101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

FedVTE Course Catalog
Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
Analysis Pipeline 6 HoursSkill Level: Intermediate  
+ Description
 This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to help the student better understand how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases

Training Purpose - Protect and Defend, Collect and Operate, Operate and Maintain

Specialty Areas - Network Services, Cyber Operations, Cyber Defense Analysis

Training Proficiency Area: Level 2 - Intermediate

+ Course Modules/Units
 
Introduction
Configuration Files
Running Pipeline
Logical Schematics
Pipeline and Timing and State
Alerts
Configuration File Basics
Filters
Filters (Exercises and Solutions)
Evaluations
Evaluations (Exercises and Solutions)
Statistics
Internal Filters
List Configurations
Configuration File Basics (Exercises and Solutions)
Threshold Examples
Special Evaluations
Building an Analytic
Server Profiling Analytic
Host Discovery Analytic
Advanced Configurations
NTP Anomalies
Unknown SSH Brute Force
Choose Your Own Adventure
ICMP Surveying: Thinking it Through
ICMP Surveying: Building it Out
DDoS Detection: Thinking it Through
DDoS Detection: Building it Out
SSH Compromise: Thinking it Through
SSH Compromise: Building it Out
Analysis Pipeline 5
Cyber Security Investigations 9 HoursSkill Level: Basic  
+ Description
 This course discusses the basic concepts of cyber security and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques and tools in support of cyber security investigations.

Training Purpose: Skill Development

Specialty Areas: Digital Forensics, Cyber Operations, Incident Response, Investigation

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Purpose of Computer and Network Forensics
Digital Forensics Tools
Forensics Team Staffing Considerations
Digital Forensics Guidelines, Policies, and Procedures
Digital Forensics Life Cycle
Digital Forensics Best Practices
Digital Forensics Concepts
Locard's Exchange Principle
Incident Response Phases Part 1 of 3
Incident Response Phases Part 2 of 3
Incident Response Phases Part 3 of 3
Computer Forensics Process Part 1 of 2
Computer Forensics Process Part 2 of 2
Digital Forensic Planning and Preparation
IR and Digital Forensics Tools
Forensically Prepared Media, Tools and Equipment
Incident Response Information Gathering
Incident Response Acquisition Considerations
Incident Response Notes and Documentation
Auditing Windows Event Logs
Volatile Data Collection
Storage Media Collection
Network Data Collection
Log Collection
Data Carving using FTK
Digital Forensic Triage Overview
Incident Triage Process
Incident Triage Methodology
Attacker Methodology Overview Part 1 of 3
Attacker Methodology Overview Part 2 of 3
Attacker Methodology Overview Part 3 of 3
Triage: Light and General Collections
Triage Analysis
Triage Analysis of Volatile Data
Program Execution
Analyzing Services
Malware Vectors and Detection
Mobile Device Triage Analysis
IR: Following a Trail
Hash and File Signature Analysis
Time Analysis
Registry Analysis
File Analysis Demonstration
Hashing with md5deep
Hash Analysis with Autopsy
Lessons Learned from an Incident
Lessons Learned from Objective and Subjective Data
Evidence Retention and Information Sharing Post Incident
Cyber Security Investigations Exam
Introduction to Threat Hunting Teams 1.5 hoursSkill Level: Basic  
+ Description
 This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.

Training Purpose: Skill development

Specialty Areas: Computer Network Defense Analysis, Threat Analysis, Vulnerability Assessment and Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2016

+ Course Modules/Units
 
Defining Threat Hunting
Examples and Goals of Threat Hunting
Differences Between Hunt Teams and Other Cyber Teams
Threat Landscape
Types of Threat Modeling
Hunting Methods on Networks
Teaming and Automation Example
Threat Hunting Teams Course Exam
Offensive and Defensive Network Operations 13 HoursSkill Level: Basic  
+ Description
 

This course focuses on fundamental concepts for offensive and defensive network operations. It covers how offensive and defensive cyber operations are conducted and details U.S. government doctrine for network operations. Topics include network attack planning, methodologies, and tactics and techniques used to plan for, detect, and defend against network attacks.

Learning Objectives

  • Apply U.S. government network operations background and doctrine
  • Describe offensive and defensive network operations
  • Determine offensive network operation missions, planning, and exploitation phases and methodologies
  • Derive defensive network operation missions, planning, and methods to detect and defend against network attacks and attackers' methods

Training Purpose: Functional Development

Specialty Areas: Computer Network Defense Analysis, Cyber Operations

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Cyberspace As A Domain
Joint Publication 3-12(R), Cyberspace Operations Overview Part 1 of 3
Joint Publication 3-12(R), Cyberspace Operations Overview Part 2 of 3
Joint Publication 3-12(R), Cyberspace Operations Overview Part 3 of 3
Joint Communications Overview and Information Environment
Joint Force Communication, System Operations, and Management Planning
Legal Considerations for Cyber Operations Part 1 of 2
Legal Considerations for Cyber Operations Part 2 of 2
Adversaries in Cyberspace Part 1 of 3
Adversaries in Cyberspace Part 2 of 3
Adversaries in Cyberspace Part 3 of 3
Offensive Cyber Operations Background
Offensive Cyberspace Operations Definitions
Offensive Cyberspace Operations Planning and Legal Considerations
Offensive Methodologies
Offensive Methodology Planning Examples 1 of 2
Offensive Methodology Planning Examples 2 of 2
Reconnaissance Methodology Overview
Social Engineering for Reconnaissance
Reconn with Automated Correlation Tools and Search Engines Part 1 of 2
Reconn with Automated Correlation Tools and Search Engines Part 2 of 2
Netowrk Mapping for Active Reconnaissance
Port Scanning for Active Reconnaissance
Windows Enumeration Basics
Linux Enumeration Basics
Scanning and Enumerating with Nmap
Exploitation using Direct Exploits and System Misconfiguration
Exploitation with SET Example
Exploitation
Entrenchment
Exploitation Basics
Post-Exploitation
Abuse and Attacks
Defensive Cyberspace Operations (DCO)
DCO Types of Operations
DCO Operational Goals
DCO Best Practices
Defensive Methodology: Understanding the Threat
Defensive Methodology: Tactics
Defensive Methodology: Defense-in-Depth
Incident Management Overview
Incident Management Policies, Plans and Procedures
Incident Management Team Configuration
Incident Response Lifecycle
Defending the Domain
Perimeter and Host Defenses
IDS/IPS Defined Including Advantages and Disadvantages
IDS/IPS Types and Functions
IDS/IPS Location Placements
Intrusion Detection using Snort
Reviewing Alerts and Detecting Attack Phases
Network Traffic Analysis
Methods of Network Traffic Analysis
Wireshark
Log Analysis Methods and Techniques Part 1 of 2
Log Analysis Methods and Techniques Part 2 of 2
Detecting Offensive Operations using Log Analysis
Digital Forensics Overview and Tools
Digital Forensics Methods and Techniques Part 1 of 2
Digital Forensics Methods and Techniques Part 2 of 2
Identifying Phases of Attack Using Digital Forensics
Incident Data: Profile and Analysis
Incident Reporting
Offensive and Defensive Network Operations Exam