FedVTE Course Catalog

101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
101 Coding - 5 HoursSkill Level: Basic
+ Description
 101 Coding

In this course, you will learn the basics of computer programming - how to give a machine a set of instructions to produce a desired behavior. This course provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write your own fully functional code.

Learning Objectives

  • Define programming.
  • Describe the structure and purpose of major programming paradigms.
  • Explain the difference between high-level and low-level languages.
  • Describe the uses of scripting and compiled languages.
  • State the elements of programming.
  • Explain when to use a variable in programming.
  • List basic data types.
  • State how operators are used in programming.
  • Explain why logic and flow are important in programming
  • State the purpose of programming frameworks.

Training Purpose: Securely Provision

Specialty Areas: Software Assurance and Security Engineering, Systems Development, Systems Requirements Planning, Systems Security Architecture, Technology Research and Development, Test and Evaluation

Training Proficiency Area: Level 1 - Basic

Course Date: 6/7/2017

+ Course Modules/Units
 
Coding 101 - Review
101- Critical Infrastructure Protection 2 HoursSkill Level: Basic
+ Description
 101 - Critical Infrastructure Protection

In this course, you will learn about the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.

Learning Objectives

  • Define and give examples of critical infrastructure.
  • Identify possible cyber threats to critical infrastructure.
  • Describe U.S. cybersecurity policies and programs.
  • Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.

Training Purpose: Securely Provision, Operate and Maintain, Oversee and Govern, Protect and Defend

Specialty Areas: Systems Architecture, Technology Research and Development, Systems Requirements Planning, Systems Development, Software Assurance and Security Engineering, Network Services, Systems Administration, Systems Analysis, Information Systems Security Operations, Security Program Management, Strategic Planning and Policy Development, Computer Network Defense Analysis, Computer Network Defense Infrastructure Support

Training Proficiency Area: Level 1 - Basic

Course Date: 5/19/2017

+ Course Modules/Units
 
Critical Infrastructure Protection
101 Reverse Engineering - 2 HoursSkill Level: Basic
+ Description
 101 Reverse Engineering

In this course, you will learn the basics of reverse engineering, the process of analyzing a technology specifically to determine how it was designed or how it operates. Instead of working toward building a finished product (like you would in engineering), in reverse engineering you start with a finished product and try to work backwards to determine its component parts. This course focuses on reverse engineering computer software.

Learning Objectives

  • Identify common uses for reverse engineering
  • Explain the process and methodology of reverse engineering
  • Understand some of the legal questions involved in reverse engineering.

Training Purpose: Securely Provision

Specialty Areas: Software Assurance and Security Engineering, Systems Development, Technology Research and Development

Training Proficiency Area: Level 1 - Basic

Course Date: 5/19/2017

+ Course Modules/Units
 
Reverse Engineering
Advanced PCAP Analysis and Signature Development (APA) 1 HourSkill Level: Intermediate 
+ Description
 Advanced PCAP Analysis and Signature Development (APA)

The Advanced PCAP Analysis and Signature Development (APA) course takes users through an introduction to rules, goes over example syntax, protocols and expressions. This course contains several supporting video demonstrations as well as lab exercises writing and testing basic rules.

Training Purpose: Analyze, Protect and Defend
Specialty Areas: Cyber Defense Analysis, Cyber Defense Infrastructure Support, All Source Analysis, Cyber Operations
Training Proficiency Area: Level 2 - Intermediate

+ Course Modules/Units
 
Advanced Pcap Analysis And Signature Development
Packet Protocol Dns
Introduction To Rules
Examples Of Sourcefire Rules
Sourcefire Rule Syntax - Protocols
Sourcefire Rule Syntax - Message And Matching
Lab Exercise Writing And Testing Basic Rules
Lab Exercise Writing And Testing Basic Rules Video
Lab Exercise Writing And Testing Basic Rules Continued
Lab Exercise Continued
Regular Expressions
Editing A Poor Rule
How To Write An Ipv4 Regular Expression
Lab Exercise Writing Regular Expression
Lab Exercise Writing Regular Expression Continued
Malware Analysis Reports (Mar)
Demonstration of Mar 131751 Report
Demonstration Of Mar Report Continued
Lab Exercise Writing Rules From Malware Analysis Reports
Lab Exercise Writing Rules From Malware Analysis Reports Continued
Advanced Windows Scripting 6 HoursSkill Level: Basic 
+ Description
 This course focusses on advanced concepts for writing scripts for the Microsoft Windows operating system. The course covers how to string multiple commands together in traditional BATCH scripts as well as leverage Visual Basic Scripting (VBS) to perform more complex tasks, and includes reinforcing video demonstrations and final assessment. Training Purpose: Securely Provision, Operate and Maintain

Specialty Areas: Software Development, Systems Administration, Systems Analysis, Customer Service and Technical Support

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Advanced Windows Scripting Introduction
Windows BATCH Scripting Overview
Windows BATCH Advanced Syntax Part 1 of 2
Windows BATCH Advanced Syntax Part 2 of 2
Windows Scripting Advanced Uses of FOR
Windows Scripting Syntax Tips and Tricks
Windows Scripting CALL and START Demo
Windows Scripting Subroutine Demo
Windows Scripting SET Demo
Windows Scripting PUSHD and POPD Demo
Manipulating In_Outputs
Stringing Multiple Commands Together
FOR Loop Generating List Demo
FOR Loop Recursive Listing Demo
Taking Action Based on Content of Output
Action Based on Content Output Demo
Scripts in Typical Penetration Testing Tasks Part 1 of 2
Scripts in Typical Penetration Testing Tasks Part 2 of 2
Visual Basic Scripting Syntax and Usage
Visual Basic Scripting Merge Demo
VBS Elements_Structure
VBS Elements_Variables, Arguments, and Conditionals
VBS Elements_Loops
VBS Elements_Functions and Operators
VBS Windows Scripting Host
VBS Elements_File I_O
VBS Windows Scripting Demo
VBS Error Handling and Troubleshooting
Visual Basic for Applications
Visual Basic for Application Elements
Visual Basic for Applications Working with Applications
VBA Working with Applications Demo
VBA Error Handling and Troubleshooting
VBA Error Handling and Troubleshooting Demo
Advanced Windows Scripting Quiz
Analysis Pipeline 6 HoursSkill Level: Intermediate  
+ Description
 This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to help the student better understand how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases

Training Purpose - Protect and Defend, Collect and Operate, Operate and Maintain

Specialty Areas - Network Services, Cyber Operations, Cyber Defense Analysis

Training Proficiency Area: Level 2 - Intermediate

+ Course Modules/Units
 
Introduction
Configuration Files
Running Pipeline
Logical Schematics
Pipeline and Timing and State
Alerts
Configuration File Basics
Filters
Filters (Exercises and Solutions)
Evaluations
Evaluations (Exercises and Solutions)
Statistics
Internal Filters
List Configurations
Configuration File Basics (Exercises and Solutions)
Threshold Examples
Special Evaluations
Building an Analytic
Server Profiling Analytic
Host Discovery Analytic
Advanced Configurations
NTP Anomalies
Unknown SSH Brute Force
Choose Your Own Adventure
ICMP Surveying: Thinking it Through
ICMP Surveying: Building it Out
DDoS Detection: Thinking it Through
DDoS Detection: Building it Out
SSH Compromise: Thinking it Through
SSH Compromise: Building it Out
Analysis Pipeline 5
EC-Council Certified Ethical Hacker (CEHv9) Self-Study Prep 31 HoursSkill Level: Advanced  
+ Description
 

The CEHv9 certification prep self-study course helps prepare students to sit for the EC-Council Certified Ethical Hacker version 9 certification exam. This course contains materials to aid the student in broadening their knowledge of advanced network assessment techniques including enumeration, scanning and reconnaissance. Updates to v9 from v8 include several new tools and new module on cloud considerations. Topics include reconnaissance, hacking laws, web application hacking, social engineering, packet capture, and scanning. The course then moves on to exploitation of several types of threats and how to cover your tracks, concluding with a practice exam.

Learning Objectives

  • Review of the domains and published objectives of the CEHv9
  • Supplemental resource for preparation for the EC-Council CEHv9 certification exam

Training Purpose: Operate and Maintain, Protect and Defend, Analyze

Specialty Areas: Systems Analysis, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management, Threat Analysis

Training Proficiency Area: Level 3 - Advanced

Capture Date: 2016

+ Course Modules/Units
 
Certified Ethical Hacker v9 Intro
Ethical Hacking Intro and Security Reports
Security Reports Statistics
Ethical Hacking Terminology
IR in Ethical Hacking
Laws and Regulations
Ethical Hacking and Threats
Types of Attacks and Attack Vectors
Hacking Phases and Vul Research
Reconnaissance
Passive Footprinting
DEMO: WHOIS with BackTrack
Passive WHOIS Queries
Google Hacking
Active Footprinting
DEMO: Nslookup Example
Active Footprinting Cont
DEMO: Active Footprinting with Traceroute
Network Mapping and Web Mirroring
Active Footprinting Countermeasures
Scanning Essentials
Scanning Essentials Continued
Port Scanning
Vulnerability Scanning
DEMO: Banner Grabbing with Telnet
Covert Scanning
DEMO: Scanning with Nmap Demo
Additional Covert Scanning
Enumeration Overview Part 1 of 2
Enumeration Overview Part 2 of 2
Enumeration Tools
Operating System Account Enumeration
Protocol Enumeration
DEMO: NetStat Enumeration and Countermeasures
Authentication Techniques
Microsoft Authentication
Password Cracking
Password Cracking Techniques
Privilege Escalation
DEMO: Rainbow Table Lookup Sites
Keyloggers
Spyware and Activity Monitoring
Packet Sniffing Attacks
Rootkits
Covert Hacking
Covering Tracks
Virus Examples and Symptoms
Virus Classifications and Characteristics
Virus Types and Terminology
Virus Making Tools
Famous Worms
Trojan Terminology and Techniques
Trojans and Backdoors
DEMO: Shell Connections via Netcat and BackTrack
Trojan Analysis
DEMO: Trojans and Rootkits
Malware Countermeasures and Tools
DEMO: Strings Analysis
Other Malicious Code Types
Sniffers Terminology and Overview
Network Overview for Sniffer Placement
Basic Packet Analysis
DEMO: Viewing ARP Packets with Packet Builder
Attacks and Protocols Vulnerable to Sniffing
Spoofing and Flooding Sniffing Attacks
MITM Attacks Ports Vul to Sniffing
Wireshark Overview and Examples
Evasion in Network Sniffing
Sniffing Countermeasures and Tools
DEMO: Hping3
DEMO: Wireshark
Social Engineering Background and Examples
Human-based Social Engineering
Additional Human-based SE
Computer Based Social Engineering
Computer-Based SE - Social Networking
Mobile-based Social Engineering
SE and Identity Theft Countermeasures
DEMO: Social Engineering Toolkit Demo
Denial of Service Part 1 of 2
Denial of Service Part 2 of 2
Categories of Denial of Service
DEMO: HW and Mobile DoS Options
Buffer Overflow Terminology and Background
DEMO: Stack Overflow Testing wil OllyDbg
Session Hijacking Overview and Examples
Cross Site Scripting and Other Session Attacks
Session Hijacking Techniques
IPSec and Session Hijacking
Hacking Webservers Terminology and Background
Webserver Architecture
Webserver Hacking Tools
Web Server Attacks
OWASP Top 10
Webserver Hacking Countermeasures
SQL and Command Injection Web App Hacking
Non SQL Injection Errors
Parameter and Form Tampering Web App Hacking
Cross-site Scripting and Obfuscation Web App Hacks
Cross-Site Request Forgery and Cookies
Web Application Methodology
Web App Attack Tools and Countermeasures
Buffer Overflow Tools and Countermeasures
DEMO: BurpSuite
DEMO: XP cmdshell Demo
SQL Terminology and Example Statements
SQL Enumeration
SQL Injection Attacks
SQL Injection Tools and Countermeasures
DEMO: SQL Injection
Wireless Terminology and Standards
Wireless Terminology and Antennas
Wireless Authentication
Wireless-based Attacks
Wireless Attack Methodology
Wireless Attack Methodology Continued
WEP WPA and Other Wireless Attacks
Bluetooth Communication Basics
Wireless Protocols and Signal Modulation
DEMO: SSID and Channels
DEMO: WiFi Analyzer Using Mobile Device
Wireless Hacking Tools and Countermeasures
Mobile Platform Overview
Mobile Device Operating Systems
Hacking Mobile Platforms
IDS Overview and Detection Methods
DEMO: Published Snort Rules
Firewalls and Honeypots
Firewall Configurations
Signs of Intrusions
Evasion Techniques
IDS Evasion Techniques
Evasion Testing Techniques
DEMO: Intrusion Signs
Cryptography Background and Terminology
Crypto Keys and Algorithms
SHA and TLS Algorithms
DEMO: Hashing with MD5 Sum
Crypto Keys and Algorithms Continued
Cryptography Implementations
Public Key Infrastructure (PKI)
Cryptanalysis Techniques
Cryptanalysis Tools
Cryptographic Attacks
Steganography Tools
Security Testing and Assessments
Penetration Testing Terminology
Risk Management and Penetration Testing
Penn Testing Phases and Methodology
Penetration Testing Walkthrough
Penetration Testing Tools
DEMO: Exploits with Armitage
DEMO: Intro to Armitage
DEMO: v3 RunningExploitFrom Code
Introduction to Cloud Computing
Cloud Security
Cloud Architectures
Cloud Testing Tools
Cloud Threats and Attacks
CEHv9 Prep Practice Exam
CDM Module 1 : Overview 2 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course provides a high level overview of the CDM program. Topics covered include basic CDM concepts, how CDM relates to NIST 800-53 and other NIST SPs, CDM Concept of Operations, the CDM Environment, and CDM’s Phases and Capabilities.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the CDM program?
What problem does CDM address?
How does the CDM program support Departments and Agencies
Why does CDM focus on Automation?
What is the CDM "Desired State" Specification?
What is the Actual State?
What is a Defect Check?
What is an Assessment Object?
What is a Defect instance?
What is an Object Container?
What is a CDM Security Capability?
How Do 800-53 Controls Map to CDM Security Capabilities?
How do I use the CDM Security Capabilities to Improve Security?
How does CDM relate to NISTs 800-53 Catalogue of Controls?
How does CDM relate to NISTs 800-53 Suggested Control Assessment Methods?
How does CDM relate to NISTs guidance on ISCM (800-137)?
How does CDM relate to NIST guidance on Risk Management 800-30 and 800-39?
How does CDM relate to NISTs RMF?
How does CDM operate in a department or agency?
What is the CDM Concept of Operations?
Where does the "Desired State" Specification come from?
What does the actual state concept in CDM mean for our department or agency?
Where does the Actual State Data come from?
How does CDM discover defects?
How does Scoring work with CDM and how am I affected?
How does CDM know who is responsible for fixing defects?
Will the CDM "System(s)" be A&Aed?
How will CDM sensors affect my Network(s)? Performance? Security?
What are CDM shared services?
Why is CDM divided into phases?
How do the security capabilities fit into phases?
What are the Phase 1 capabilities?
What are the Phase 2 capabilities?
What are the Phase 3 capabilities?
What does the CDM D/A Dashboard provide?
How Does the CDM D/A Dashboard Work with Other D/A Dashboards?
How Do I Get the Information My D/A Needs from the CDM D/A Dashboard?
CDM Module 2: Hardware Asset Management 1 HourSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining Hardware Asset Management (HWAM) and why it is critical to the implementation of a robust cybersecurity program. The training highlights the criteria for monitoring and managing hardware assets using CDM. It then transitions into HWAM implementation criteria and discusses the generic CDM concept of operations specific to HWAM. Topics covered include Actual State, Desired State, and Defects.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is Hardware Asset Management (HWAM)?
What Are the Purpose and Results?
What Types of Attacks Does HWAM Thwart for Our Organization?
What Objects Does HWAM Assess?
How Does the HWAM Concept of Operations (CONOPS) work?
How Does HWAM Relate to Other Phase 1 Capabilities?
What HWAM Roles and Responsibilities Will My Organization Implement?
How Does an Organization Use the HWAM Capability?
What Techniques Are Used to Search for HWAM Devices?
What Types of Data Does the HWAM Actual State Collect?
What Types of Data Are Used to Identify Network Addressable Devices?
How Do Agencies Get Desired State Specification Data for the HWAM Capability?
What Types of Data Does the HWAM Desired State Specification Collect?
Can Agencies Specify How to Group Results?
What Are the HWAM Defect Checks?
Which HWAM Defect Checks Are at the Federal Level?
Which HWAM Defect Checks Are at the Local Level?
CDM Module 3: Software Asset Management 1.5 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining SWAM and why it is critical to the implementation of a robust cyber-security program. It covers new roles and responsibilities which the department or agency (D/A) must implement. It then transitions into SWAM implementation criteria, and discusses the generic CDM concept of operations specific to SWAM Actual State, Desired State, and Defects. It includes high level discussions of software lists (white, gray, black) and how software can be identified and tracked in CDM through the use of Common Platform Enumeration (CPE) and Software Identification (SWID) tags by Software package down to executables.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the Software Asset Management (SWAM) Capability?
What Purpose Does SWAM Serve?
What Types of Results Will SWAM Accomplish?
What Types of Attacks Does SWAM Thwart?
What Objects Does SWAM Assess?
How Does the SWAM Concept of Operations (CONOPS) Work?
How Does SWAM Relate to Other Phase 1 Capabilities?
How Does SWAM Block Many Zero Day and APT Attacks?
What Techniques Are Used to Search for SWAM Devices?
How Does CDM Identify Software Products and Executables?
How Does CDM Use Digital Fingerprints?
What Is a Whitelist?
How Do I Use a Software Whitelist?
What Is a Graylist?
How Do I Use a Software Graylist?
What Is a Blacklist?
How Do I Use a Software Blacklist?
What Does Locational Whitelisting Mean to Me?
What Is a Trust Library and How Does SWAM Use It?
How Is Desired State Specification Determined for Mobile Code in CDM?
How Does SWAM Use Hashes?
How Does SWAM Use Common Platform Enumeration (CPE)?
How Does SWAM Use Software IDs (SWIDs)?
What Are the SWAM Defect Checks?
Which SWAM Defect Checks Are at the Federal Level?
Which SWAM Defect Checks Are at the Local Level?
What Mitigation Options Might My Department or Agency Use with SWAM?
CDM Module 4: Configuration Settings Management .5 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by outlining the Cyber Security Manager position (CSM) and highlighting the types of attacks CSM can help prevent. It then transitions into CSM methods and criteria, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how CSM builds upon the other capabilities and how defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Configuration Settings Management Security Capability?
What Types of Results Will CSM Accomplish?
How Does CSM Thwart Attacks?
What Objects Does the CSM Security Capability Assess?
How Does CSM Work?
How Does HWAM and SWAM Support CSM?
What Methods Will CSM Use to Determine Actual State Information?
What Elements Does the Organization Require to Define the Actual State?
How Does CSM Define the Desired State?
What Methods Will CSM Use to Determine Desired State?
What Is a Common Configuration Enumeration (CCE)?
What Is a CSM Defect Check?
Which CSM Defect Checks Are at the Federal Level?
Which CSM Defect Checks Are at the Local Level?
CDM Module 5: Vulnerability Management .5 HoursSkill Level: Basic  
+ Description
 The course aims to help the student better understand how vulnerability management (VULN) identifies the existence of vulnerable software products in the boundary to allow an organization to mitigate and thwart common attacks that exploit those vulnerabilities.

The course begins by defining VULN, how it applies to the target environment, and how a fully implemented VULN capability impacts a Department or Agency. It then transitions into VULN criteria and methods, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how VULN builds upon the other capabilities areas, the types of defects, and how those defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Vulnerability Management (VULN) Capability?
What Is a CVE (Common Vulnerabilities and Exposures)?
What Is a CWE (Common Weakness Enumeration)?
What Types of Results Will VULN Accomplish?
How Can VULN Thwart Attacks?
What Types of VULN Objects Are Assessed?
How Does the VULN Capability Work?
How Does VULN Relate to SWAM?
How Will My Organization Use the VULN Capability?
What Methods Will VULN Use to Determine Actual State?
What Is the CDM Actual State?
How Does VULN Define the Desired State?
What Methods Will VULN Use to Determine Desired State?
What Is the National Vulnerability Database (NVD)?
What Are the VULN Defect Checks?
Which VULN Defect Checks Are at the Federal Level?
Which VULN Defect Checks Are at the Local Level?
CDM Dashboard Course 1 HourSkill Level: Basic
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to familiarize the student with operational concepts of the CDM Dashboard, prior to using it in a production environment.

Training Purpose: Skill Development

Specialty Areas: Computer Network Defense Analysis, Computer Network Defense, Infrastructure Support, Incident Response, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Capture Date:

2017
+ Course Modules/Units
 
CDM Dashboard Course - Monolith Version
Cisco CCENT Self-Study Prep 13 hoursSkill Level: Intermediate
+ Description
 The Cisco CCENT Prep course is a self-study resource for learners preparing for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. Students will also be introduced to configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. The course includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.

Training Purpose: Operate and Maintain

Specialty Areas: Network Services, Systems Administration, Systems Analysis, Customer Service and Technical Support

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2015

+ Course Modules/Units
 
Switched Networks Part 1 of 2
Switched Networks Part 2 of 2
Collisions and Broadcasts
DEMO: Viewing an ARP Table
Basic Switch Configuration
SSH Operation and Configuration
Configuring Switch Ports
Switch Troubleshooting
Securing a Switch
Best Practices for Switched Networks
DEMO: Making an RJ-45 Cable
VLAN Segmentation Part 1 of 2
VLAN Segmentation Part 2 of 2
VLAN Implementations
VLAN Security and Design
DEMO: Configuring VLANs
DEMO: Demonstrating VLAN Connectivity
Functions of a Router Part 1 of 2
Functions of a Router Demo
Functions of a Router Part 2 of 2
Configuring Basic Router Settings
DEMO: IPv4 and IPv6 Subnetting
Basic Router Settings_IPv6 and Loopback Interfaces
Verifying Connectivity of Directly Connected Networks
Switching Packets Between Networks
Routing Tables and Protocols
DEMO: IPv6 Header Analysis
DEMO: MAC Address Table
DEMO: IPv4 Addresses and Router Interfaces
DEMO: IPv6 Addressing on Router Interfaces
Inter-VLAN Routing Configuration
Layer 3 Switching
Static Routing
Configure Static Routing
Classful Addressing and Routing
Configuring Summary Routes
Troubleshooting Static and Default Routes
DEMO: Static Routing
Dynamic Routing Protocol Operation
Routing Protocol Operating Fundamentals
Types of Routing Protocols
Types of Distance Vector Routing Protocols
Configuring the RIP Protocol
RIPng and Link-State Routing
DEMO: RIP Version 1 and IPv4
DEMO: RIP Version 2 Improvements
DEMO: Setting up RIP for IPv6
Characteristics of OSPF
OSPF Messages
OSPF Router IDs
Configuring and Verifying OSPF
OSPFv2 versus OSPFv3
DEMO: Configuring OSPF
DEMO: Troubleshooting OSPFv2
DEMO: Configuring OSPFv3
DHCPv4 Operation
Configuring and Troubleshooting DHCPv4
DEMO: DHCPv4
SLAAC and DHCPv6
Stateless and Stateful DHCPv6
DEMO: Stateless DHCPv6
NAT Characteristics and Benefits
Types of NAT
Configuring Static and Dynamic NAT
Configuring PAT and Port Forwarding
DEMO: Enabling IPv4 NAT
Configuring and Troubleshooting NAT for IPv6
CCENT Prep Practice Exam
Cloud Computing Security 1 HourSkill Level: Intermediate 
+ Description
 This course provides an in-depth look at the strengths and weaknesses of cloud computing security as well as the considerations to take in choosing the cloud as a data management solution. Technical and operational risks are explained, along with strategies to mitigate the aforementioned risks. To demonstrate concepts learned, the course closes with a real-world example of how a government agency (Defense Information Systems Agency) utilizes cloud computing solutions.

Training Purpose: Securely Provision, Operate and Maintain

Specialty Areas: Systems Analysis, Network Services, Systems Requirement Planning

Training Proficiency Area: Level 2 - Intermediate

Course Capture Date: 2010

+ Course Modules/Units
 
What is Cloud Computing?
Technical Risks
Operational Risks
Risk Mitigation Strategies
Cisco CCNA Security Self-Study Prep 15 Hours Skill Level: Intermediate
+ Description
 The Cisco CCNA Security Self-Study Prep course is aimed at those who already have experience with routers and basic level networking skills, and those who may be interested in taking the Cisco CCNA Security exam. Content covered in the CCNA Security Prep course include protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. Students will get a theoretical understanding of network security, knowledge and skills designed to implement it. This self-study resource contains several reinforcing video demonstrations and final exam.

Training Purpose: Operate and Maintain

Specialty Areas: Network Services, Systems Administration, Systems Analysis, Customer Service and Technical Support

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2015

+ Course Modules/Units
 
Securing Network Devices
Secure Administrative Access Part 1 of 2
Secure Administrative Access Part 2 of 2
DEMO: Securing Router Access Methods
Role-Based CLI Overview
Password Recovery
Management Reporting and Logging Considerations
Implementing Log Messaging for Security
Configuring NTP
Disabling Unused Cisco Router Network Services and Interfaces
AAA Authentication Methods
Implementing Local AAA Authentication
Implementing Server-Based AAA Authentication
Cisco Secure ACS
Configuring Server-Based AAA Authentication
Server-Based Authorization and Accounting
Implementation Firewall Technologies
Access List Controls (ACLs)
Extended ACLs and ACL Caveats
ACL Placement
Complex ACLs
Troubleshooting ACLs
Securing Networks with Firewalls
Zone-Based Policy Firewalls
CCP Firewall Wizard and Manual ZPF using CCP
DEMO: Enabling IOS Firewall
Implementing Intrusion Prevention Intro
IPS Signatures
Signature Trigger and Action for IPS
Managing and Monitoring IPS
Configuring and Verifying IOS IPS
Securing the Local Area Network Intro
Layer 2 Security Part 1 of 2
Layer 2 Security Part 2 of 2
Mitigating MAC Spoofing and MAC Table Overflow Attacks
Mitigating STP Manipulation
Configuring Storm Control
Mitigating VLAN Attacks
Configuring Cisco Switch Port Analyzer
Private VLAN Edge
Advanced Technology Security Considerations
Wireless Networks
VoIP and SAN Networks
DEMO: Enabling STP with Voiceover
Cryptographic Systems and Hashes
Encryption and Confidentiality
Public Key Cryptography and PKI
VPN Terminology and Topologies
IPSec Frameworks and Key Exchange
IPSec Tasks
Configuring IPsec VPN using CCP
Remote-Access VPNs
Managing a Secure Network and Addressing Risks
Operations Security
Network Security Testing
Continuity Planning
SDLC
Security Policy
ASA Models and Features
Basic ASA Configuration and Settings
Introduction to ASDM
ASA Objects and Object Groups
ACLs for ASA
ASA and NAT
ASA and PAT
ASA AAA
Modular Policy Framework
ASDM Service Policies Demo
ASA VPN Features
ASDM AnyConnect VPN Wizard
DEMO: ASA Console Config
DEMO: ASA GUI Config
DEMO: ASA Traffic Management
CCNA Security Prep Practice Exam
CMaaS Overview 0.5 HoursSkill Level: Basic
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how Continuous Monitoring as a Service (CMaaS) relates to the Continuous Diagnostics and Mitigation (CDM) program.

Training Purpose: Protect and Defend

Specialty Areas: Cyber Defense Analysis, Cyber Defense Infrastructure Support, Incident Response, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Course Capture Date: 2016

+ Course Modules/Units
 
Lesson 1 - Continuous Diagnostics and Mitigation (Video)
Lesson 2 - The Problem (Infographic)
Lesson 3 - How CDM Phase 1 Capabilities Support CDM Goals (Infographic)
Lesson 4 - How CDM Phase 1 Capabilities Work Together (Infographic)
Lesson 5 - CDM Phase 1 Capabilities Scope (Infographic)
Lesson 6 - Overview of Continuous Monitoring as a Service (Video)
Lesson 7 - How the CDM Capabilities Were Defined
Lesson 8 - ISCM Policy and Guidance Timeline
CMaaS Technical Overview Course 0.5 HoursSkill Level: Basic
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how Continuous Monitoring as a Service (CMaaS) will be implemented in DHS Component networks.

Training Purpose: Skill Development

Specialty Areas: Computer Network Defense Analysis, Computer Network Defense Infrastructure Support, Incident Response, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2017

+ Course Modules/Units
 
Lesson 1: CMaaS Technology Stack Overview (Video)
Lesson 2: Central Management Enclave Firewall Requirements (Infographic)
Lesson 3: Component Management Enclave Firewall Requirements (Infographic)
Lesson 4: Hardware Sensors Firewall Requirements 1 of 2 (Infographic)
Lesson 5: Hardware Sensors Firewall Requirements 2 of 2 (Infographic)
Lesson 6: Software Sensors Firewall Requirements (Infographic)
Lesson 7: Considerations for Initial CMaaS Deployment (Infographic)
Lesson 8: CMaaS Deployment Overview (Infographic)
CMaaS Transition Classroom Sessions 5 HoursSkill Level: Basic 
+ Description
 This course is part of the CMaaS transitional webinar series conducted via WebEx. Each video focuses on a single tool within the CMaaS solution stack, and includes two major Use Cases for each tool.

Training Proficiency Level: Level 1 - Basic

Capture Date: 2018

+ Course Modules/Units
 
Session 1
Session 2
Session 3
Session 4
New Course OfferingCompTIA A+ 220-901 Certification Prep 12 HoursSkill Level: Basic
+ Description
 The CompTIA A+ 901 certification prep course is a self-study resource to help students prepare for the CompTIA A+ certification exam. The A+ exam covers both 220-901 and 220-902 objectives. Topics covered in the 901 prep include maintenance and configuration of PCs and devices, basics of networking, troubleshooting software and hardware issues, and customer support. Learning objectives:
  • Provide a review of the four knowledge area domains in the CompTIA A+ 220-901 exam objectives.
  • Supplemental self-study preparation resource for the CompTIA A+ certification exam.
  • Understand the basics of device installation, troubleshooting, and customer support.
Training Purpose: Skill Development Specialty Areas: (Operate and Maintain) Customer Service and Technical Support, Network Services, System Administration Training Proficiency Area: Level 1 - Basic
+ Course Modules/Units
 
CompTIA A+ 220-901 Prep Course Introduction
Computing System Components
Central Processing Unit (CPU)
Sockets and Processing
Virtualization and Temperature Monitoring
DEMO: CPU Characteristics and Installation
RAM Basics and Types of RAM
Upgrading and Installing RAM
DEMO: RAM Installation and Verification
BIOS Components, Configurations and Settings
DEMO: BIOS Overview
Motherboard Form Factor, Chipset and Components
Motherboard Expansion Slots and Card Installation
Installing New Motherboard
Power Supply and Connectors
Display Types and Features
Display Connector and Cable Types
Hard Drive Basics
Hard Drive RAID Types
Hard Drive Interfaces
DEMO: Hard Drive Installation and Initializing
DEMO: Software Virtualization
Common Peripheral Devices
Removable Media
Audio/Video Standards
PC Configurations
DEMO: Inside Desktop Computer
Printer Types
Printer Languages and Installation
Printer-Scanner Maintenance and Troubleshooting
SOHO Network
Fiber and Coaxial Cables and Connectors
Patch Panels, Ethernet Standards and LAN
IP Address, Ports and Protocols Part 1 of 3
IP Address, Ports and Protocols Part 2 of 3
IP Address, Ports and Protocols Part 3 of 3
Wireless Networks and WiFi Standards
Configuring a SOHO Network
Network Types
Network Devices: Routers
Network Devices: Hubs, Switches and Firewalls
Hardware Tools for Connectivity Issues
Laptops and Mobile Devices
Laptop Expansion Options, Docking and Locks
Laptop Hardware Replacement
Laptop Special Functions and Features
DEMO: Laptop Computer Components
Characteristics of Various Mobile Device Types
Mobile Device Ports and Accessories
Network Troubleshooting Process
Troubleshooting Hardware, Video, Networks and OS
DEMO: Troubleshooting Hard Drives
Network Troubleshooting Methodology
DEMO: Troubleshooting Network Issues
Troubleshooting Common Video and Display Issues
CompTIA A+ 220-901 Prep Practice Exam
New Course OfferingCompTIA A+ 220-902 Certification Prep 8.5 HoursSkill Level: Basic
+ Description
 The CompTIA A+ 902 certification prep course is a self-study resource to help students prepare for the CompTIA A+ certification exam. The A+ exam covers both 220-901 and 220-902 objectives. Topics covered in the 902 prep installation and configuration of devices and software, networking and security basics, troubleshooting and diagnosing issues, as well as operational procedures. Learning objectives:
  • Provide an overview of the five knowledge area domains in the CompTIA A+ 220-902 exam objectives.
  • Supplemental self-study resource for the CompTIA A+ certification exam
  • Understand the basics of device configuration, networking, and applying troubleshooting theory.
Training Purpose: Skill Development Specialty Areas: (Operate and Maintain) Customer Service and Technical Support, Network Services, System Administration Training Proficiency Area: Level 1 - Basic
+ Course Modules/Units
 
CompTIA A+ 220-902 Prep Course Introduction
Microsoft Operating System Versions
Upgrading Windows Operating Systems
Windows Operating System Features Part 1 of 2
DEMO: File Structure and Paths
DEMO: Creating and Managing Disk Folders
Windows Operating System Features Part 2 of 2
Windows OS Installation Options
Windows Command-line Tools Part 1 of 2
DEMO: Windows Command-Line Tools
Windows Command-line Tools Part 2 of 2
DEMO: Windows OS GUI Tools Part 1 of 2
DEMO: Windows OS GUI Tools Part 2 of 2
Windows OS GUI Tools Best Practices
Windows Networking and Resource Sharing
DEMO: Image Backup and Restore on Windows
DEMO: Linux Commands
Best Practices and Common Features of OS X
Introduction to Cloud Computing
Cloud Architectures
Network Services and Protocols
Mobile Device Security Introduction
Mobile Device Security Introduction Cont.
Android Introduction
Android Security
Android Application Security
DEMO: Installing Antivirus
File System for iOS Devices
Understanding the Basics of iOS
Understanding iOS Security Architecture
iOS Jailbreaking
Malware and Social Engineering Threats
Threats to Physical Security
Physical Security Considerations
Infrastructure Physical Security
Laptop Security
TEMPEST
Physical Security Access Controls
Biometric Access Control Devices
Authentication
DEMO: Windows Hidden File Properties
Symptoms, Troubleshooting and Preventing Infection
Mobile Device Security Best Practices
Data Destruction and Disposal Methods
SOHO Network
PC Troubleshooting Tools
Troubleshooting Common Symptoms of System Issues
Troubleshooting System Crash and Failure-to-Boot
Troubleshooting Mobile Device Issues
Safety Procedures and Personal Safety
IT Environmental Controls
Incident Response Concepts
Intellectual Property and Licensing
Professional Communication and Troubleshooting
CompTIA A+ 220-902 Prep Practice Exam
CompTIA Advanced Security Practitioner (CASP) CAS-002 24 HoursSkill Level: Advanced
+ Description
 

The CompTIA CASP certification prep course prepares students to sit for the CompTIA Advanced Security Practitioner CAS-002 certification exam by covering technical knowledge and skills required in designing and engineering secure solutions in enterprise environments. A broad spectrum of security disciplines are discussed to help with critical thinking when considering secure enterprise solutions and managing risk.

Learning Objectives

  • Provide review of the 5 CASP CAS-002 exam domains
  • Supplemental preparation for the CompTIA CASP CAS-002 exam

Training Purpose: Functional Development

Specialty Areas: Network Services, System Administrator, System Security Analysis

Training Proficiency Area: Level 2 and 3 - Intermediate/Advanced

Capture Date: 2016

+ Course Modules/Units
 
Configuration Strategies w/ Spec Compon
Cryptographic Terms and Implementations
Cryptographic Tools and Techniques Part 1 of 2
Cryptographic Tools and Techniques Part 2 of 2
Hybrid Encryption in SSL Demo
Encryption Limitations and Key Length Part 1 of 2
Encryption Limitations and Key Length Part 2 of 2
DEMO: Volume and File Encryption
Hash Functions and Algorithms
Digital Signatures
Digital Certificate Elements
CAs and Public Key Infrastructure
Origins For Cryptographic Standards
Virtual Networking
Intro to Virtualized Computing Part 1 of 2
Intro to Virtualized Computing Part 2 of 2
VLANs and Switching
Storage Types and Considerations
Enterprise Storage
Enterprise Storage Connection Terms
Enterprise Storage and RAID
Securing iSCSI and FCoE and Managing Storage
Network Security Concepts
Network Zones and Remote Access
NW Components Routers and Firewalls Part 1 of 2
NW Components Routers and Firewalls Part 2 of 2
NW Components Intrusion Detection Systems
Networked-based IDS and IPS Deployment
Securing Wireless Part 1 of 2
Securing Wireless Part 2 of 2
DMZ Components
Web Services Concepts
Web Servers and DNS
Securing DNS Best Practices
Proxy Servers and SMTP Relay
NAT and PAT
Infra Design : Firewalls and Proxies
Infra Design : IDS and IPS
Infra Design : Syslog and SIEMs
Infra Design : Switch and Router Security
Infra Design : VPNs and SNMP
SCADA Environments
Application Security : VTC and VoIP
Application Security : Databases and Web Services
Application Security : IPv6
Physical Security Concerns and Controls
Host Security Controls Part 1 of 2
Host Security Controls Part 2 of 2
Web Application Security Design
DEMO: Whitelisting and Blacklisting
Specific Application Issues
Client side vs Server side Processing
Analyzing Business Risk
Risk Management in New Business Models
Risk Mitigation Strategies and Controls
Security Impact of Inter Organizational Change
Calculating Risk Exposure
Incident Response Concepts
Incident Response and Recovery Process
Privacy Policy and Procedures Part 1 of 2
Privacy Policy and Procedures Part 2 of 2
Assessment Tools
Assessment Methods
Assessment Methodologies
Cybersecurity Benchmarks
Security Metrics
Situational Awareness
Analyzing Industry Trends Part 1 of 3
Analyzing Industry Trends Part 2 of 3
Analyzing Industry Trends Part 3 of 3
Applying Analysis to Improve Enterprise Security Part 1 of 4
Applying Analysis to Improve Enterprise Security Part 2 of 4
Applying Analysis to Improve Enterprise Security Part 3 of 4
Applying Analysis to Improve Enterprise Security Part 4 of 4
Integrating Enterprise Disciplines Part 1 of 2
Integrating Enterprise Disciplines Part 2 of 2
Security Controls for Communication and Collaboration
Adv Authentication Tools and Techniques
Software Development Models
System Dev Life Cycle and CS
IT Governance
Cloud based Deploy Models
Cloud Security
Identity Management
Securing Virtual Environments Part 1 of 3
Securing Virtual Environments Part 2 of 3
Securing Virtual Environments Part 3 of 3
Enterprise Storage Advantages and Security Measures
Enterprise Network Authentication Part 1 of 2
Enterprise Network Authentication Part 2 of 2
CompTIA CASP CAS-002 Prep Practice Exam
New Course OfferingCompTIA Cybersecurity Analyst (CySA+) Prep 12.5 HoursSkill Level: Intermediate  
+ Description
 The CompTIA Cybersecurity Analyst (CySA+) self-study certification prep course is designed to help prepare candidates to sit for the CySA+ exam, as well as reinforce concepts for work roles such as Systems Security Analyst, Threat Analyst, and Vulnerability Assessment Analysts. This intermediate-level course focuses on analysis and defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies. They CySA+ is an approved baseline certification of the DoD Directive 8570.
Learning objectives:
  • Provide a review of the following four skills: threat management, vulnerability management, security architecture and tool sets, and cyber incident response.
  • Supplemental self-study preparation resource for the CompTIA CySA+ exam.
  • Understand how to configure and use threat detection tools, perform data analysis, identify vulnerabilities, threats and risks, and secure and protect applications and systems within an organization.
Training Purpose: Skill Development
Specialty Areas: (Protect and Defend, Operate and Maintain, Securely Provision) Vulnerability Assessment and Management, Systems Analysis, Cyber Defense Analysis
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2018
+ Course Modules/Units
 
CySA Course Introduction
Reconnaissance
Port Scanning for Active Reconnaissance
Environmental Reconnaissance Tools
Social Engineering for Reconnaissance
Network Mapping for Active Reconnaissance
Syslog
Reviewing Alerts/Detecting Attack Phases
Common Tasks in Environmental Reconnaissance
Environmental Reconnaisannce Variables
Basic Packet Analysis
Methods of Network Traffic Analysis
Network Traffic Analysis
Netflows
Working with Netflows
Netflow Tools
Examining Log Files
Data Correlation and Analytics
Analyzing Device Data
SIEM
DEMO: Wireshark Packet Analyzer
Hardening Network Devices
Network Segmentation and Design
Honeypot
Endpoint Security
Windows Group Policy
Access Control Models
Remote Authentication - Radius and Tacacs+
Hardening Host and Networked Systems
Compensating Controls
Corporate Penetration Testing
Reverse Engineering Purpose and Practice
Team Training and Exercises
Risk Evaluation and Security Controls
Vulnerability Assessment Introduction
Vulnerability Management Requirements
Vulnerability Scanner Configuration
Vulnerability Assessment Tools
Scanning and Enumeration with Nmap
Intro to Vulnerability Scanning with Nessus
Vulnerability Remediation
Scanning and Report Viewing with OpenVAS
Endpoint and Protocol Analysis
Logging Strategies and Sources
Reviewing, Analyzing and Correlating Logs
Network Vulnerabilities
System Vulnerabilities
Web Application Vulnerabilities
Wireless Network Vulnerabilities
Virtual Infrastructure Vulnerabilities
Threats to Mobile Devices
ICS and SCADA Systems Security
Malware and Social Engineering Threats
Preparing for Impact Analysis
Forensics Kit and Incident Response
Forensic Investigation Suite
Setting Up an Analysis Environment
Communication During Incident Response
Common Symptoms of Host Infection
Incident Response and Recovery Part 1 of 2
Incident Response and Recovery Part 2 of 2
Regulatory Compliance and Frameworks
Control Selection Tailoring and Implementation
Verification and Quality Control
Procedures Supporting Policy
Enterprise Network Authentication Part 1 of 2
Enterprise Network Authentication Part 2 of 2
Cross-site Scripting and Other Exploits
Privilege Escalation Exploit
Technical Processes and Controls
Software Development Models and SDLC
Code Review and Testing
Secure Coding Best Practice Resources
Preventative Cyber Tools
Collective Cyber Tools
Analytical Cyber Tools
Exploit Cyber Tools
Forensics Cyber Tools
CySA Prep Practice Quiz
New Course OfferingCompTIA Network+ N10-007 18 HoursSkill Level: Basic
+ Description
 This Network+ prep course is a self-study resource designed to help students prepare to sit for the CompTIA Network+ 10-N007 certification exam. The Network+ certification is focused on IT infrastructure and networking concepts for junior to mid-level IT professionals in the cyber workforce. Topics covered include network operations, security, troubleshooting and tools, and well as infrastructure support.

Learning Objectives:

  • Design and implement a functional network
  • Configure, manage and maintain network security, standards and protocols
  • Troubleshoot network issues
  • Create and support virtualized networks

NICCS Specialty Areas:

  • Operate and Maintain
  • Network Services
  • System Administration
  • Customer Service and Technical Support

Training Purpose: Skill Development

Training Proficiency Area: Level 1- Basic

+ Course Modules/Units
 
Net+N100-007 Introduction
Ports and Protocols Part 1 of 2
Ports and Protocols Part 2 of 2
OSI Layers
Properties of Network Traffic
VLANs and VTP
Routers and Routing Protocols
Routing Tables and Types
IP Addressing – IPv6
Traffic Filtering and Port Mirroring
Network Performance Optimization
IP Addressing Components
Subnetting
Network Topologies
Technologies that Facilitate IOT
Wireless Standards Part 1 of 2
Wireless Standards Part 2 of 2
DEMO: Wireless Architecture
Introduction to Cloud Computing
Cloud Security
DNS Service
Dynamic Host Configuration Protocol (DHCP)
Ethernet Standards
Cables and Wires
Cable Termination and Fiber Optic
DEMO: Cables and Connectors
Firewall Implementations
Network Components – Hubs and Switches
DEMO: Contrasting Hubs, Switches,VLANS
Router Setup and MAC Filtering
Installing and Configuring Wireless Networks
SOHO Network
Telephony, VoIP
Network Security Appliances IDS
Advanced Security Devices
Virtual Environments
Network Storage Connection Types
Network Storage and Jumbo Frames
Wide Area Network Technologies
Configuration Management Documentation
Business Continuity and Disaster Recovery
Fault Tolerance and Availability Concepts
Maintainability: MTTR and MTBF
Security Device and Technology Placement
DEMO: Introduction to SNMP
Network Access Security
Remote Access Methods
Operations Policies and Best Practices
Mobile Device Deployment Models
Physical Security Devices
Authentication Services
PKI Public Key Infrastructure
Examples of PKI Use
Network Access Control
Wireless Encryption and Authentication
DoS and MITM Attacks
Wireless Threats and Mitigation
Understanding Insider Threat
DEMO: Malware and Social Engineering Threats
Hardening Network Devices
Switch Loop Protocol
Network Segmentation and Design
Honeypot
Corporate Penetration Testing
Network Troubleshooting Methodology
Hardware Tools for Connectivity Issues
Software Tools for Connectivity Issues
DEMO: NSlookup Dig Google Toolbox
Physical Connectivity Problems
Cable Troubleshooting
Wireless Troubleshooting
Troubleshooting Routers and Switches
Technologies that Facilitate IOT
Network+ N10-007 Exam
New Course OfferingCompTIA Security+ (SY0-501) Certification Prep 17.5 HoursSkill Level: Basic 
+ Description
 The CompTIA Security+ (SY0-501) Certification Prep is a self-study resource to help candidates prepare for the Security+ (SY0-501) certification exam. The topics covered are categorized into the six domain areas of the SY0-501 exam objectives: Threats and Vulnerabilities, Technology and Tools, Architecture and Design, Identity and Access Management, Risk Management, and Cryptography.

Learning Objectives:
  • Supplemental preparation for the CompTIA Security+ SY0-501 Certification Exam
  • List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities
  • Explain how various tools and technologies are configured or deployed to support an organization's security posture
  • Detail risk management best practices and mitigation strategies
NICCS Specialty Areas:
  • Systems Analysis (Operate and Maintain)
  • Systems Administration (Operate and Maintain)
  • Network Services (Operate and Maintain)
  • Vulnerability Assessment and Management (Protect and Defend)
Training Purpose Skill Development
Training Proficiency Area Level 1- Basic
+ Course Modules/Units
 
Security+ (SY0-501) Course Introduction
Malware: Viruses
Malware: Rootkits, Trojans, Botnets
MITM, DoS, Packet Flooding and Other Attacks
Backdoor, Spoofing, Replay and Other Attacks
Password, Birthday, Crypto and Application Attacks
Social Engineering Techniques
Wireless Attacks
Application Attacks
Threat Actors
Assessment Tools and Techniques
Active and Passive Reconnaissance
Security Testing and Assessment
Firewall Implementations
Proxy Server Implementations
Hubs and Switches
Routers and Routing Protocols
Remote Access and VPNs Part 1 of 2
Remote Access and VPNs Part 2 of 2
Network Intrusion Detection Systems
Host-Based Intrusion Detection Systems
Password Cracking Categories and Tools
Password Cracking Techniques
DEMO: Local Information Gathering Tools
DEMO: Network Connectivity Testing Tools
DEMO: Remote Information Gathering Tools
Mobile Device Security
Mobile Device Deployment
Network Security Protocols
Network Services and Protocols
Frameworks and Reference Architectures
Network Zones
Demilitarized Zones (DMZ) Implementations
Security Device and Technology Placement
Host Security: OS Hardening and Firewalls
Host Security: Anti Virus, Malware and Spam
Host Security: Pop Ups and Patch Management
Secure Static Environment
Secure Staging Deployment Concepts
Cloud and Virtualization Concepts
Cloud Architectures
Host Security: Virtualization
Resiliency and Automation to Reduce Risk
Physical Security and Environmental Controls
Access Control Categories
Authentication Services
Access Control Models
Authentication and Authorization Concepts
Biometric Authentication
Account Management
Identity Management
Security Awareness and Training
Risk and Related Concepts
Risk and Asset Identification
Threat and Risk Calculation
Risk Control Types
Security Control Types and Categories
Basic Forensics Procedures
Incident Handling and Forensics
Incident Response Preparation
Risk Management: Business Continuity
Risk Management: Redundancy and Fault Tolerance
Risk Management: Disaster Recovery
Risk Mitigation Strategies
Data Security
Data Destruction and Disposal Methods
Data Sensitivity and Handling
Mitigation and Deterrence: Logging
Mitigation and Deterrence: Hardening
Mitigation and Deterrence: Network Security
Mitigation and Deterrence: Attack Countermeasures
Cryptography Part 1 of 2
Cryptography Part 2 of 2
Wireless Security Evolution
Wireless Security Best Practices
Cryptographic Keys and PKI
Security+ (SY0-501) Certification Prep Exam
New Course OfferingCyber Awareness Challenge 2019 1 hourSkill Level: Basic
+ Description
 This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of, and stay up-to-date on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure, and stay abreast of changes in general cybersecurity policies.
+ Course Modules/Units
 
Cyber Awareness Challenge
New Course OfferingCryptocurrency for Law Enforcement 2 hoursSkill Level: Basic
+ Description
 Cryptocurrency for Law Enforcement

This course covers the history, risks and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.

Learning Objectives:

  • Define cryptocurrency and compare it to traditional currency
  • Describe the history of cryptocurrency
  • State the elements of a cryptocurrency transaction and their roles
  • Describe safety measures taken to protect cryptocurrency
  • Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement
  • Evaluate apps and websites that could be linked to cryptocurrency
  • Compare degrees of anonymity of various cryptocurrencies
  • Compare legal and illegal uses of cryptocurrency
  • Evaluate the legality of different cryptocurrency scenarios
  • Identify notable cases of illegal uses of cryptocurrency found in recent headlines

Training Purpose: Investigate

Specialty Areas: Cyber Investigation, Digital Forensics

Training Proficiency Area: Level 1 - Basic

Course Date: 2/27/2019

+ Course Modules/Units
 
Introduction to Cryptocurrency for Law Enforcement
Cyber Risk Management for Technicians 11 HoursSkill Level: Basic 
+ Description
 This course presents the concept of managing cyber risk from a technical perspective. An overview of cyber risk management opens the class, followed by foundational material on conducting a risk assessment of considerations such as threats, vulnerabilities, impacts, and likelihood. Various technical methods for conducting a risk assessment are presented, to include vulnerability assessments and penetration tests, with a focus on continuous monitoring of security controls and how to assess those security controls using the National Institute of Standards and Technology Special Publication 800-53 and 800-53a as a guide.

Training Purpose: Skill Development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development

Training Proficiency Area: Level 1 - Basic

Capture Date: 2013

+ Course Modules/Units
 
Cyber Risk Management for Technicians Course Intro
Risk Management and NIST SP 800-30
Tiers of Risk Management
Terms Associated with Risk Management 1 of 2
Terms Associated with Risk Management 2 of 2
Risk and Operational Resilience
Risk Management Components and Outcomes
NIST SP 800 30 Risk Assessment
NIST SP 800 30 Risk Mitigation
NIST SP 800 39 Risk Management Guidelines
NIST SP 800 37 Risk Management Framework
OCTAVE Risk Based Assessment Methodology
CERT Resilience Management Model
Overview of Assessing Risk
Determining Critical Assets and Operations
Threat Analysis Overview
Critical Assets and Threats
Determining Impact and Risk Analysis
Security Testing and Assessment Methodologies
Vulnerability Assessments vs Penetration Testing
Risk Assessment Tools
Information Categorization
Security Controls and NIST SP 800 53
Control Selection Tailoring and Implementation
Management Control Examples
Operational Control Examples
Technical Control Examples
Assessing A Tech Control Solution Demo
Installing Cyber Tech Control Demo
Continuous Monitoring Concepts 1 of 2
Continuous Monitoring Concepts 2 of 2
Continuous Monitoring and Log Management
Network Monitoring Control Examples
Process of Assessing Security Controls
Developing Security Assessment Plans
Conducting Security Control Assessments
Security Controls Post Assessments
Assessing Security Control Examples
Detecting Network Changes: Syslog
Detecting Network Changes : Swatch and OSSEC
Analyzing NW Changes : Creating a Baseline
Analyzing NW Changes : Host Integrity
Analyzing Host Characteristics
Best Practices for Detecting NW Changes
Update Mgmt with MBSA Demo
Log Analysis with Syslog and Swatch
Determining and Managing Risks
Managing Risk : Cost Benefit Analysis
Vulnerability Remediation
Vulnerability Management Systems
Intro to Vul Scanning with Nessus Demo
Cyber Risk Mgmt for Technicians Course Exam
New Course OfferingCyber Fundamentals for Law Enforcement Investigations 8 HoursSkill Level: Intermediate 
+ Description
 

This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.

Learning objectives:

  • Describe essential computing communication concepts
  • Identify digital evidence sources and handling
  • Apply techniques to examine applications for target information

Training Purpose: Skill Development

Specialty Areas: Threat Analysis, Digital Forensics, Investigation

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2017

+ Course Modules/Units
 
Cyber Investigation Course Intro
Cyber Crimes versus Traditional Crimes
Cyber Laws Overview
Logical and Physical Addresses
Dissecting a Data Packet
How Computers Connect
IP Addresses and Domain Names
IP Addresses
Domain Naming
NSlookup Dig Google Toolbox
Digital Artifacts Basics
Site Survey and Collection
Determining Sophistication
Time Standardization
Requesting Digital Forensic Artifacts
Footprinting
Handling Untrusted or Unknown Files
Setting Up an Analysis Environment
Examining Images
Intro to Encryption
Detecting Encryption
Malware Awareness
Malware Propagation
Malware History
Remote Access
Understanding Insider Threat
Introduction to Peer-to-Peer
Advanced IP Tunneling Overview
TOR versus Traditional Tunneling
Iodine IP over DNS
Email Analysis
Phishing Message Analysis
Online Auctions
Open Source Searches Using Facebook
Open Source Searches Using Twitter
Google FU
Cyber Investigations Exam
Domain Information Lookup
Examining EXIF Data and Images
Computing and Comparing Hash Values
File Search Techniques
Open Source Twitter Searches
Cyber Risk Management for Managers 6 HoursSkill Level: Basic 
+ Description
 Cyber Risk Management for Managers covers key concepts, issues, and considerations for managing risk from a manager’s perspective. Discussions include identifying critical assets and operations, a primer on cyber threats and how to determine threats to your business function, mitigation strategies, and response and recovery.

Training Purpose: Skill Development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development, Training

Training Proficiency Area: Level 1 - Basic

Capture Date: 2012

+ Course Modules/Units
 
Overview of Risk Management
Risk and Business Impact Analysis
Operational Resilience and Risk
Outcomes of Risk Management
NIST SPs and Risk Assessment Process
NIST SP 800-30 Risk Mitigation Steps
NIST SP 800-39 and 800-37
OCTAVE and OCTAVE Allegro
CERT-RMM and SSE CMM
Critical Assets and Ops : Identifying
Critical Assets and Ops : Prioritizing
Asset Criticality Demo
Identifying Assets Lab
Cyber Risk : Common Threats Part 1 of 2
Cyber Risk : Common Threats Part 2 of 2
Cyber Risk and Mobile Devices
Cyber Risk and Cloud Computing
Common Threat Controls and Countermeasures
Identifying Threats and Their Impact
Identifying Sources of Vulnerabilities
Impact Analysis and Threat Scenario
Assessing Impact : Risk Analysis
Risk Mitigation and Managing Risks
General Risk Mitigation Strategies
Control Methods Overview
Common Technical Controls Part 1 of 2
Common Technical Controls Part 2 of 2
Common Physical Controls
Common Administrative Controls
Classes of Security Controls
Selecting Security Controls
Security Controls and Federal Guidelines
Implementing Security Measures
Mitigation Strategy Maintenance
Security Testing and Assessment
Response and Recovery
Phases of Incident Response
IR Phase 1 : Preparation
IR Phase 2 : Detection and Analysis
IR Phase 3 : Containment
IR Phase 4 : Eradication
IR Phase 5 : Recovery
IR Phase 6 : Lessons Learned
BCP and Procedures
DRP and Procedures
DRP : Backups and Alternate Sites
Using RT-IR for Incident Response
Cyber Risk Management Quiz
Cyber Security Investigations 9 HoursSkill Level: Basic  
+ Description
 This course discusses the basic concepts of cyber security and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques and tools in support of cyber security investigations.

Training Purpose: Skill Development

Specialty Areas: Digital Forensics, Cyber Operations, Incident Response, Investigation

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Purpose of Computer and Network Forensics
Digital Forensics Tools
Forensics Team Staffing Considerations
Digital Forensics Guidelines, Policies, and Procedures
Digital Forensics Life Cycle
Digital Forensics Best Practices
Digital Forensics Concepts
Locard's Exchange Principle
Incident Response Phases Part 1 of 3
Incident Response Phases Part 2 of 3
Incident Response Phases Part 3 of 3
Computer Forensics Process Part 1 of 2
Computer Forensics Process Part 2 of 2
Digital Forensic Planning and Preparation
IR and Digital Forensics Tools
Forensically Prepared Media, Tools and Equipment
Incident Response Information Gathering
Incident Response Acquisition Considerations
Incident Response Notes and Documentation
Auditing Windows Event Logs
Volatile Data Collection
Storage Media Collection
Network Data Collection
Log Collection
Data Carving using FTK
Digital Forensic Triage Overview
Incident Triage Process
Incident Triage Methodology
Attacker Methodology Overview Part 1 of 3
Attacker Methodology Overview Part 2 of 3
Attacker Methodology Overview Part 3 of 3
Triage: Light and General Collections
Triage Analysis
Triage Analysis of Volatile Data
Program Execution
Analyzing Services
Malware Vectors and Detection
Mobile Device Triage Analysis
IR: Following a Trail
Hash and File Signature Analysis
Time Analysis
Registry Analysis
File Analysis Demonstration
Hashing with md5deep
Hash Analysis with Autopsy
Lessons Learned from an Incident
Lessons Learned from Objective and Subjective Data
Evidence Retention and Information Sharing Post Incident
Cyber Security Investigations Exam
Cyber Security Overview for Managers 6 HoursSkill Level: Basic
+ Description
 

Cybersecurity Overview for Managers is designed for managers and other stakeholders who may be involved in decision making regarding their cyber environment but do not have a strong technical background. Discussions will not focus on specific technologies or implementation techniques, but rather cybersecurity methodologies and the framework for providing a resilient cyber presence. The course aims to help managers better understand how people and devices work together to protect mission critical assets and more effectively evaluate their cyber posture.

Training Purpose: Skill development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development


Training Proficiency Area: Level 1 - Basic

Capture Date: 2012

+ Course Modules/Units
 
Cyber Security Overview Course Introduction
Key Concepts in Cyber Security Part 1 of 2
Key Concepts in Cyber Security Part 2 of 2
Cyber Security Role in Culture, Vision, and Mission
Roles and Responsibilities in Cyber Security Part 1 of 2
Roles and Responsibilities in Cyber Security Part 2 of 2
Cyber Security Governance
Cyber Security and Federal Guidelines
Impact and Limitations of Laws
Threat Actors
Common Threats to Cyber Security Part 1 of 2
Common Threats to Cyber Security Part 2 of 2
Mobile Security and Mobile Threats
Cyber Security and Cloud Computing
Controls, Countermeasures, and Cyber Security
Risk Management Overview
Determining Critial Assents and Processes
Asset Criticality Demo
Risk and Threats and Vulnerabilities
Determining Risk and Impact
Risk Mitigation Strategy
Risk Assessment Methodologies
Incident Handling and Business Continuity
Business Continuity Plans and Procedures
Disaster Recovery Plans and Procedures
Cyber Security Overview Course Quiz
New Course OfferingCyber Supply Chain Risk Management 2 HoursSkill Level: Basic   
+ Description
 The purpose of this course is to educate the learner about cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will teach learners how to securely provision, analyze, oversee and govern, protect and defend a supply chain.

Objectives:

  • Describe product supply chains and life cycles
  • Identify the role of adversaries in supply chain risk management
  • Define the risks associated with supply chains
  • State the principles of supply chain management
  • Identify security measures taken to protect a supply chain
  • Apply suggested tools to address supply chain vulnerabilities
  • Explain how knowledge of the "internet of things" (IOT) is used to evaluate products as IOT devices
  • Recognize potential dangers posed by various devices brought to work
  • Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR)
  • Define how to personally safeguard your organization’s cybersecurity

Training Purpose: Securely Provision, Analyze, Oversee and Govern, Protect and Defend

Specialty Areas Risk Management, Software Development, Systems Development, Systems Requirements Planning, All-Source Analysis, Exploitation Analysis, Targets, Threat Analysis, Cybersecurity Management, Program/Project Management and Acquisition, Strategic Planning and Policy, Cyber Defense Analysis, Cyber Defense Infrastructure Support

Training Area: Level 1 - Basic

Capture Date: 2019
+ Course Modules/Units
 
Supply Chain Risk Management
Demilitarized Zone (DMZ) with IDS/IPS 9 HoursSkill Level: Intermediate 
+ Description
 This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. Best practices for designing and implementing a DMZ is followed with a section on IDS and IPS systems that includes an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.

Training Purpose: Skill development

Specialty Area: Computer Network Defense Infrastructure Support, Network Services, Systems Security Analysis, System Administration

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2013

+ Course Modules/Units
 
Demilitarized Zone (DMZ) Introduction
DMZ Architecture
DMZ Components: Firewalls Part 1 of 2
DMZ Components: Firewalls Part 2 of 2
Setting up a DMZ using IPTables Demo
DMZ Components: IDS
DMZ Components: IDS/IPS Placement
DMZ Components: Proxy Servers
DMZ Components: Network Servers
DMZ Architectures
Attacking the DMZ Part 1 of 2
Attacking the DMZ Part 2 of 2
DMZ Attack Types Part 1 of 2
DMZ Attack Types Part 2 of 2
DMZ: Open Source vs Commercial Implementations
DMZ: Software Subscription Services
Open Source DMZ Tools Part 1 of 2
Open Source DMZ Tools Part 2 of 2
Proxy Concepts
DNS Concepts
Web Server Concepts
E-mail Relay and VPN Concepts
DMZ and Commercial Software - Part 1
DMZ and Commercial Software - Part 2
Security Capabilities in a DMZ
Security Capabilities in Procmail Demo
Network Security Appliances IDS
Snort Intro and Overview
Using BASE w Snort DB
Snort Demo
Log Mgmt and Analysis Concepts
SYSLOG Basics
Using Swatch Overview
Log Management Best Practices
Proxy and DNS Log File Concepts
Analyzing Proxy and DNS Log Files
DMZ with IDS/IPS Course Quiz
DB Evaluations using AppDetectivePro and dbProtect 1.5 HoursSkill Level: Basic
+ Description
 This course introduces students to basic database security concepts and methodology. The course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage or unauthorized modification of data.

Training Purpose: Skill development

Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation

Training Proficiency Area: Level 1 - Basic

+ Course Modules/Units
 
Importance of Databases Security
Databases Security Methodology
AppDetectivePRO Overview
DbProtect Overview
DbProtect Deployment Model
DbProtect Features
DbProtect Demonstration
Dynamic Testing using HPE WebInspect 1.5 hoursSkill Level: Basic
+ Description
 This course introduces students to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect in order to perform and manage dynamic security vulnerability testing and address results from both a developer and cyber security professional perspective.

Training Purpose: Skill development

Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation

Training Proficiency Area: Level 1 - Basic

Capture Date: 2014

+ Course Modules/Units
 
Application Security
WebInspect Dynamic Analysis
Installing WebInspect
Run a WebInspect Scan
WebInspect Demonstration
Policy Manager Demonstration
Default Settings Demonstration
Reports
Application Settings and Tools
Comparing Scans
Testing in a Closed versus Open Network
WebInspect Agent, Web Services
DNSSEC Training Workshop 2 HoursSkill Level: Advanced
+ Description
 This course covers the basics of DNSSEC, how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.

Training Purpose: Skill development

Specialty Areas: Enterprise Architecture, Network Services, System Administration

Training Proficiency Area: Level 3 - Advanced

Capture Date: 2015

+ Course Modules/Units
 
DNSSEC Introduction
DNS Resolution Steps
DNS Vulnerabilities and Security Controls
DNSSEC Mechanisms
DNS Resource Records (RR)
Special DNS Resource Records
DNS Zone Signing
Secure DNS Zone Configuration-DNSSEC Key Generation
Prepare the DNS Zone File for Signing
Signing the DNS Zone file
Publishing a signed zone
Testing a signed zone
Testing a signed zone through a validator
DNSSEC Chain of Trust
Setting Up A Secure Resolver
Adding a trusted key
Securing the last hop
ZSK Rollover
Using pre-published keys
KSK Rollover
Conclusions
New Course OfferingThe Election Official as IT Manager 4 HoursSkill Level: Basic  
+ Description
 In this course, you will learn why Election Officials must view themselves as IT systems managers, and be introduced to the knowledge and skills necessary to effectively function as an IT manager. The course includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The course also covers Social Media and Website best practices, vulnerabilities, and liabilities, and will also address Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, the course also includes a review of resources available to the election community from the Department of Homeland Security.

Training Purpose: Management Development

Specialty Areas: Cybersecurity Management, Incident Response, Risk Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2018

+ Course Modules/Units
 
Professionalizing Election Admin Intro
Being an IT Manager
Election Systems
Technology and the Election Office
Procuring IT
Testing and Audits
Election Security
Principles of Information Security
Physical Security
Cybersecurity and Elections
Human Security
Risk Management and Elections
Incident Response Scenarios and Exercises
Phishing and Elections
DDOS Attacks and Elections
Website Defacing
Election Infrastructure Security
DHS Cyber Security Tools and Services
EAC Resources
Emerging Cyber Security Threats 12 HoursSkill Level: Intermediate  
+ Description
 This course covers a broad range of cyber security elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. This course will cover what policy is, the role it plays in cyber security, how it is implemented, and cyber security laws, standards, and initiatives. Topics include cyber security policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.

Training Purpose: Skill Development

Specialty Areas: System Administration, Technology Demonstration, Vulnerability Assessment and Management, Strategic Planning and Policy Development, Cyber Threat Analysis

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2010

+ Course Modules/Units
 
Introduction to Cybersecurity Policy
Types of Security Policy
Policy Education and Implementation
Cybersecurity Laws
Proposed Legislation
NIST Cybersecurity Standards
Other Cybersecurity Standards
Comprehensive National Cybersecurity Initiatives (CNCI)
Other Federal Cybersecurity Initiatives
Implementing Cybersecurity Initiatives
SPAM
Malware Trends
Botnets
Monetization
Cyber Attack Profiles
Cyber Crime
Cyberwarfare
Cyber Attack Attribution
Cyber Threat Mitigation
Mobile Device Trends
Mobile Device Threats
Mobile Device Countermeasures
Exploited Threats
What is Cloud Computing?
Technical Risks
Operational Risks
Risk Mitigation Strategies
DISA Cloud Solutions
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
IPv6 Concepts
IPv6 Threats
IPv6 Network Reconnaissance
DEMO: IPv6 Network Reconnaissance
IPv6 Network Recon Mitigation Strategies
IPv6 Network Mapping
DEMO: IPv6 Network Mapping
IPv6 Network Mapping Mitigation Strategies
IPv6 Neighbor Discovery
DEMO: IPv6 Address Assignment
IPv6 Attacks
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Attack Mitigation Strategies
IPv6 Tunneling
IPv6 Windows Teredo Tunneling
IPv6 Tunneling Mitigation Strategies
IPv6 Best Practices
Foundations of Incident Management 10.5 HoursSkill Level: Basic 
+ Description
 This course provides an introduction to the basic concepts and functions of incident management. The course addresses where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.

Learning Objectives:

  • Explain the role of incident management
  • Distinguish between incident management and incident handling
  • Outline the incident handling lifecycle
  • Identify key preparations to be established to facilitate incident handling
  • Distinguish between triage and analysis
  • Identify the basic steps in response
Training Purpose: Functional Development

Specialty Areas: Computer Network Defense Analysis, Incident Response, Threat Analysis

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Foundations of Incident Management Course Intro
Framing The Need For Incident Management
Incident Management Terms and Processes
Institutionalizing Incident Management Capabilities
Stakeholders in Incident Management
CERT and Other’s Perspective on Threats and Trends
Incident Management Terminology
Incident Management Attack Classes and Actors
Incident Management Malware and DoS Examples
Incident Management Prevention, Detection, and Response
Incident Handling Lifecycle - Prepare
Incident Handling Information
Analyzing Attack Information
Incident Management Monitoring Tools
Incident Management Detection Process
Process to Support Incident Detection and Reporting
What is Situational Awareness?
Non Technical Elements of Situational Awareness
Technical Elements of Situational Awareness
Using Sensors for Requirements Gathering
Incident Handling Lifecycle: Analysis
Incident Handling Lifecycle: Triage
Questions Addressed in Triage
Objectives of Incident Analysis
Tasks of Incident Analysis Part 1 of 2
Tasks of Incident Analysis Part 2 of 2
Data Sources for Analysis
Examples of Data Sources for Analysis
Incident Analysis Exercise Scenario
Preparing For Impact Analysis
Conducting Impact Analysis
Response and Recovery Part 1 of 2
Response and Recovery Part 2 of 2
Mission of the Response Process
Coordinating Response Part 1 of 2
Coordinating Response Part 2 of 2
Sample Attack Mitigations
Benefits and Motivations of Information Sharing
Methods of Information Sharing
Data Models for Information Sharing
STIX/TAXII Protocol
Foundations of Incident Handling Course Summary
Foundations of Incident Management Course Exam
Introduction to Threat Hunting Teams 1.5 hoursSkill Level: Basic  
+ Description
 This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.

Training Purpose: Skill development

Specialty Areas: Computer Network Defense Analysis, Threat Analysis, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2016

+ Course Modules/Units
 
Defining Threat Hunting
Examples and Goals of Threat Hunting
Differences Between Hunt Teams and Other Cyber Teams
Threat Landscape
Types of Threat Modeling
Hunting Methods on Networks
Teaming and Automation Example
Threat Hunting Teams Course Exam
Introduction to Investigation of Digital Assets 4 HoursSkill Level: Basic
+ Description
 This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.

Training Purpose: Skill development

Specialty Areas: Digital Forensics, Cyber Investigation

Training Proficiency Area: Level 1 - Basic

Capture Date: 2012

+ Course Modules/Units
 
Investigations of Digital Assets
Exercise Setup
Exercise Debrief
What is an Investigation with Digital Assets?
Digital Investigation Process
Preparation Phase
Data Collection Phase
Data Analysis Phase
Findings Presentation Phase
Incident Closure Phase
Digital Investigation Process Summary
Introduction to Artifact Analysis
Artifact Analysis Capabilities
Artifact Analysis Process
Surface and Comparative Analysis Process
Surface and Comparative Analysis Process-Continued
Runtime Analysis Process
Static Analysis Process
Sample Analysis: Runtime
Sample Analysis: Static
Malware Analysis Summary
Analysis Exercise
Introduction to Windows Scripting 4 HoursSkill Level: Basic
+ Description
 This course focusses on writing scripts for the Microsoft Windows operating system. It covers fundamentals and syntax for automating administrative and security monitoring tasks. The course will present the basics of Windows BATCH scripting syntax and structure, along with several Windows command line utilities to harness the powerful capabilities built into Windows.

Training Purpose: Functional Development

Specialty Areas: Network Services, System Administration, Systems Security Analysis

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Scripting Basics Overview
Windows BATCH Scripting Basics
Windows BATCH Scripting_Variables
Windows BATCH Scripting_Loops
Windows BATCH Scripting_Functions
Windows Script Error Handling and Troubleshooting
Windows Script Best Practices and Examples
Windows Scripting Demo
Scripting for Penetration Testing
Windows Scripting Utilities_xcopy
Windows Scripting Utilities_findstr
Windows Scripting Utilities_net Commands
xcopy Examples Demo
WMI and WMIC
PowerShell Commands
PSExec
Windows Management Instrumentation Demo
Intro to Windows BATCH Quiz
IPv6 Security Essentials Course 5 HoursSkill Level: Advanced 
+ Description
 This Internet Protocol version 6 (IPv6) Security Essentials course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.

Training Purpose: Skill development

Specialty Area(s): Enterprise Architecture, Network Services, System Administration, Computer Network Defense Infrastructure Support, Systems Security Analysis

Training Proficiency Level: Level 3 - Advanced

Capture Date: 2015

+ Course Modules/Units
 
IPv6 Introduction
IPv6 Adoption
DEMO: IPv6 Network Reconnaissance
IPv6 Addressing Part 1 of 2
IPv6 Addressing Part 2 of 2
IPv6 Packet Header
DEMO: IPv6 Header Analysis
ICMPv6
IPv6 Address Assignment
DEMO: IPv6 Address Assignment
IPv6 Web Browsing
IPv6 Transition Mechanisms Part 1 of 2
IPv6 Transition Mechanisms Part 2 of 2
DEMO: IPv6 Tunneling
IPv6 Security Concerns
DEMO: IPv6 Network Mapping
IPv6 Security Mitigation Strategies
DEMO: IPv6 Network Monitoring Tools
IPv6 Ready
IPv6 Security Essentials Key Takeaways
DEMO: IPv4 and IPv6 Subnetting
DEMO: IPv6 Addressing on Router Interfaces
DEMO: Setting up RIP for IPv6
DEMO: Configuring OSPFv3
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Security Essentials Quiz
New Course OfferingISACA Certified Information Security Manager (CISM) Prep 11 HoursSkill Level: Intermediate  
+ Description
 The ISACA Certified Information Security Manager (CISM) certification prep self-study resource helps prepare candidates to sit for the management-focused CISM exam, and strengthens students information security management expertise through in-depth lecture topics, reinforcing demonstrations, and practice exam. The course includes concepts from the four job practice areas of the 2017 CISM certification: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.
Learning Objectives:
  • Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
  • Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
  • Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
  • Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response and recovery capabilities.
Training Purpose: Skill Development
NICCS Specialty Areas:
  • Cybersecurity Management (Oversee and Govern)
  • Systems Analysis (Operate and Maintain)
  • Program/Project Management and Acquisition (Oversee and Govern)
  • Vulnerability Assessment and Management (Protect and Defend)

Training Proficiency Area: Level 2- Intermediate
+ Course Modules/Units
 
CISM Course Introduction
IS Governance Domain Overview
Information Security (IS) Management
Importance of IS Governance Part 1 of 2
Importance of IS Governance Part 2 of 2
IS Management Metrics
ISM Strategy Part 1 of 2
ISM Strategy Part 2 of 2
Elements of IS Strategy
IS Action Plan for Strategy
DEMO: Key Goal, Risk, Performance Indicator
Risk Management Overview and Concepts
Risk Management Implementation
Risk Assessment: Models and Analysis
DEMO: Calculating Total Cost of Ownership
DEMO: Recovery Time Objective (RTO)
Compliance Enforcement
Risk Analysis: Threat Analysis
IS Controls and Countermeasures
Other Risk Management Considerations Part 1 of 2
Other Risk Management Considerations Part 2 of 2
DEMO: Cost Benefit Analysis
Information Security Program Development
Information Security Program Management
Outcomes of Effective Management
IS Security Program Development Concepts
Scope and Charter of IS Program Development
IS Management Framework
IS Framework Components
IS Program Roadmap
Organizational Roles and Responsibilities
Information Security Manager Responsibilities
Other Roles and Responsibilities in IS
Information Security Program Resources
IS Personnel Roles and Responsibilities
IS Program Implementation Part 1 of 2
IS Program Implementation Part 2 of 2
Implementing IS Security Management Part 1 of 2
Implementing IS Security Management Part 2 of 2
Measuring IS Management Performance
Common Challenges to IS Management
Determining the State of IS Management
Incident Management and Response
Incident Management Part 1 of 2
Incident Management Part 2 of 2
IMT IRT Members
Incident Response Planning Part 1 of 2
Incident Response Planning Part 2 of 2
DEMO: Phishing Emails
DEMO: Incident Management Workflow
Recovery Planning Part 1 of 2
Recovery Planning Part 2 of 2
DEMO: RTIR Incident Response Tool Part 1 of 2
DEMO: RTIR Incident Response Tool Part 2 of 2
CISM Practice Exam
(ISC)2 (TM) CAP Certification Prep Self Study 2014 11 HoursSkill Level: Intermediate 
+ Description
 This certification prep course is designed to help prepare students for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam as well as strengthen their knowledge and skills in the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. The course includes a practice exam.

Training Purpose: Skill development

Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2014

+ Course Modules/Units
 
CAP Course Introduction
Risk Management Approach to Security Authorization
Risk Management Framework Steps
Risk Management Framework Phases
RMF Roles and Responsibilities
Organization Wide Risk Management
Managing Risk
Assessor Independence and External Environments
System Development Life Cycle
Alignment of RMF with SDLC Review
RMF Legal and Regulatory Requirements
NIST Publications
Continuous Monitoring Strategies
RMF Guidance Review
Defining Categorization
Categorization Examples
Categorization Process
Security Plans and Registration
Categorize
Selection Step Tasks
Selection Step Definitions
Security Controls Guidance
Privacy and Security Controls
Control Selection and Supplemental Guidance
Tailoring Security Controls
Control Assurance and Monitoring
Control Assurance and Monitoring - Continued
Select
Implementing Security Controls Overview
Integrating Implementation
Implement
Preparing for Control Assessments
Conducting Control Assessments
Security Assessment Report
Remediation Actions and Process Review
Assess
Authorization Documentation
Risk Determination and Acceptance Part 1 of 3
Risk Determination and Acceptance Part 2 of 3
Risk Determination and Acceptance Part 3 of 3
Authorization Decisions
Prioritized Risk Mitigation and Authorization Review
Authorize
Assessments and Configuration Management
Ongoing Security Control Assessments
Monitor
CAP Certification Prep Practice Exam
Course Lifetime Expiring(ISC)2 (TM) CISSP (R) Prep 2015 25 Hours - Will be removed as of 8/9/2018Skill Level: Advanced 
+ Description
 The (ISC)2 Certified Information Systems Security Professional (CISSP) certification self-study prep course is a resource for individuals preparing for the CISSP certification exam or expanding their knowledge in the information security field. The course reflects the 2015 published CISSP exam objectives and the eight domains upon which the exam is based. This course also includes domain quizzes, reinforcing video demonstrations, as well as a final practice exam.

Training Purpose: Skill development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development, Enterprise Architecture, Information Assurance Compliance

Training Proficiency Area: Level 3 - Advanced

Capture Date: 2015

+ Course Modules/Units
 
CISSP Course Introduction
Access Control Concepts
Access Control Methodology Types
Governance Management and Compliance
Policy and Components Overview
Managing Security Functions
Major Legal Systems
International Legal Issues
Legal Regulations and Privacy
Computer Crime and Incident Response
Digital Investigations
Audits and Contractual Agreements
Legal Regulations and Ethics
(ISC)2 Code of Ethics and Ethic Bases
BC and DR Initiation and Management
BC and DR Financial Regulations and Legal Standards
BCP Business Impact Analysis
Disaster Recovery Strategy
Documenting the DRP
Managing Recovery Communications
Recovery Exercising
Vendor Management
Addressing Risk
Risk Assessment and Countermeasures
Threat Modeling and Reduction Analysis
Acquisition Strategies
Training Review and Improvement
Security and RM Knowledge Check
Privacy Protection, Data Collection Limitations and Retention
Organizational Privacy Responsibilities
Data Classification
Data Ownership and Retention
Security Control Selection
Security Control Application and Tailoring
Security Control and Selection Examples
Policy Review Demo
Asset Security Knowledge Check
Basics of Secure Design
Secure Design Standards and Models
Enterprise Security Architecture
System Security Architecture
System Threats and Countermeasures
Parallel and Distributed Systems
Virtualization
Parallel and Distributed Systems Security Issues
Industrial Control System Security
Securing ICS and SCADA Systems
SCADA Honeynet Demo
Internet of Things
Mobile System Security
Wireless Vulnerabilities, Attacks and Attack Vectors
Wireless Device and Application Threats and Issues
Emerging Trends in Wireless Devices and Security
Key Crypto Concepts and Definitions
Cryptography History
Encryption Systems
Symmetric Ciphers
Asymmetric Ciphers
Message Integrity Controls
Salting Hashes
Digital Signature Overview
Encryption Management - Keys
Public Key Infrastructure (PKI)
Cryptographic Lifecycle
Digital Rights Management
Crypto Attack and Countermeasures
Site and Facility Design Criteria
Physical and Environ Location Threats
Perimeter Security
Perimeter Intrusion Detection
Access Control Systems (ACS) Cameras and Guards
ACS: Doors and Locks
ACS: Secure Operational Areas
Personnel Privacy and Safety
Wiring Closets
Security Engineering Knowledge Check
Telecom and Network Security Concepts
Telecom and NW Security Layer 1
Telecom and NW Security Layer 2
Telecom and NW Security Layer 3
Telecom and NW Security Layer 4 and 5
Telecom and NW Security Layer 6 and 7
Multilayer and Converged Protocols
Content Distribution Networks
Implementing and Using Remote Access
Comm and NW Security Knowledge Check
Access Control System Strategies
Biometrics and Authentication Accountability
Access Controls - Kerberos
Data Access Controls
Access Control Threats
Session Management
Credential Management Systers
Cloud Identity (Identity as a Service)
Third Party Identification
Rule-Based Access Control
ID and Access Management Knowledge Check
Synthetic Transactions
Code Review and Testing
Misuse Case Testing
Interface Testing
Test Coverage Analysis
Security Testing Knowledge Check
Security Operations Concepts
Security Operations Resource Protection
Security Operations Incident Response
Managing Security Services Effectively
Maintaining Operational Resilience
Electronic Discover (E-Discovery)
Cloud Computing
Cloud Computing Security Issues
Continuous Monitoring
Data Leak Prevention (DLP)
Watermarking
Egress Monitoring
Intro to Dshell Toolkit Demo
Security Operations Knowledge Check
SDLC Phases
Software Development Models
Security Environment and Controls
Additional Security Protections and Controls
Audit and Assurance Mechanisms
SW Development Security and Malware
Agile Development Models
Maturity Models
Integrated Product Teams
Impact of Acquired Software
Automated Code Review Demo
Software Dev Security Knowledge Check
CISSP Course Practice Exam
New Course Offering(ISC)2 (TM) CISSP (R) Certification Prep 2018 22.5 HoursSkill Level: Advanced 
+ Description
 

The (ISC)2 Certified Information Systems Security Professional (CISSP) certification self-study prep course is a resource for individuals preparing for the CISSP certification exam or expanding their knowledge in the information security field. The course reflects the 2018 published CISSP exam objectives and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.

Learning Objectives:

  • Explain and apply concepts to design, implement, and manage secure cyber operations
  • Develop, document, and implement security policy, standards, procedures, and guidelines
  • Apply risk management concepts

NICCS Specialty Areas:

  • Cyber Operations
  • Strategic Planning and Policy
  • Systems Architecture

Training Purpose: Management Development

Training Proficiency Area Level 3 - Advanced

+ Course Modules/Units
 
CISSP Course Introduction
Security and Risk Management Concepts
Regulatory Compliance and Frameworks
Organizational Privacy Responsibilities
Acquisition Strategies
Computer Crime and Incident Response
International Laws Pertaining to Security
Legal Regulations and Privacy
(ISC)2 Code of Ethics and Ethic Bases
Legal Regulations and Ethics
Policy and Components Overview
BC and DR Initiation and Management
BCP Business Impact Analysis
Vendor Management
System Threats and Countermeasures
Risk Assessment and Countermeasures
Access Control Types
RMF Security Control Assessment Process
Conducting Security Control Assessments
Security Assessment Report
Asset Valuation
Threat Modeling and Reduction Analysis
Security Awareness and Training
DEMO: Security Policy Review
Data Classification
Data Ownership and Retention
Privacy Protection and Data Governance
Security Control Application and Tailoring
Security Control Selection
Data Protection Method (DLP)
Secure Design Principles
Secure Design Standards and Models
Database System
Key Crypto Concepts and Definitions
Securing ICS and SCADA Systems
Industrial Control System Security
DEMO: SCADA Honeynet
Cloud Computing
Cloud Computing Security Issues
Distributed Systems
Parallel and Distributed Systems Security Issues
Internet of Things
Assess and Mitigate Vulnerabilities in Mobile Systems
Cryptographic Lifecycle
Cryptographic Methods
Symmetric Ciphers
Asymmetric Ciphers
Public Key Infrastructure (PKI)
Key Management Practices
Digital Signatures
Hashes and Other Integrity Controls
Salting Hashes
Methods of Cryptanalytic Attacks
Digital Rights Management
Site and Facility Design Criteria
Physical Security Controls
Physical and Environmental Threats
OSI and TCP/IP Models
Telecom and NW Security Layer 1
Telecom and NW Security Layer 2
Telecom and NW Security Layer 3
Telecom and NW Security Layer 4 and 5
Telecom and NW Security Layer 6 and 7
Multilayer and Converged Protocols
Mobile and Wireless Security
Content Distribution Networks
Implementing and Using Remote Access
Virtualization
Access Control Technologies
Access Control Types
Access Control System Strategies
Building Access Control
Operations Area Access Control
Credential Management Systems
Third-Party Identification Service
Cloud Identity
Data Authorization Mechanisms
Rule-Based Access Control
Audit and Assurance Mechanisms
Synthetic Transactions
Code Review and Testing
Misuse Case Testing
Test Coverage Analysis
Interface Testing
Security Audits and Agreements
Digital Investigation and Evidence Analysis
Legal System Investigation Types
Electronic Discovery
Intrusion Detection and Prevention
Continuous Monitoring
Egress Monitoring
Security Operations Concepts
Security Operations Incident Management
Managing Security Services Effectively
DEMO: Whitelisting and Blacklisting
Security Operations Resource Protection
Disaster Recovery Strategy
Maintaining Operational Resilience
Managing Recovery Communications
Test Disaster Recovery Plans (DRP)
Security Education Training and Awareness
Perimeter Security
Perimeter Intrusion Detection
Biometrics and Authentication Accountability
Personnel Privacy and Safety
DEMO: Intro to Dshell Toolkit
SDLC Phases
Software Development Models
System Security Protections and Controls
Agile Development Models
Maturity Models
Integrated Product Teams
Security Environment and Controls
SW Development Security and Malware
Impact of Acquired Software
DEMO: Automated Code Review
CISSP Practice Exam
New Course Offering(ISC)2 (TM) CISSP Concentration: ISSEP Prep 7 HoursSkill Level: Advanced 
+ Description
 The Information Systems Security Engineering Professional (ISSEP) is a CISSP concentration focused on applying security and systems engineering principles into business functions. This self-study prep course is designed to help students prepare to sit for the specialized (ISSEP) certification exam. The topics in the course cover the five domain areas of the CISSP-ISSEP.

Learning Objectives:

  • Incorporate security into business processes and information systems
  • Demonstrate subject matter expertise in security engineering
  • Apply engineering principles into business functions

NICCS Specialty Areas:

  • Collect and Operation
  • Cyber Operation Planning
  • Operate and Maintain
  • Systems Analysis
  • Oversee and Govern
  • Cybersecurity Management

Training Purpose Skill Development

Training Proficiency Area Level 3 - Advanced

+ Course Modules/Units
 
ISSEP Course Introduction
ISSE Responsibilities and Principles
ISSE and IATF
Security Design Principles
Elements of Defense in Depth
RMF Characteristics
Maintaining Operational Resilience
Risk Management Overview
Assessing Risk Part 1 of 2
Assessing Risk Part 2 of 2
Determining Risks
Categorizing Information Systems
Stakeholder Roles and Responsibilities
Requirements Analysis
Using Common and Tailored Controls
Assessing Security Controls
Implementing Security Controls
Authorizing Information Systems
Systems Verification and Validation
Monitor, Manage, and Decommissioning
Defense Acquisition System Overview
Acquisitions Process
System Development Process Models
Project Processes
Project Management
ISSEP Practice Exam
New Course Offering(ISC)2 (TM) CISSP:ISSMP Prep 2018 12.5 HoursSkill Level: Advanced
+ Description
 

The Information Systems Security Management Professional (ISSMP) concentration of the CISSP certification is intended for individuals with strong management and leadership skills and interested in focusing on establishing, presenting, and governing information security programs. This self-study prep course reviews the six common body of knowledge domains for the CISSP-ISSMP certification exam.

Learning Objectives:

  • Demonstrate ability to apply leadership and management skills to manage an organization information security program.
  • Apply the security lifecycle management processes and principles into the system development lifecycles.
  • Application of contingency management practices to plan and implement processes to reduce the impact of adverse events.

NICCS Specialty Areas:

  • Oversee and Govern
  • Cybersecurity Management
  • Strategic Planning and Policy
  • Executive Cyber Leadership

Training Purpose Management Development

Training Proficiency Area Level 3 - Advanced

Capture Date: 2018

+ Course Modules/Units
 
ISSMP Course Introduction
Security’s Role - Culture, Vision and Mission
Security’s Role – Management, Support and Commitment
Security’s Role – Board of Dir, Steering Committee
Security Role – IT, HR and Legal
Security’s Role – Strategic Alignment
IS Governance Defined
IS Governance Goals Part 1 of 2
IS Governance Goals Part 2 of 2
Importance of IS Governance
Information Security Strategies
Data Classification and Privacy
Threats to Data Privacy
Data Classification and Privacy Implementations
Security Policy Framework and Lifecycle
Security Requirements in Contracts and Agreements
Security Awareness and Training Programs
Managing the Security Organization
Security Metrics
Security Metrics Indicators
Integrating Project Management with SDLC
System Development Life Cycle (SDLC)
Systems Engineering (CMM)
Vulnerability Management and Security Controls
Service Oriented Architecture Controls
Oversee System Security Testing
Managing Change Control
Risk Management
Risk Management – Threats and Vulnerabilities
Risk Management – Risk Assessments
Calculating Risks
Mitigating Risks
Cyber Threat Intelligence
Detection of Attack Sources
Discovery Challenges and Escalation
DEMO: Escalating Event to Incident
Common Attack Vectors
Root Cause and Investigation
Incident Management Concepts
Incident Management Process
Incident Management Classification
Financial Impact of Incidents
Investigation and Forensic Evidence
Investigations, IH and Response
DEMO: Ditigal Forensics Investigation
Security Compliance Frameworks
Auditing Introduction and Preparation
Evidence Reporting and Auditors
Exception Management
Continuity and Disaster Recovery Planning
Understanding the Business
Insurance
Critical Processes Recovery Objectives
Recovery Obligation Considerations
BCM Site and IT Strategies
Personnel and Recommended Strategies
Design and Testing BCP and COOP
Implementing Continuity and Recovery Plans
Intellectual Property and Licensing
(ISC)2 Code of Ethics
DEMO: Verification and Quality Control
Audit Planning Process
ISSMP Self Study Practice Exam
(ISC)2 (TM) Systems Security Certified Practitioner 16 Hours Prep 2015Skill Level: Basic 
+ Description
 The Systems Security Certified Practitioner (SSCP) certification prep course is a self-study resource for those preparing to take the (ISC)2 SSCP certification exam as well as those looking to increase their understanding of information security concepts and techniques. The certification is described as being ideal for those working toward positions such as network security engineers, security systems analysts, or security administrators. This course, complete with a 100-question practice exam and video demonstrations, was developed based on the seven SSCP domains prior to the April 15, 2015 (ISC)2™ domain update. A new, updated course is currently in development.

Training Purpose: Skill development

Specialty Area(s): Systems Security Analysis, Computer Network Defense, Vulnerability Assessment and Management, Network Services

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
SSCP Introduction
Access Control Terms and Categories
Access Control Types
Access Control Administration
Security Models
System Permissions
Identification and Authentication Methods
Biometrics
Auditing and Threats
Attribute based Access Control
Device Authentication
Trust Architectures
Identity Management Lifecycle
Introduction to Cloud Computing
Cloud Computing Implementations
Cloud Computing Security Issues Part 1 of 2
Cloud Computing Security Issues Part 2 of 2
Big Data
Big Data with Hadoop Demo
NoSQL with MongoDB Demo
Virtual Environments
Access Controls Domain Knowledge Check
Security Operations
Data Classification and Administration
System Development and Change Cycle
Certification and Accreditation
Change Control and Patch Management
End Point Security
Securing People and Devices
Security Awareness and Training
(ISC)2 Code of Ethics
Asset Management
Assessing Physical Security
Physical Security Defenses
Security Ops and Admin Knowledge Check
Monitoring and Analysis
Monitoring Employees
Log Management
Integrity Checking
Testing and Analysis
Auditing
Communicate Findings
Continuous Monitoring and CAESARS
Introduction to Continuous Monitoring
Incident Handling, Response and Recovery
Incident Handling Knowledge Areas Part 1 of 2
Incident Handling Knowledge Areas Part 2 of 2
Incident Handling Response
Incident Handling Countermeasures
OpenVAS Demo
Monitoring and Analysis Knowledge Check
Risk Management
Risk Assessment
Security Testing
Incident Handling
Forensics
Volatility Framework
Business Continuity Planning
Business Impact Analysis
Backup and Recovery Strategies
Redundancy and Storage
Risk and Response Knowledge Check
Cryptography Terms
Requirements for Cryptography Part 1 of 2
Requirements for Cryptography Part 2 of 2
Steganography
Hashes, Parity and Checksum
Secure Protocols and Cryptographic Methods
Symmetric Cryptosystems
Symmetric and Asymmetric Cryptosystems
Public Key Infrastructure (PKI)
Key Management
Web of Trust
Secure Protocols
Cryptography Knowledge Check
Network Topology
Transmission Media
Crosstalk and Interference
Network Devices: NIC, Hub, Switches
Network Devices: Routers, Firewalls, IDS
OSI and TCP/IP Models
IP Addressing
NAT and Subnetting
TCP, UDP and Common Protocols
ARP, DHCP, ICMP
Wireshark Protocol Analysis
Routers and Routing Protocols
Network Services
Network Security Protocols
VoIP
VoIP Call Traffic Demo
WANs
Remote Access
Securing SSH
Wireless Technology
Network Reliability
Firewalls and Proxies
Wireless Attacks and Countermeasures
Common Attacks and Countermeasures
Network Access Control
Wiring Closets
Mobile Device Physical Security
Network Segmentation
Traffic Shaping
Wireless Security
Networks and Comm Knowledge Check
Malicious Code
Virus Lifecycle and Characteristics
Botnets: DoS, Packet Flood Attacks
Botnets: Rootkits and Malware
Malicious Activity
Social Engineering Sources and Anatomy of Attack
Malicious Activity Countermeasures
SE and Insider Threat Countermeasures
Infected System Response and Remediation
Reverse Engineering
Malicious Code Activity Knowledge Check
SSCP Course Practice Exam
New Course Offering(ISC)2(TM) Systems Security Certified Practitioner 12 HoursSkill Level: Basic 
+ Description
 The (ISC)2 Systems Security Certified Practitioner (SSCP) certification self-study prep course is a resource for individuals preparing for the SSCP certification exam, helping to demonstrate their advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.

Learning Objectives:

  • Demonstrate knowledge of security operations and administration
  • Implement risk monitoring, analysis, and mitigation strategies
  • Develop and implement incident response and recovery plans
NICCS Specialty Areas:
  • Operate and Maintain
    • Systems Analysis
    • Systems Administration
  • Securely Provision
    • Systems Requirements Planning

    Training Purpose: Skill Development

    Training Proficiency Area: Level 1 - Basic

    + Course Modules/Units
     
    SSCP Introduction
    Authentication Methods
    Single Sign-On and Federated Access
    Attribute Based Access Control
    Device Authentication
    Trust Architectures
    Identity Management Lifecycle
    Implementing Access Controls
    (ISC)2 Code of Ethics
    Security Concepts and Controls
    Asset Management
    Security Control Implementation
    Assessing Physical Security
    Physical Security Defenses
    Administrative Controls
    Auditing
    System Development and Change Cycle
    Change Control and Patch Management
    Security Awareness and Training
    Risk Management
    Risk and Security Assessment
    Security Testing and Assessment
    Monitoring and Analysis
    Monitoring Employees
    Log Management
    Integrity Checking
    Testing and Analysis
    Auditing Methodologies
    Communicate Findings
    Continuous Monitoring and CAESARS
    Introduction to Continuous Monitoring
    Incident Handling, Response and Recovery
    Incident Handling Knowledge Areas Part 1 of 2
    Incident Handling Knowledge Areas Part 2 of 2
    Incident Handling Response
    Incident Handling Countermeasures
    DEMO: OpenVAS
    Forensics
    Business Continuity Planning
    Business Impact Analysis
    Backup and Recovery Strategies
    Redundancy and Storage
    Cryptography Terms
    Requirements for Cryptography Part 1 of 2
    Requirements for Cryptography Part 2 of 2
    Steganography
    Hashes, Parity and Checksum
    Secure Protocols and Cryptographic Methods
    Symmetric Cryptosystems
    Symmetric and Asymmetric Cryptosystems
    Public Key Infrastructure (PKI)
    Key Management
    Web of Trust
    Secure Protocols
    OSI and TCP/IP Models
    Network Topology
    Transmission Media
    TCP, UDP and Common Protocols
    ARP, DHCP and ICMP
    Routers and Routing Protocols
    Network Security Protocols
    SSCP Exam
    LAN Security Using Switch Features 2 HoursSkill Level: Intermediate 
    + Description
     In this course, students learn different methods of how to secure Local Area Networks (LANs) at the connectivity level. Topics include: monitoring media access control (MAC) addresses and port security, limiting MAC & IP spoofing, controlling traffic flows, implementing and enhancing security in virtual local area netorks (VLANs), enabling authentication on connection points, and determining host security health. Examples are used throughout to reinforce concepts

    Training Purpose: Skill Development

    Specialty Areas: System Administration, Systems Security Analysis, Vulnerability Assessment and Management, Cyber Threat Analysis

    Training Proficiency Area: Level 2 - Intermediate

    Capture Date: 2010

    + Course Modules/Units
     
    Introduction and MAC Address Monitoring
    MAC Address Spoofing
    Managing Traffic Flows
    VLANs and Security
    802.1x Port Authentication
    Network Admission Control
    Securing STP
    Securing VLANs and VTP
    Linux Operating System Security 9 HoursSkill Level: Advanced 
    + Description
     This course introduces students to the security features and tools available in Linux as well as the considerations, advantages, and disadvantages of using those features. The class will be based on Red Hat Linux and is designed for IT and security managers, and system administrators who want to increase their knowledge on configuring and hardening Linux from a security perspective.

    Training Purpose: Skill Development

    Specialty Areas: Vulnerability Assessment and Management, Systems Security Analysis, System Administration

    Training Proficiency Area: Level 3 - Advanced

    Capture Date: 2013

    + Course Modules/Units
     
    Linux OS Security Introduction
    Booting Linux
    Linux Recovery
    Linux Startup Scripts
    Linux Startup Processes
    Linux Runlevels Demo
    Chkconfig_and_Upstart Demo
    Linux Processes and Signals
    Linux Process Monitoring
    PS_and_Netstat Demo
    Linux PS and TOP Demo
    Working with Linux PIDs
    Linux File System Overview
    Linux File Security
    Linux File Access Controls
    File Integrity Demo
    Linux Kernel Tuning
    Linux Host Access Controls
    Linux User and Group Definition
    User Management
    Linux Privilege Escalation
    Sudoers Demo
    Linux Authentication Methods
    Linux Viruses and Worms
    Linux Trojan Horses
    Linux Rootkits
    Linux Misconfigurations
    Linux Software Vulnerabilities
    Linux Social Engineering
    Linux Automated Installation
    Managing Linux Packages
    Package Management Tools Demo
    Repositories and System Management
    Custom Repository Demo
    Linux IPv4 and IPv6
    Linux Network Configuration
    Linux Tunneling
    Kernel Tuning Demo
    Linux X11 Forwarding
    Linux File Sharing
    Linux Grand Unified Bootloader (GRUB)
    Configuring GRUB Demo
    Security Enhanced Linux
    Introduction to IPTables
    IPTables Rules
    IPFilter
    Linux Packet Sniffers
    Linux NIDS
    Linux HIDS
    Linux Antivirus
    Linux Secure Shell
    Linux Log Management
    Linux Scripting Basics
    BASH Scripting Demo
    IF Statements
    Pipes and Redirection
    Variables and Regular Expressions
    Custom Scripting
    Linux Hardening
    NSA Hardening Guides
    National Vulnerability Database (NVD)
    Common Vulnerabilities and Exposures (CVE)
    Vulnerability Scanning
    Linux Operating System Security Quiz
    Mobile and Device Security (2015) 22 HoursSkill Level: Basic 
    + Description
     The Mobile and Device Security course introduces students to mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.

    Training Purpose: Skill Development

    Specialty Areas: Customer Service and Technical Support, Digital Forensics, Information Assurance Compliance, Information Systems Security Operations

    Training Proficiency Area: Level 1 - Basic

    Capture Date: 2015

    + Course Modules/Units
     
    Mobile Security Course Introduction
    Cellular Network Generations
    Network Standards Introduction
    CDMA TDMA and GSM Introduction
    GPRS Edge and UMTS Introduction
    Additional Network Standards
    Bluetooth and Wi-Fi
    Cellular Network Components
    Mobile Switching Center Database
    Authentication and Government Standards
    4G LTE
    Mobile Device Components
    Mobile Device Operating Systems
    Android Customization
    Wireless Technology Introduction
    WiFi Standards
    Wi-Fi Standards : 802.11ac
    WiFi Types
    Wireless Fidelity Part 2
    WiFi Channels and SSIDs
    WiFi Signals and Hardware
    Bluetooth
    WiMAX
    Additional Standards
    Near Field Communication
    Introduction to Threats
    Lost and Stolen Devices
    Additional Device-Level Threats
    Near Field Communications and Mobile Threats
    Application-Level Threats
    Rogue Applications
    Network-Level Threats
    Pineapple Router
    Malicious Hotspot
    Malicious Use Threats
    Mobile Hacking Tools
    Mobile Device Security Introduction
    Mobile Device Security Introduction Cont.
    Android Introduction
    Android Security
    Android Application Security
    Google Android OS Features
    Installing Antivirus
    iOS Security Model and Platform
    iOS Application Security
    Jailbreaking iOS
    iOS Application Security Cont.
    Apple iOS Update Part 1 of 2
    Apple iOS Update Part 2 of 2
    Windows Phone Security Model and Platform
    Windows Implementation and Application Security
    Windows Phone Update
    WiFi Security
    WiMax and Bluetooth
    Bluetooth Attack
    Protecting Data
    Encryption
    Android Encryption
    iOS Encryption
    Email Security
    Android and iOS Email Security
    Windows Email Security
    iOS Hardening
    iOS Hardening Cont
    Blackberry Hardening
    Android Hardening
    Android Hardening Cont.
    Windows Phone Hardening
    Windows Phone Password and Cookies
    Windows Phone Wi-Fi
    Windows Phone - Find, Wipe, and Backup
    Device Security Policies
    Exchange and BES
    Mobile Device Management
    Mobile Device Management Cont.
    McAfee Mobility Management
    Forensics Overview
    Forensics Role and Framework
    Device Identification
    Device Identification Cont.
    Network Data
    Network Data Cont.
    Preservation
    Preservation Cont.
    Acquisition
    Acquisition Cont.
    Device Specific Acquisition
    Hashing
    Hashing Cont.
    Analysis
    Archiving and Reporting
    Cellebrite
    Forensics Demonstration
    XRY/XACT
    Oxygen and CellXtract
    Paraben and MOBILedit!
    Additional Methods
    Subscriber Data
    Benefits of Social Media
    Risks of Social Media
    Liabilities Associated with Social Media
    Social Media Controls
    Emerging Trends
    Emerging Trends Cont.
    New Technologies in Mobile Devices
    Mobile Devices and the Cloud
    Mobile Security Course Quiz
    New Course OfferingMobile Forensics 4 HoursSkill Level: Advanced
    + Description
     

    This course provides an overview of mobile forensics, the branch of digital forensics that focusses on forensically sound extraction and analysis of evidence from mobile devices. Cell phone investigations has grown exponentially with data from mobile devices becoming crucial evidence in a wide array of incidents. The Mobile Forensics course begins highlighting details of the field and then focuses on the iOS architecture, concluding with data acquisition and analysis.

    Learning objectives:

    • Describe the impact of mobile devices on investigations
    • Identify iOS device filesystem, operating system, and security architecture basics
    • Explain acquisition and analysis tools and techniques for iOS devices

    Training Purpose: Skill Development

    Specialty Areas: Digital Forensics, Investigation

    Training Proficiency Area: Level 3 - Advanced

    Capture Date: 2017

    + Course Modules/Units
     
    Introduction to Mobile Forensics
    Importance of Mobile Forensics
    Challenges of Mobile Forensics
    Handling and Preserving Evidence
    File System for iOS Devices
    Understanding the Basics of iOS
    Understanding iOS Security Architecture
    Mobile Forensics Tool Classification
    Data Acquisition Types
    iOS Jailbreaking
    Idenifying an iOS Device
    Physical Acquisition of iOS Devices
    iTunes Backup Acquisition
    Apple File Conduit Acquisition
    iTunes Backup Analysis
    iCloud Data Acquisition and Analysis
    Analyzing Data on iOS Devices
    Mobile Forensics Quiz
    Network Layer 1 & 2 Troubleshooting  3 HoursSkill Level: Basic
    + Description
     This course reviews troubleshooting methods used in Layer 1 and Layer 2 of the OSI Model. The course covers how to detect, trace, identify, and fix network connectivity issues at the Physical and Data Link layers of the OSI stack. The basics of the Physical and Data Link layers will be covered along with a review of the devices, signaling, and cabling which operate at these layers. Students will be presented with methods for tracing connectivity issues back to the source and identifying mitigation solutions.

    Training Purpose: Functional Development

    Specialty Areas: Network Services, System Administration, Customer Service and Technical Support, Systems Security Architecture

    Training Proficiency Area: Level 1 - Basic

    Capture Date: 2015

    + Course Modules/Units
     
    Network Layer 1 and 2 Troubleshooting Introduction
    OSI Physical Layer 1 Overview
    Data Transmission Medium Cables and Connectors
    Patch Panels
    Fiber Optic Cables
    Encoding and Signaling Functions
    Network Components
    Physical Network Design/Topology
    Network Troubleshooting Methodology
    Common Layer 1 Issues Part 1 of 2
    Common Layer 1 Issues Part 2 of 2
    Layer 2 Data Link Layer Components Overview
    MAC Addresses/Logical Link Control
    Layer 2 Protocols
    Physical Network Design/Topology
    Network Troubleshooting Methodology Review
    Common Layer 2 Issues
    Layer 2 Troubleshooting Tools
    NW Layer 1 and 2 Troubleshooting exam
    Offensive and Defensive Network Operations 13 HoursSkill Level: Basic  
    + Description
     

    This course focuses on fundamental concepts for offensive and defensive network operations. It covers how offensive and defensive cyber operations are conducted and details U.S. government doctrine for network operations. Topics include network attack planning, methodologies, and tactics and techniques used to plan for, detect, and defend against network attacks.

    Learning Objectives

    • Apply U.S. government network operations background and doctrine
    • Describe offensive and defensive network operations
    • Determine offensive network operation missions, planning, and exploitation phases and methodologies
    • Derive defensive network operation missions, planning, and methods to detect and defend against network attacks and attackers' methods

    Training Purpose: Functional Development

    Specialty Areas: Computer Network Defense Analysis, Cyber Operations

    Training Proficiency Area: Level 1 - Basic

    Capture Date: 2015

    + Course Modules/Units
     
    Cyberspace As A Domain
    Joint Publication 3-12(R), Cyberspace Operations Overview Part 1 of 3
    Joint Publication 3-12(R), Cyberspace Operations Overview Part 2 of 3
    Joint Publication 3-12(R), Cyberspace Operations Overview Part 3 of 3
    Joint Communications Overview and Information Environment
    Joint Force Communication, System Operations, and Management Planning
    Legal Considerations for Cyber Operations Part 1 of 2
    Legal Considerations for Cyber Operations Part 2 of 2
    Adversaries in Cyberspace Part 1 of 3
    Adversaries in Cyberspace Part 2 of 3
    Adversaries in Cyberspace Part 3 of 3
    Offensive Cyber Operations Background
    Offensive Cyberspace Operations Definitions
    Offensive Cyberspace Operations Planning and Legal Considerations
    Offensive Methodologies
    Offensive Methodology Planning Examples 1 of 2
    Offensive Methodology Planning Examples 2 of 2
    Reconnaissance Methodology Overview
    Social Engineering for Reconnaissance
    Reconn with Automated Correlation Tools and Search Engines Part 1 of 2
    Reconn with Automated Correlation Tools and Search Engines Part 2 of 2
    Netowrk Mapping for Active Reconnaissance
    Port Scanning for Active Reconnaissance
    Windows Enumeration Basics
    Linux Enumeration Basics
    Scanning and Enumerating with Nmap
    Exploitation using Direct Exploits and System Misconfiguration
    Exploitation with SET Example
    Exploitation
    Entrenchment
    Exploitation Basics
    Post-Exploitation
    Abuse and Attacks
    Defensive Cyberspace Operations (DCO)
    DCO Types of Operations
    DCO Operational Goals
    DCO Best Practices
    Defensive Methodology: Understanding the Threat
    Defensive Methodology: Tactics
    Defensive Methodology: Defense-in-Depth
    Incident Management Overview
    Incident Management Policies, Plans and Procedures
    Incident Management Team Configuration
    Incident Response Lifecycle
    Defending the Domain
    Perimeter and Host Defenses
    IDS/IPS Defined Including Advantages and Disadvantages
    IDS/IPS Types and Functions
    IDS/IPS Location Placements
    Intrusion Detection using Snort
    Reviewing Alerts and Detecting Attack Phases
    Network Traffic Analysis
    Methods of Network Traffic Analysis
    Wireshark
    Log Analysis Methods and Techniques Part 1 of 2
    Log Analysis Methods and Techniques Part 2 of 2
    Detecting Offensive Operations using Log Analysis
    Digital Forensics Overview and Tools
    Digital Forensics Methods and Techniques Part 1 of 2
    Digital Forensics Methods and Techniques Part 2 of 2
    Identifying Phases of Attack Using Digital Forensics
    Incident Data: Profile and Analysis
    Incident Reporting
    Offensive and Defensive Network Operations Exam
    Root Cause Analysis 1 hourSkill Level: Intermediate  
    + Description
     This course provides an explanation of root cause analysis for cyber security incidents and an overview of two different root cause analysis models (and approaches used in these models). The course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.

    Training Purpose: Skill Development

    Specialty Areas: Threat Analysis, Computer Network Defense Analysis, Incident Response

    Training Proficiency Area: Level 1 - Basic

    Capture Date: 2016

    + Course Modules/Units
     
    Root Cause Analysis Fundamentals
    Root Cause Analysis Methods
    Cyber Kill Chain Model for Root Cause Analysis
    Sample Incident Cause Analysis Workflow
    Root Cause Analysis Course Exam
    Radio Frequency Identification (RFID) Security 1 HourSkill Level: Intermediate 
    + Description
     This course will cover securing radio frequency identification (RFID), different components of RFID, how it works, applications in which it is being used, benefits and weaknesses, and the communication range over which it works will be reviewed. Students will learn specific concerns with RFID, recommendations for RFID, and security issues that have come to light.

    Training Purpose: Skill Development

    Specialty Areas: System Security Analysis, Vulnerability Assessment and Management

    Training Proficiency Area: Level 2 - Intermediate

    Capture Date: 2010

    + Course Modules/Units
     
    RFID Introduction
    RFID Threats
    RFID Countermeasures
    Exploited Threats
    Securing Infrastructure Devices 1 HourSkill Level: Intermediate  
    + Description
     This course covers physical security, operating system security, management traffic security, device service hardening, securing management services and device access privileges.

    Training Purpose: Skill Development

    Specialty Areas: Enterprise Architecture, Network Services, System Administration, Computer Network Defense Infrastructure Support, Systems Security Analysis

    Training Proficiency Level: Level 2 - Intermediate

    Capture Date: 2010

    + Course Modules/Units
     
    Physical and Operating System Security
    Management Traffic Security
    Device Service Hardening
    Securing Management Services
    Device Access Hardening
    Device Access Privileges
    Securing the Network Perimeter 1 HourSkill Level: Intermediate 
    + Description
     This course covers edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization and securing against Single Point of Failure (SPOF).

    Training Purpose: Skill Development

    Specialty Areas: Network Services, Computer Network Defense, Incident Response, Digital Forensics, Systems Security Analysis

    Training Proficiency Area: Level 2 - Intermediate

    Capture Date: 2010

    + Course Modules/Units
     
    Introduction and Edge Security Traffic Design
    Blocking DoS and DDoS Traffic
    Specialized Access Control Lists
    Routers with Firewalls
    Beyond Firewalls: Inspecting Layer 4 and Above
    Securing Routing Protocols and Traffic Prioritization
    Securing Against Single Point of Failures
    Security and DNS 1 HourSkill Level: Advanced 
    + Description
     This course discusses name resolution principles, name resolution and security, DNS security standards, securing zone transfers with Transaction Signature (TSIG), and DNS Security Extension (DNSSEC) principles, implementation and resources.

    Training Purpose: Skill Development

    Specialty Areas: Enterprise Architecture, Network Services, System Administration

    Training Proficiency Area: Level 3 - Advanced

    Capture Date: 2010

    + Course Modules/Units
     
    Name Resolution Introduction
    Name Resolution and Security
    DNS Cache
    DNS Security Standards and TSIG
    DNSSEC
    Migrating to DNSSEC
    Issues with Implementing DNSSEC 1
    Issues with Implementing DNSSEC 2
    SiLK Traffic Analysis 7 HoursSkill Level: Intermediate 
    + Description
     This course is designed for analysts involved in daily response to potential cyber security incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow, and cover how to create efficient and complex queries. The course culminates with a lab where students use their new skills to profile a network.

    Training Purpose: Skill Development:

    Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management

    Training Proficiency Area: Level 2 - Intermediate

    Capture Date: 2013

    + Course Modules/Units
     
    Introduction to SiLK
    iSiLK
    What is Network Flow?
    Interpreting SiLK Network Flow
    SiLK Flows
    SiLK Traffic Analysis Quiz 1
    The SiLK Repository
    Basic SiLK Tools
    SiLK Traffic Analysis Quiz 2
    rwfilter
    rwfilter Examples
    rwfilter Demo
    rwfilter Continued
    SiLK Traffic Analysis Quiz 3
    rwcount
    rwcount Demo
    rwstats
    rwstats Demo 1
    rwstats Continued 1
    rwstats Demo 2
    rwstats Continued 2
    rwuniq
    SiLK Traffic Analysis Quiz 4
    PySiLK
    Python Expressions and SilkPython
    SiLK Traffic Analysis Quiz 5
    IP Sets
    Bags
    SiLK Traffic Analysis Quiz 6
    Prefix Maps
    Tupples
    SiLK Traffic Analysis Quiz 7
    rwgroup
    rwmatch
    SiLK File Utilities
    IPv6 in SiLK
    SiLK Traffic Analysis Quiz 8
    Network Profiling Introduction
    Software Assurance Executive Course (SAE) 10 HoursSkill Level: Intermediate 
    + Description
     This course is designed for executives and managers who wish to learn more about software assurance as it relates to acquisition and development. The purpose of this course is to expose participants to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.

    Training Purpose: Skill Development

    Specialty Areas: Software Assurance, Software Assurance Management, Acquisition

    Training Proficiency Area: Level 2 - Intermediate

    Capture Date: 2013

    + Course Modules/Units
     
    Interview with William Scherlis: Introduction and Background
    Software Assurance Challenges
    Encouraging Adoption of Software Assurance Practices Through People and Incentives
    The Path Toward Software Assurance: Advice for Organizations
    Learning from Failure
    The Future of Software Assurance
    Introduction, Current Software Assurance Activities by DHS, and Current SW Assurance Environment
    Managing Risks in a Connected World
    A Need for Diagnostic Capabilities and Standards
    Changing Behavior: Resources
    Establishing a Foundation for Software Assurance
    Conclusion: The Rugged Manifesto and Challenge
    Introduction to Software Assurance
    Software Assurance Landscape
    Software Assurance Principles
    Current Software Realities
    Introduction to Software Assurance, Part 2
    Building Security In
    Microsoft Secure Development Lifecycle (MS SDL)
    Requirements Engineering
    Security Requirements Methods
    Threat Modeling: STRIDE (used by Microsoft)
    Industry Case Study in Threat Modeling: Ford Motor Company
    Topic Summary
    Creating and Selling the Security Development Lifecycle (SDL)
    Managing the Process
    Making a Difference
    Introduction and Key Components of Agile Development
    Traditional & Agile Acquisition Life Cycles
    Common Agile Methods and Scrum - the Most Adopted Agile Method
    Challenges to Agile Adoption
    Suggestions for Successful Use of Agile Methods in DHS Acquisition
    Agile Summary
    Software Assurance, Introduction to Part 3: Mission Assurance
    What Does Mission Failure Look Like?
    Mission Thread Analysis for Assurance
    Applying Mission Thread Analysis Example 1
    Applying Mission Thread Analysis Example 2
    Applying Mission Thread Analysis
    Software Assurance, Introduction to Part 4: SwA for Acquisition
    Software Supply Chain Challenges
    Supply Chain Risk Mitigations for Products
    System Supply Chains
    SCRM Standards
    Summary
    Software Assurance in the Software Development Process and Supply Chain: Introduction
    Scope of the Problem
    Governance for System and Software Assurance
    Strategy Solutions: System Security Engineering, Software Sustainment
    Process Solutions
    Introduction, History, and Current State of Software
    Trustworthy Software
    The UK Trustworthy Software Initiative (TSI)
    Trustworthy Software Framework
    Current Focus and Future Direction of UK TSI
    Questions and Answers
    Static Code Analysis using HPE Fortify 2 HoursSkill Level: Basic
    + Description
     This course introduces students to the idea of integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. The course demonstrates how Fortify is used to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available.

    Training Purpose: Skill Development

    Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development

    Training Proficiency Area: Level 1 - Basic

    Capture Date: 2014

    + Course Modules/Units
     
    AppSec with HPE Product Overview and Workflow
    HPE Fortify Static Code Analyzer Suite Overview
    HPE Static Code Analyzer Command Line Demo
    Audit Workbench Demo
    Fortify SCA Process Flow
    Audit Workbench Demo Continued
    STIG Reporting with Audit Workbench
    IDE Plugin
    Questions and Answers
    Fortify Priority
    Software Security Center
    Static Code Analysis using Synopsis Coverity 1.5 HoursSkill Level: Basic
    + Description
     This course introduces students to the idea of integrating static code analysis tools into the software development process. The focus is on how developers can use tools such as Coverity to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available, prior to deployment.

    Training Purpose: Skill Development

    Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation

    Training Proficiency Area: Level 1 - Basic

    Capture Date: 2014

    + Course Modules/Units
     
    Overview of Synopsis Software Integrity Platform
    Demonstration
    Questions and Answers
    Closing
    Supply Chain Assurance using Sonatype Nexus 2.5 HoursSkill Level: Basic
    + Description
     This course introduces students to the idea of integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. The course demonstrates how tools such as Sonatype can be used to evaluate the software supply chain in order to identify and remove components with known Common Vulnerabilities and Exposures (CVE) from applications in which the source code is available.

    Training Purpose: Skill Development

    Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation

    Training Area: Level 1 - Basic

    Capture Date: 2014

    + Course Modules/Units
     
    Overview of Sonatype Success Engineering
    Developer Perspective
    Policies
    Dashboard
    Repository Manager
    Questions and Answers
    Success from the Start
    Preparing for Deployment - Overview
    Preparing for Deployment - Licenses
    Preparing for Deployment - Architectural Risk
    Preparing for Deployment - Evaluation
    Preparing for Deployment - Policy Elements
    Preparing for Deployment - Default Policy Demo
    Preparing for Deployment - Policy Demo
    Windows Operating System Security 16 HoursSkill Level: Intermediate 
    + Description
     This course introduces students to the security aspects of Microsoft Windows. The class begins with an overview of the Microsoft Windows security model and some of the key components such processes, drivers, the Windows registry, and Windows kernel. An overview of the users and group permission structure used in Windows is presented along with a survey of the attacks commonly seen in Windows environments. Patching, networking, and the built-in security features of Windows such as the firewall, anti-malware, and BitLocker are all covered in light detail.

    Training Purpose: Skill Development

    Specialty Area: Vulnerability Assessment and Management, Systems Security Analysis, System Administration

    Training Proficiency Area: Level 2 - Intermediate

    Capture Date: 2012

    + Course Modules/Units
     
    Windows OS Security Course Introduction
    Windows Security Module Introduction
    Windows Architecture Overview
    Windows Subsystems Part 1 of 2
    Windows Subsystems Part 2 of 2
    Windows Security Development Lifecycle
    Windows API
    Windows Registry
    Viewing Windows Registry Demo
    Windows Services Part 1 of 2
    Windows Services Demo
    Windows Services Part 2 of 2
    Multi-tasking
    Sessions, Windows Stations and Desktops
    Programs and Drivers Part 1 of 2
    Reviewing Drivers in Windows
    Programs and Drivers Part 2 of 2
    Updating Widows Drives Demo
    Applications, Processes, and Threads
    Buffer Overflow Protection
    Authenticode Part 1 of 2
    Digital Certificate Details Demo
    Authenticode Part 2 of 2
    Windows Action Center
    Windows Users and Groups Introduction
    User Account Control
    Windows Users and Groups Part 1 of 2
    Windows Users and Groups Part 2 of 2
    Windows Interactive Logon Process
    NTLM Authentication Overview
    Kerberos Authentication Overview
    Types of Authentication
    File Permissions
    Dynamic Access Controls
    Threats and Vulnerabilities Introduction
    OS Vulnerabilities
    CVE Details Demo
    CVE Samples
    Misconfigurations
    Password Configuration Options
    Password DDOS Demo
    Common Misconfigurations
    CCE and the NVD Demo
    Social Engineering
    Viruses and Worms
    Impersonation
    Microsoft Updates and Patching Process Part 1 of 2
    Double Decode
    Microsoft Updates and Patching Process Part 2 of 2
    Securing the Update Process
    Update Process Circumvention
    Windows Server Update Service
    Internet Explorer Patching
    Windows Network Connectivity
    Windows Network Profiles
    Windows Network Adapter Settings
    Windows Wireless Settings
    Windows Networking Protocols
    Other Windows Protocols
    Microsoft VPN Part 1 of 2
    Microsoft VPN Part 2 of 2
    Microsoft Network Access Protection Part 1 of 2
    Microsoft Network Access Protection Part 2 of 2
    How to Configure Windows Update Settings Demo
    Windows Security Features Introduction
    Windows Firewall
    Windows Firewall Wizard Demo
    Windows Firewall with Advanced Security
    Windows Firewall with Advanced Security Demo
    Configuring Windows Firewall Demo
    Windows Defender
    Windows AD and PKI Demo
    Windows Active Directory Certificate Services
    Windows Group Policy
    Windows AppLocker
    Configuring And Using App Locker Demo
    Windows BitLocker
    Configuring And Using Bitlocker Demo
    Windows Secure Boot
    Windows Security Auditing
    Windows Audit Settings and Examples
    SCW Introduction
    Hardening Windows Introduction
    Windows Templates
    Microsoft Baseline Security Analyzer
    Microsoft Security Configuration Wizard
    Microsoft Security Compliance Manager
    Hardening with Group Policy
    NVD Search Demo
    Other Guidelines and Recommendations
    Using Windows Mgmt Intstrumentation Demo
    Using The Security Config Wizard Demo
    PowerShell Introduction
    PowerShell Key Commands
    PowerShell Demo
    Administrative Functions with PowerShell
    Computer and Network Management with PowerShell
    Basic Scripts in PowerShell
    PowerShell Security Settings and Configurations
    Using Powershell Demo
    Windows OS Security Quiz
    Wireless Network Security (WNS) 9 HoursSkill Level: Intermediate 
    + Description
     The purpose of the Wi-Fi Communications and Security course is to teach the technologies of the 802.11 family of wireless networking, including the principles of network connectivity and network security.

    Training Purpose: Skill Development

    Speciality Areas: Enterprise Architecture, Network Services, System Administration, Customer Service and Technical Support, Computer Network Defense Infrastructure Support

    Training Proficiency Area: Level 2 - Intermediate

    Capture Date: 2013

    + Course Modules/Units
     
    Wi-Fi Communication and Security Intro
    How Wi-Fi Became Ubiquitous
    Wi-Fi Standards - 802.11b
    Wi-Fi Standards - 802.11a
    Wi-Fi Standards - 802.11g n and ac
    Bluetooth Standards
    WiMAX Standards
    LTE HSPA EvDO Network Types
    Spread Spectrum Technology
    802.11 Transmissions and Wireless Channels
    802.11 Data Rates
    Wireless Network Topologies
    Wireless Network Hardware
    RF Propagation Principles
    Impacts on Signal Radiation
    Signal Propagation and Objects
    Additional Signal Effects
    Measuring Signal Strength
    Signal Strength and Antennas
    Wireless Coverage and Frequency Reuse
    Wireless Network Design Issues
    Wireless Modes and Service Sets
    Wireless Authentication and Association
    Wireless and Roaming 1 of 2
    Wireless and Roaming 2 of 2
    Enterprise 802.11 Solutions
    Key Points of CAPWAP
    Advantages of CAPWAP
    CAPWAP Demo
    802.11 Security Flaws
    Fixing 802.11 Security
    802.1x Authentication Protocols
    Additional Issues with 802.11 Encryption
    Additional 802.11 Security Measures
    Other Wireless Threats
    Wireless Best Practices
    Wireless Network Assessment Part 1 of 2
    Wireless Network Assessment Part 2 of 2
    Wireless Network Security Quiz