capability Assess?
How Does CSM Work?
How Does HWAM and SWAM Support CSM?
What Methods Will CSM Use to Determine Actual State Information?
What Elements Does the Organization Require to Define the Actual State?
How Does CSM Define the Desired State?
What Methods Will CSM Use to Determine Desired State?
What Is a Common Configuration Enumeration (CCE)?
What Is a CSM Defect Check?
Which CSM Defect Checks Are at the Federal Level?
Which CSM Defect Checks Are at the Local Level?
Course Lifetime ExpiringCDM Module 5: Vulnerability Management .5 HoursSkill Level: Beginner  
+ Description
 The course aims to help the student better understand how vulnerability management (VULN) identifies the existence of vulnerable software products in the boundary to allow an organization to mitigate and thwart common attacks that exploit those vulnerabilities.

The course begins by defining VULN, how it applies to the target environment, and how a fully implemented VULN capability impacts a Department or Agency. It then transitions into VULN criteria and methods, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how VULN builds upon the other capabilities areas, the types of defects, and how those defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Vulnerability Management (VULN) Capability?
What Is a CVE (Common Vulnerabilities and Exposures)?
What Is a CWE (Common Weakness Enumeration)?
What Types of Results Will VULN Accomplish?
How Can VULN Thwart Attacks?
What Types of VULN Objects Are Assessed?
How Does the VULN Capability Work?
How Does VULN Relate to SWAM?
How Will My Organization Use the VULN Capability?
What Methods Will VULN Use to Determine Actual State?
What Is the CDM Actual State?
How Does VULN Define the Desired State?
What Methods Will VULN Use to Determine Desired State?
What Is the National Vulnerability Database (NVD)?
What Are the VULN Defect Checks?
Which VULN Defect Checks Are at the Federal Level?
Which VULN Defect Checks Are at the Local Level?
Course Lifetime ExpiringCDM PRIVMGMT: CA PAM for Chief Information Security Officers (LT1) 2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Course Description: This course contains 9 learning tracks:
  • X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • X2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • X3 Account management features which include account reconciliation and password management.
  • X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
  • S2 SailPoint Administration I covers configuring Applications and Tasks.
  • S3 SailPoint Administration II covers Target Applications and Connectors
  • S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X3 Account management features which include account reconciliation and password management.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
S2 SailPoint Administration I covers configuring Applications and Tasks.
S3 SailPoint Administration II covers Target Applications and Connectors.
S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Course Lifetime ExpiringCDM PRIVMGMT: CyberArk for Chief Information Security Officers (LT1) 2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. This course contains 9 learning tracks:
  • C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • C2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • C3 Account management features which include account reconciliation and password management.
  • C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
  • S2 SailPoint Administration I covers configuring Applications and Tasks.
  • S3 SailPoint Administration II covers Target Applications and Connectors.
  • S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support Level 1 - Basic
+ Course Modules/Units
 
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
S2 SailPoint Administration I covers configuring Applications and Tasks.
S3 SailPoint Administration II covers Target Applications and Connectors.
S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Course Lifetime ExpiringCDM PRIVMGMT: CA PAM for Information System Security Officer (LT2) 2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Course Description: This course contains 9 learning tracks:
  • X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • X2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • X3 Account management features which include account reconciliation and password management.
  • X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
  • S2 SailPoint Administration I covers configuring Applications and Tasks.
  • S3 SailPoint Administration II covers Target Applications and Connectors
  • S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X3 Account management features which include account reconciliation and password management.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
S2 SailPoint Administration I covers configuring Applications and Tasks.
S3 SailPoint Administration II covers Target Applications and Connectors.
S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Course Lifetime ExpiringCDM PRIVMGMT: CyberArk for Information System Security Officer (LT2) 2 HoursSkill Level: Beginner
+ Description
  Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for research, develop, implement, test and review an organization's information security in order to protect information and prevent unauthorized access. This course contains 9 learning tracks:
  • C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • C2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • C3 Account management features which include account reconciliation and password management.
  • C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
  • S2 SailPoint Administration I covers configuring Applications and Tasks.
  • S3 SailPoint Administration II covers Target Applications and Connectors
  • S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
S2 SailPoint Administration I covers configuring Applications and Tasks.
S3 SailPoint Administration II covers Target Applications and Connectors.
S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Course Lifetime ExpiringCDM PRIVMGMT: CA PAM for Security Operations Center (LT3) 2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for operating the SOC site which is dedicated to monitoring, assessing, and defending enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints). This course contains 5 learning tracks:
  • X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • X2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
P2 Splunk Integration.
Course Lifetime ExpiringCDM PRIVMGMT: CyberArk for Security Operations Center (LT3) 2 HoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for operating the SOC site which is dedicated to monitoring, assessing, and defending enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints). This course contains 5 learning tracks:
  • C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • C2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
P2 Splunk Integration.
Course Lifetime ExpiringCDM PRIVMGMT: CA PAM for Agency Privileged Users (LT4) 2 HoursSkill Level: Beginner 
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for personnel that access or use credentials which have been granted administrative privileges on one or more systems. This course contains 4 learning tracks that provide Privileged users with
    C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
    C2 General use of the web portal for requesting, accessing and managing privileged credentials.
    C3 Account management features which include account reconciliation and password management.
Training Purpose: Skill Development
Specialty Areas: Knowledge Management
Training Proficiency Area: Level 1 - Basic
+ Course Modules/Units
 
Overview
General Use
Approving Credential Requests
Course Lifetime ExpiringCDM PRIVMGMT: CyberArk for Agency Privileged Users (LT4) 2 HoursSkill Level: Beginner 
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for personnel that access or use credentials which have been granted administrative privileges on one or more systems. This course contains 4 learning tracks that provide Privileged users with
    C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
    C2 General use of the web portal for requesting, accessing and managing privileged credentials.
    C3 Account management features which include account reconciliation and password management.
Training Purpose: Skill Development
Specialty Areas: Knowledge Management
Training Proficiency Area: Level 1 - Basic
+ Course Modules/Units
 
Overview
General Use
Approving Credential Requests
Course Lifetime ExpiringCDM PRIVMGMT: CA PAM for Privileged User Managers (LT5)  2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users. This course contains 8 learning tracks:
  • X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • X2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • X3 Account management features which include account reconciliation and password management.
  • X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
  • S2 SailPoint Administration I covers configuring Applications and Tasks.
  • S3 SailPoint Administration II covers Target Applications and Connectors
  • S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X3 Account management features which include account reconciliation and password management.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
S2 SailPoint Administration I covers configuring Applications and Tasks.
S3 SailPoint Administration II covers Target Applications and Connectors.
S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Course Lifetime ExpiringCDM PRIVMGMT: CyberArk for Privileged User Managers (LT5)  2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users. This course contains 8 learning tracks:
  • C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • C2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • C3 Account management features which include account reconciliation and password management.
  • C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
  • S2 SailPoint Administration I covers configuring Applications and Tasks.
  • S3 SailPoint Administration II covers Target Applications and Connectors
  • S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
S2 SailPoint Administration I covers configuring Applications and Tasks.
S3 SailPoint Administration II covers Target Applications and Connectors.
S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Course Lifetime ExpiringCDM PRIVMGMT: CA PAM for Network Operations Center (LT6) 2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users. This course contains 5 learning tracks:
  • X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • X2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
P2 Splunk Integration.
Course Lifetime ExpiringCDM PRIVMGMT: CyberArk for Network Operations Center (LT6)  2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users. This course contains 5 learning tracks:
  • C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • C2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • P1 Splunk dashboard introduction.
  • P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
P1 Splunk dashboard introduction.
P2 Splunk Integration.
Course Lifetime ExpiringCDM_PRIVMGMT: SailPoint for SailPoint Administrators (LT7) 2 hoursSkill Level: Beginner
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users. This course contains 4 learning tracks:
  • S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
  • S2 SailPoint Administration I covers configuring Applications and Tasks.
  • S3 SailPoint Administration II covers Target Applications and Connectors
  • S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support Level: Basic
+ Course Modules/Units
 
S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
S2 SailPoint Administration I covers configuring Applications and Tasks.
S3 SailPoint Administration II covers Target Applications and Connectors.
S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Course Lifetime ExpiringCDM PRIVMGMT: CA PAM Administrator (LT8) 4 hoursSkill Level: Advanced
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for the overall operation and management of Xceedium. Personnel in this role would perform tasks such as managing users, devices, applications, credentials and disaster recovery scenarios. This course contains 8 learning tracks:
    X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. X2 General use of the web portal for requesting, accessing and managing privileged credentials. X3 Account management features which include account reconciliation and password management. X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. X5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP. X6 Administration II provides users with the ability to create and configure application or services and setup policies. X7 Administration III covers how to run reports and schedule reports, locate/manage log files, perform session management and locate troubleshooting tools. X8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Specialty Areas: Cyber Defense Infrastructure Support Level: Advanced
+ Course Modules/Units
 
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X3 Account management features which include account reconciliation and password management.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
X5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP.
X6 Administration II provides users with the ability to create and configure application or services and setup policies.
X7 Administration III covers how to run reports and schedule reports, locate/manage log files, perform session management and locate troubleshooting tools.
X8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Course Lifetime ExpiringCDM PRIVMGMT: CyberArk Administrators (LT8) 4 hoursSkill Level: Advanced
+ Description
 Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for the overall operation and management of CyberArk. Personnel in this role would perform tasks such as managing users, devices, applications, credentials and disaster recovery scenarios. This course contains 8 learning tracks:
  • C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
  • C2 General use of the web portal for requesting, accessing and managing privileged credentials.
  • C3 Account management features which include account reconciliation and password management.
  • C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
  • C5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP.
  • C6 Administration II (Part 1 and 2) provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design.
  • C7 Administration III covers how to run reports in the PVWA, operate the PrivateArk Client and how to locate and manage log files.
  • C8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Specialty Areas: Cyber Defense Infrastructure Support Level: Advanced
+ Course Modules/Units
 
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
C5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP.
C6 Administration II Part 1 provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design.
C6 Administration II Part 2 provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design.
C7 Administration III covers how to run reports in the PVWA, operate the PrivateArk Client and how to locate and manage log files.
C8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Cisco CCENT Self-Study Prep 13 hoursSkill Level: Intermediate
+ Description
 

This course is a self-study resource to help prepare for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. The course focuses on configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. It includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.

Learning Objectives:

  • Review of objectives for the Cisco Certified Entry Networking Technician certification
  • Supplemental preparation for the Cisco CCENT certification exam

Date: 2016

Training Purpose: Operate and Maintain

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Services Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Switched Networks Part 1 of 2
Switched Networks Part 2 of 2
Collisions and Broadcasts
DEMO: Viewing an ARP Table
Basic Switch Configuration
SSH Operation and Configuration
Configuring Switch Ports
Switch Troubleshooting
Securing a Switch
Best Practices for Switched Networks
DEMO: Making an RJ-45 Cable
VLAN Segmentation Part 1 of 2
VLAN Segmentation Part 2 of 2
VLAN Implementations
VLAN Security and Design
DEMO: Configuring VLANs
DEMO: Demonstrating VLAN Connectivity
Functions of a Router Part 1 of 2
Functions of a Router Demo
Functions of a Router Part 2 of 2
Configuring Basic Router Settings
DEMO: IPv4 and IPv6 Subnetting
Basic Router Settings_IPv6 and Loopback Interfaces
Verifying Connectivity of Directly Connected Networks
Switching Packets Between Networks
Routing Tables and Protocols
DEMO: IPv6 Header Analysis
DEMO: MAC Address Table
DEMO: IPv4 Addresses and Router Interfaces
DEMO: IPv6 Addressing on Router Interfaces
Inter-VLAN Routing Configuration
Layer 3 Switching
Static Routing
Configure Static Routing
Classful Addressing and Routing
Configuring Summary Routes
Troubleshooting Static and Default Routes
DEMO: Static Routing
Dynamic Routing Protocol Operation
Routing Protocol Operating Fundamentals
Types of Routing Protocols
Types of Distance Vector Routing Protocols
Configuring the RIP Protocol
RIPng and Link-State Routing
DEMO: RIP Version 1 and IPv4
DEMO: RIP Version 2 Improvements
DEMO: Setting up RIP for IPv6
Characteristics of OSPF
OSPF Messages
OSPF Router IDs
Configuring and Verifying OSPF
OSPFv2 versus OSPFv3
DEMO: Configuring OSPF
DEMO: Troubleshooting OSPFv2
DEMO: Configuring OSPFv3
DHCPv4 Operation
Configuring and Troubleshooting DHCPv4
DEMO: DHCPv4
SLAAC and DHCPv6
Stateless and Stateful DHCPv6
DEMO: Stateless DHCPv6
NAT Characteristics and Benefits
Types of NAT
Configuring Static and Dynamic NAT
Configuring PAT and Port Forwarding
DEMO: Enabling IPv4 NAT
Configuring and Troubleshooting NAT for IPv6
CCENT Prep Practice Exam
Cisco CCNA Security Self-Study Prep 15 Hours Skill Level: Intermediate
+ Description
 

This course is the follow-up to Cisco CCENT and is aimed to prepare learners for the Cisco CCNA Security exam. Content covered in this course includes protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. The course focuses on a theoretical understanding of network security, knowledge, and skills designed to implement it. This course contains several reinforcing video demonstrations and final exam.

Learning Objectives:

  • Review of objectives for the Cisco Certified Network Associate certification
  • Supplemental preparation for the Cisco CCNA certification exam

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Security Administrator
Operate and Maintain Systems Analysis Systems Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Securing Network Devices
Secure Administrative Access Part 1 of 2
Secure Administrative Access Part 2 of 2
DEMO: Securing Router Access Methods
Role-Based CLI Overview
Password Recovery
Management Reporting and Logging Considerations
Implementing Log Messaging for Security
Configuring NTP
Disabling Unused Cisco Router Network Services and Interfaces
AAA Authentication Methods
Implementing Local AAA Authentication
Implementing Server-Based AAA Authentication
Cisco Secure ACS
Configuring Server-Based AAA Authentication
Server-Based Authorization and Accounting
Implementation Firewall Technologies
Access List Controls (ACLs)
Extended ACLs and ACL Caveats
ACL Placement
Complex ACLs
Troubleshooting ACLs
Securing Networks with Firewalls
Zone-Based Policy Firewalls
CCP Firewall Wizard and Manual ZPF using CCP
DEMO: Enabling IOS Firewall
Implementing Intrusion Prevention Intro
IPS Signatures
Signature Trigger and Action for IPS
Managing and Monitoring IPS
Configuring and Verifying IOS IPS
Securing the Local Area Network Intro
Layer 2 Security Part 1 of 2
Layer 2 Security Part 2 of 2
Mitigating MAC Spoofing and MAC Table Overflow Attacks
Mitigating STP Manipulation
Configuring Storm Control
Mitigating VLAN Attacks
Configuring Cisco Switch Port Analyzer
Private VLAN Edge
Advanced Technology Security Considerations
Wireless Networks
VoIP and SAN Networks
DEMO: Enabling STP with Voiceover
Cryptographic Systems and Hashes
Encryption and Confidentiality
Public Key Cryptography and PKI
VPN Terminology and Topologies
IPSec Frameworks and Key Exchange
IPSec Tasks
Configuring IPsec VPN using CCP
Remote-Access VPNs
Managing a Secure Network and Addressing Risks
Operations Security
Network Security Testing
Continuity Planning
SDLC
Security Policy
ASA Models and Features
Basic ASA Configuration and Settings
Introduction to ASDM
ASA Objects and Object Groups
ACLs for ASA
ASA and NAT
ASA and PAT
ASA AAA
Modular Policy Framework
ASDM Service Policies Demo
ASA VPN Features
ASDM AnyConnect VPN Wizard
DEMO: ASA Console Config
DEMO: ASA GUI Config
DEMO: ASA Traffic Management
CCNA Security Prep Practice Exam
Cloud Computing Security  2.5 HoursSkill Level: Intermediate 
+ Description
 

This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.

Learning Objectives:

  • Define cloud models and components.
  • Apply CSA security guidance and other best practices to cloud deployments.
  • Understand cybersecurity requirements within the Shared Responsibilities model.
  • Prepare for cloud computing governance and compliance challenges.
  • Relate traditional cybersecurity controls to popular cloud solutions.
  • Recognize and prepare for cloud computing threats.
  • Review additional cloud security tools and use cases.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Architecture Security Architect
Securely Provision Systems Development Secure Software Assessor
+ Course Modules/Units
 
Cloud Computing Security Course Overview
Cloud Computing Overview
Cloud Computing Overview Knowledge Check
Building a Cloud
Building a Cloud Knowledge Check
Securing Your Cloud
Cloud Security Basics
Review of Multifactor Authentication
Review of Monitoring and Security Configurations
Options for Securing Within the Cloud
VPC Network ACs and CloudWatch Monitoring
Compute Instance in Google's Cloud Platform
Monitoring and Alerting Options in Google Cloud
Web App and Security Configs in Google Cloud
Use of Microsoft's Platform as a Service
Azure Compute Instance Setup
Securing Your Cloud Knowledge Check
Review of Two NIST Publications on Cloud Computing
Guidance for Critical Areas in Cloud Computing
Cloud Computing Risk Assessment by ENISA
Resources Knowledge Check
 ud Security – What Leaders Need to KnowSkill Level: Beginner  
+ Description
 

This course features National Defense University Professor Robert Richardson who discusses important security and oversight requirements for commercial cloud solutions.

Learning Objectives:

  • Overview of the cloud physically, logically, and architecturally.
  • Discuss cloud deployment models and characteristics.
  • Overview of cloud infrastructure characteristics.
  • Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
  • Cloud software components - microservices & APIs.
  • The driving forces and key technology enablers of commercial cloud services in the Federal Government.
  • Must-have security requirements and policies for cloud solutions.
  • The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
  • Where Federal Government adoption of commercial cloud is now and predictions for the future.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Special
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Requirement Planning Systems Requirements Planner
Securely Provision Systems Architecture Enterprise Architect, Security Architect
+ Course Modules/Units
 
Cloud Security: What Leaders Need to Know – with Professor Robert Richardson
CMaaS Overview 0.5 HoursSkill Level: Beginner
+ Description
 

This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). This course explains how Continuous Monitoring as a Service (CMaaS) relates to the Continuous Diagnostics and Mitigation (CDM) program.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 0 - Introduction

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Lesson 1 - Continuous Diagnostics and Mitigation (Video)
Lesson 2 - The Problem (Infographic)
Lesson 3 - How CDM Phase 1 Capabilities Support CDM Goals (Infographic)
Lesson 4 - How CDM Phase 1 Capabilities Work Together (Infographic)
Lesson 5 - CDM Phase 1 Capabilities Scope (Infographic)
Lesson 6 - Overview of Continuous Monitoring as a Service (Video)
Lesson 7 - How the CDM Capabilities Were Defined
Lesson 8 - ISCM Policy and Guidance Timeline
CMaaS Technical Overview Course 0.5 HoursSkill Level: Beginner
+ Description
 

This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the learner better understand how Continuous Monitoring as a Service (CMaaS) will be implemented in DHS Component networks.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Basic

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Lesson 1: CMaaS Technology Stack Overview (Video)
Lesson 2: Central Management Enclave Firewall Requirements (Infographic)
Lesson 3: Component Management Enclave Firewall Requirements (Infographic)
Lesson 4: Hardware Sensors Firewall Requirements 1 of 2 (Infographic)
Lesson 5: Hardware Sensors Firewall Requirements 2 of 2 (Infographic)
Lesson 6: Software Sensors Firewall Requirements (Infographic)
Lesson 7: Considerations for Initial CMaaS Deployment (Infographic)
Lesson 8: CMaaS Deployment Overview (Infographic)
CMaaS Transition Classroom Sessions 5 HoursSkill Level: Beginner
+ Description
 

This course is part of the CMaaS transitional webinar series conducted via WebEx. Each video focuses on a single tool within the CMaaS solution stack and includes two major Use Cases for each tool.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Basic

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Session 1
Session 2
Session 3
Session 4
Coding 101 5 HoursSkill Level: Beginner 
+ Description
 

This course focuses on the basics of computer programming and how to give a machine a set of instructions to produce a desired behavior. This course also provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write a fully functional code.

Learning Objectives:

  • Define programming.
  • Describe the structure and purpose of major programming paradigms.
  • Explain the difference between high-level and low-level languages.
  • Describe the uses of scripting and compiled languages.
  • State the elements of programming.
  • Explain when to use a variable in programming.
  • List basic data types.
  • State how operators are used in programming.
  • Explain why logic and flow are important in programming.
  • State the purpose of programming frameworks.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Systems Development Systems Developer
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Systems Architecture Security Architect
Securely Provision Technology R&D Research & Development Specialist
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Coding 101 - Review
Course Lifetime ExpiringCompTIA A+ (220-1001) Certification Prep 14 HoursSkill Level: Beginner
+ Description
 

This course is a self-study resource to prepare learners for the CompTIA A+ certification exam. Objectives in the CompTIA A+ 220-1001 cover mobile devices, networking technology, hardware, virtualization and cloud computing, and network troubleshooting.

Learning Objectives:

  • Identify installation, configuration, and maintenance details for PC components, mobile devices, and user applications.
  • Recall basics of networking and security fundamentals.
  • Apply troubleshooting techniques and satisfactory customer support.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Customer Service and Technical Support Technical Support Specialis
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
+ Course Modules/Units
 
Laptops and Mobile Devices
Laptop Expansion Options, Docking and Locks
Laptop Hardware Replacement
Laptop Special Functions and Features
DEMO: Laptop Computer Components
Characteristics of Various Mobile Device Types
Mobile Device Ports and Accessories
Network Services and Protocols
IP Address, Ports, and Protocols Part 1 of 3
IP Address, Ports, and Protocols Part 2 of 3
IP Address, Ports, and Protocols Part 3 of 3
DEMO: Windows Command-Line Tools
Patch Panels, Ethernet Standards and LAN
Wireless Networks and WiFi Standards
Network Devices: Routers
Network Devices: Hubs, Switches and Firewalls
SOHO Network
Network Types
Technologies that Facilitate IoT
IoT Attacks and Mitigation
Wireless Protocols and Signal Modulation
Fiber, Coaxial Cables and Connectors
Display Connector and Cable Types
Computing System Components
Hard Drive Interfaces
Power Supply and Connectors
RAM Basics and Types of RAM
Upgrading and Installing RAM
DEMO: RAM Installation and Verification
Hard Drive Basics
Hard Drive RAID Types
Removable Media
Motherboard Form Factor, Chipset and Components
Motherboard Expansion Slots and Card Installation
Installing New Motherboard
BIOS Components, Configuration, and Settings
DEMO: BIOS Overview
DEMO: Hard Drive Installation and Initializing
PC Configurations
DEMO: Inside Desktop Computer
Central Processing Unit (CPU)
Sockets and Processors
Virtualization and Temperature Monitoring
DEMO: CPU Characteristics and Installation
Common Peripheral Devices
Display Types and Features
Audio/Video Standards
Configuring a SOHO Network
Printer Types
Printer Languages and Installation
Introduction to Cloud Computing
Cloud Architectures
Cloud Security
Virtual Environments
Network Troubleshooting Process
Network Troubleshooting Methodology
PC Troubleshooting Tools
Troubleshooting Common Symptoms of System Issues
Troubleshooting Hardware, Video, Networks and OS
DEMO: Troubleshooting Hard Drives
Troubleshooting Common Video and Display Issues
Troubleshooting Mobile Device Issues
Hardware Tools for Connectivity Issues
Printer and Scanner Maintenance and Troubleshooting
DEMO: Troubleshooting Network Issues
CompTIA A+ 220-1001 Practice Exam
Course Lifetime ExpiringCompTIA A+ (220-1002) Certification Prep 7.5 HoursSkill Level: Beginner
+ Description
 

This course is a self-study resource to help learners prepare for the CompTIA A+ certification exam. Topics in the A+1002 cover installing and configuring operating systems, expanded security, software troubleshooting, and operational procedures.

Learning Objectives:

  • Apply diagnostic and resolution processes to hardware and software issues.
  • Employ device installation and sound troubleshooting and customer support practices.
  • Recall fundamentals of cloud and virtualization deployment strategies.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
+ Course Modules/Units
 
Microsoft Operating System Versions
Understanding Windows Compatibility Risks
File System for iOS Devices
Understanding the Basics of iOS
Understanding iOS Security Architecture
Windows Command-line Tools
DEMO: Windows Command-Line Tools
Demonstration: Windows OS GUI Tools Part 1 of 2
Demonstration: Windows OS GUI Tools Part 2 of 2
Windows Operating System Features Part 1 of 2
Windows Operating System Features Part 2 of 2
Windows OS GUI Tools Best Practices
Demonstration: Creating and Managing Disk Folders
Demonstration: Windows Hidden File Properties
Demonstration: File Structure and Paths
Windows Firewall Zones
Application Events and Security Events
Windows Event Forwarding
Windows Networking and Resource Sharing
Demonstration: Image Backup and Restore on Windows
Demonstration: Linux Commands
Best Practices and Common Features of OS X
Physical Security Concerns and Controls
DEMO: Physical Security
Infrastructure Physical Security
Identification and Authentication Methods
Demonstration: Installing Antivirus
Authentication Services
Malware and Social Engineering Threats
Symptoms, Troubleshooting and Preventing PC Infections
Host Security Controls Part 1 of 2
Host Security Controls Part 2 of 2
Windows 10 Security Features
Mobile Based Social Engineering
Mobile Device Security Best Practices
Data Destruction and Disposal Methods
Configuring a SOHO Network
PC Troubleshooting Tools
Troubleshooting Common Symptoms of System Issues
Troubleshooting System Crash and Failure-to-Boot Issues
Troubleshooting Mobile Device Issues
Safety Procedures and Personal Safety
IT Environmental Controls
Incident Response Concepts
Intellectual Property and Licensing
Professional Communication and Troubleshooting Theory
Procedures Supporting Policy
Scripting Basics Overview
CompTIA A+ 220-1002 Practice Exam
Course Lifetime ExpiringCompTIA Network+ N10-007 18 HoursSkill Level: Beginner
+ Description
 

This self-study resource is designed to help learners prepare for the CompTIA Network+ 10-N007 certification exam. This course is focused on IT infrastructure and networking concepts for junior to mid-level IT professionals in the cyber workforce. Objectives include network operations, security, troubleshooting and tools, as well as infrastructure support.

Learning Objectives:

  • Design and implement a functional network.
  • Configure, manage, and maintain network security, standards, and protocols.
  • Troubleshoot network issues.
  • Create and support virtualized networks.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Net+N100-007 Introduction
Ports and Protocols Part 1 of 2
Ports and Protocols Part 2 of 2
OSI Layers
Properties of Network Traffic
VLANs and VTP
Routers and Routing Protocols
Routing Tables and Types
IP Addressing – IPv6
Traffic Filtering and Port Mirroring
Network Performance Optimization
IP Addressing Components
Subnetting
Network Topologies
Technologies that Facilitate IOT
Wireless Standards Part 1 of 2
Wireless Standards Part 2 of 2
DEMO: Wireless Architecture
Introduction to Cloud Computing
Cloud Security
DNS Service
Dynamic Host Configuration Protocol (DHCP)
Ethernet Standards
Cables and Wires
Cable Termination and Fiber Optic
DEMO: Cables and Connectors
Firewall Implementations
Network Components – Hubs and Switches
DEMO: Contrasting Hubs, Switches,VLANS
Router Setup and MAC Filtering
Installing and Configuring Wireless Networks
SOHO Network
Telephony, VoIP
Network Security Appliances IDS
Advanced Security Devices
Virtual Environments
Network Storage Connection Types
Network Storage and Jumbo Frames
Wide Area Network Technologies
Configuration Management Documentation
Business Continuity and Disaster Recovery
Fault Tolerance and Availability Concepts
Maintainability: MTTR and MTBF
Security Device and Technology Placement
DEMO: Introduction to SNMP
Network Access Security
Remote Access Methods
Operations Policies and Best Practices
Mobile Device Deployment Models
Physical Security Devices
Authentication Services
PKI Public Key Infrastructure
Examples of PKI Use
Network Access Control
Wireless Encryption and Authentication
DoS and MITM Attacks
Wireless Threats and Mitigation
Understanding Insider Threat
DEMO: Malware and Social Engineering Threats
Hardening Network Devices
Switch Loop Protocol
Network Segmentation and Design
Honeypot
Corporate Penetration Testing
Network Troubleshooting Methodology
Hardware Tools for Connectivity Issues
Software Tools for Connectivity Issues
DEMO: NSlookup Dig Google Toolbox
Physical Connectivity Problems
Cable Troubleshooting
Wireless Troubleshooting
Troubleshooting Routers and Switches
Technologies that Facilitate IOT
Network+ N10-007 Exam
Critical Infrastructure Protection 2 HoursSkill Level: Beginner   
+ Description
 

This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.

Learning Objectives:

  • Define and give examples of critical infrastructure.
  • Identify possible cyber threats to critical infrastructure.
  • Describe U.S. cybersecurity policies and programs.
  • Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Analyst
Operate and Maintain Systems Development Information Systems Security Developer
Oversee and Govern Strategic Planning and Polic Cyber Policy and Strategy Planner
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Securely Provision Systems Architecture Systems Architect
Securely Provision Technology R&D Research & Development Specialist
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Systems Development Systems Developer
+ Course Modules/Units
 
Critical Infrastructure Protection
Creating a Computer Security Incident Response Team (CSIRT)  3 HoursSkill Level: Beginner 
+ Description
 

This course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. This course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. An attendee workbook is included with questions and exercises to use in conjunction with the training.

Learning Objectives:

  • Understand the function of Computer Security Incident Response Teams (CSIRTs) and the philosophy behind them.
  • Understand the role of CSIRT in the incident management process.
  • Identify the requirements to establish an effective CSIRT.
  • Appreciate the key issues and decisions that must be addressed when creating a CSIRT.
  • Learn to strategically plan the development and implementation of your CSIRT.

Date: 2017

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
+ Course Modules/Units
 
Create a Computer Security Incident Response Team
Defining Incident Management Part 1 of 2
Defining Incident Management Part 2 of 2
Defining CSIRTs
Types of CSIRTs
Setting the Context
Defining Your Framework Part 1 of 2
Defining Your Framework Part 2 of 2
Capability Strategies
CSIRT Components
CSIRT Components: Organizational Issues
CSIRT Components: Resources
Range and Level of Services
Policy and Procedure Examples
Range and Level of Services Summary
Ideas for Your Action Plan
Taking the Next Steps
CSIRTs Resource Overview
Cryptocurrency for Law Enforcement 2 hoursSkill Level: Beginner
+ Description
 

This course covers the history, risks, and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.

Learning Objectives:

  • Define cryptocurrency and compare it to traditional currency.
  • Describe the history of cryptocurrency.
  • State the elements of a cryptocurrency transaction and their roles.
  • Describe safety measures taken to protect cryptocurrency.
  • Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement.
  • Evaluate apps and websites that could be linked to cryptocurrency.
  • Compare degrees of anonymity of various cryptocurrencies.
  • Compare legal and illegal uses of cryptocurrency.
  • Evaluate the legality of different cryptocurrency scenarios.
  • Identify notable cases of illegal uses of cryptocurrency found in recent headlines.

Date: 2019

Training Purpose: Investigate

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Cyber Investigation Cyber Crime Investigator
Investigate Digital Forensics Cyber Defense Forensics Analyst
+ Course Modules/Units
 
Introduction to Cryptocurrency for Law Enforcement
Cyber Awareness Challenge 2019 1 hourSkill Level: Beginner
+ Description
 

This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of and stay current on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure and stay abreast of changes in general cybersecurity policies.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

+ Course Modules/Units
 
Cyber Awareness Challenge
Cyber Dark Arts 3 HoursSkill Level: Intermediate  
+ Description
 

This course highlights 'dark' or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks. The course includes reinforcing video demonstrations.

Learning Objectives:

  • Explain several techniques for obfuscating online activities.
  • List examples of technologies leveraged for deceptive purposes.
  • Detail best practices for prevention and protection from malicious cyber activities.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operations Cyber Operator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Cyber Dark Arts
Weaponized Psychology
DEMO: Password Cracking Using Hydra
Scanning for Vulnerable Devices and Networks
Anonymous Web Hosting, Searching, and Browsing
Alternative Operating Systems
Tails, Whonix, and Qubes
Secure Messaging Services
Blockchain and Cryptocurrency
DEMO: Blockchain and Cryptocurrency
DEMO: Iodine IP over DNS
DEMO: TOR versus Traditional Tunneling
Advanced Persistent Threats
Cyber Dark Arts Exam
CyberEssentials 1 HourSkill Level: Beginner
+ Description
 

This course focuses on how leaders can develop actionable items to start implementing organizational cybersecurity practices and introduces the six essential elements of building a culture of cyber readiness.

Learning Objectives:

  • Identify actionable items to reduce your organization's cyber risks through a holistic approach.
  • Identify the six essential elements of building a culture of cyber readiness.
  • Identify the steppingstones to building a culture of cyber readiness.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Oversee and Govern Strategic Planning and Policy Strategic Planning and Policy Planner
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition Program Manager
Oversee and Govern Cybersecurity Management Information Systems Security Manager
+ Course Modules/Units
 
CyberEssentials - 1 Hour
Cyber Fundamentals for Law Enforcement Investigations 8 HoursSkill Level: Beginner 
+ Description
 

This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.

Learning Objectives:

  • Describe essential computing communication concepts.
  • Identify digital evidence sources and handling.
  • Apply techniques to examine applications for target information.

Date: 2017

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Investigate Digital Forensics Cyber Defense Forensics Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
Cyber Investigation Course Intro
Cyber Crimes versus Traditional Crimes
Cyber Laws Overview
Logical and Physical Addresses
Dissecting a Data Packet
How Computers Connect
IP Addresses and Domain Names
IP Addresses
Domain Naming
NSlookup Dig Google Toolbox
Digital Artifacts Basics
Site Survey and Collection
Determining Sophistication
Time Standardization
Requesting Digital Forensic Artifacts
Footprinting
Handling Untrusted or Unknown Files
Setting Up an Analysis Environment
Examining Images
Intro to Encryption
Detecting Encryption
Malware Awareness
Malware Propagation
Malware History
Remote Access
Understanding Insider Threat
Introduction to Peer-to-Peer
Advanced IP Tunneling Overview
TOR versus Traditional Tunneling
Iodine IP over DNS
Email Analysis
Phishing Message Analysis
Online Auctions
Open Source Searches Using Facebook
Open Source Searches Using Twitter
Google FU
Cyber Investigations Exam
Domain Information Lookup
Examining EXIF Data and Images
Computing and Comparing Hash Values
File Search Techniques
Open Source Twitter Searches
Cybersecurity Analyst 12.5 HoursSkill Level: Intermediate 
+ Description
 

The Cybersecurity Analyst course is designed to help reinforce concepts for cyber work roles that require monitoring and information analysis to respond to suspicious events. This intermediate-level course focuses on defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies to detect and respond to threats.

Learning Objectives:

  • List common cyber threats and examples of scanning and assessment tools and techniques to identify potential vulnerabilities.
  • Analyze data from various sources to identify vulnerabilities and recommend strategies for mitigation.
  • Configure and implement threat detection tools to detect incidents, and effectively respond and recover.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat Analyst
Protect and Defend Cybersecurity Defense Analysis Cyber Defense Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analysts
+ Course Modules/Units
 
Reconnaissance
Port Scanning for Active Reconnaissance
Environmental Reconnaissance Tools
Social Engineering for Reconnaissance
Network Mapping for Active Reconnaissance
Syslog
Reviewing Alerts/Detecting Attack Phases
Common Tasks in Environmental Reconnaissance
Environmental Reconnaisannce Variables
Basic Packet Analysis
Methods of Network Traffic Analysis
Network Traffic Analysis
Netflows
Working with Netflows
Netflow Tools
Examining Log Files
Data Correlation and Analytics
Analyzing Device Data
SIEM
DEMO: Wireshark Packet Analyzer
Hardening Network Devices
Network Segmentation and Design
Honeypot
Endpoint Security
Windows Group Policy
Access Control Models
Remote Authentication - Radius and Tacacs+
Hardening Host and Networked Systems
Compensating Controls
Corporate Penetration Testing
Reverse Engineering Purpose and Practice
Team Training and Exercises
Risk Evaluation and Security Controls
Vulnerability Assessment Introduction
Vulnerability Management Requirements
Vulnerability Scanner Configuration
Vulnerability Assessment Tools
Scanning and Enumeration with Nmap
Intro to Vulnerability Scanning with Nessus
Vulnerability Remediation
Scanning and Report Viewing with OpenVAS
Endpoint and Protocol Analysis
Logging Strategies and Sources
Reviewing, Analyzing and Correlating Logs
Network Vulnerabilities
System Vulnerabilities
Web Application Vulnerabilities
Wireless Network Vulnerabilities
Virtual Infrastructure Vulnerabilities
Threats to Mobile Devices
ICS and SCADA Systems Security
Malware and Social Engineering Threats
Preparing for Impact Analysis
Forensics Kit and Incident Response
Forensic Investigation Suite
Setting Up an Analysis Environment
Communication During Incident Response
Common Symptoms of Host Infection
Incident Response and Recovery Part 1 of 2
Incident Response and Recovery Part 2 of 2
Regulatory Compliance and Frameworks
Control Selection Tailoring and Implementation
Verification and Quality Control
Procedures Supporting Policy
Enterprise Network Authentication Part 1 of 2
Enterprise Network Authentication Part 2 of 2
Cross-site Scripting and Other Exploits
Privilege Escalation Exploit
Technical Processes and Controls
Software Development Models and SDLC
Code Review and Testing
Secure Coding Best Practice Resources
Preventative Cyber Tools
Collective Cyber Tools
Analytical Cyber Tools
Exploit Cyber Tools
Forensics Cyber Tools
Course Test
Cyber Security Investigations 9 HoursSkill Level: Beginner  
+ Description
 

This course discusses the basic concepts of cybersecurity and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques, and tools in support of cyber security investigations.

Learning Objectives:

  • Understand the process of integrating forensics collection and analysis program into an organization.
  • Recognize concepts involved in the Forensic Process.
  • Apply necessary preparation to perform collections and incident response according to best practices.
  • Understand methods, goals and objectives for digital forensic collection activities.
  • Apply techniques and tools for conducting evidence collection, triage, and log analysis.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operations Cyber Operator
Investigate Cyber Investigation Cyber Crime Investigator
Investigate Digital Forensics Cyber Defense Forensics Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Purpose of Computer and Network Forensics
Digital Forensics Tools
Forensics Team Staffing Considerations
Digital Forensics Guidelines, Policies, and Procedures
Digital Forensics Life Cycle
Digital Forensics Best Practices
Digital Forensics Concepts
Locard's Exchange Principle
Incident Response Phases Part 1 of 3
Incident Response Phases Part 2 of 3
Incident Response Phases Part 3 of 3
Computer Forensics Process Part 1 of 2
Computer Forensics Process Part 2 of 2
Digital Forensic Planning and Preparation
IR and Digital Forensics Tools
Forensically Prepared Media, Tools and Equipment
Incident Response Information Gathering
Incident Response Acquisition Considerations
Incident Response Notes and Documentation
Auditing Windows Event Logs
Volatile Data Collection
Storage Media Collection
Network Data Collection
Log Collection
Data Carving using FTK
Digital Forensic Triage Overview
Incident Triage Process
Incident Triage Methodology
Attacker Methodology Overview Part 1 of 3
Attacker Methodology Overview Part 2 of 3
Attacker Methodology Overview Part 3 of 3
Triage: Light and General Collections
Triage Analysis
Triage Analysis of Volatile Data
Program Execution
Analyzing Services
Malware Vectors and Detection
Mobile Device Triage Analysis
IR: Following a Trail
Hash and File Signature Analysis
Time Analysis
Registry Analysis
File Analysis Demonstration
Hashing with md5deep
Hash Analysis with Autopsy
Lessons Learned from an Incident
Lessons Learned from Objective and Subjective Data
Evidence Retention and Information Sharing Post Incident
Cyber Security Investigations Exam
Cyber Security Overview for Managers 6 HoursSkill Level: Beginner
+ Description
 

This course is designed for managers and other stakeholders who may be involved in decision making regarding their cyber environment, but do not have a strong technical background. Discussions will not focus on specific technologies or implementation techniques, but rather cybersecurity methodologies and the framework for providing a resilient cyber presence. The course aims to help managers better understand how people and devices work together to protect mission-critical assets and more effectively evaluate their cyber posture.

Date: 2012

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Management
Oversee and Govern Program/Project Management and Acquisition Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
+ Course Modules/Units
 
Cyber Security Overview Course Introduction
Key Concepts in Cyber Security Part 1 of 2
Key Concepts in Cyber Security Part 2 of 2
Cyber Security Role in Culture, Vision, and Mission
Roles and Responsibilities in Cyber Security Part 1 of 2
Roles and Responsibilities in Cyber Security Part 2 of 2
Cyber Security Governance
Cyber Security and Federal Guidelines
Impact and Limitations of Laws
Threat Actors
Common Threats to Cyber Security Part 1 of 2
Common Threats to Cyber Security Part 2 of 2
Mobile Security and Mobile Threats
Cyber Security and Cloud Computing
Controls, Countermeasures, and Cyber Security
Risk Management Overview
Determining Critial Assents and Processes
Asset Criticality Demo
Risk and Threats and Vulnerabilities
Determining Risk and Impact
Risk Mitigation Strategy
Risk Assessment Methodologies
Incident Handling and Business Continuity
Business Continuity Plans and Procedures
Disaster Recovery Plans and Procedures
Cyber Security Overview Course Quiz
Cybersecurity for Technical Staff 17.5 HoursSkill Level: Beginner 
+ Description
 

This course highlights best practices applicable to a wide variety cybersecurity job roles. Topics include risk management, architecture and design, and tools and technologies. This course also covers key concepts for detecting, protecting, and defending from security threats.

Learning Objectives:

  • List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities.
  • Explain how various tools and technologies are configured or deployed to support an organization's security posture.
  • Detail risk management best practices and mitigation strategies.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Malware: Viruses
Malware: Rootkits, Trojans, Botnets
MITM, DoS, Packet Flooding and Other Attacks
Backdoor, Spoofing, Replay and Other Attacks
Password, Birthday, Crypto and Application Attacks
Social Engineering Techniques
Wireless Attacks
Application Attacks
Threat Actors
Assessment Tools and Techniques
Active and Passive Reconnaissance
Security Testing and Assessment
Firewall Implementations
Proxy Server Implementations
Hubs and Switches
Routers and Routing Protocols
Remote Access and VPNs Part 1 of 2
Remote Access and VPNs Part 2 of 2
Network Intrusion Detection Systems
Host-Based Intrusion Detection Systems
Password Cracking Categories and Tools
Password Cracking Techniques
DEMO: Local Information Gathering Tools
DEMO: Network Connectivity Testing Tools
DEMO: Remote Information Gathering Tools
Mobile Device Security
Mobile Device Deployment
Network Security Protocols
Network Services and Protocols
Frameworks and Reference Architectures
Network Zones
Demilitarized Zones (DMZ) Implementations
Security Device and Technology Placement
Host Security: OS Hardening and Firewalls
Host Security: Anti Virus, Malware and Spam
Host Security: Pop Ups and Patch Management
Secure Static Environment
Secure Staging Deployment Concepts
Cloud and Virtualization Concepts
Cloud Architectures
Host Security: Virtualization
Resiliency and Automation to Reduce Risk
Physical Security and Environmental Controls
Access Control Categories
Authentication Services
Access Control Models
Authentication and Authorization Concepts
Biometric Authentication
Account Management
Identity Management
Security Awareness and Training
Risk and Related Concepts
Risk and Asset Identification
Threat and Risk Calculation
Risk Control Types
Security Control Types and Categories
Basic Forensics Procedures
Incident Handling and Forensics
Incident Response Preparation
Risk Management: Business Continuity
Risk Management: Redundancy and Fault Tolerance
Risk Management: Disaster Recovery
Risk Mitigation Strategies
Data Security
Data Destruction and Disposal Methods
Data Sensitivity and Handling
Mitigation and Deterrence: Logging
Mitigation and Deterrence: Hardening
Mitigation and Deterrence: Network Security
Mitigation and Deterrence: Attack Countermeasures
Cryptography Part 1 of 2
Cryptography Part 2 of 2
Wireless Security Evolution
Wireless Security Best Practices
Cryptographic Keys and PKI
Course Test
Cyber Supply Chain Risk Management 2 HoursSkill Level: Beginner  
+ Description
 

This course focuses on cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will explain how to securely provision, analyze, oversee and govern, protect and defend a supply chain.

Learning Objectives:

  • Describe product supply chains and life cycles.
  • Identify the role of adversaries in supply chain risk management.
  • Define the risks associated with supply chains.
  • State the principles of supply chain management.
  • Identify security measures taken to protect a supply chain.
  • Apply suggested tools to address supply chain vulnerabilities.
  • Explain how knowledge of the "internet of things" (IoT) is used to evaluate products as IoT devices.
  • Recognize potential dangers posed by various devices brought to work.
  • Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR).
  • Define how to personally safeguard your organization’s cybersecurity.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/Warning Analysis
Analyze Targets Target Developer, Target Network Analyst
Oversee and Govern Program/Project Management and Acquisition Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Securely Provision Software Development Software Developer
Securely Provision Systems Development Systems Developer
+ Course Modules/Units
 
Supply Chain Risk Management
DB Evaluations using AppDetectivePro and dbProtect 1.5 HoursSkill Level: Beginner
+ Description
 

This course focuses on basic database security concepts and methodology. This course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage, or unauthorized modification of data.

Learning Objectives:

  • Understand importance of database security.
  • Understand how tools such as AppDetectivePRO and db-Protect can be used to evaluate a database's security posture.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Systems Development Systems Developer
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Importance of Databases Security
Databases Security Methodology
AppDetectivePRO Overview
DbProtect Overview
DbProtect Deployment Model
DbProtect Features
DbProtect Demonstration
Demilitarized Zone (DMZ) with IDS/IPS 9 HoursSkill Level: Intermediate 
+ Description
 

This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. This course focuses on best practices for designing and implementing a DMZ and includes a section on Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) that provides an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.

Learning Objectives:

  • Present an overview of the DMZ security model and key components.
  • Discuss DMZ structure, purpose, and operation.
  • Present different models for implementation to meet network requirements.
  • Discuss the network threats that a DMZ can detect and mitigate.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration Systems Administrator
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
+ Course Modules/Units
 
Demilitarized Zone (DMZ) Introduction
DMZ Architecture
DMZ Components: Firewalls Part 1 of 2
DMZ Components: Firewalls Part 2 of 2
Setting up a DMZ using IPTables Demo
DMZ Components: IDS
DMZ Components: IDS/IPS Placement
DMZ Components: Proxy Servers
DMZ Components: Network Servers
DMZ Architectures
Attacking the DMZ Part 1 of 2
Attacking the DMZ Part 2 of 2
DMZ Attack Types Part 1 of 2
DMZ Attack Types Part 2 of 2
DMZ: Open Source vs Commercial Implementations
DMZ: Software Subscription Services
Open Source DMZ Tools Part 1 of 2
Open Source DMZ Tools Part 2 of 2
Proxy Concepts
DNS Concepts
Web Server Concepts
E-mail Relay and VPN Concepts
DMZ and Commercial Software - Part 1
DMZ and Commercial Software - Part 2
Security Capabilities in a DMZ
Security Capabilities in Procmail Demo
Network Security Appliances IDS
Snort Intro and Overview
Using BASE w Snort DB
Snort Demo
Log Mgmt and Analysis Concepts
SYSLOG Basics
Using Swatch Overview
Log Management Best Practices
Proxy and DNS Log File Concepts
Analyzing Proxy and DNS Log Files
DMZ with IDS/IPS Course Quiz
DNSSEC Training Workshop 2 HoursSkill Level: Advanced 
+ Description
 

This course covers the basics of Domain Name System Security Extensions (DNSSEC), how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.

Learning Objectives:

  • Discuss DNSSEC and supporting mechanisms.
  • Sign a DNS zone.
  • Configure Delegation Signer (DS) resource records.
  • Set up a Secure Resolver.
  • Discuss server operational considerations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Systems Architecture Security Architect
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
+ Course Modules/Units
 
DNSSEC Introduction
DNS Resolution Steps
DNS Vulnerabilities and Security Controls
DNSSEC Mechanisms
DNS Resource Records (RR)
Special DNS Resource Records
DNS Zone Signing
Secure DNS Zone Configuration-DNSSEC Key Generation
Prepare the DNS Zone File for Signing
Signing the DNS Zone file
Publishing a signed zone
Testing a signed zone
Testing a signed zone through a validator
DNSSEC Chain of Trust
Setting Up A Secure Resolver
Adding a trusted key
Securing the last hop
ZSK Rollover
Using pre-published keys
KSK Rollover
Conclusions
Don't Wake Up to a Ransomware Attack 1 HoursSkill Level: Beginner 
+ Description
 

Ransomware attacks hit a new target every 14 seconds: shutting down digital operations, stealing information and exploiting businesses, essential services and individuals alike. "Don't Wake Up to a Ransomware Attack" provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to prevent, mitigate, and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

  • Definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time
  • Common signs of a ransomware attack and how to respond if an attack is suspected
  • Guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack
  • Case studies demonstrating the impacts of ransomware attacks
  • A concluding Knowledge Check to reinforce understanding and key takeaways

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from ransomware cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

  • Define ransomware
  • Be able to identify signs of a ransomware attack
  • Learn mitigation steps of ransomware attacks
  • Understand how to recover from a ransomware attack
  • Understand impacts of ransomware attacks though case studies

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Data Administration Data analyst, database administrator
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Don’t Wake Up to a Ransomware Attack
Dynamic Testing using HPE WebInspect 1.5 hoursSkill Level: Beginner
+ Description
 

This course introduces learners to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect to perform and manage dynamic security vulnerability testing and address results from a developer’s perspective/cybersecurity professional's perspective.

Learning Objectives:

  • Understand how dynamic testing tools work on web-based applications.
  • Utilize dynamic testing tools to find common Weakness Enumeration.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Systems Development Systems Developer
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Application Security
WebInspect Dynamic Analysis
Installing WebInspect
Run a WebInspect Scan
WebInspect Demonstration
Policy Manager Demonstration
Default Settings Demonstration
Reports
Application Settings and Tools
Comparing Scans
Testing in a Closed versus Open Network
WebInspect Agent, Web Services
Elections and IT Embrace your role as a Manager - 3.5 HoursSkill Level: Beginner  
+ Description
 

This course is a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS) and provides an opportunity to learn why election officials must view themselves as IT managers. The course serves as an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of interconnected electronic election systems, including public-facing websites. The content introduces the key concepts of identifying vulnerabilities and how to protect election systems from internal and external threats and provides information on cybersecurity resources available from the EAC and DHS.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Incident Response Cyber Defense Incident Responder
Securely Provision Risk Management Authorizing Official/Designating Representative
+ Course Modules/Units
 
Professionalizing Election Admin Intro
Being an IT Manager
Election Systems
Procuring IT
Testing and Audits
Election Security
Principles of Information Security
Cybersecurity and Elections
Risk Management and Elections
Phishing and Elections
Election Infrastructure Security
DHS Cyber Security Tools and Services
EAC Resources
The Election Official as IT Manager 4 HoursSkill Level: Beginner  
+ Description
 

This course focuses on why Election Officials must view themselves as IT systems managers and introduces the knowledge and skills necessary to effectively function as an IT manager. Th ecourse includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The content also covers Social Media and Website best practices, vulnerabilities, and liabilities, and addresses Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, this course includes a review of resources available to the election community from the Department of Homeland Security.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Incident Response Cyber Defense Incident Responder
Securely Provision Risk Management Authorizing Official/Designating Representative
+ Course Modules/Units
 
Professionalizing Election Admin Intro
Being an IT Manager
Election Systems
Technology and the Election Office
Procuring IT
Testing and Audits
Election Security
Principles of Information Security
Physical Security
Cybersecurity and Elections
Human Security
Risk Management and Elections
Incident Response Scenarios and Exercises
Phishing and Elections
DDOS Attacks and Elections
Website Defacing
Election Infrastructure Security
DHS Cyber Security Tools and Services
EAC Resources
Emerging Cyber Security Threats 12 HoursSkill Level: Intermediate   
+ Description
 

This course covers a broad range of cybersecurity elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. It will cover what the policies are, the roles it plays in cybersecurity, how they are implemented. The course will also look at cybersecurity laws, standards, and initiatives. Topics include policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analysis
Operate and Maintain Systems Administration Systems Administrator
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Introduction to Cybersecurity Policy
Types of Security Policy
Policy Education and Implementation
Cybersecurity Laws
Proposed Legislation
NIST Cybersecurity Standards
Other Cybersecurity Standards
Comprehensive National Cybersecurity Initiatives (CNCI)
Other Federal Cybersecurity Initiatives
Implementing Cybersecurity Initiatives
SPAM
Malware Trends
Botnets
Monetization
Cyber Attack Profiles
Cyber Crime
Cyberwarfare
Cyber Attack Attribution
Cyber Threat Mitigation
Mobile Device Trends
Mobile Device Threats
Mobile Device Countermeasures
Exploited Threats
What is Cloud Computing?
Technical Risks
Operational Risks
Risk Mitigation Strategies
DISA Cloud Solutions
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
IPv6 Concepts
IPv6 Threats
IPv6 Network Reconnaissance
DEMO: IPv6 Network Reconnaissance
IPv6 Network Recon Mitigation Strategies
IPv6 Network Mapping
DEMO: IPv6 Network Mapping
IPv6 Network Mapping Mitigation Strategies
IPv6 Neighbor Discovery
DEMO: IPv6 Address Assignment
IPv6 Attacks
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Attack Mitigation Strategies
IPv6 Tunneling
IPv6 Windows Teredo Tunneling
IPv6 Tunneling Mitigation Strategies
IPv6 Best Practices
Enterprise Cybersecurity Operations 24 HoursSkill Level: Intermediate   
+ Description
 

This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.

Learning Objectives:

  • Describe risk management's role in the enterprise and mitigation strategies for specific threats.
  • Detail implementing network security strategies and controls for connected devices.
  • Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
  • List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Collect and Operate Cyber Operations Planning Cyber Ops Planner
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Risk Management Security Control Assessor
Securely Provision Systems Architecture Enterprise Architect
+ Course Modules/Units
 
Configuration Strategies w/ Spec Compon
Cryptographic Terms and Implementations
Cryptographic Tools and Techniques Part 1 of 2
Cryptographic Tools and Techniques Part 2 of 2
Hybrid Encryption in SSL Demo
Encryption Limitations and Key Length Part 1 of 2
Encryption Limitations and Key Length Part 2 of 2
DEMO: Volume and File Encryption
Hash Functions and Algorithms
Digital Signatures
Digital Certificate Elements
CAs and Public Key Infrastructure
Origins For Cryptographic Standards
Virtual Networking
Intro to Virtualized Computing Part 1 of 2
Intro to Virtualized Computing Part 2 of 2
VLANs and Switching
Storage Types and Considerations
Enterprise Storage
Enterprise Storage Connection Terms
Enterprise Storage and RAID
Securing iSCSI and FCoE and Managing Storage
Network Security Concepts
Network Zones and Remote Access
NW Components Routers and Firewalls Part 1 of 2
NW Components Routers and Firewalls Part 2 of 2
NW Components Intrusion Detection Systems
Networked-based IDS and IPS Deployment
Securing Wireless Part 1 of 2
Securing Wireless Part 2 of 2
DMZ Components
Web Services Concepts
Web Servers and DNS
Securing DNS Best Practices
Proxy Servers and SMTP Relay
NAT and PAT
Infra Design : Firewalls and Proxies
Infra Design : IDS and IPS
Infra Design : Syslog and SIEMs
Infra Design : Switch and Router Security
Infra Design : VPNs and SNMP
SCADA Environments
Application Security : VTC and VoIP
Application Security : Databases and Web Services
Application Security : IPv6
Physical Security Concerns and Controls
Host Security Controls Part 1 of 2
Host Security Controls Part 2 of 2
Web Application Security Design
DEMO: Whitelisting and Blacklisting
Specific Application Issues
Client side vs Server side Processing
Analyzing Business Risk
Risk Management in New Business Models
Risk Mitigation Strategies and Controls
Security Impact of Inter Organizational Change
Calculating Risk Exposure
Incident Response Concepts
Incident Response and Recovery Process
Privacy Policy and Procedures Part 1 of 2
Privacy Policy and Procedures Part 2 of 2
Assessment Tools
Assessment Methods
Assessment Methodologies
Cybersecurity Benchmarks
Security Metrics
Situational Awareness
Analyzing Industry Trends Part 1 of 3
Analyzing Industry Trends Part 2 of 3
Analyzing Industry Trends Part 3 of 3
Applying Analysis to Improve Enterprise Security Part 1 of 4
Applying Analysis to Improve Enterprise Security Part 2 of 4
Applying Analysis to Improve Enterprise Security Part 3 of 4
Applying Analysis to Improve Enterprise Security Part 4 of 4
Integrating Enterprise Disciplines Part 1 of 2
Integrating Enterprise Disciplines Part 2 of 2
Security Controls for Communication and Collaboration
Adv Authentication Tools and Techniques
Software Development Models
System Dev Life Cycle and CS
IT Governance
Cloud based Deploy Models
Cloud Security
Identity Management
Securing Virtual Environments Part 1 of 3
Securing Virtual Environments Part 2 of 3
Securing Virtual Environments Part 3 of 3
Enterprise Storage Advantages and Security Measures
Enterprise Network Authentication Part 1 of 2
Enterprise Network Authentication Part 2 of 2
Practice Exam
 RAMP — A Leader's Dashboard for ComplianceSkill Level: Beginner  
+ Description
 

In this hour-long webinar National Defense University Professor Roxanne Everetts discusses some key leadership decisions around using Federal Risk and Authorization Management Program (FedRAMP) solutions. FedRAMP is a unique government cloud - it is a combination of cloud security, cybersecurity, and risk management.

Learning Objectives:

  • Explain FedRAMP and why Federal agencies use FedRAMP. (Hint: It's the law!)
  • Discuss knowledge key leaders need for cloud solutions, including: FedRAMP structure, how it helps, and how agencies can leverage it.
  • Describe the FedRAMP governing bodies.
  • Examine the roles of Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) as FedRAMP participants.
  • Identify agency responsibilities, which include ensuring they have an Authority to Operate (ATO) letter on file with the FedRAMP Program Management Office (PMO).
  • Explore the FedRAMP Security Framework (SAF), based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37.
  • Use the FedRAMP Marketplace to find services that meet agency needs. Any service listed in the Marketplace meets federal security requirements and has already been authorized.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Requirement Planning Systems Requirements Planner
+ Course Modules/Units
 
FedRAMP: A Leaders Dashboard for Compliance – with Professor Roxanne Everetts
Foundations of Cybersecurity for Managers 2 HoursSkill Level: Beginner 
+ Description
 

This course is designed for managers and other stakeholders who may be involved in decision making that would include considerations for security in a cyber environment but do not have a strong technical background. Discussions focus on cybersecurity concepts and methodologies that are part of building a resilient cyber enterprise. This course explains how people and technology work together to protect mission-critical assets, and the frameworks leveraged to assess and apply security controls. Beginning with governance, laws, and regulations, the course progresses into threats to the environment and identifying corresponding controls and countermeasures, concluding with strategies for business continuity.

Learning Objectives:

  • Know key concepts of cybersecurity and its relation to the business mission.
  • Recall risk management strategies and related frameworks.
  • Identify how cloud services are leveraged and pros and cons of doing so.
  • Describe common threats, threat actor types, and mitigation techniques.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operational Planning Cyber Ops Planner
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition Program Manager
+ Course Modules/Units
 
Cybersecurity Introduction
Cybersecurity Workforce
Cybersecurity Governance
Cybersecurity Guidance Resources
Laws and Cybersecurity
Common Cyber Threats
Threat Actors
Cybersecurity and Mobile Devices
Security Controls
Security Tools and Measures
Introduction to Cloud Computing
Cloud Architectures and Deployment Models
Cloud Threats and Attacks
Cloud Security
Risk Management Overview
Incident Response and Digital Evidence Types
Risk and Planning Strategies
Foundations of Cybersecurity for Managers Exam
Foundations of Incident Management 10.5 HoursSkill Level: Beginner 
+ Description
 

This course introduces basic concepts and functions of incident management. This includes where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.

Learning Objectives:

  • Explain the role of incident management.
  • Distinguish between incident management and incident handling.
  • Outline the incident handling lifecycle.
  • Identify key preparations to be established to facilitate incident handling.
  • Distinguish between triage and analysis.
  • Identify the basic steps in response.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Foundations of Incident Management Course Intro
Framing The Need For Incident Management
Incident Management Terms and Processes
Institutionalizing Incident Management Capabilities
Stakeholders in Incident Management
CERT and Other’s Perspective on Threats and Trends
Incident Management Terminology
Incident Management Attack Classes and Actors
Incident Management Malware and DoS Examples
Incident Management Prevention, Detection, and Response
Incident Handling Lifecycle - Prepare
Incident Handling Information
Analyzing Attack Information
Incident Management Monitoring Tools
Incident Management Detection Process
Process to Support Incident Detection and Reporting
What is Situational Awareness?
Non Technical Elements of Situational Awareness
Technical Elements of Situational Awareness
Using Sensors for Requirements Gathering
Incident Handling Lifecycle: Analysis
Incident Handling Lifecycle: Triage
Questions Addressed in Triage
Objectives of Incident Analysis
Tasks of Incident Analysis Part 1 of 2
Tasks of Incident Analysis Part 2 of 2
Data Sources for Analysis
Examples of Data Sources for Analysis
Incident Analysis Exercise Scenario
Preparing For Impact Analysis
Conducting Impact Analysis
Response and Recovery Part 1 of 2
Response and Recovery Part 2 of 2
Mission of the Response Process
Coordinating Response Part 1 of 2
Coordinating Response Part 2 of 2
Sample Attack Mitigations
Benefits and Motivations of Information Sharing
Methods of Information Sharing
Data Models for Information Sharing
STIX/TAXII Protocol
Foundations of Incident Handling Course Summary
Foundations of Incident Management Course Exam
Fundamentals of Cyber Risk Management 6 HoursSkill Level: Beginner  
+ Description
 

This course focuses on key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery.

Learning Objectives:

  • Describe key concepts related to cyber risk management.
  • Detail risk assessment and analysis methodologies and frameworks.
  • Identify security controls and countermeasures to mitigate risks and support response and recovery.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Incident Response Cyber Defense Incident Responder
Securely Provision Risk Management Security Control Assessor
+ Course Modules/Units
 
Fundamentals of Cyber Risk Management Course Introduction
Risk Management Overview
Standards for Risk Management
OCTAVE
CERT Resilience Management Model Overview
Critical Assets and Operations
Threat Overview
Vulnerabilities
Threat Scenarios
Risk and Impact Analysis
Considerations for Responding to Risks
Risk Mitigation Strategies
Control Methods and Types of Security Controls
Administrative Controls
Selecting Security Controls
Security Control Assessment
Mitigation Strategy and Maintenance
Security Testing and Assessments
Incident Response Terms and Life Cycle
Incident Response Phase 1 of 6 - Preparation
Incident Response Phase 2 of 6 – Detection and Analysis
Incident Response Phase 3 of 6 – Containment
Incident Response Phases 4-5 of 6 – Eradication and Recovery
Incident Response Phase 6 of 6 – Lessons Learned
Business Continuity Plans and Procedures
Disaster Recovery Plans and Procedures
Fundamentals of Cyber Risk Management Exam
Incident Response 101 1 HourSkill Level: Beginner  
+ Description
 

This course focuses on cyberattacks, specifically compromises via ransomware. Implementing strategies to defend against attacks as well as preparations for response and recovery in the event of an incident is critical to an organization’s resilience. This course reviews malware types and vectors for compromise, common issues hindering an effective response, best practices for preparing and responding to an infection incident, and defensive measures to strengthen the cybersecurity posture.

Learning Objectives:

  • Identify the various types of disruptionware, vectors for compromise, and the impact of an infection on business operations.
  • Recognize the common problems that can hinder effective incident response and prevention activities.
  • Know the ordered steps in following documented incident reporting procedures including immediate actions and communication.
  • Explain the importance of defense-in-depth layered strategy for protecting the enterprise with examples of implementation.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Malware Attacks and Vectors of Compromise
Incident Response - Common Problems/Issues
Ransomware Immediate Infection Response
Incident Response Backups
Cyberattack Defensive Strategies
IR Course Exam
Insider Threat Analysis 6 HoursSkill Level: Advanced 
+ Description
 

This course focuses on helping insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. This course focuses on how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. This course explains the workflow that incorporates expertise and capabilities from across an organization.

Learning Objectives:

  • Work with raw data to identify concerning behaviors and activity of potential insiders.
  • Identify the technical requirements for accessing data for insider threat analysis.
  • Develop insider threat indicators that fuse data from multiple sources.
  • Apply advanced analytics for identifying insider anomalies.
  • Measure the effectiveness of insider threat indicators and anomaly detection methods.
  • Navigate the insider threat tool landscape.
  • Describe the policies, practices, and procedures needed for an insider threat analysis process.
  • Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Protect and Defend Vulnerability and Assessment Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Insider Threat Analysis Introduction
Insider Threat Hub Overview
Hub Roles and Responsibilities Part 1 of 2
Hub Roles and Responsibilities Part 2 of 2
Hub Management and Operations
Non-Technical Data Sources Part 1 of 2
Non-Technical Data Sources Part 2 of 2
Technical Data Sources
A Closer Look at Logs
Data Source Prioritization
Indicator Development
Example Analytics
Sequence and Model Development
Insider Threat Anomaly Detection Part 1 of 2
Insider Threat Anomaly Detection Part 2 of 2
Data Correlation and Entity Resolution Part 1 of 2
Data Correlation and Entity Resolution Part 2 of 2
Insider Threat Tools
Insider Threat Mitigation Tools
Meas. Insider Threat Control Efficacy Part 1 of 2
Meas. Insider Threat Control Efficacy Part 2 of 2
Incident Threat Analysis Process
Analyst Workflow
Conducting Analysis
Cognitive Bias
Incident Response
Where Incident Response Fits
Incident Response Options
InTP Incident Response Plans
Insider Threat Ansys Wrap-Up
 ider Threat Program Manager: Implementation and Operations  - 7 HoursSkill Level: Intermediate 
+ Description
 

This course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components. The content covered supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.

Learning Objectives:

  • Identify critical assets and protection schemes.
  • Coordinate a cross-organizational team to help develop and implement the Insider Threat Program.
  • Develop a framework for the Insider Threat Program.
  • Identify methods to gain management support and sponsorship.
  • Plan the implementation for their Insider Threat Program.
  • Identify organizational policies and processes that require enhancement to accommodate insider threat components.
  • Identify data sources and priorities for data collection.
  • Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program.
  • Outline operational considerations and requirements needed to implement the program.
  • Build policies and processes to help hire the right staff and develop an organizational culture of security.
  • Improve organizational security awareness training.
  • Identify training competencies for insider threat team staff.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Operate and Maintain Knowledge Management Knowledge Manager
+ Course Modules/Units
 
Insider Threat Program Manager Intro
Principles of Insider Risk Management
Activities of an Enterprise Risk Mgmt Process
Controls and Safeguards of Insider Risk Management
Mitigation Strategies for Insider Risk Management
Concepts of Initial Planning for an InTP
Stakeholder Planning and Engagement
Identify Your Starting Point
Insider Threat Program Governance
Roles and Responsibilities in InTP Governance
Insider Threat Program Governance Challenges
Building the Insider Threat Program Plan
Developing a Phased Implementation
Implementation Options for Insider Threat Program
Building Your Program with Compliance in Mind
InTP Placement in Organization
Naming the InTP
Developing an InTP in a Classified Environment
Building the InTP Team
InTP Team Size
Key Roles Within the InTP Team
Insider Threat Hub Operations
Insider Threat Hub Staffing
Data Sources Part 1 of 2
Data Sources Part 2 of 2
Selecting Data Sources
Using Data Sources
Protecting Data Sources
Tools for InTP Teams
Hub Building Considerations
Managing Insider Investigations and Incidents
Considerations: Investigations and Incidents
Insider Threat Incidents
Insider Threat Training and Awareness
General Employee Training and Awareness
InTP Team and Working Group Training
Customized Role-Based Training
Classified Systems and Data Training
Management and Supervisor Training
Problems and Considerations
Measuring Insider Threat Program Effectiveness
Different Metrics for Different Audiences
Return on Investment (ROI)
Making Measurements: Assessments and Evaluations
Unintended Consequences of InTPs
Potential Negative Impacts from InTP Activities
Achieving Balance Using Positive Incentives
Creating the Proper Culture: Policy and Practice
InTP Maintenance Part 1 of 3
InTP Maintenance Part 2 of 3
InTP Maintenance Part 3 of 3
Insider Threat Program Manager Wrap-Up
Introduction to Computer Forensics 1.5 HoursSkill Level: Beginner 
+ Description
 

This course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This course begins with obtaining and imaging data and then describes each step in following the forensic process.

Learning Objectives:

  • Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
  • List steps in the computer forensics process and goals for each step.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Exploitation Analysis Exploitation Analyst
Investigate Digital Forensics Cyber Defense Forensics Analyst
+ Course Modules/Units
 
Computer Forensics - Introduction
Computer Forensics - The Process
Computer Forensics - Following the Process – On-Site
Computer Forensics - Following the Process – On-Site - Encryption
Computer Forensics - Following the Process – On-Site - Memory
Computer Forensics - Following the Process – On-Site - Verification
Computer Forensics - Following the Process – Analysis
Computer Forensics - Following the Process – Report Findings
Computer Forensics - Following the Process – Data Preservation
Computer Forensics - Laws
Computer Forensics - Summary
Computer Forensics - Questions
Introduction to Cyber Intelligence 2 HoursSkill Level: Beginner 
+ Description
 

This course focuses on what cyber intelligence is and how to acquire, process, analyze, and disseminate information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. The course explains the current threat landscape and the importance of cyber intelligence, describes how cyber intelligence differs from cyber security and cyber threat intelligence, and explores intelligence tradecraft fundamentals. The content covers analytical techniques, estimative writing, and briefing within a cyber intelligence construct.

Learning Objectives:

  • Discuss the threat and data landscape.
  • Apply traditional intelligence tradecraft to the Cyber Domain.
  • Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming.
  • Describe structured analytical techniques and biases.
  • Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers.

Date: 2020

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Analyze Threat Analysis Threat/Warning Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
What is Cyber Intelligence?
Cyber Intelligence - Why Should You Care?
Cyber Intelligence - Skills, Traits, Competencies
Cyber Intelligence - Conceptual Framework
Environmental Context
Data Gathering
Threat Analysis
Strategic Analysis
Reporting and Feedback
Human and Machine Teaming
The Art and Science of Cyber Intelligence
Cognitive Biases
Logical Fallacies
Analytical Acumen - The Science
Analytic Methodologies - Diagnostic Technique
DC Sniper: Beltway Attacks
Analytical Methodologies - Contrarian Technique
Analytical Methodologies - Imaginative Technique
Analytical Methodologies - Network Analysis
Analytical Methodologies - ACH
Analytical Methodology – Systems Dynamics Modeling
Intelligence Writing - Why It Matters
Estimative Language
Briefing Tips
Intro to Cyber Intelligence Quiz
Introduction to Investigation of Digital Assets 4 HoursSkill Level: Beginner
+ Description
 

This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.

Date: 2012

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
Investigations of Digital Assets
Exercise Setup
Exercise Debrief
What is an Investigation with Digital Assets?
Digital Investigation Process
Preparation Phase
Data Collection Phase
Data Analysis Phase
Findings Presentation Phase
Incident Closure Phase
Digital Investigation Process Summary
Introduction to Artifact Analysis
Artifact Analysis Capabilities
Artifact Analysis Process
Surface and Comparative Analysis Process
Surface and Comparative Analysis Process-Continued
Runtime Analysis Process
Static Analysis Process
Sample Analysis: Runtime
Sample Analysis: Static
Malware Analysis Summary
Analysis Exercise
Introduction to Threat Hunting Teams 1.5 hoursSkill Level: Beginner
+ Description
 

This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.

Learning Objectives:

  • Define threat hunting, what it means to hunt and how to hunt as a team.
  • Differentiate between hunting teams and other types of cyber security teams.
  • Describe how goals influence the method and success of hunting teams.
  • Recognize the types of threat analysis information available and how to interpret the facts presented.
  • Understand the three types of threat models and explain one in detail.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Defining Threat Hunting
Examples and Goals of Threat Hunting
Differences Between Hunt Teams and Other Cyber Teams
Threat Landscape
Types of Threat Modeling
Hunting Methods on Networks
Teaming and Automation Example
Threat Hunting Teams Course Exam
Introduction to Windows Scripting 4 HoursSkill Level: Beginner
+ Description
 

This course focuses on writing scripts for the Microsoft Windows operating system. It covers fundamentals and syntax for automating administrative and security monitoring tasks. The course presents the basics of Windows BATCH scripting syntax and structure, along with several Windows command line utilities to harness the powerful capabilities built into Windows.

Learning Objectives:

  • Understand fundamentals of Windows BATCH scripting, including syntax and structure.
  • Perform redirection, piping, standard input / output, error handling, conditional statements, jumps, and command line parameters.
  • Apply built-in commands like net, netsh, xcopy, and findstr to perform more complex functions.
  • Understand best practices for writing and debugging Windows scripts.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
+ Course Modules/Units
 
Scripting Basics Overview
Windows BATCH Scripting Basics
Windows BATCH Scripting_Variables
Windows BATCH Scripting_Loops
Windows BATCH Scripting_Functions
Windows Script Error Handling and Troubleshooting
Windows Script Best Practices and Examples
Windows Scripting Demo
Scripting for Penetration Testing
Windows Scripting Utilities_xcopy
Windows Scripting Utilities_findstr
Windows Scripting Utilities_net Commands
xcopy Examples Demo
WMI and WMIC
PowerShell Commands
PSExec
Windows Management Instrumentation Demo
Intro to Windows BATCH Quiz
IPv6 Security Essentials Course 5 HoursSkill Level: Advanced  
+ Description
 

This course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns, and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.

Learning Objectives:

  • Primer of IPv6 addressing
  • Describe current deployment state
  • Explain ICMPv6, DHCPv6, and DNSv6
  • Explore IPv6 Transition mechanisms
  • Identify security concerns
  • Incorporate management strategies

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administration
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Securely Provision Systems Architecture Systems Architect
+ Course Modules/Units
 
IPv6 Introduction
IPv6 Adoption
DEMO: IPv6 Network Reconnaissance
IPv6 Addressing Part 1 of 2
IPv6 Addressing Part 2 of 2
IPv6 Packet Header
DEMO: IPv6 Header Analysis
ICMPv6
IPv6 Address Assignment
DEMO: IPv6 Address Assignment
IPv6 Web Browsing
IPv6 Transition Mechanisms Part 1 of 2
IPv6 Transition Mechanisms Part 2 of 2
DEMO: IPv6 Tunneling
IPv6 Security Concerns
DEMO: IPv6 Network Mapping
IPv6 Security Mitigation Strategies
DEMO: IPv6 Network Monitoring Tools
IPv6 Ready
IPv6 Security Essentials Key Takeaways
DEMO: IPv4 and IPv6 Subnetting
DEMO: IPv6 Addressing on Router Interfaces
DEMO: Setting up RIP for IPv6
DEMO: Configuring OSPFv3
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Security Essentials Quiz
ISACA Certified Information Security Manager (CISM) Prep 11 HoursSkill Level: Intermediate  
+ Description
 

The self-study resource prepares learners for the CISM exam. This course focuses on information security management expertise through in-depth lecture topics, reinforcing demonstrations, and a practice exam. This course includes concepts from the four job practice areas: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.

Learning Objectives:

  • Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
  • Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
  • Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
  • Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response, and recovery capabilities.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition Program Manager
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
CISM Course Introduction
IS Governance Domain Overview
Information Security (IS) Management
Importance of IS Governance Part 1 of 2
Importance of IS Governance Part 2 of 2
IS Management Metrics
ISM Strategy Part 1 of 2
ISM Strategy Part 2 of 2
Elements of IS Strategy
IS Action Plan for Strategy
DEMO: Key Goal, Risk, Performance Indicator
Risk Management Overview and Concepts
Risk Management Implementation
Risk Assessment: Models and Analysis
DEMO: Calculating Total Cost of Ownership
DEMO: Recovery Time Objective (RTO)
Compliance Enforcement
Risk Analysis: Threat Analysis
IS Controls and Countermeasures
Other Risk Management Considerations Part 1 of 2
Other Risk Management Considerations Part 2 of 2
DEMO: Cost Benefit Analysis
Information Security Program Development
Information Security Program Management
Outcomes of Effective Management
IS Security Program Development Concepts
Scope and Charter of IS Program Development
IS Management Framework
IS Framework Components
IS Program Roadmap
Organizational Roles and Responsibilities
Information Security Manager Responsibilities
Other Roles and Responsibilities in IS
Information Security Program Resources
IS Personnel Roles and Responsibilities
IS Program Implementation Part 1 of 2
IS Program Implementation Part 2 of 2
Implementing IS Security Management Part 1 of 2
Implementing IS Security Management Part 2 of 2
Measuring IS Management Performance
Common Challenges to IS Management
Determining the State of IS Management
Incident Management and Response
Incident Management Part 1 of 2
Incident Management Part 2 of 2
IMT IRT Members
Incident Response Planning Part 1 of 2
Incident Response Planning Part 2 of 2
DEMO: Phishing Emails
DEMO: Incident Management Workflow
Recovery Planning Part 1 of 2
Recovery Planning Part 2 of 2
DEMO: RTIR Incident Response Tool Part 1 of 2
DEMO: RTIR Incident Response Tool Part 2 of 2
CISM Practice Exam
(ISC)2 (TM) CAP Certification Prep Self Study 2014 11 HoursSkill Level: Intermediate 
+ Description
 

This course prepares learners for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam. This course focuses on the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. A practice exam is included.

Learning Objectives:

  • Provide a review of the 7 (ISC)2 CAP domains.
  • Supplemental preparation for the (ISC)2 CAP certification exam.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
CAP Course Introduction
Risk Management Approach to Security Authorization
Risk Management Framework Steps
Risk Management Framework Phases
RMF Roles and Responsibilities
Organization Wide Risk Management
Managing Risk
Assessor Independence and External Environments
System Development Life Cycle
Alignment of RMF with SDLC Review
RMF Legal and Regulatory Requirements
NIST Publications
Continuous Monitoring Strategies
RMF Guidance Review
Defining Categorization
Categorization Examples
Categorization Process
Security Plans and Registration
Categorize
Selection Step Tasks
Selection Step Definitions
Security Controls Guidance
Privacy and Security Controls
Control Selection and Supplemental Guidance
Tailoring Security Controls
Control Assurance and Monitoring
Control Assurance and Monitoring - Continued
Select
Implementing Security Controls Overview
Integrating Implementation
Implement
Preparing for Control Assessments
Conducting Control Assessments
Security Assessment Report
Remediation Actions and Process Review
Assess
Authorization Documentation
Risk Determination and Acceptance Part 1 of 3
Risk Determination and Acceptance Part 2 of 3
Risk Determination and Acceptance Part 3 of 3
Authorization Decisions
Prioritized Risk Mitigation and Authorization Review
Authorize
Assessments and Configuration Management
Ongoing Security Control Assessments
Monitor
CAP Certification Prep Practice Exam
(ISC)2 (TM) CISSP (R) Certification Prep 2018 22.5 HoursSkill Level: Advanced  
+ Description
 

This course prepares learners for the CISSP certification exam. This course focuses on the information security field, exam objectives, and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.

Learning Objectives:

  • Explain and apply concepts to design, implement, and manage secure cyber operations.
  • Develop, document, and implement security policy, standards, procedures, and guidelines.
  • Apply risk management concepts.

Date: 2019

Training Purpose: Management Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
Securely Provision Systems Architecture Enterprise Architecture
+ Course Modules/Units
 
CISSP Course Introduction
Security and Risk Management Concepts
Regulatory Compliance and Frameworks
Organizational Privacy Responsibilities
Acquisition Strategies
Computer Crime and Incident Response
International Laws Pertaining to Security
Legal Regulations and Privacy
(ISC)2 Code of Ethics and Ethic Bases
Legal Regulations and Ethics
Policy and Components Overview
BC and DR Initiation and Management
BCP Business Impact Analysis
Vendor Management
System Threats and Countermeasures
Risk Assessment and Countermeasures
Access Control Types
RMF Security Control Assessment Process
Conducting Security Control Assessments
Security Assessment Report
Asset Valuation
Threat Modeling and Reduction Analysis
Security Awareness and Training
DEMO: Security Policy Review
Data Classification
Data Ownership and Retention
Privacy Protection and Data Governance
Security Control Application and Tailoring
Security Control Selection
Data Protection Method (DLP)
Secure Design Principles
Secure Design Standards and Models
Database System
Key Crypto Concepts and Definitions
Securing ICS and SCADA Systems
Industrial Control System Security
DEMO: SCADA Honeynet
Cloud Computing
Cloud Computing Security Issues
Distributed Systems
Parallel and Distributed Systems Security Issues
Internet of Things
Assess and Mitigate Vulnerabilities in Mobile Systems
Cryptographic Lifecycle
Cryptographic Methods
Symmetric Ciphers
Asymmetric Ciphers
Public Key Infrastructure (PKI)
Key Management Practices
Digital Signatures
Hashes and Other Integrity Controls
Salting Hashes
Methods of Cryptanalytic Attacks
Digital Rights Management
Site and Facility Design Criteria
Physical Security Controls
Physical and Environmental Threats
OSI and TCP/IP Models
Telecom and NW Security Layer 1
Telecom and NW Security Layer 2
Telecom and NW Security Layer 3
Telecom and NW Security Layer 4 and 5
Telecom and NW Security Layer 6 and 7
Multilayer and Converged Protocols
Mobile and Wireless Security
Content Distribution Networks
Implementing and Using Remote Access
Virtualization
Access Control Technologies
Access Control Types
Access Control System Strategies
Building Access Control
Operations Area Access Control
Credential Management Systems
Third-Party Identification Service
Cloud Identity
Data Authorization Mechanisms
Rule-Based Access Control
Audit and Assurance Mechanisms
Synthetic Transactions
Code Review and Testing
Misuse Case Testing
Test Coverage Analysis
Interface Testing
Security Audits and Agreements
Digital Investigation and Evidence Analysis
Legal System Investigation Types
Electronic Discovery
Intrusion Detection and Prevention
Continuous Monitoring
Egress Monitoring
Security Operations Concepts
Security Operations Incident Management
Managing Security Services Effectively
DEMO: Whitelisting and Blacklisting
Security Operations Resource Protection
Disaster Recovery Strategy
Maintaining Operational Resilience
Managing Recovery Communications
Test Disaster Recovery Plans (DRP)
Security Education Training and Awareness
Perimeter Security
Perimeter Intrusion Detection
Biometrics and Authentication Accountability
Personnel Privacy and Safety
DEMO: Intro to Dshell Toolkit
SDLC Phases
Software Development Models
System Security Protections and Controls
Agile Development Models
Maturity Models
Integrated Product Teams
Security Environment and Controls
SW Development Security and Malware
Impact of Acquired Software
DEMO: Automated Code Review
CISSP Practice Exam
(ISC)2 (TM) CISSP Concentration: ISSEP Prep 7 HoursSkill Level: Advanced  
+ Description
 

This course is focused on applying security and systems engineering principles into business functions. This self-study prep course is designed to help learners prepare for the specialized Information Systems Security Engineering Professional (ISSEP) certification exam. The topics in the course cover the five domain areas of the CISSP-ISSEP.

Learning Objectives:

  • Incorporate security into business processes and information systems.
  • Demonstrate subject matter expertise in security engineering.
  • Apply engineering principles into business functions.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operational Planning Cyber Ops Planner
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
+ Course Modules/Units
 
ISSEP Course Introduction
ISSE Responsibilities and Principles
ISSE and IATF
Security Design Principles
Elements of Defense in Depth
RMF Characteristics
Maintaining Operational Resilience
Risk Management Overview
Assessing Risk Part 1 of 2
Assessing Risk Part 2 of 2
Determining Risks
Categorizing Information Systems
Stakeholder Roles and Responsibilities
Requirements Analysis
Using Common and Tailored Controls
Assessing Security Controls
Implementing Security Controls
Authorizing Information Systems
Systems Verification and Validation
Monitor, Manage, and Decommissioning
Defense Acquisition System Overview
Acquisitions Process
System Development Process Models
Project Processes
Project Management
ISSEP Practice Exam
(ISC)2 (TM) CISSP:ISSMP Prep 2018 12.5 HoursSkill Level: Advanced
+ Description
 

This course is intended for individuals with strong management and leadership skills and interested in focusing on establishing, presenting, and governing information security programs. This self-study prep course reviews the six common body of knowledge domains for the Information Security System Management Professional (CISSP-ISSMP) certification exam.

Learning Objectives:

  • Demonstrate ability to apply leadership and management skills to manage an organization information security program.
  • Apply the security lifecycle management processes and principles into the system Development lifecycles.
  • Apply contingency management practices to plan and implement processes to reduce the impact of adverse events.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
+ Course Modules/Units
 
ISSMP Course Introduction
Security’s Role - Culture, Vision and Mission
Security’s Role – Management, Support and Commitment
Security’s Role – Board of Dir, Steering Committee
Security Role – IT, HR and Legal
Security’s Role – Strategic Alignment
IS Governance Defined
IS Governance Goals Part 1 of 2
IS Governance Goals Part 2 of 2
Importance of IS Governance
Information Security Strategies
Data Classification and Privacy
Threats to Data Privacy
Data Classification and Privacy Implementations
Security Policy Framework and Lifecycle
Security Requirements in Contracts and Agreements
Security Awareness and Training Programs
Managing the Security Organization
Security Metrics
Security Metrics Indicators
Integrating Project Management with SDLC
System Development Life Cycle (SDLC)
Systems Engineering (CMM)
Vulnerability Management and Security Controls
Service Oriented Architecture Controls
Oversee System Security Testing
Managing Change Control
Risk Management
Risk Management – Threats and Vulnerabilities
Risk Management – Risk Assessments
Calculating Risks
Mitigating Risks
Cyber Threat Intelligence
Detection of Attack Sources
Discovery Challenges and Escalation
DEMO: Escalating Event to Incident
Common Attack Vectors
Root Cause and Investigation
Incident Management Concepts
Incident Management Process
Incident Management Classification
Financial Impact of Incidents
Investigation and Forensic Evidence
Investigations, IH and Response
DEMO: Ditigal Forensics Investigation
Security Compliance Frameworks
Auditing Introduction and Preparation
Evidence Reporting and Auditors
Exception Management
Continuity and Disaster Recovery Planning
Understanding the Business
Insurance
Critical Processes Recovery Objectives
Recovery Obligation Considerations
BCM Site and IT Strategies
Personnel and Recommended Strategies
Design and Testing BCP and COOP
Implementing Continuity and Recovery Plans
Intellectual Property and Licensing
(ISC)2 Code of Ethics
DEMO: Verification and Quality Control
Audit Planning Process
ISSMP Self Study Practice Exam
(ISC)2(TM) Systems Security Certified Practitioner 12 HoursSkill Level: Beginner 
+ Description
 

This course serves as a preparation for the Systems Security Certified Practitioner (SSCP) certification exam, by demonstrating advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.

Learning Objectives:

  • Demonstrate knowledge of security operations and administration.
  • Implement risk monitoring, analysis, and mitigation strategies.
  • Develop and implement incident response and recovery plans.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration Systems Administrator
Securely Provision Systems Requirements Planning Systems Requirements Planner
+ Course Modules/Units
 
SSCP Introduction
Authentication Methods
Single Sign-On and Federated Access
Attribute Based Access Control
Device Authentication
Trust Architectures
Identity Management Lifecycle
Implementing Access Controls
(ISC)2 Code of Ethics
Security Concepts and Controls
Asset Management
Security Control Implementation
Assessing Physical Security
Physical Security Defenses
Administrative Controls
Auditing
System Development and Change Cycle
Change Control and Patch Management
Security Awareness and Training
Risk Management
Risk and Security Assessment
Security Testing and Assessment
Monitoring and Analysis
Monitoring Employees
Log Management
Integrity Checking
Testing and Analysis
Auditing Methodologies
Communicate Findings
Continuous Monitoring and CAESARS
Introduction to Continuous Monitoring
Incident Handling, Response and Recovery
Incident Handling Knowledge Areas Part 1 of 2
Incident Handling Knowledge Areas Part 2 of 2
Incident Handling Response
Incident Handling Countermeasures
DEMO: OpenVAS
Forensics
Business Continuity Planning
Business Impact Analysis
Backup and Recovery Strategies
Redundancy and Storage
Cryptography Terms
Requirements for Cryptography Part 1 of 2
Requirements for Cryptography Part 2 of 2
Steganography
Hashes, Parity and Checksum
Secure Protocols and Cryptographic Methods
Symmetric Cryptosystems
Symmetric and Asymmetric Cryptosystems
Public Key Infrastructure (PKI)
Key Management
Web of Trust
Secure Protocols
OSI and TCP/IP Models
Network Topology
Transmission Media
TCP, UDP and Common Protocols
ARP, DHCP and ICMP
Routers and Routing Protocols
Network Security Protocols
SSCP Exam
LAN Security Using Switch Features 2 HoursSkill Level: Intermediate 
+ Description
 

This course focuses on different methods of how to secure Local Area Networks (LANs) at the connectivity level. Topics include monitoring media access control (MAC) addresses and port security, limiting MAC & IP spoofing, controlling traffic flows, implementing and enhancing security in virtual local area networks (VLANs), enabling authentication on connection points, and determining host security health. Examples are used throughout to reinforce concepts.

Learning Objectives:

  • Identify the vulnerabilities and best practices in securing LAN connections.
  • Understand the management and decision-making processes within the NAC Framework.
  • Discuss methods of defending against attacks to STP, VLAN, and VTP switch configurations.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
 eader's Approach to Assessment & Authorization (A&A) Skill Level: Beginner 
+ Description
 

This hour-long webinar recorded on July 31, 2020 features National Defense University Professor Mark Duke discussing some key leadership decisions when assessing and authorizing systems. The Assessment & Authorization (A&A) process is a comprehensive assessment of policies, technical and non-technical security components, and a system's technical controls followed by leadership agreement that the system meets adequate risk levels before the system is authorized to go into full production.

Learning Objectives:

  • Explain why we have to do Assessment & Authorization.
  • Explain Roles & Responsibilities of Assessment & Authorization.
  • Introduce seven major components of Assessment & Authorization.
  • Establish Authorization Boundaries.
  • Introduce Assessment Scanning Tools.
  • Explain the Role of Security Technical Implementation Guides (STIGs) as potential criteria for Assessment activities.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Requirement Planning Systems Requirements Planner
Securely Provision Systems Architecture Enterprise Architect, Security Architect
+ Course Modules/Units
 
A Leader's Approach to Assessment an Authorization (A&A) – with Professor Mark Duke
Linux Operating System Security 9 HoursSkill Level: Advanced 
+ Description
 

This course focuses on the security features and tools available in Linux as well as the considerations, advantages, and disadvantages of using those features. This course is based on Red Hat Linux and is designed for IT and security managers, and system administrators who want to increase their knowledge on configuring and hardening Linux from a security perspective.

Learning Objectives:

  • Describe the basic architecture of a Linux system (e.g. kernel, file system formats, permissions, etc.).
  • Characterize a Linux system (identify distribution, installed packages, active accounts, etc.).
  • List and explain how to use common command line utilities on a Linux system for analysis purposes.
  • Operate a Linux system, including patching, modifying services, and other administration tasks.
  • Use a Linux system to perform analysis work such as malware and incident response analysis.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration Systems Administrator
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Linux OS Security Introduction
Booting Linux
Linux Recovery
Linux Startup Scripts
Linux Startup Processes
Linux Runlevels Demo
Chkconfig_and_Upstart Demo
Linux Processes and Signals
Linux Process Monitoring
PS_and_Netstat Demo
Linux PS and TOP Demo
Working with Linux PIDs
Linux File System Overview
Linux File Security
Linux File Access Controls
File Integrity Demo
Linux Kernel Tuning
Linux Host Access Controls
Linux User and Group Definition
User Management
Linux Privilege Escalation
Sudoers Demo
Linux Authentication Methods
Linux Viruses and Worms
Linux Trojan Horses
Linux Rootkits
Linux Misconfigurations
Linux Software Vulnerabilities
Linux Social Engineering
Linux Automated Installation
Managing Linux Packages
Package Management Tools Demo
Repositories and System Management
Custom Repository Demo
Linux IPv4 and IPv6
Linux Network Configuration
Linux Tunneling
Kernel Tuning Demo
Linux X11 Forwarding
Linux File Sharing
Linux Grand Unified Bootloader (GRUB)
Configuring GRUB Demo
Security Enhanced Linux
Introduction to IPTables
IPTables Rules
IPFilter
Linux Packet Sniffers
Linux NIDS
Linux HIDS
Linux Antivirus
Linux Secure Shell
Linux Log Management
Linux Scripting Basics
BASH Scripting Demo
IF Statements
Pipes and Redirection
Variables and Regular Expressions
Custom Scripting
Linux Hardening
NSA Hardening Guides
National Vulnerability Database (NVD)
Common Vulnerabilities and Exposures (CVE)
Vulnerability Scanning
Linux Operating System Security Quiz
Managing Computer Security Incident Response Teams (CSIRTs)  8.5 HoursSkill Level: Intermediate 
+ Description
 

This course focuses on the type and nature of work the CSIRTs may be expected to handle. It provides an overview of the incident response field, including the nature of incident response activities and an overview of the incident handling processes. The course focuses on foundation material, staffing issues, incident management processes, and other issues such as working with law enforcement, insider threat, and publishing information.

Learning Objectives:

  • Provide an overview of the incident response arena, the nature of incident response activities, and incident handling processes.
  • Guide learners to understand technical issues from a management perspective, problems and pitfalls to avoid, and best practices where applicable.
  • Emphasize the importance of CSIRT management predefined policies and procedures.
  • Discuss what is needed to operate an effective CSIRT.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
+ Course Modules/Units
 
Managing CSIRTS Introduction
CSIRT Management Issues
CSIRT Environment Introduction Part 1 of 2
CSIRT Environment Introduction Part 2 of 2
Formalization of Incident Management
The Incident Handling Process
CSIRT Environment Terms
The Incident Handling Roles and Responsibilities
CSIRT Environment Summary
CSIRT Environment Resources and Summary
CSIRT Staffing
How to Grow & Retain Staff
CSIRT Code of Conduct Part 1 of 2
CSIRT Code of Conduct Part 2 of 2
Media Issues Part 1 of 2
Media Issues Part 2 of 2
Managing the CSIRT Infrastructure Components
Data Security
Physical Security
Equipment for CSIRT Staff
Network and Systems for CSIRT Staff
CSIRT Tools
Incident Management Processes Introduction
IM Processes: Prepare, Sustain, and Improve
IM Processes: Protect Infrastructure
IM Processes: Detect
Situational Awareness
Network and System Monitoring
Critical Information
IM Process: Triage
Triage Activities
IM Process: Response
Response Actions
Response Process Issues
Handling Major Events Part 1 of 2
Handling Major Events Part 2 of 2
Building a Crisis Communication Plan
Publishing Information
Publishing Document Types
Information Sharing
Publishing Information Summary
General Guidance for Measuring and Evaluating
Types of Evaluations
Building a Quality Assurance Framework
Issues to Consider in Your Framework
Resources for Building an Assurance Framework
What Is Insider Threat?
Types of Insider Threat Activities
Malicious Insider Activity Examples
How Bad Is Insider Threat?
CERT Insider Threat Research
Insider Threat Mitigation
Mitigation Security Controls and Practices
Insider Threat Summary
Working with Law Enforcement Part 1 of 2
Working with Law Enforcement Part 2 of 2
Managing CSIRTs Wrap-Up
Video [CSIRTs Resource Overview] (required)
Measuring What Matters: Security Metrics Workshop 1.5 HoursSkill Level: Beginner  
+ Description
 

This workshop focuses on how to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD), and the latest attack. The Measuring What Matters: Security Metrics Workshop, the learner will learn how to refine a strategic or business objective that meets that S.M.A.R.T.E.R. criteria: Specific, Measurable, Achievable, Relevant, Time-bound, Evaluated, Reviewed, and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.

Learning Objectives:

  • Identify a core set of business goals, based on the business objective, to which the cybersecurity risk measurement program will be applied.
  • Formulate one or more key questions for each business goal, and use them to help determine the extent to which the goal is being achieved.
  • Identify one or more indicators for each business goal key question.
  • Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operational Planning Cyber Ops Planner
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Securely Provision Risk Management Security Control Assessor
+ Course Modules/Units
 
Measuring What Matters Course Introduction
Why Measure?
Measurement Defined
GQIM Overview
Selecting Business Objectives
Objectives to Goals
Goals to Question
Questions to Indicators
Indicators to Metrics
The Big Picture: Putting It All in Context
Validate Current Questions or Metrics
Getting Started with GQIM
Appendix Cybersecurity Metrics Template
GQIM Process Template
Mobile and Device Security (2015) 22 HoursSkill Level: Beginner  
+ Description
 

This course focuses on mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.

Learning Objectives:

  • Discover mobile device technology components and architectures and how to properly secure them.
  • Examine historical and current threats to mobile devices and methods for remediating against them.
  • Establish best practices and procedures for performing mobile device forensic investigations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Legal Advice and Advocacy Privacy Officer/Privacy Compliance Manager
+ Course Modules/Units
 
Mobile Security Course Introduction
Cellular Network Generations
Network Standards Introduction
CDMA TDMA and GSM Introduction
GPRS Edge and UMTS Introduction
Additional Network Standards
Bluetooth and Wi-Fi
Cellular Network Components
Mobile Switching Center Database
Authentication and Government Standards
4G LTE
Mobile Device Components
Mobile Device Operating Systems
Android Customization
Wireless Technology Introduction
WiFi Standards
Wi-Fi Standards : 802.11ac
WiFi Types
Wireless Fidelity Part 2
WiFi Channels and SSIDs
WiFi Signals and Hardware
Bluetooth
WiMAX
Additional Standards
Near Field Communication
Introduction to Threats
Lost and Stolen Devices
Additional Device-Level Threats
Near Field Communications and Mobile Threats
Application-Level Threats
Rogue Applications
Network-Level Threats
Pineapple Router
Malicious Hotspot
Malicious Use Threats
Mobile Hacking Tools
Mobile Device Security Introduction
Mobile Device Security Introduction Cont.
Android Introduction
Android Security
Android Application Security
Google Android OS Features
Installing Antivirus
iOS Security Model and Platform
iOS Application Security
Jailbreaking iOS
iOS Application Security Cont.
Apple iOS Update Part 1 of 2
Apple iOS Update Part 2 of 2
Windows Phone Security Model and Platform
Windows Implementation and Application Security
Windows Phone Update
WiFi Security
WiMax and Bluetooth
Bluetooth Attack
Protecting Data
Encryption
Android Encryption
iOS Encryption
Email Security
Android and iOS Email Security
Windows Email Security
iOS Hardening
iOS Hardening Cont
Blackberry Hardening
Android Hardening
Android Hardening Cont.
Windows Phone Hardening
Windows Phone Password and Cookies
Windows Phone Wi-Fi
Windows Phone - Find, Wipe, and Backup
Device Security Policies
Exchange and BES
Mobile Device Management
Mobile Device Management Cont.
McAfee Mobility Management
Forensics Overview
Forensics Role and Framework
Device Identification
Device Identification Cont.
Network Data
Network Data Cont.
Preservation
Preservation Cont.
Acquisition
Acquisition Cont.
Device Specific Acquisition
Hashing
Hashing Cont.
Analysis
Archiving and Reporting
Cellebrite
Forensics Demonstration
XRY/XACT
Oxygen and CellXtract
Paraben and MOBILedit!
Additional Methods
Subscriber Data
Benefits of Social Media
Risks of Social Media
Liabilities Associated with Social Media
Social Media Controls
Emerging Trends
Emerging Trends Cont.
New Technologies in Mobile Devices
Mobile Devices and the Cloud
Mobile Security Course Quiz
Mobile Forensics 4 HoursSkill Level: Advanced
+ Description
 

This course provides an overview of mobile forensics, the branch of digital forensics that focuses on forensically sound extraction and analysis of evidence from mobile devices. Cell phone investigations have grown exponentially with data from mobile devices becoming crucial evidence in a wide array of incidents. The course begins with highlighting details of the field and then focuses on the iOS architecture, concluding with data acquisition and analysis.

Learning Objectives:

  • Describe the impact of mobile devices on investigations.
  • Identify iOS device filesystem, operating system, and security architecture basics.
  • Explain acquisition and analysis tools and techniques for iOS devices.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
Introduction to Mobile Forensics
Importance of Mobile Forensics
Challenges of Mobile Forensics
Handling and Preserving Evidence
File System for iOS Devices
Understanding the Basics of iOS
Understanding iOS Security Architecture
Mobile Forensics Tool Classification
Data Acquisition Types
iOS Jailbreaking
Idenifying an iOS Device
Physical Acquisition of iOS Devices
iTunes Backup Acquisition
Apple File Conduit Acquisition
iTunes Backup Analysis
iCloud Data Acquisition and Analysis
Analyzing Data on iOS Devices
Mobile Forensics Quiz
Network Layer 1 & 2 Troubleshooting  3 HoursSkill Level: Beginner 
+ Description
 

This course reviews troubleshooting methods used in Layer 1 and Layer 2 of the Open Systems Interconnection (OSI) Model. This course covers how to detect, trace, identify, and fix network connectivity issues at the Physical and Data Link layers of the OSI stack. The basics of the Physical and Data Link layers will be covered along with a review of the devices, signaling, and cabling which operate at these layers. Learners will be presented with methods for tracing connectivity issues back to the source and identifying mitigation solutions.

Learning Objectives:

  • Understand basic overview of components of the first two layers of the OSI model.
  • Recognize common issues associated with Layer 1 & 2 of the OSI model.
  • Apply troubleshooting methods associated with the Physical and Data Link Layer.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Securely Provision Systems Architecture Security Architect
+ Course Modules/Units
 
Network Layer 1 and 2 Troubleshooting Introduction
OSI Physical Layer 1 Overview
Data Transmission Medium Cables and Connectors
Patch Panels
Fiber Optic Cables
Encoding and Signaling Functions
Network Components
Physical Network Design/Topology
Network Troubleshooting Methodology
Common Layer 1 Issues Part 1 of 2
Common Layer 1 Issues Part 2 of 2
Layer 2 Data Link Layer Components Overview
MAC Addresses/Logical Link Control
Layer 2 Protocols
Physical Network Design/Topology
Network Troubleshooting Methodology Review
Common Layer 2 Issues
Layer 2 Troubleshooting Tools
NW Layer 1 and 2 Troubleshooting exam
Offensive and Defensive Network Operations 13 HoursSkill Level: Beginner 
+ Description
 

This course focuses on fundamental concepts for offensive and defensive network operations. It covers how offensive and defensive cyber operations are conducted and details U.S. government doctrine for network operations. Topics include network attack planning, methodologies, and tactics and techniques used to plan for, detect, and defend against network attacks.

Learning Objectives:

  • Apply U.S. government network operations background and doctrine.
  • Describe offensive and defensive network operations.
  • Determine offensive network operation missions, planning, and exploitation phases and methodologies.
  • Derive defensive network operation missions, planning, and methods to detect and defend against network attacks and attackers' methods.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operations Cyber Operator
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Cyberspace As A Domain
Joint Publication 3-12(R), Cyberspace Operations Overview Part 1 of 3
Joint Publication 3-12(R), Cyberspace Operations Overview Part 2 of 3
Joint Publication 3-12(R), Cyberspace Operations Overview Part 3 of 3
Joint Communications Overview and Information Environment
Joint Force Communication, System Operations, and Management Planning
Legal Considerations for Cyber Operations Part 1 of 2
Legal Considerations for Cyber Operations Part 2 of 2
Adversaries in Cyberspace Part 1 of 3
Adversaries in Cyberspace Part 2 of 3
Adversaries in Cyberspace Part 3 of 3
Offensive Cyber Operations Background
Offensive Cyberspace Operations Definitions
Offensive Cyberspace Operations Planning and Legal Considerations
Offensive Methodology Planning Examples 1 of 2
Offensive Methodology Planning Examples 2 of 2
Reconnaissance Methodology Overview
Social Engineering for Reconnaissance
Reconn with Automated Correlation Tools and Search Engines Part 1 of 2
Reconn with Automated Correlation Tools and Search Engines Part 2 of 2
Network Mapping for Active Reconnaissance
Port Scanning for Active Reconnaissance
Windows Enumeration Basics
Linux Enumeration Basics
Scanning and Enumerating with Nmap
Exploitation using Direct Exploits and System Misconfiguration
Exploitation with SET Example
Exploitation
Entrenchment
Exploitation Basics
Post-Exploitation
Abuse and Attacks
Defensive Cyberspace Operations (DCO)
DCO Types of Operations
DCO Operational Goals
DCO Best Practices
Defensive Methodology: Understanding the Threat
Defensive Methodology: Tactics
Defensive Methodology: Defense-in-Depth
Incident Management Overview
Incident Management Policies, Plans and Procedures
Incident Management Team Configuration
Incident Response Lifecycle
Defending the Domain
Perimeter and Host Defenses
IDS/IPS Defined Including Advantages and Disadvantages
IDS/IPS Types and Functions
IDS/IPS Location Placements
Intrusion Detection using Snort
Reviewing Alerts and Detecting Attack Phases
Network Traffic Analysis
Methods of Network Traffic Analysis
Wireshark
Log Analysis Methods and Techniques Part 1 of 2
Log Analysis Methods and Techniques Part 2 of 2
Detecting Offensive Operations using Log Analysis
Digital Forensics Overview and Tools
Digital Forensics Methods and Techniques Part 1 of 2
Digital Forensics Methods and Techniques Part 2 of 2
Identifying Phases of Attack Using Digital Forensics
Incident Data: Profile and Analysis
Incident Reporting
Offensive and Defensive Network Operations Exam
Overview of Creating and Managing Computer Security Incident Response Teams (CSIRTs) 4 HoursSkill Level: Beginner  
+ Description
 

This course focuses on what is needed to create and operate a Computer Security Incident Response Team (CSIRT). The intended audience is individuals tasked with creating a CSIRT and those who may be new to CSIRT issues and processes. Objectives within the course include the benefits and limitations of a CSIRT, CSIRT requirements, services, common policies and procedures, and operational best practices. Previous incident handling experience is not required to partake in this course.

Learning Objectives:

  • Identify managerial, organizational, procedural, and operational issues regarding the CSIRT role and function.
  • Describe the issues involved with creating and operating a CSIRT.
  • Discuss specific topics regarding CSIRT benefits and limitations, requirements and framework, services, policies and procedures, and operational best practices.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Oversee and Govern Cybersecurity Management Communications Security Manager
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Creating and Managing CSIRTS Introduction
Defining the Problem
Defining Incident Management
Effective Incident Management Processes
Defining Terms Used Throughout the Course
Institutionalizing IM Capabilities
Incident Handling Terms Used Throughout the Course
Defining CSIRTs
Creating an Effective CSIRT
Building a CSIRT: Action Plan Part 1 of 2
Building a CSIRT: Action Plan Part 2 of 2
Building a CSIRT: Where to Begin
Lessons Learned and Team Maturity
CSIRT Components
CSIRT Organizational Models Part 1 of 2
CSIRT Organizational Models Part 2 of 2
CSIRT Policies and Procedures
CSIRT Staffing and Hiring
CSIRT Facilities and Infrastructure
Incident Management Processes Overview
IM Process: Prepare, Sustain, and Improve
IM Process: Protect Infrastructure
IM Process: Detect Events
IM Process: Triage Events
IM Process: Triage Best Practices
IM Process: Respond
IM Process: Respond Issues
IM Process: Best Practices
Creating and Managing CSIRTs Summary
Creating and Managing CSIRTs Resources
Radio Frequency Identification (RFID) Security 1 HourSkill Level: Beginner 
+ Description
 

This course focuses on securing radio frequency identification (RFID), different components of RFID, how it works, applications in which it is being used, benefits and weaknesses, and the communication range over which it works will be reviewed. Topics include specific concerns with RFID, recommendations for RFID, and security issues that have come to light.

Learning Objectives:

  • Explain the components, operation, and application of RFID technology.
  • Understand the privacy implications with using RFID-embedded items.
  • Differentiate across threat categories.
  • Describe different security recommendations to secure RFID.
  • Familiarity with real-world examples of how RFID has been exploited.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
Reverse Engineering 2 HoursSkill Level: Beginner
+ Description
 

This course focuses on the basics of reverse engineering, the process of analyzing a technology to determine how it was designed or how it operates. By starting with a finished product, in this case computer software, and working backwards to determine its component parts.

Learning Objectives:

  • Identify common uses for reverse engineering.
  • Explain the process and methodology of reverse engineering.
  • Understand some of the legal questions involved in reverse engineering.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Systems Development Systems Developer
Securely Provision Technology R&D Research & Development Specialist
+ Course Modules/Units
 
Reverse Engineering
Risk Management Framework for Leaders 1 HourSkill Level: Beginner 
+ Description
 

This webinar recorded on July 10, 2020 features National Defense University Professor Mark Duke discussing key leadership decisions to implement the NIST Risk Management Framework (RMF). The RMF is a risk-based approach to implement security within an existing enterprise - it is leadership’s responsibility to ensure adequate and effective system security.

Learning Objectives:

  • How to prepare your component or organization to initiate the RMF.
  • How to define, understand, and manage risk to your Information Systems by identifying your threats and vulnerabilities.
  • Understand the link to the RMF with Supply Chain Risk Management (SCRM) and the Software Development Life Cycle (SDLC).
  • Understand the new "Prepare" step of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 v2 RMF.
  • Explain managers’ roles and involvement in each step of the RMF.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirement Planning Systems Requirements Planner
+ Course Modules/Units
 
Risk Management Framework for Leaders – with Professor Mark Duke
Root Cause Analysis 1 hourSkill Level: Beginner 
+ Description
 

This course explains the root cause analysis for cybersecurity incidents and provides an overview of two different root cause analysis models (and approaches used in these models). This course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.

Learning Objectives:

  • Explain the benefits and challenges of reverse engineering.
  • Perform basic tasks with reverse engineering tools.
  • Understand basics of Intel x86 assembly code.
  • Describe the Microsoft Windows executable file format and understand the basics of the Windows API.
  • Extract actionable information from ta malicious binary file that can be used in analysis reports.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Root Cause Analysis Fundamentals
Root Cause Analysis Methods
Cyber Kill Chain Model for Root Cause Analysis
Sample Incident Cause Analysis Workflow
Root Cause Analysis Course Exam
Securing Infrastructure Devices 1 HourSkill Level: Intermediate  
+ Description
 

This course focuses on physical security, operating system security, management traffic security, device service hardening, securing management services, and device access privileges.

Learning Objectives:

  • Understand considerations for securing physical assets, patch management and change management.
  • Apply methods for securing network management traffic.
  • Understanding of securing management services such as NTP, SNMP, Syslog.
  • Understand hardware device hardening.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Securely Provision Systems Architecture Security Architect
+ Course Modules/Units
 
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
Securing Internet- Accessible Systems 1 HoursSkill Level: Beginner   
+ Description
 

This course focuses on Internet-accessible systems or "Internet of Things" (IoT). Each of these systems and devices can be targeted by threat actors and used to conduct malicious activity if they are unsecured, or worse, these systems can leave vulnerabilities and sensitive information open to exploitation if not properly configured and maintained. This course explains the vulnerabilities of internet-accessible systems and how to prepare for, mitigate, and respond to a potential attack. This course provides key knowledge to inform organizational awareness of internet-accessible system attacks as well as best practices that minimize the likelihood of a successful attack and enable effective response and recovery if an attack occurs.

This webinar is accessible to non-technical learners including managers and business leaders and offers an organizational perspective useful to technical specialists.

Learning Objectives
Enable learners to better defend their internet-accessible systems through awareness of common vulnerabilities, best practices, CISA guidance, and resources:

  • Define Internet-Accessible Systems and common vulnerabilities
  • Explain cyber hygiene best practices that prevent attacks.
  • Understand the impacts of real-life cyberattacks and what an effective organizational response looks like.
  • Learn steps to identify, mitigate, and recover from Internet-Accessible System attacks.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Data Administration Data Analyst, Database Administrator
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications Security Manager; Information Systems Security Manager
Oversee and Govern Program Management and Acquisition IT Investment Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner; Cyber Workforce Developer and Manager
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment Analyst
Securely Provision Risk Management Authorizing Official/Designating Representative; Security Control Assessor
Securely Provision System Requirements Planning System Requirements Planner
+ Course Modules/Units
 
Securing Internet- Accessible Systems
Securing the Network Perimeter 1 HourSkill Level: Intermediate  
+ Description
 

This course focuses on edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization, and securing against Single Point of Failure (SPOF).

Learning Objectives:

  • Identify perimeter and the approach to protecting that perimeter.
  • Understand methods to consider for blocking DoS and DDos traffic.
  • Apply specialized Access Control List considerations.
  • Implement firewalls and differentiate types to protect the perimeter.
  • Understand routing protocols and traffic prioritization for networks.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
Security and DNS 1 HourSkill Level: Advanced 
+ Description
 

This course discusses name resolution principles, name resolution and security, DNS security standards, securing zone transfers with Transaction Signature (TSIG), and DNS Security Extension (DNSSEC) principles, implementation, and resources.

Learning Objectives:

  • Understand DNS (Doman Name System) and its purpose.
  • Familiarity with DNS Standards documents, DNS deployment best practices and TSIG.
  • Explain DNSSEC and its origins, role and implementation.
  • Understand migrating to DNSSEC and its challenges.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analyst Systems Security Analyst
Securely Provision Systems Architecture Security Architect
+ Course Modules/Units
 
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
SiLK Traffic Analysis 7 HoursSkill Level: Intermediate 
+ Description
 

This course is designed for analysts involved in daily response to potential cybersecurity incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow and cover how to create efficient and complex queries. The course culminates with a lab where learners use their new skills to profile a network.

Learning Objectives:

  • Use of the SiLK network flow analysis tool suite to perform tasks such as querying for records related to a specific incident or indicator, creating sets of indicators for batch analysis, and leveraging network flow to provide basic network situational awareness.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Introduction to SiLK
iSiLK
What is Network Flow?
Interpreting SiLK Network Flow
SiLK Flows
SiLK Traffic Analysis Quiz 1
The SiLK Repository
Basic SiLK Tools
SiLK Traffic Analysis Quiz 2
rwfilter
rwfilter Examples
rwfilter Demo
rwfilter Continued
SiLK Traffic Analysis Quiz 3
rwcount
rwcount Demo
rwstats
rwstats Demo 1
rwstats Continued 1
rwstats Demo 2
rwstats Continued 2
rwuniq
SiLK Traffic Analysis Quiz 4
PySiLK
Python Expressions and SilkPython
SiLK Traffic Analysis Quiz 5
IP Sets
Bags
SiLK Traffic Analysis Quiz 6
Prefix Maps
Tupples
SiLK Traffic Analysis Quiz 7
rwgroup
rwmatch
SiLK File Utilities
IPv6 in SiLK
SiLK Traffic Analysis Quiz 8
Network Profiling Introduction
Software Assurance Executive Course (SAE) 10 HoursSkill Level: Intermediate 
+ Description
 

This course is designed for executives and managers who wish to learn more about software assurance as it relates to acquisition and development. The purpose of this course is to expose participants to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.

Learning Objectives:

  • Understanding of software assurance practices and challenges.
  • Advice for organizations and the future of software assurance.
  • Understanding of software supply chain risk management.
  • Awareness of agile methods and adopting software trustworthiness.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Cybersecurity Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leader
Securely Provision Software Development Software Developer
+ Course Modules/Units
 
Interview with William Scherlis: Introduction and Background
Software Assurance Challenges
Encouraging Adoption of Software Assurance Practices Through People and Incentives
The Path Toward Software Assurance: Advice for Organizations
Learning from Failure
The Future of Software Assurance
Introduction, Current Software Assurance Activities by DHS, and Current SW Assurance Environment
Managing Risks in a Connected World
A Need for Diagnostic Capabilities and Standards
Changing Behavior: Resources
Establishing a Foundation for Software Assurance
Conclusion: The Rugged Manifesto and Challenge
Introduction to Software Assurance
Software Assurance Landscape
Software Assurance Principles
Current Software Realities
Introduction to Software Assurance, Part 2
Building Security In
Microsoft Secure Development Lifecycle (MS SDL)
Requirements Engineering
Security Requirements Methods
Threat Modeling: STRIDE (used by Microsoft)
Industry Case Study in Threat Modeling: Ford Motor Company
Topic Summary
Creating and Selling the Security Development Lifecycle (SDL)
Managing the Process
Making a Difference
Introduction and Key Components of Agile Development
Traditional & Agile Acquisition Life Cycles
Common Agile Methods and Scrum - the Most Adopted Agile Method
Challenges to Agile Adoption
Suggestions for Successful Use of Agile Methods in DHS Acquisition
Agile Summary
Software Assurance, Introduction to Part 3: Mission Assurance
What Does Mission Failure Look Like?
Mission Thread Analysis for Assurance
Applying Mission Thread Analysis Example 1
Applying Mission Thread Analysis Example 2
Applying Mission Thread Analysis
Software Assurance, Introduction to Part 4: SwA for Acquisition
Software Supply Chain Challenges
Supply Chain Risk Mitigations for Products
System Supply Chains
SCRM Standards
Summary
Software Assurance in the Software Development Process and Supply Chain: Introduction
Scope of the Problem
Governance for System and Software Assurance
Strategy Solutions: System Security Engineering, Software Sustainment
Process Solutions
Introduction, History, and Current State of Software
Trustworthy Software
The UK Trustworthy Software Initiative (TSI)
Trustworthy Software Framework
Current Focus and Future Direction of UK TSI
Questions and Answers
Static Code Analysis using HPE Fortify 2 HoursSkill Level: Beginner 
+ Description
 

This course focuses on integrating static code analysis tools into the software development process from a developer's/cybersecurity professional's perspective. The course demonstrates how Fortify is used to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available.

Learning Objectives:

  • Understand how static code analysis tools work.
  • Utilize integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
  • Apply visualization tools available to developers and security professionals.
  • Participate in accreditation reporting.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Legal Advice and Advocacy Privacy Officer/Privacy Compliance Manager
Securely Provision Systems Development Systems Developer
+ Course Modules/Units
 
AppSec with HPE Product Overview and Workflow
HPE Fortify Static Code Analyzer Suite Overview
HPE Static Code Analyzer Command Line Demo
Audit Workbench Demo
Fortify SCA Process Flow
Audit Workbench Demo Continued
STIG Reporting with Audit Workbench
IDE Plugin
Questions and Answers
Fortify Priority
Software Security Center
Static Code Analysis using Synopsis Coverity 1.5 HoursSkill Level: Beginner 
+ Description
 

This course focuses on integrating static code analysis tools into the software development process. This course explains how developers can use tools such as Coverity to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available, prior to deployment.

Learning Objectives:

  • Understand how static code analysis tools work.
  • The use of integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
  • Visualization tools available to developers and security.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Legal Advice and Advocacy Privacy Officer/Privacy Compliance Manager
Securely Provision Systems Development Systems Developer
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Overview of Synopsis Software Integrity Platform
Demonstration
Questions and Answers
Closing
Supply Chain Assurance using Sonatype Nexus 2.5 HoursSkill Level: Beginner 
+ Description
 

This course focuses on integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. This course demonstrates how tools such as Sonatype can be used to evaluate the software supply chain in order to identify and remove components with known Common Vulnerabilities and Exposures (CVE) from applications in which the source code is available.

Learning Objectives:

  • Understand why software supply chain is important.
  • Utilize integrated development environment (IDE) plugins in order to identify and avoid the use of libraries, applications, tools, etc. with known CVE used by an application.
  • Apply tools to enforce organizational security policies and governance.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Legal Advice and Advocacy Privacy Officer/Privacy Compliance Manager
Securely Provision Systems Development Systems Developer
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Overview of Sonatype Success Engineering
Developer Perspective
Policies
Dashboard
Repository Manager
Questions and Answers
Success from the Start
Preparing for Deployment - Overview
Preparing for Deployment - Licenses
Preparing for Deployment - Architectural Risk
Preparing for Deployment - Evaluation
Preparing for Deployment - Policy Elements
Preparing for Deployment - Default Policy Demo
Preparing for Deployment - Policy Demo
Trusted Internet Connections 1 HoursSkill Level: Beginner 
+ Description
 

The Trusted Internet Connections (TIC) 3.0 course is designed to provide students with an overview of the modernized TIC initiative as defined by the Office of Management and Budget (OMB) Memorandum (M) 19-26 and how agencies can leverage the new TIC 3.0 guidance to secure their networks. The training also explains how the TIC 3.0 guidance can be used to securely transition to the cloud and as a pathway to implementing zero trust.

Learning Objectives:

  • Identify the goals of the modernized TIC initiative and the guidance available to help agencies.
  • Learn about how to implement the TIC 3.0 guidance and how it complements other federal initiatives.
  • Leverage the flexibilities available in TIC 3.0 to secure hybrid and cloud environments.
  • Understand how to use the TIC 3.0 guidance as a pathway to implementing zero trust.

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Risk Management (RSK) Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Architecture (ARC) Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning (SRP) Systems Requirements Planner
Securely Provision Systems Development (SYS) Information Systems Security Developer, Systems Developer
Oversee and Govern Cybersecurity Management (MGT) Information Systems Security Manager
Oversee and Govern Strategic Planning and Policy (SPP) Cyber Policy and Strategy Planner
Oversee and Govern Executive Cyber Leadership (EXL) Executive Cyber Leadership
+ Course Modules/Units
 
Module 1 - Introduction to TIC
Module 2 - How can Agencies Implement TIC?
Module 3 - TIC and Other Federal Initiatives
Module 4 - TIC and the Cloud
Module 5 - TIC the Roadmap to Zero-Trust
Understanding DNS Attacks 1 HoursSkill Level: Beginner     
+ Description
 

The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.

This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

  • Define DNS Tampering and explain common attack methods
  • Identify signs of a DNS attack
  • Learn mitigation steps for DNS attacks
  • Understand the process to recover from a DNS attack
  • Explore impacts of DNS attacks through case studies

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Data Administration Data analyst, database administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operation Specialist
Operate and Maintain Systems Administration System Administrator
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Strategic Planning and Policy Cyber policy and strategy planner; cyber workforce developer and manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Understanding DNS Attacks
Understanding Web and Email Server Security 1 HoursSkill Level: Beginner    
+ Description
 

Web and email servers are the workhorses of the Internet: we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers. Participants can request 1 CPE credit for completing this course.

This webinar includes the following information and more:

  • Attack methods: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed, or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
  • Key Guidance for Organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
  • Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
  • Incident Response overview: Key steps to identify a potential attack, mitigate damage through proper preparation and response, and recover after an attack occurs.

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from web and email server cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

  • Define web and email server infrastructure, and explain common attack methods
  • Identify signs of a potential attack
  • Learn mitigation steps for web and email server attacks
  • Understand the process to recover from a web or email server attack
  • Explore impacts of web and email server attacks through case studies

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-source analysis
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All Source Collection Manager; All Source Collection Requirements Manager
Collect and Operate Cyber Operational Planning Cyber Intel Planner; Cyber Ops Planner; Partner Integration Planner
Operate and Maintain Data Administration Data analyst, database administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Strategic Planning and Policy Cyber policy and strategy planner; cyber workforce developer and manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect; Security Architect
Securely Provision System Requirements Planning System requirements planner
+ Course Modules/Units
 
Understanding Web and Email Server Security
Windows Operating System Security 16 HoursSkill Level: Intermediate 
+ Description
 

This course focuses on the security aspects of Microsoft Windows. The class begins with an overview of the Microsoft Windows security model and some of the key components such processes, drivers, the Windows registry, and Windows kernel. An overview of the users and group permission structure used in Windows is presented along with a survey of the attacks commonly seen in Windows environments. Patching, networking, and the built-in security features of Windows such as the firewall, anti-malware, and BitLocker are all covered in light detail.

Learning Objectives:

  • Understanding of the Windows security model and its key components.
  • Introduction and best practice recommendations for using and configuring users and groups.
  • Overview of the Data Access Control technology in Windows Server 2012.
  • Survey common attacks seen in a Windows environment.
  • Understanding of the Microsoft update and patching process

Date: 2012

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration System Administrator
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Windows OS Security Course Introduction
Windows Security Module Introduction
Windows Architecture Overview
Windows Subsystems Part 1 of 2
Windows Subsystems Part 2 of 2
Windows Security Development Lifecycle
Windows API
Windows Registry
Viewing Windows Registry Demo
Windows Services Part 1 of 2
Windows Services Demo
Windows Services Part 2 of 2
Multi-tasking
Sessions, Windows Stations and Desktops
Programs and Drivers Part 1 of 2
Reviewing Drivers in Windows
Programs and Drivers Part 2 of 2
Updating Widows Drives Demo
Applications, Processes, and Threads
Buffer Overflow Protection
Authenticode Part 1 of 2
Digital Certificate Details Demo
Authenticode Part 2 of 2
Windows Action Center
Windows Users and Groups Introduction
User Account Control
Windows Users and Groups Part 1 of 2
Windows Users and Groups Part 2 of 2
Windows Interactive Logon Process
NTLM Authentication Overview
Kerberos Authentication Overview
Types of Authentication
File Permissions
Dynamic Access Controls
Threats and Vulnerabilities Introduction
OS Vulnerabilities
CVE Details Demo
CVE Samples
Misconfigurations
Password Configuration Options
Password DDOS Demo
Common Misconfigurations
CCE and the NVD Demo
Social Engineering
Viruses and Worms
Impersonation
Microsoft Updates and Patching Process Part 1 of 2
Double Decode
Microsoft Updates and Patching Process Part 2 of 2
Securing the Update Process
Update Process Circumvention
Windows Server Update Service
Internet Explorer Patching
Windows Network Connectivity
Windows Network Profiles
Windows Network Adapter Settings
Windows Wireless Settings
Windows Networking Protocols
Other Windows Protocols
Microsoft VPN Part 1 of 2
Microsoft VPN Part 2 of 2
Microsoft Network Access Protection Part 1 of 2
Microsoft Network Access Protection Part 2 of 2
How to Configure Windows Update Settings Demo
Windows Security Features Introduction
Windows Firewall
Windows Firewall Wizard Demo
Windows Firewall with Advanced Security
Windows Firewall with Advanced Security Demo
Configuring Windows Firewall Demo
Windows Defender
Windows AD and PKI Demo
Windows Active Directory Certificate Services
Windows Group Policy
Windows AppLocker
Configuring And Using App Locker Demo
Windows BitLocker
Configuring And Using Bitlocker Demo
Windows Secure Boot
Windows Security Auditing
Windows Audit Settings and Examples
SCW Introduction
Hardening Windows Introduction
Windows Templates
Microsoft Baseline Security Analyzer
Microsoft Security Configuration Wizard
Microsoft Security Compliance Manager
Hardening with Group Policy
NVD Search Demo
Other Guidelines and Recommendations
Using Windows Mgmt Intstrumentation Demo
Using The Security Config Wizard Demo
PowerShell Introduction
PowerShell Key Commands
PowerShell Demo
Administrative Functions with PowerShell
Computer and Network Management with PowerShell
Basic Scripts in PowerShell
PowerShell Security Settings and Configurations
Using Powershell Demo
Windows OS Security Quiz
Wireless Network Security (WNS) 9 HoursSkill Level: Intermediate  
+ Description
 

This course focuses on the technologies of the 802.11 family of wireless networking, including the principles of network connectivity and network security.

Learning Objectives:

  • Understand the difference between Wi-Fi and other wireless technologies.
  • Identify the major protocols within the family of 802.11 protocols.
  • Understand how radio frequency properties affect Wi-Fi network design and operation.
  • Understand the operation of enterprise Wi-Fi networks and the evolution of CAPWAP.
  • Understand the major Wi-Fi security and methods and be able to create a Wi-Fi security monitoring plan.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Securely Provision Systems Architecture Systems Architect
+ Course Modules/Units
 
Wi-Fi Communication and Security Intro
How Wi-Fi Became Ubiquitous
Wi-Fi Standards - 802.11b
Wi-Fi Standards - 802.11a
Wi-Fi Standards - 802.11g n and ac
Bluetooth Standards
WiMAX Standards
LTE HSPA EvDO Network Types
Spread Spectrum Technology
802.11 Transmissions and Wireless Channels
802.11 Data Rates
Wireless Network Topologies
Wireless Network Hardware
RF Propagation Principles
Impacts on Signal Radiation
Signal Propagation and Objects
Additional Signal Effects
Measuring Signal Strength
Signal Strength and Antennas
Wireless Coverage and Frequency Reuse
Wireless Network Design Issues
Wireless Modes and Service Sets
Wireless Authentication and Association
Wireless and Roaming 1 of 2
Wireless and Roaming 2 of 2
Enterprise 802.11 Solutions
Key Points of CAPWAP
Advantages of CAPWAP
CAPWAP Demo
802.11 Security Flaws
Fixing 802.11 Security
802.1x Authentication Protocols
Additional Issues with 802.11 Encryption
Additional 802.11 Security Measures
Other Wireless Threats
Wireless Best Practices
Wireless Network Assessment Part 1 of 2
Wireless Network Assessment Part 2 of 2
Wireless Network Security Quiz