FedVTE Course Catalog

101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
0.25 Hours
 
An Overview of High Value Assets (HVAs)
Skill Level: Intermediate  
+ Description
 

The May 2018, Binding Operational Directive (BOD) 18-02 tasked CISA to guide federal agencies on the dynamic threats to the security and resilience of High Value Assets (HVAs). In December 2018 Memorandum 19-03 (M-19-03) was released by the Office of Management and Budget (OMB) to further assist agencies with the identification and designation of HVAs.

The Continuous Diagnostics and Migration (CDM) Program has developed HVA Dashboards to help agencies reduce their risk posture and provide them with ongoing visibility into known exploited vulnerabilities (KEVs), common vulnerabilities and exposures (CVEs), and misconfigurations for their HVA assets.

This video will discuss the functionality within the CDM Agency Dashboard related to HVAs answer important questions such as: What is an HVA, the mandates to protect HVAs, the new functionality associated with HVAs, and how HVA data is being identified within the CDM Dashboard

Learning Objectives:

  1. Understand what an HVA is.
  2. Learn how federal mandates help to protect HVAs.
  3. Provide the learner what the new functionality associated with HVAs are and how HVA data is being identified within the CDM Dashboard

Date: April 2024

Course length: 14 minutes

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialtyArea Work Roles
Oversee and GovernCybersecurity ManagementInformation Systems Security Manager/td>
Oversee and GovernProgram/Project Management and AcquisitionIT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
+ Course Modules/Units
 
An Overview of High Value Assets (HVAs) - Video
1 Hour
 
CDM Program Manager Matt House Q&A about the CDM Dashboard version 6 and beyond
Skill Level: Basic  
+ Description
 

Webinar – CDM Program Manager Matt House Q & A about the CDM Dashboard version 6 and beyond

Description:

Matt House describes the new capabilities of the CDM Dashboard version ES-6x, including Cyber Hygiene, CDM Enabled Threat Hunting, STIG reporting, FISMA automation and HVA reporting. This video will describe the various capabilities of the CDM Dashboard and how it can provide many benefits to federal agencies.

Learning Objective:

  • Understanding the capabilities of the ES-6x version of the CDM Dashboard, with focus on the FISMA automation, Binding Operating Directives (BOD), HVA reporting, the Known Exploited Vulnerabilities (KEV) catalog, plus much more!

Date: March 2024

Length: 67 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
CDM Program Manager Matt House Q&A about the CDM Dashboard version 6 and beyond
0.3 Hours
 
Micro Learn: Understanding FISMA Automation with the CDM Dashboard
Skill Level: Basic  
+ Description
 

Micro Learn: Understanding FISMA Automation with the CDM Dashboard

Description:

The next evolution of the CDM Agency Dashboard includes FISMA dashboard automation and this course provides agencies with the understanding how CDM data is automated. The FISMA dashboard provides agencies with the insight of FISMA metrics that can be supported using CDM data. The metrics that are CDM automated, agencies can follow the same steps taken by federal analysts shown in this course.

Learning Objective:

  • Understand the basic principles of FISMA dashboard automation and the CDM Agency Dashboard
  • How FISMA metrics can used to support CDM data
  • Provide a demonstration of how FISMA Automation functions

Date: April 2024

Length: 20 minutes

Training Proficiency Area: Level 2 – Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category Specialty Area Work Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
+ Course Modules/Units
 
Understanding FISMA Automation with the CDM Dashboard
0.25 Hours
 
AWARE Scoring Algorithm Details
Skill Level: Beginner  
+ Description
 

This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.

Learning Objectives:

  • Provide an overview on the AWARE Scoring Algorithm 1.0

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
AWARE Scoring Algorithm 1.0 Details
0.5 Hours
 
Micro Learn: AWARE 1.5s and the CDM Dashboard
Skill Level: Basic  
+ Description
 

In this video, the updated AWARE 1.5 supplemental overview is described and how it can benefit the federal agencies. Discussion questions include: What are the changes to the scoring algorithm; what are flipping scores; how are scores prioritized; what benchmarks are being accessed.

Date: March 2023

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and MaintainSystems Administration, Systems AnalysisSystem Administrator, Systems Security Analyst
Oversee and GovernCybersecurity ManagementInformation Systems Security Manager
Oversee and GovernProgram/Project Management and AcquisitionIT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: AWARE 1.5s and the CDM Dashboard
2 Hours
 
Data Analytics Using the CDM Dashboard
Skill Level: Intermediate  
+ Description
 

Data Analytics Using the CDM Dashboard

Description:

This two-hour self-paced course takes your experience using the CDM Dashboard and Kibana to the next level. Tailored for advanced Dashboard users, this eLearning consists of nine modules with hands-on activities that will boost your skills. Learn how to apply Kibana and the CDM Dashboard in real-world scenarios to become a pro at data visualization and analysis.

Objectives:

  • Describe how data sources correspond to data targets in the CDM Dashboard Ecosystem.
  • Explain how data views (previously known as index patterns) are used within the CDM Dashboard Ecosystem.
  • Explain the purpose and create, modify, and share spaces, dashboards, visualizations, searches, and objects.
  • Use the discover tool and best search practices.
  • Apply knowledge of the CDM Dashboard Ecosystem and Kibana to use cases.
CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
Module 1: Introduction
Module 2: Data Sources
Module 3: Data Views
Module 4: Discover
Module 5: Visualizations
Module 6: Dashboards
Module 7: Saving Queries and Searches
Module 8: Saved Objects
Module 9: Assessment
1 Hour
 
CDM Cross-cluster Search Queries
Skill Level: Beginner  
+ Description
 

Cross-cluster Search Queries

Description:

This one-hour self-paced course is required for account provisioning on the CDM Federal Dashboard. This eLearning consists of two modules. At the successful conclusion of this course you are be able to download a certificate of complete from your transcript.

Learning Objective:

  • Construct precise and specific queries using the cross-cluster search functionality.

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
Module 1: Queries
Module 2: Assessment
0.25 Hours
 
Micro Learn: CDM Dashboard Interface ES-5 Overview
Skill Level: Beginner  
+ Description
 

This CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard better understanding the functionality of ES-5 of the CDM Agency Dashboard.

Learning Objectives:

  • Understand the Header Section of the CDM Agency Dashboard ES-5
  • Utilize the Tool Bar feature the dashboard
  • Provide an overview of the Query Bar
  • Become familiar with the Time Filter of the dashboard
  • Understand the Navigation Panel and Navigation Drawer features of the dashboard

Date: May 2022

Length: 10 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
CDM Agency Dashboard Interface - Video
0.5 Hours
 
Micro Learn: CDM Dashboard version ES-6 Demonstration and Overview
Skill Level: Basic  
+ Description
 

Description:

Ms. Judy Baltensperger, Project Manager for the CDM Dashboard at CISA, provides a demonstration of the new capabilities of version ES-6 of the CDM Dashboard. She expands upon the Exploited Vulnerability (KEV) catalog and information provided within the catalog; delivers an overview of the reporting asset capability related to Binding Operational Directives (BOD) 22-01 and 23-01; explains the Agency Inventory Metrics (AIM), and much more!

+ Course Modules/Units
 
CDM Dashboard version ES-6 Demonstration and Overview
0.25 Hours
 
Micro Learn: CDM PMO Matt House speaks about the CDM Agency Dashboard
Skill Level: Basic  
+ Description
 

CDM PMO Matt House provides an update of ES-6 version of the CDM Dashboard and its capabilities

Description:

Learn about the capabilities of the CDM Dashboard version ES-6. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide its many benefits to federal agencies.

Learning Objectives:

Understanding the capabilities of the ES-6 version of the CDM Dashboard, with focus on the FISMA directives, Binding Operating Directives (BOD), Database as a Service, cross cluster searching, Known Exploited Vulnerabilities (KEV) catalog, plus much more!

Date: May 2023

Length: 34 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
CDM PMO speaks about version ES-6 of the CDM Dashboard
0.25 Hours
 
Micro Learn: CDM PMO speaks about the CDM Agency Dashboard
Skill Level: Basic  
+ Description
 

This video explains the features of the current ES-3 version of the CDM Agency Dashboard.

Date: 2021

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
CDM PMO speaks about ES-3 of the CDM Agency Dashboard
0.25 Hours
 
Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog
Skill Level: Basic  
+ Description
 

In this video, Mr. Dave Otto, the Risk expert of the CDM program, explains the Binding Operational Directive 22-01, the CISA KEV (Known Exploited Vulnerabilities) Catalog, and how agencies can better protect their assets.

Date: 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog
0.5 Hours
 
Micro Learn: Configuration Settings Management (CSM) with the CDM Agency Dashboard
Skill Level: Basic  
+ Description
 

This video explains the CSM features of the current ES-3 version of the CDM Agency Dashboard.

Date: October 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Configuration Settings Management (CSM) with the CDM Agency Dashboard
0.5 Hours
 
Micro Learn: CSM
Skill Level: Beginner  
+ Description
 

This video provides an overview of the configuration settings management (CSM) capability and how CSM helps to reduce cyber-attacks in software and hardware assets within the Continuous Diagnostics and Mitigation (CDM) Program.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: CSM – Concepts of Configuration
0.5 Hours
 
Micro Learn: CSM – Understanding Benchmarks and STIGS
Skill Level: Beginner  
+ Description
 

This video discusses the need for standardized benchmarks in the federal government and the use of Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGs) for integration within the CDM solution. A review of DISA’s role, authority, and DISA STIG compliance levels is provided as well.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: CSM – Understanding Benchmarks and STIGS
0.75 Hours
 
Micro Learn: AWARE 1.5 and the ES-3 version of the CDM Agency Dashboard
Skill Level: Basic  
+ Description
 

This video explains the features of AWARE 1.5 on the current ES-3 version of the CDM Agency Dashboard.

Date: 2021

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
AWARE 1.5 and the ES-3 version of the CDM Agency Dashboard
0.2 Hours
 
Micro Learn: DBaaS
Skill Level: Basic  
+ Description
 

The next evolution of the CDM Agency Dashboard is being offered in a cloud-based format, which provides agencies with the same functionality but relieves them from having to manage and continue to fund all of the aspects of an “on-prem” security solution. CISA is making this dashboard tool available in a Dashboard as a Service format, or DBaaS. This video will describe DBaaS and its many benefits to federal agencies.

Learning Objectives:

  • Understand the basic principals of DBaaS and the CDM Agency Dashboard
  • How DBaaS can help minimize agency vulnerabilities
  • Provide a demonstration of how DBaaS works

Date: October 2022

Length: 7 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
Micro Learn: DBaaS - Using the CDM Dashboard as a Service
0.5 Hours
 
Micro Learn: IdAM- Identity and Access Management with the CDM Agency Dashboard
Skill Level: Intermediate  
+ Description
 

This 39 minute video is an interview recording of a Mr. Ross Foard, subject matter expert for DHS/CISA, and Identity and Access Management (IAM) . This video provides participants with the essential knowledge of IAM and the CDM Agency Dashboard.

Learning Objectives:

  • Understand CDM Agency Dashboard basic features and IAM functionality.

Date: 2021

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
IAM- Identity and Access Management with the CDM Agency Dashboard
0.5 Hours
 
Micro Learn: System Security Analyst Methodology
Skill Level: Beginner  
+ Description
 

This video presents cybersecurity concepts associated with continuous monitoring of issues that affect networks. A review of workplan concepts, checks and reviews, and mitigation recommendations is also covered.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: System Security Analyst Methodology
0.5 Hours
 
Micro Learn: System Security Analyst Overview
Skill Level: Beginner  
+ Description
 

This video presents an overview of the System Security Analyst role and the six key responsibilities associated with that role. The importance of these six key responsibilities is covered including adherence to agency policy and assessing metrics and data.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: System Security Analyst Overview
0.25 Hours
 
Micro Learn: The AWARE 1.5 Risk Scoring Overview Using the CDM Agency Dashboard
Skill Level: Beginner  
+ Description
 

In this video, the AWARE 1.5 risk scoring overview is described and how it can benefit the federal agencies.

Date: May 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
The AWARE 1.5 Risk Scoring Overview Using the CDM Agency Dashboard
0.25 Hours
 
Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard
Skill Level: Basic  
+ Description
 

In this video, Mr. Richard Grabowski, acting CDM PMO, explains CDM Enabled Threat Hunting (CETH) and how CETH benefits the federal agencies. He also discusses how the CDM Dashboard supports the implementation of Endpoint Detection and Response (EDR).

Date: 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard
0.5 Hours
 
Micro Learn: Understanding AWARE 1.5 and the CDM Agency Dashboard
Skill Level: Beginner  
+ Description
 

This video explains the new AWARE 1.5 scoring and features.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Micro Learn: Understanding AWARE 1.5 and the CDM Agency Dashboard
0.02 Hours
 
Introduction to the AWARE Scoring Algorithm
Skill Level: Beginner  
+ Description
 

This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.

Learning Objectives:

  • Provide an overview on the AWARE Scoring Algorithm 1.0

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
Introduction to the AWARE Scoring Algorithm 1.0
0.25 Hours
 
Introduction to the New CDM Agency Dashboard
Skill Level: Beginner  
+ Description
 

This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.

Learning Objectives:

  • Understand the New CDM Agency Dashboard

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
Introduction to the New CDM Agency Dashboard
0.02 Hours
 
What is CDM and the CDM Agency Dashboard?
Skill Level: Beginner  
+ Description
 

This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.

Learning Objectives:

  • Understand what are CDM and the CDM Agency Dashboard
  • Understand the New CDM Agency Dashboard
  • Provide an overview on the AWARE Scoring Algorithm 1.0

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
+ Course Modules/Units
 
What is CDM and the CDM Agency Dashboard?
2.5 Hours
 
CDM 141
Skill Level: Beginner  
+ Description
 

Introduction to the CDM Agency Dashboard

Course Length: 3 hours

Description:

This course is a recording of a virtual 3-hour course which provides participants with the essential knowledge of the ES-6 version of the CDM Agency Dashboard. It explains basic features and navigation within the environment and includes demonstrations using the CDM Agency Dashboard to identify and report on asset vulnerabilities and other key features of the dashboard.

Register to join the next live iteration of this course via https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training.

Learning Objectives:

  • Understand CDM Agency Dashboard basic features and functionality
  • Instructor demonstrates the CDM Agency Dashboard

Date: March 2024

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Introduction to the CDM Agency Dashboard
6 Hours
 
Advanced Data Packet Analysis
Skill Level: Advanced   
+ Description
 

This course orients analysts to analyzing common protocols, identifying suspicious or malicious traffic and provides an introduction to the Wireshark packet filter syntax.

+ Course Modules/Units
 
Advanced Data Packet Analysis: Overview
Module 1.2: Identification of Suspicious and/or Malicious Traffic
Module 1.3: Wireshark Packet Filters and Syntax
0.5 Hours
 
Ransomware Overview
Skill Level: Beginner      
+ Description
 

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.

Learning Objectives:

  • Present an overview of ransomware attacks
  • Identify preventative measures to block ransomware attacks
  • Discuss incident response best practices for ransomware attacks
  • Detail ways to implement recovery measure after a ransomware attack
  • Learn to strategically plan the development and implementation of your CSIRT.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Defend Against Ransomware - Video
1 Hour
 
Incident Response Training: Preventing Web and Email Server Attacks (IR 105)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Web and email servers are the workhorses of the Internet — we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers.

This webinar includes the following information and more:

  • Common attacks and vulnerabilities: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
  • Key guidance for organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
  • Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
  • Knowledge checks: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Incident Response Training: Preventing Web and Email Server Attacks (IR 105)
0.3 Hours
 
CAMEO Data Manager Overview
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
CAMEO Data Manager Overview
0.25 Hours
 
ChemLock SharePoint and Case Management Overview
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
ChemLock SharePoint and Case Management Overview
0.4 Hours
 
ChemLock Staff Overview Training
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
ChemLock Staff Overview Training
2 Hours
 
CIR Completion Training and Demo
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
CIR Completion Training and Demo
1.5 Hours
 
Compliance Inspection System Demo
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
Compliance Inspection System Demo
0.75 Hours
 
Delivering ChemLock 101
Skill Level: Beginner   
+ Description
 (Description coming soon)
+ Course Modules/Units
 
Delivering ChemLock 101
1.5 Hours
 
FASTInfo 101 Refresh Demo
Skill Level: Beginner   
+ Description
 (Description coming soon)
+ Course Modules/Units
 
FASTInfo 101 Refresh Demo
2.75 Hours
 
P-CFOI_CA Modules Training Session 1
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
Part 1
Part 2
Part 3
1 Hour
 
P-CFOI Crosswalk Tool V3 Refresh Training
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
P-CFOI Crosswalk Tool V3 Refresh Training
1 Hour
 
CFATS Civil Penalties
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
CFATS Civil Penalties – SOP Review
Knowledge Check
1 Hour
 
CFATS Compliance Assistance
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
CFATS Compliance Assistance – SOP Review
Knowledge Check
1 Hour
 
CFATS Enforcement
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
CFATS Enforcement – SOP Review
Knowledge Check
1 Hour
 
CFATS Incident Reporting
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
CFATS Incident Reporting – SOP Review
Knowledge Check
1 Hour
 
CFATS Violation Reporting (Whistleblower)
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
CFATS Violation Reporting (Whistleblower) – SOP Review
Knowledge Check
1 Hour
 
CSI Prerequisite Courses
Skill Level: Beginner  
+ Description
 (Description coming soon)
+ Course Modules/Units
 
Badging and Credentialing
CFATS Outreach Strategy
CVI
Cybersecurity 1 for CFATS
Introduction to Authorization Inspections
Introduction to CFATS Appendix A
Introduction to CFATS Enforcement
Introduction to CFATS IT Tools
Introduction to Compliance Assistance Visits
Introduction to Compliance Inspections
Introduction to Guideposts and RBPS
Introduction to Incident Reporting
Introduction to P-CFOI
Introduction to Physical Security
Introduction to Principles of Physical Security
Introduction to Risk Engine
Introduction to SVA, SSP and ASP
Introduction to Top-Screens
1 Hour
 
Understanding Indicators of Compromise (IR 108)
Skill Level: Beginner   
+ Description
 

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Major cyber-attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security, or execute malicious activity without tripping network defenses.

Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity.

This webinar includes the following information and more:

  • Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity.
  • Understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
  • Learn about the MITRE ATT&CK® framework and how it supports the analysis of IOCs, potential threat actors related to the activity and their associated strategies and tactics.
  • Introduce free CISA cybersecurity tools, services, and resources to help organizations further advance their cybersecurity capabilities.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 – Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Understanding Indicators of Compromise (IR 108)
1 Hour
 
Defend Against Ransomware Attacks (IR109)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Ransomware attacks hit a new target every 14 seconds–shutting down digital operations, stealing information and exploiting businesses, essential services, and individuals alike. This one-hour webinar provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to mitigate and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

  • Common attack methods: Learn the definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time. The webinar will discuss common signs of a ransomware attack and how to respond if an attack is suspected.
  • Key guidance for organizations: CISA provides guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack.
  • Case studies: Explore the methods and impacts of real-life cyber-attacks, and how the victims responded and recovered.
  • Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Defend Against Ransomware Attacks (IR109) - Video
2 Hours
 
Preventing Web and Email Server Attacks Cyber Range Training (IR205)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Participants will be introduced to common web and email vulnerabilities, as well as the technologies of encryption and authentication to enhance web and email security. This course uses an active participation approach to facilitate realistic technical training and interaction opportunities for learners.

Experience these benefits and more:

  • Learn how to implement CISA guidance: Course exercises include implementation of the recommendations in BOD 18-01.
  • Identify and mitigate vulnerabilities in real time: Students identify common web and email vulnerabilities and mitigate them by reconfiguring the web server and Domain Name System (DNS) settings.
  • Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Preventing Web and Email Server Attacks (IR205) - Video
1.5 Hours
 
Understanding Indicators of Compromise Cyber Range Training (IR208)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Cyberattacks have made headlines for years, and the pace of threat activity faced by government and private sector organizations is accelerating. Indicators of compromise (IOCs) are the digital and informational “clues” that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. In this training, participants will be introduced to common IOCs and common protocols used to find them in their own systems.

Experience these benefits and more:

  • Importance of IOCs: Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity. Students will understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
  • Learn about the MITRE ATT&CK® Framework and how it supports the analysis of IOCs, potential threat actors related to the activity, and their associated tactics, techniques, and procedures (TTPs).
  • Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Understanding Indicators of Compromise (IR208) - Video
1.5 Hours
 
Defend Against Ransomware Attacks Cyber Range Training (IR209)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a network’s defense. If just one computer becomes infected with ransomware, infection could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure. In this training, participants will be introduced to common applications and process that harden network defenses, as well as key concepts used in the prevention of ransomware attacks.

This training includes the following information and more:

  • Common attack methods: Define ransomware and identify best practices and preventive measures to mitigate the impact of ransomware attacks.
  • Lab Demonstrations: Learn how to apply specific tools to configure and back up Active Directory policies, reset Kerberos Ticket Granting Ticket (KRBTGT) account passwords, and create application allow-listing policies.
  • Expert facilitation: Throughout the course, expert cybersecurity engineers’ moderate discussions and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Defend Against Ransomware Attacks (IR209) - Video
1 Hour
 
Incident Response Training: Defending Internet Accessible Systems (IR 104)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Internet-accessible systems have become the backbone of modern business and communication infrastructure, from smartphones to web applications, to the explosive growth of the “Internet of Things” (IoT). Each of these systems and devices, however, can be targeted by threat actors and used to conduct malicious activity if they are unsecured. Worse, these systems can leave vulnerabilities and sensitive information freely available to exploit if not properly configured and maintained.

This webinar includes the following information and more:

  • Common attacks and vulnerabilities: Understand common vulnerabilities of internet-accessible systems, how they are exploited by threat actors, and how to mitigate them to prevent attacks from succeeding.
  • CISA guidance: Learn key guidance, resources, and best practices to address vulnerabilities and prepare effective incident response and recovery.
  • Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
  • Knowledge checks: Knowledge check questions will be asked throughout the course to reinforce key concepts and important takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Incident Response Training: Defending Internet Accessible Systems (IR 104) - Video
1.5 Hours
 
Defending Internet Accessible Systems Cyber Range Training (IR204)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Participants will be introduced to tactics and strategies that enable them to protect their organizations from attacks against internet-accessible system(s) (i.e., internet-accessible system attacks or IAS) through awareness of individual and organizational points of vulnerability.

Experience these benefits and more:

  • Learn how to implement CISA guidance: Course exercises include implementation of the recommendations in BOD 19-02.
  • Identify and mitigate vulnerabilities in real time: Students will identify common methods of scanning for vulnerabilities, analyzing event logs, and modifying firewall rules.
  • Expert facilitation: Throughout the course, expert cybersecurity engineers will moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Defending Internet Accessible Systems (IR204) - Video
0.5 Hours
 
How to Backup and Restore Active Directories
Skill Level: Beginner      
+ Description
 

Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.

This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

  • Backup Active Directory on a Domain Controller
  • Restore Active Directory on a Domain Controller

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
AD Backup Restore - Video
AD Backup Restore - Demo
AD Backup Restore - Try
0.5 Hours
 
Securing Systems: How to Block Malicious IPs
Skill Level: Beginner      
+ Description
 

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

  • Identify the purpose of firewalls
  • Present the importance of implementing firewall rules
  • Identify specific firewall rules to apply

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Block Malicious IPs - Video
Block Malicious IPs - Demo
Block Malicious IPs - Try
0.5 Hours
 
Securing Systems: How to Create Application Allowlisting Policies
Skill Level: Beginner      
+ Description
 

Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.

This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

  • Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Application Allowlisting - Video
Application Allowlisting - Demo
Application Allowlisting- Try
0.25 Hours
 
How to Disable SMBv1
Skill Level: Beginner      
+ Description
 

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

  • Define Server Message Block
  • Identify the three versions of SMB
  • Present the importance of disabling SMBv1

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
SMBv1 - Video
SMBv1 - Demo
SMBv1- Try
0.25 Hours
 
How to Reset a KRBTGT Account Password
Skill Level: Beginner      
+ Description
 

Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.

This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

  • Reset the KRBTGT Account password

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Reset KRBTGT Account Password - Video
Reset KRBTGT Account Password - Demo
Reset KRBTGT Account Password - Try
0.25 Hours
 
Securing Systems: How to Sinkhole a Malicious Domain
Skill Level: Beginner      
+ Description
 

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

  • Present the definition of a DNS Sinkhole
  • Identify key terms related to the Sinkholing process
  • Explain the importance of implementing a DNS Sinkhole

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Analyze Exploitation Analysis Exploitation Analyst
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Investigate Digital Forensics Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Sinkhole - Video
Sinkhole - Demo
Sinkhole - Try
2 Hours
 
CDM 142
Skill Level: Beginner  
+ Description
 

Course Length: 3 hours

This course is a recording of a virtual 3-hour course and presents an ES-6 overview of how the dashboard provides visibility into the metrics and measurements needed for a continuous monitoring program. It explains how to create queries for hardware (HW) and software (SW) assets and introduces a framework for using data reports to inform risk-based decision-making. Register to join the next live iteration of this course via https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training.

Learning Objectives:

  • Understand CDM agency dashboard functionalities around asset management
  • Learn how to create asset management queries
  • Learn how to create reports

Date: May 2024

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Asset Management with the CDM Agency Dashboard
4 Hours
 
Advanced Network Flow Analysis
Skill Level: Beginner   
+ Description
 

By the end of this course, you should be able to use network flow data to do the following:

  • Evaluate the correct implementation of application traffic on the network.
  • Find anomalous traffic on a large network.
  • Find malicious activity given additional network and intelligence data sources.
  • Identify potential malicious activity on a network.
  • Provide input for appropriate techniques in an operational environment.
+ Course Modules/Units
 
Module 1: Anomaly Detection with Flow
Module 2: Reading Protocols
Module 3: Threat Hunting
Module 4: SOC Application
1 Hour
 
Using the Incident Response Playbook at your Organization (IR 111)
Skill Level: Beginner  
+ Description
 

Course length: 1 hour

These courses are developed in response to the President’s Executive Order 14028, tasking CISA to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information systems. CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. These playbooks are intended to guide and facilitate Federal Civilian Executive Branch (FCEB) agencies by providing standardized processes and procedures for planning and conducting cybersecurity incident and vulnerability response activities. These courses focus on the Incident Response (IR) Playbook and associated checklists that are aligned to the NIST-defined IR phases including preparation, detection and analysis, containment, eradication and recovery, and post-incident activities. The goal of this CISA IR Playbook and courses is for each agency to use a standardized approach to incident response that aligns with guidance and best practices and provides them with processes and procedures to help them be better organized and prepared if an incident is declared. Proactive and thoughtful planning paired with routine exercising of the plan, when used with a continuous process improvement approach (i.e., Plan, Do, Check, Act or Observe, Orient, Decide, Act), is a must for agencies to be prepared and ultimately able to respond to incidents as quickly as possible. Lessons learned and common missteps, as well as roles and responsibilities and internal vs. external communication critical paths, will also be highlighted in these courses.

Learning Objectives:

At the end of the course, the students should be able to:

  1. Describe why an IR playbook is important for an agency to use
  2. Identify and describe the sections of the CISA IR Playbook
  3. Describe how to use the IR checklist in the CISA IR Playbook
  4. Identify typical roles that are needed during an incident response
  5. List potential questions or key information that an IR team should consider at each phase of an IR

For Cybersecurity courses:
NICE mapping: Analyze, Investigate, and Protect and Defend

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

CategorySpecialty AreaWork Roles
+ Course Modules/Units
 
Incident Response Training (IR111) - Video
1 Hour
 
Introduction to Log Management (IR110)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. This webinar introduces the fundamentals of investigating logs for incidents.

This webinar includes the following information and more:

  • Common attack methods: Understand log analysis, and its importance as a crucial component of incident response and network security.
  • Key guidance for organizations: Introduce resources and tools that enable organizations and individuals to use log analysis to query for threat activity including SIEM, FPCAP analysis, and using PowerShell and Active Directory to run scripts.
  • Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
  • Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Introduction to Log Management (IR110) - Video
1 Hour
 
Introduction to Network Diagramming (IR107)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This webinar includes the following information and more:

  • Importance of network diagrams: Students will learn the importance of creating and maintaining network topology diagrams. Students will also understand the importance of identifying data flows and storage, identifying remote access points and external connections, and network segmentation for security.
  • Key guidance for organizations: CISA provides guidance on what to include in network diagrams.
  • Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Introduction to Network Diagramming (IR107) - Video
0.5 Hours
 
Network Topology 1
Skill Level: Beginner  
+ Description
 

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the importance of having a network diagram, types of diagrams, common network diagramming tools, and commonly used network symbols.

Learning Objectives:

  • Recognize how networks have evolved to include external cloud-based architectures
  • Recognize the importance of creating and maintaining network topology diagrams

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
AnalyzeAll-Source AnalysisMission Assessment Specialist
AnalyzeExploitation AnalysisExploitation Analyst
AnalyzeThreat AnalysisThreat/ warning analyst
InvestigateDigital ForensicsCyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and MaintainData AdministrationData Analyst, Database Administrator
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainKnowledge ManagementKnowledge Manager
Operate and MaintainNetwork ServicesNetwork Operations Specialist
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainSystems AnalysisSystems Security Analyst
Oversee and GovernCybersecurity ManagementCommunications security manager; information systems security manager
Oversee and GovernExecutive Cyber LeadershipExecutive Cyber Leadership
Oversee and GovernProgram Management and AcquisitionIT investment manager, IT program auditor, IT project manager, product support manager, program manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
Protect and DefendCyber Defense Infrastructure SupportCyber Defense Infrastructure Support specialist
Protect and DefendIncident ResponseCyber defense incident responder
Protect and DefendVulnerability Assessment and ManagementVulnerability assessment analyst
Securely ProvisionRisk ManagementAuthorizing official; security control assessor
Securely ProvisionSystems ArchitectureEnterprise Architect, Security Architect
Securely ProvisionSystems Requirements PlanningSystems Requirements Planner
Securely ProvisionTest and EvaluationSystem Testing and Evaluation Specialist
+ Course Modules/Units
 
Introduction to Network Topology Diagrams - Video
0.5 Hours
 
Network Topology 2
Skill Level: Beginner  
+ Description
 

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the importance of knowing and understanding how networks and assets are connected, segmented, controlled, and architected for representation in network diagram designs.

Learning Objectives:

  • Identify the difference between logical and physical topology diagrams
  • Identify the common network topology patterns
  • Define network architecture

Date: 2023

Training Proficiency Area: Level Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
AnalyzeAll-Source AnalysisMission Assessment Specialist
AnalyzeExploitation AnalysisExploitation Analyst
AnalyzeThreat AnalysisThreat/ warning analyst
InvestigateDigital ForensicsCyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and MaintainData AdministrationData Analyst, Database Administrator
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainKnowledge ManagementKnowledge Manager
Operate and MaintainNetwork ServicesNetwork Operations Specialist
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainSystems AnalysisSystems Security Analyst
Oversee and GovernCybersecurity ManagementCommunications security manager; information systems security manager
Oversee and GovernExecutive Cyber LeadershipExecutive Cyber Leadership
Oversee and GovernProgram Management and AcquisitionIT investment manager, IT program auditor, IT project manager, product support manager, program manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
Protect and DefendCyber Defense Infrastructure SupportCyber Defense Infrastructure Support specialist
Protect and DefendIncident ResponseCyber defense incident responder
Protect and DefendVulnerability Assessment and ManagementVulnerability assessment analyst
Securely ProvisionRisk ManagementAuthorizing official; security control assessor
Securely ProvisionSystems ArchitectureEnterprise Architect, Security Architect
Securely ProvisionSystems Requirements PlanningSystems Requirements Planner
Securely ProvisionTest and EvaluationSystem Testing and Evaluation Specialist
+ Course Modules/Units
 
Network Topology Diagramming - Video
0.5 Hours
 
Network Topology 3
Skill Level: Beginner  
+ Description
 

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the importance of knowing what’s on their networks, where data enters and exits and how the data flows through their network, and how they can use asset discovery and mapping tools to help either gather this information or create a diagram.

Learning Objectives:

  • Explain why an asset scanning and mapping tool is used
  • Recognize the importance of identifying data flows and storage
  • Explain the importance of identifying remote access points and external connections
  • Explain the importance of network segmentation for security

Date: 2023

Training Proficiency Area: Level Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
AnalyzeAll-Source AnalysisMission Assessment Specialist
AnalyzeExploitation AnalysisExploitation Analyst
AnalyzeThreat AnalysisThreat/ warning analyst
InvestigateDigital ForensicsCyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and MaintainData AdministrationData Analyst, Database Administrator
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainKnowledge ManagementKnowledge Manager
Operate and MaintainNetwork ServicesNetwork Operations Specialist
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainSystems AnalysisSystems Security Analyst
Oversee and GovernCybersecurity ManagementCommunications security manager; information systems security manager
Oversee and GovernExecutive Cyber LeadershipExecutive Cyber Leadership
Oversee and GovernProgram Management and AcquisitionIT investment manager, IT program auditor, IT project manager, product support manager, program manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
Protect and DefendCyber Defense Infrastructure SupportCyber Defense Infrastructure Support specialist
Protect and DefendIncident ResponseCyber defense incident responder
Protect and DefendVulnerability Assessment and ManagementVulnerability assessment analyst
Securely ProvisionRisk ManagementAuthorizing official; security control assessor
Securely ProvisionSystems ArchitectureEnterprise Architect, Security Architect
Securely ProvisionSystems Requirements PlanningSystems Requirements Planner
Securely ProvisionTest and EvaluationSystem Testing and Evaluation Specialist
+ Course Modules/Units
 
Understanding Your Network Architecture - Video
0.2 Hours
 
Network Topology 4 – Diagramming Process
Skill Level: Beginner  
+ Description
 

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module introduces viewers to the process of creating a network diagram which includes identifying assets, sketching a diagram, choosing an application, selecting a network template, building the diagram, creating a legend, and maintaining the diagram.

Learning Objectives:

  • Describe the steps for building a network diagram
  • Identify the generic templates and symbols used in creating network diagrams

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
AnalyzeAll-Source AnalysisMission Assessment Specialist
AnalyzeExploitation AnalysisExploitation Analyst
AnalyzeThreat AnalysisThreat/ warning analyst
InvestigateDigital ForensicsCyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and MaintainData AdministrationData Analyst, Database Administrator
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainKnowledge ManagementKnowledge Manager
Operate and MaintainNetwork ServicesNetwork Operations Specialist
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainSystems AnalysisSystems Security Analyst
Oversee and GovernCybersecurity ManagementCommunications security manager; information systems security manager
Oversee and GovernExecutive Cyber LeadershipExecutive Cyber Leadership
Oversee and GovernProgram Management and AcquisitionIT investment manager, IT program auditor, IT project manager, product support manager, program manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
Protect and DefendCyber Defense Infrastructure SupportCyber Defense Infrastructure Support specialist
Protect and DefendIncident ResponseCyber defense incident responder
Protect and DefendVulnerability Assessment and ManagementVulnerability assessment analyst
Securely ProvisionRisk ManagementAuthorizing official; security control assessor
Securely ProvisionSystems ArchitectureEnterprise Architect, Security Architect
Securely ProvisionSystems Requirements PlanningSystems Requirements Planner
Securely ProvisionTest and EvaluationSystem Testing and Evaluation Specialist
+ Course Modules/Units
 
Network Diagramming Process - Video
0.5 Hours
 
Network Topology 5 – Building an Internal Diagram (Interactive)
Skill Level: Beginner  
+ Description
 

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module provides a scenario-based demonstration of how to build a basic internal network diagram using Microsoft Visio. Part 1 is demonstration only and Part 2 is the same as part 1 but provides users the ability to click on interactive sections of the screen to simulate the network diagramming build activity.

Learning Objectives:

  • Demonstrate how to build an internal LAN Network Diagram using Microsoft Visio

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
AnalyzeAll-Source AnalysisMission Assessment Specialist
AnalyzeExploitation AnalysisExploitation Analyst
AnalyzeThreat AnalysisThreat/ warning analyst
InvestigateDigital ForensicsCyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and MaintainData AdministrationData Analyst, Database Administrator
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainKnowledge ManagementKnowledge Manager
Operate and MaintainNetwork ServicesNetwork Operations Specialist
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainSystems AnalysisSystems Security Analyst
Oversee and GovernCybersecurity ManagementCommunications security manager; information systems security manager
Oversee and GovernExecutive Cyber LeadershipExecutive Cyber Leadership
Oversee and GovernProgram Management and AcquisitionIT investment manager, IT program auditor, IT project manager, product support manager, program manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
Protect and DefendCyber Defense Infrastructure SupportCyber Defense Infrastructure Support specialist
Protect and DefendIncident ResponseCyber defense incident responder
Protect and DefendVulnerability Assessment and ManagementVulnerability assessment analyst
Securely ProvisionRisk ManagementAuthorizing official; security control assessor
Securely ProvisionSystems ArchitectureEnterprise Architect, Security Architect
Securely ProvisionSystems Requirements PlanningSystems Requirements Planner
Securely ProvisionTest and EvaluationSystem Testing and Evaluation Specialist
+ Course Modules/Units
 
Network Topology 5 – Building a Basic LAN Internal Network Diagram (Try Me)
0.3 Hours
 
Network Topology 5 – Building an Internal Diagram (Demonstration)
Skill Level: Beginner  
+ Description
 

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module provides a scenario-based demonstration of how to build a basic internal network diagram using Microsoft Visio. Part 1 is demonstration only and Part 2 is the same as part 1 but provides users the ability to click on interactive sections of the screen to simulate the network diagramming build activity.

Learning Objectives:

  • Demonstrate how to build an internal LAN Network Diagram using Microsoft Visio

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
AnalyzeAll-Source AnalysisMission Assessment Specialist
AnalyzeExploitation AnalysisExploitation Analyst
AnalyzeThreat AnalysisThreat/ warning analyst
InvestigateDigital ForensicsCyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and MaintainData AdministrationData Analyst, Database Administrator
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainKnowledge ManagementKnowledge Manager
Operate and MaintainNetwork ServicesNetwork Operations Specialist
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainSystems AnalysisSystems Security Analyst
Oversee and GovernCybersecurity ManagementCommunications security manager; information systems security manager
Oversee and GovernExecutive Cyber LeadershipExecutive Cyber Leadership
Oversee and GovernProgram Management and AcquisitionIT investment manager, IT program auditor, IT project manager, product support manager, program manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
Protect and DefendCyber Defense Infrastructure SupportCyber Defense Infrastructure Support specialist
Protect and DefendIncident ResponseCyber defense incident responder
Protect and DefendVulnerability Assessment and ManagementVulnerability assessment analyst
Securely ProvisionRisk ManagementAuthorizing official; security control assessor
Securely ProvisionSystems ArchitectureEnterprise Architect, Security Architect
Securely ProvisionSystems Requirements PlanningSystems Requirements Planner
Securely ProvisionTest and EvaluationSystem Testing and Evaluation Specialist
+ Course Modules/Units
 
Network Topology 5 – Building a Basic LAN Internal Network Diagram (Show Me)
2 Hours
 
CDM 143
Skill Level: Beginner  
+ Description
 

Course Length: 3 hours

This 3-hour course is a recording of the Vulnerability Management course covering ES-6 version of the CDM Agency Dashboard. This course introduces participants to the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) version 1.5 and other vulnerability management topics. With the information provided, dashboard users can identify the most critical vulnerabilities and prioritize mitigation activities at their agency.

Register to join the next live iteration of this course via https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training.

Learning Objectives:

  • Understand the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) Score
  • Walkthrough how to identify vulnerabilities in the CDM Agency Dashboard

Date: May 2024

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Vulnerability Management with the CDM Agency Dashboard
6 Hours
 
Bash Scripting
Skill Level: Beginner   
+ Description
 The Bash scripting series of videos introduces the fundamental concepts of input, flow control, processing and output. Each video adds features to these so the student has a richer set of scripting components with which to work. Most of the example scripts involve SiLK analytics of increasing complexity so the student can immediately apply what was learned in a meaningful way.
+ Course Modules/Units
 
Module 1: Bash Scripting - Introduction
Module 2
Module 3
Module 4
Module 5
Module 6
0.5 Hours
 
Network Topology 6 – Building an External Diagram (Interactive)
Skill Level: Beginner  
+ Description
 

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This module provides a scenario-based demonstration of how to build an external network diagram using Microsoft Visio. It is a hybrid tutorial that includes demonstration, instruction, and interaction.

Learning Objectives:

  • Demonstrate how to build an external Network Diagram using Microsoft Visio

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
AnalyzeAll-Source AnalysisMission Assessment Specialist
AnalyzeExploitation AnalysisExploitation Analyst
AnalyzeThreat AnalysisThreat/ warning analyst
InvestigateDigital ForensicsCyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst
Operate and MaintainData AdministrationData Analyst, Database Administrator
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainKnowledge ManagementKnowledge Manager
Operate and MaintainNetwork ServicesNetwork Operations Specialist
Operate and MaintainSystems AdministrationSystem Administrator
Operate and MaintainSystems AnalysisSystems Security Analyst
Oversee and GovernCybersecurity ManagementCommunications security manager; information systems security manager
Oversee and GovernExecutive Cyber LeadershipExecutive Cyber Leadership
Oversee and GovernProgram Management and AcquisitionIT investment manager, IT program auditor, IT project manager, product support manager, program manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
Protect and DefendCyber Defense Infrastructure SupportCyber Defense Infrastructure Support specialist
Protect and DefendIncident ResponseCyber defense incident responder
Protect and DefendVulnerability Assessment and ManagementVulnerability assessment analyst
Securely ProvisionRisk ManagementAuthorizing official; security control assessor
Securely ProvisionSystems ArchitectureEnterprise Architect, Security Architect
Securely ProvisionSystems Requirements PlanningSystems Requirements Planner
Securely ProvisionTest and EvaluationSystem Testing and Evaluation Specialist
+ Course Modules/Units
 
New Network Topology 6
1 Hour
 
Incident Response Training: Preventing DNS Infrastructure Tampering (IR106)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

The Domain Name System, commonly known as DNS, is often referred to as the “phone book” of the Internet. Every time we access the Internet to visit our favorite websites, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly useful, it also presents a rich attack surface. Threat actors have the ability to shut down websites and online services, replace legitimate website content with threats or extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal information entered by users. This recorded webinar provides an organizational perspective and is accessible to a general audience including managers, business leaders, and technical specialists.

This webinar includes the following information and more:

  • Common attacks and vulnerabilities: Learn how to identify a potential attack on DNS infrastructure.
  • CISA guidance: CISA provides information on best practices to reduce the likelihood and impact of a successful DNS attack.
  • Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
  • Knowledge checks: The course provides knowledge checks throughout the presentation to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Incident Response Training: Preventing DNS Infrastructure Tampering (IR 106) - Video
1.5 Hours
 
Preventing DNS Infrastructure Tampering Cyber Range Training (IR206)
Skill Level: Beginner  
+ Description
 

This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

DNS is one of the core foundations of the internet. However, it continues to be one of the mechanisms attackers use to perform malicious activities across the globe. In this course participants will learn about various concepts associated with DNS, become familiar with DNS tools and mapping information, be introduced to common DNS tampering techniques, and gain an understanding of DNS mitigation strategies to enhance security.

Experience these benefits and more:

  • Learn how to implement remediations: Course exercises include remediating vulnerabilities.
  • Identify and mitigate vulnerabilities in real time: Students identify DNS infrastructure tampering techniques and mitigate them.
  • Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

CategorySpecialty AreaWork Roles
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Requirements Planning System Requirements Planner
Oversee and Govern Program Management and Acquisition IT Project Manager
+ Course Modules/Units
 
Preventing DNS Infrastructure Tampering (IR206) - Video
3 Hours
 
CDM 201
Skill Level: Intermediate  
+ Description
 

This 3-hour course is a recording of a virtual four-hour course covering the ES-6 version of the CDM Agency Dashboard. This course introduces participants to the four identity management capabilities - PRIV, CRED, TRUST, and BEHAVE - and to the use of the new CDM Agency Dashboard to reduce risks associated with each.

Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.

Learning Objectives:
  • Overview of how the CDM Agency Dashboard addresses user-centric data in addition to hardware and software information.
  • Strategies for integrating PRIV/CRED/TRUST/BEHAVE capabilities into routine processes workflows to drive increased risk awareness and mitigation.

Date: May 30, 2024

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialtyArea Work Roles
Operate and Maintain Systems AdministrationSystems Analysis System AdministratorSystems Security Analyst
Oversee and GovernCybersecurity ManagementInformation Systems Security Manager
Oversee and GovernProgram/Project Management and AcquisitionIT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
+ Course Modules/Units
 
Identity and Access Management Capabilities within the CDM Agency Dashboard
2 Hours
 
BIRT Refresher Course
Skill Level: Beginner  
+ Description
 

BIRT Refresher Course

Prerequisite(s): BIRT

Course Setting: Online, self-paced

Length: 2 hours

Training Purpose: Maintain Incident Response Qualification (IRQ)

Audience: Threat Hunting (TH) Staff participating in hunt and incident response engagements; detailees assigned to TH participating in hunt and IR engagements

Description:

The purpose of the Basic Incident Response Training (BIRT) is to provide TH Staff a baseline of knowledge and skills regarding processes, procedures, resources, and tools used for onsite IR functions. TH Staff maintain their IRQ by completing the annual BIRT Refresher Course presenting updates to IR processes and procedures. TH Staff are required to complete the BIRT Refresher annually.

Assessment:

TH Staff will need to complete an end-of-course assessment with minimum 80% accuracy. Upon successful completion TH Staff maintain their IRQ.

+ Course Modules/Units
 
BIRT Refresher Course
5 Hours
 
Introduction to Data Packet Analysis
Skill Level: Intermediate   
+ Description
 

This course orients analysts to the various types of information that can be found in packets, uses Wireshark as the packet capture and analysis tool, and explains why data available in packets can be affected by the location of the packet capture in the network environment.

+ Course Modules/Units
 
Introduction to Data Packet Analysis
Module 1.2: Wireshark Operation
Module 1.3: Analyzing Packets with Wireshark
Module 1.4: The Effect of Location on Packet Capture and Analysis
Module 1.5: What Wireshark Packet Analysis Can Reveal and What It Can't
5 Hours
 
Mothra 101
Skill Level: Beginner    
+ Description
 

At the end of this course, participants will be able to

  • list the characteristics that distinguish Mothra from SiLK,
  • identify the major architectural features of Mothra,
  • describe how analysis can be performed in Mothra, and
  • discuss the advantages of using a Jupyter Notebook for collaborative analysis.
+ Course Modules/Units
 
Module 1: Mothra 101 - Introduction
Module 2: Mothra Architecture and Design
Module 3: Analysis with Mothra
Module 4: Demo of Spark with Mothra
2.5 Hours
 
CDM 210
Skill Level: Beginner  
+ Description
 

This 2.5 hour course will define CETH and describe its purpose, benefits, and how CETH is a key component in responding to the current governmental directives such as Executive Orders and Binding Operational Directives. Gain hands-on experience through guided lab activities in the current CDM Agency Dashboard training environment. Discover how to use the CDM Agency Dashboard to identify Known Exploited Vulnerabilities and other specific vulnerabilities currently affecting government. Discuss mitigation and remediation processes at your agency.

Learning Objectives:

  • Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
  • Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.

Date: May 2024

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
CDM-Enabled Threat Hunting (CETH)
8.5 Hours
 
Network Forensics Section 101 (NFS 101)
Skill Level: Beginner   
+ Description
 

Network Forensics Section 101 (NFS 101)

Prerequisite(s): None

Course Setting: Online, self-paced

Length: 8.5 hours

Training Purpose: Skill Development

Audience: Network Forensic Section (NFS) Analysts and others assigned by management

Description:

The NFS 101 course aims to establish a baseline understanding of the NFS mission, goals, structure, and deployment kits. The course identifies components of a deployment kit and provides an overview of the pre-deployment, onsite, and remote functions of the kit. It also discusses the NFS process for artifacts and data collection, as well as the basic analysis of artifacts and data.

By the end of the course, trainees will be able to:

  1. State the NFS mission, goals, and structure.
  2. Identify components of a deployment kit.
  3. Describe the pre-deployment, onsite, and remote functions of the kit.
  4. Discuss the NFS process for collecting artifacts and data.
  5. Discuss the NFS process for basic analysis of artifacts and data.
+ Course Modules/Units
 
Module 1: Introduction
Module 2:Kit Components
Module 3: Kit Deployment
Module 4: Data Collection & Analysis
Module 5: Conclusion
6 Hours
 
Advanced Windows Scripting
Skill Level: Beginner 
+ Description
 

This course focuses on advanced concepts for writing scripts for the Microsoft Windows operating system. The course covers how to string multiple commands together in traditional BATCH scripts, as well as leverage Visual Basic Scripting (VBS) to perform more complex tasks and includes reinforcing video demonstrations and final assessment.

Learning Objectives:

  • Understand the fundamentals of Visual Basic Scripting.
  • Recognize the concepts of redirection, piping, and how to conduct complex tasks with multiple commands.
  • Apply integration of Windows BATCH with Visual Basic Scripting.
  • Demonstrate how to access the Windows API from Visual Basic Scripting.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Software Development Software Developer
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Advanced Windows Scripting Introduction
Windows BATCH Scripting Overview
Windows BATCH Advanced Syntax Part 1 of 2
Windows BATCH Advanced Syntax Part 2 of 2
Windows Scripting Advanced Uses of FOR
Windows Scripting Syntax Tips and Tricks
Windows Scripting CALL and START Demo
Windows Scripting Subroutine Demo
Windows Scripting SET Demo
Windows Scripting PUSHD and POPD Demo
Manipulating In_Outputs
Stringing Multiple Commands Together
FOR Loop Generating List Demo
FOR Loop Recursive Listing Demo
Taking Action Based on Content of Output
Action Based on Content Output Demo
Scripts in Typical Penetration Testing Tasks Part 1 of 2
Scripts in Typical Penetration Testing Tasks Part 2 of 2
Visual Basic Scripting Syntax and Usage
Visual Basic Scripting Merge Demo
VBS Elements_Structure
VBS Elements_Variables, Arguments, and Conditionals
VBS Elements_Loops
VBS Elements_Functions and Operators
VBS Windows Scripting Host
VBS Elements_File I_O
VBS Windows Scripting Demo
VBS Error Handling and Troubleshooting
Visual Basic for Applications
Visual Basic for Application Elements
Visual Basic for Applications Working with Applications
VBA Working with Applications Demo
VBA Error Handling and Troubleshooting
VBA Error Handling and Troubleshooting Demo
Advanced Windows Scripting Quiz
3 Hours
 
CDM 220
Skill Level: Beginner  
+ Description
 

This 3 hour recording focuses on policy origination, provides an historic timeline, describes current directives and will guide the learner on how the CDM Dashboard version ES-6x can be used to address a directive, adhere to policies, and understand how to continuously monitor known exploitable vulnerabilities (KEVs.). Several subject matter experts provide updates on the federal directives, such as Binding Operational Directives (BOD), and an extensive demonstration of the capabilities of version ES-6.2 of the CDM dashboard is provided.

Learning Objectives:

  • Describe the federal policy and directive origination process
  • Identify the most current / relevant government directives that relate to cybersecurity
  • Utilize the CDM Agency Dashboard to identify vulnerabilities in response to federal directives
  • Identify characteristics of BOD 22-01 and the response procedures

Date: June 2024

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
How to use the CDM Dashboard to enable automated BOD-22-01 Reporting
10 Hours
 
Network Forensics Section 201 (NFS 201)
Skill Level: Beginner  
+ Description
 

Network Forensics Section 201 (NFS 201)

Prerequisite(s): NFS 101

Course Setting: Online, self-paced

Length: 10 hours

Training Purpose: Skill Development

Audience: New/current NFS analysts assigned to Threat Hunting

Description:

The NFS 201 course immerses the learner into a scenario as a new analyst who is tasked with analyzing artifacts and data for malicious activity in a Splunk threat emulation environment. This training also encompasses a self-paced module hosted on CISA's Virtual Learning Portal (VLP) where they must move between the threat emulation environment on the TEN and the self-paced module on the VLP to complete the training.

By the end of the course, trainees will be able to:

  1. Identify servers on a network based on network traffic.
  2. Investigate indicators of compromise for vulnerabilities in a client’s network.
  3. Perform analysis of collected data to identify possible threats to client assets.
  4. Reconstruct a malicious attack or activity based on available network traffic and artifacts.

Assessment:

Trainees will need to complete an end-of-course assessment with 100% accuracy. Upon successful completion trainees will be granted 1.0 CEUs.

+ Course Modules/Units
 
Module 1: Network Forensics Section 201
Module 2: IP Address Identification Entry
Module 3: Network Map Unlocked
Module 4: The Challenge Realm
Module 5: Conclusion
5 Hours
 
Pure Data for Traffic Analysts
Skill Level: Beginner   
+ Description
 This course covers tables, basic search methods, tips, scripting, working across tables and queries.
+ Course Modules/Units
 
Module 1: Introduction
Module 2: Tables
Module 3: Basic Search
Module 4: Tips
Module 5: Scripting
Module 6: Working Across Databases
Module 7: Comp Queries and Temp. Tables
0.3 Hours
 
Analysis of a Cyber Incident
Skill Level: Beginner  
+ Description
 

This three-module course teaches the beginner analyst how to develop the analytical skills and capabilities needed to handle a potential cyber incident— from analysis to reporting findings.

Learning Objectives: By the end of this course, participants will be familiar with

  • How to think about the approach to analysis
  • Writing a proper hypothesis and prediction
  • The Importance of Organizational Context
  • Impact of the Organization Environment
  • Gathering the necessary information to analyze an incident
  • Analyzing the Functional elements of an incident
  • Analyzing the Strategic elements of an incident
  • Assembling the elements to solve the cyber puzzle
  • Reporting the finding results of the analysis
  • Accessing CISA resources for incident and vulnerability cases.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
AnalyzeExploitation AnalysisExploitation Analyst
Protect and DefendCyber Defense AnalysisCyber Defense Analyst
+ Course Modules/Units
 
Analysis of a Cyber Incident
6 Hours
 
Analysis Pipeline
Skill Level: Intermediate  
+ Description
 

This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to create a better understanding of how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases.

Learning Objectives
At the completion of this course analysts will be able to:

  • Understand Analysis Pipeline and its role in network flow data streaming analytics and alerting.
  • Understand the Analysis Pipeline configuration language.
  • Develop and implement network flow data use cases with Analysis Pipeline.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operations Cyber Operator
Operate and Maintain Network Services Network Operations Specialist
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Introduction
Configuration Files
Running Pipeline
Logical Schematics
Pipeline and Timing and State
Alerts
Configuration File Basics
Filters
Filters (Exercises and Solutions)
Evaluations
Evaluations (Exercises and Solutions)
Statistics
Internal Filters
List Configurations
Configuration File Basics (Exercises and Solutions)
Threshold Examples
Special Evaluations
Building an Analytic
Server Profiling Analytic
Host Discovery Analytic
Advanced Configurations
NTP Anomalies
Unknown SSH Brute Force
Choose Your Own Adventure
ICMP Surveying: Thinking it Through
ICMP Surveying: Building it Out
DDoS Detection: Thinking it Through
DDoS Detection: Building it Out
SSH Compromise: Thinking it Through
SSH Compromise: Building it Out
Analysis Pipeline 5
7 Hours
 
Sensors 101 for Traffic Analysts
Skill Level: Beginner    
+ Description
 

At the end of this course, participants will be able to:

  • List several types of sensors in use on modern computer networks
  • Identify what fields and information are available in the data from each type of sensor
  • Characterize some of the analysis of data from each type of sensor
  • Discuss potential issues with the use of data from each type of sensor, and how to deal with the issues in analysis
+ Course Modules/Units
 
Sensors 101 for Traffic Analysts - Introduction
Sensors 101 for Traffic Analysts - Module 2: Packet Sensors
Sensors 101 for Traffic Analysts - Module 3: Alert Sensors
Sensors 101 for Traffic Analysts - Module 4: Flow Sensors
Sensors 101 for Traffic Analysts - Module 5: Enhanced Flow Sensors
Sensors 101 for Traffic Analysts - Module 6: Application-Level Sensors
Sensors 101 for Traffic Analysts - Module 7: Other Sensors
1.5 Hours
 
Artificial Intelligence (AI) and Machine Learning (ML) for Cyber
Skill Level: Intermediate 
+ Description
 

This course provides the foundational practices and ethical principles of artificial intelligence. Diving into each of the ethical principles along with other technical ethics, it is aimed at reducing risk and unwanted bias to create ethical, transparent, and fair artificial intelligence systems.

Learning Objectives:

  • Explain the harm with bias in artificial intelligence.
  • Discuss how to reduce risk and unwanted bias.
  • Cite several principles of AI and the goals of each.
  • Describe how principles are applied to create ethical, transparent, and fair AI.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operational Planning Cyber Ops Planner
Operate and Maintain Data Administration Data Analyst
+ Course Modules/Units
 
AI and ML for Cyber
Ethical Principles for AI Overview
Responsible Aspects of Ethics Part 1 of 2
Responsible Aspects of Ethics Part 2 of 2
Equitable Portion of the Ethics Principles
Traceable AI
Reliable AI Part 1 of 2
Reliable AI Part 2 of 2
How to Make AI Reliable Part 1 of 2
How to Make AI Reliable Part 2 of 2
Governable AI
AI and ML for Cyber Review
Course Test
7 Hours
 
SQL for Traffic Analysts
Skill Level: Beginner   
+ Description
 

SQL for Traffic Analysis covers basic SQL topics such as selecting data from a table, ordering results, using multiple tables, grouping results, calculating aggregate values, and creating new tables.

+ Course Modules/Units
 
SQL for Traffic Analysts: Module 1
Selecting Data From A Table: Module 2
Ordering Results: Module 3
Multiple Tables: Module 4
Calculating Aggregate Values: Module 5
Grouping Query Results: Module 6
Generating New Tables: Module 7
5 Hours
 
Survival SiLK Series
Skill Level: Intermediate   
+ Description
 

This series of videos presents topics of interest to analysts with a working knowledge of SilK who wish to learn more. Each video covers one area of NetFlow analysis. The topics are:

  • Displaying NetFlow Records in SiLK (tips for using rwcut)
  • Host Profiling (what can you learn about a host and its activity from NetFlow?)
  • Protocol Profiling: ICMP (here is how analysis of ICMP can be different from TCP and UDP)
  • Rwmatch (for those who need to work with both sides of a network connection)
  • The SiLK Application Label (The App Label uses Deep Packet Inspection to make an educated guess as to what service the flow supports)
+ Course Modules/Units
 
Survival SiLK Series - Module 1
Host Profiling - Module 2
Protocol Profiling: ICMP - Module 3
Using rwmatch - Module 4
Using the SiLK Application Label - Module 5
29 Hours
 
Certified Ethical Hacker Version 10 (CEHv10) Prep
Skill Level: Advanced 
+ Description
 

This self-study course focuses on preparing learners for the EC-Council Certified Ethical Hacker version 10 certification exam. This course contains materials on advanced network assessment techniques including enumeration, scanning, and reconnaissance. It is designed to use the same knowledge and tools as a malicious hacker, but in an ethical and lawful manner to examine an organization's network security posture. The course concludes with a practice exam.

Learning Objectives:

  • Learn how to perform a vulnerability analysis to identify security weakness in an organization's network structure.
  • Perform a security assessment of a cloud environment to understand cloud computing threats and attacks.
  • Understand risks and defensive strategies for IoT platforms and devices.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
CEHv10 Course Introduction
Information Security Reports
Ethical Hacking Defined
Ethical Hacking Terminology
Hacking Phases and Vul Research
Types of Attacks and Attack Vectors
Threat Modeling
Introduction to Physical Security
Incident Management Process
Incident Response Overview
Security Testing and Assessments
Pen Testing Phases and Methodology
Information Security Laws and Standards
Reconnaissance
Footprinting Methodologies - Passive
Footprinting Methodologies - Active
Advanced Google Hacking Techniques
Network Mapping
DEMO: WHOIS with BackTrack
DEMO: Active Footprinting with Traceroute
DEMO: Maltego for Information Gathering Part 1
DEMO: Maltego for Information Gathering Part 2
Footprinting Countermeasures
DEMO: Windows CMD Information Gathering
Scanning Essentials
DEMO: Colasoft Packet Builder
Port Scanning
DEMO: Banner Grabbing with Telnet
Covert Scanning
Covert Scanning with Proxies
DEMO: Scanning with Nmap
Common Enumeration Techniques
Enumeration Tools
Protocol Enumeration
DEMO: Scanning and Enumeration with Nmap
Understanding System Vulnerabilities
Passive and Active Vul Scanning
Vulnerability Assessment Lifecycle and CVSS
Common Vulnerabilities and Exposures (CVE)
Vulnerability Scanning
DEMO: Vulnerability Scanning with Nessus
Authentication Techniques
Microsoft Authentication
Password Cracking
Privilege Escalation
DEMO: Rainbow Table Lookup Sites
Keyloggers
Spyware and Activity Monitoring
Packet Sniffing Attacks
Covert Hacking
Hiding Files - Rootkits
DEMO: Kernel-Level Rootkits
Covering Tracks
Malware Awareness
Trojan Terminology and Techniques
Trojans and Backdoors
Virus Examples and Symptoms
Virus Classifications and Characteristics
Virus Making Tools
Other Malicious Code Types
Malware Countermeasures and Tools
DEMO: Bind and Reverse Shell
DEMO: Strings Analysis
Sniffers Terminology and Overview
Network Overview for Sniffer Placement
Basic Packet Analysis
Address Resolution Protocol (ARP)
DEMO: Viewing ARP Packets with Packet Builder
Spoofing and Flooding Sniffing Attacks
MITM Attacks Ports Vul to Sniffing
Wireshark Overview and Examples
Evasion in Network Sniffing
Sniffing Countermeasures and Tools
DEMO: Hping3
DEMO: Wireshark
Social Engineering Background and Examples
Human-Based Social Engineering
Computer-Based Social Engineering
Computer Based SE - Social Networking
Social Engineering with Mobile Applications
SE and Identity Theft Countermeasures
DEMO: Social Engineering Toolkit
DEMO: Leveraging Armitage in Phishing Attack
DoS Impacts and Classifications
Categories of Denial of Service
Botnets and Disruption Attacks
DoS Symptoms and Tools
Buffer Overflow Terminology and Background
Session Hijacking Overview and Examples
Compromising Session Attacks
Session Hijacking Techniques
Session Hijacking Tools
IPSec and Session Hijacking
Firewalls and Honeypots
Firewall Configurations
IDS Overview and Detection Methods
IDS, Firewall, and Honeypot Evasion
Evasion Techniques
Evasion Testing Techniques
DEMO: Intrusion Signs
Common Web Server Attack
Webserver Architecture
OWASP Top 10 and Beyond
Webserver Hacking Countermeasures
SQL and Command Injection Web App Hacking
Non SQL Injection Errors
Parameter and Form Tampering Web App Hacking
Cross-site Scripting and Obfuscation Web App Hacks
Cross-site Request Forgery and Cookies
Web Application Pen Test Methodology
Web App Tools and Countermeasures
Buffer Overflow Tools and Countermeasures
DEMO: BurpSuite
SQL Terminology and Example Statements
SQL Enumeration
SQL Injection Attacks
SQL Injection Tools and Countermeasures
DEMO: SQL Inject Attacks
Wireless Terminology and Standards
Wireless Terminology and Antennas
Wireless Authentication
Wireless-Based Attacks
Wireless Attack Methodology Part 1 of 2
Wireless Attack Methodology Part 2 of 2
WEP, WPA and Other Wireless Attacks
Bluetooth Communication Basics
Wireless Protocols and Signal Modulation
DEMO: SSID and Channels
DEMO: Wireless Hacking
Wireless Hacking Tools
Wireless Hacking Countermeasures
Mobile Platform Overview
OWASP IoT Vuls and Countermeasures
Mobile Device Operating Systems
Hacking Mobile Platforms
Mobile Device Management and Risks
Mobile Device Security
Internet of Things (IoT) Concepts
Internet of Things (IoT) Attacks and Mitigation
Introduction to Cloud Computing
Cloud Architectures and Deployment Models
Cloud Threats and Attacks
Cloud Security
Cloud Testing Tools
Cryptography Background and Terminology
Crypto Keys and Algorithms
SHA and TLS Algorithms
DEMO: Hashing with MD5 Sum
Cryptography Implementations
Public Key Infrastructure (PKI)
Cryptanalysis Techniques
Crypto Attacks
DEMO: Encryption with TrueCrypt
Digital Signatures
Certified Ethical Hacker Practice Exam
LAB: Using a Simulated Botnet to Conduct a Distributed Denial of Service
6 Hours
 
TCP/IP Fundamentals for Network Traffic Analysts
Skill Level: Beginner   
+ Description
 

In this course you will learn about:

  • Describe how the history of TCP/IP has led to security issues
  • Describe the layered architecture of TCP/IP
  • Describe characteristics of
    • Address Resolution Protocol (ARP)
    • Internet Protocol (IP)
    • User Datagram Protocol (UDP)
    • Service Ports
    • Transmission Control Protocol (TCP)
    • Internet Control Messages Protocol (ICMP)
    • Fragmentation
  • Explain how common services operate with network protocols
  • Forecast how IPv6 affects network traffic analysis
+ Course Modules/Units
 
TCP/IP Fundamentals for Network Traffic Analysts
TCP/IP Module 2: Internet Protocol
TCP/IP Module 3: IP Addresses
TCP/IP Module 4: Transport Protocols
TCP/IP Module 5: Common Services
TCP/IP Module 6: IPv6
13 Hours
 
Cisco CCENT Self-Study Prep
Skill Level: Intermediate
+ Description
 

This course is a self-study resource to help prepare for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. The course focuses on configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. It includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.

Learning Objectives:

  • Review of objectives for the Cisco Certified Entry Networking Technician certification
  • Supplemental preparation for the Cisco CCENT certification exam

Date: 2016

Training Purpose: Operate and Maintain

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Services Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Switched Networks Part 1 of 2
Switched Networks Part 2 of 2
Collisions and Broadcasts
DEMO: Viewing an ARP Table
Basic Switch Configuration
SSH Operation and Configuration
Configuring Switch Ports
Switch Troubleshooting
Securing a Switch
Best Practices for Switched Networks
DEMO: Making an RJ-45 Cable
VLAN Segmentation Part 1 of 2
VLAN Segmentation Part 2 of 2
VLAN Implementations
VLAN Security and Design
DEMO: Configuring VLANs
DEMO: Demonstrating VLAN Connectivity
Functions of a Router Part 1 of 2
Functions of a Router Demo
Functions of a Router Part 2 of 2
Configuring Basic Router Settings
DEMO: IPv4 and IPv6 Subnetting
Basic Router Settings_IPv6 and Loopback Interfaces
Verifying Connectivity of Directly Connected Networks
Switching Packets Between Networks
Routing Tables and Protocols
DEMO: IPv6 Header Analysis
DEMO: MAC Address Table
DEMO: IPv4 Addresses and Router Interfaces
DEMO: IPv6 Addressing on Router Interfaces
Inter-VLAN Routing Configuration
Layer 3 Switching
Static Routing
Configure Static Routing
Classful Addressing and Routing
Configuring Summary Routes
Troubleshooting Static and Default Routes
DEMO: Static Routing
Dynamic Routing Protocol Operation
Routing Protocol Operating Fundamentals
Types of Routing Protocols
Types of Distance Vector Routing Protocols
Configuring the RIP Protocol
RIPng and Link-State Routing
DEMO: RIP Version 1 and IPv4
DEMO: RIP Version 2 Improvements
DEMO: Setting up RIP for IPv6
Characteristics of OSPF
OSPF Messages
OSPF Router IDs
Configuring and Verifying OSPF
OSPFv2 versus OSPFv3
DEMO: Configuring OSPF
DEMO: Troubleshooting OSPFv2
DEMO: Configuring OSPFv3
DHCPv4 Operation
Configuring and Troubleshooting DHCPv4
DEMO: DHCPv4
SLAAC and DHCPv6
Stateless and Stateful DHCPv6
DEMO: Stateless DHCPv6
NAT Characteristics and Benefits
Types of NAT
Configuring Static and Dynamic NAT
Configuring PAT and Port Forwarding
DEMO: Enabling IPv4 NAT
Configuring and Troubleshooting NAT for IPv6
CCENT Prep Practice Exam
15 Hours
 
Cisco CCNA Security Self-Study Prep
Skill Level: Intermediate
+ Description
 

This course is the follow-up to Cisco CCENT and is aimed to prepare learners for the Cisco CCNA Security exam. Content covered in this course includes protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. The course focuses on a theoretical understanding of network security, knowledge, and skills designed to implement it. This course contains several reinforcing video demonstrations and final exam.

Learning Objectives:

  • Review of objectives for the Cisco Certified Network Associate certification
  • Supplemental preparation for the Cisco CCNA certification exam

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Security Administrator
Operate and Maintain Systems Analysis Systems Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Securing Network Devices
Secure Administrative Access Part 1 of 2
Secure Administrative Access Part 2 of 2
DEMO: Securing Router Access Methods
Role-Based CLI Overview
Password Recovery
Management Reporting and Logging Considerations
Implementing Log Messaging for Security
Configuring NTP
Disabling Unused Cisco Router Network Services and Interfaces
AAA Authentication Methods
Implementing Local AAA Authentication
Implementing Server-Based AAA Authentication
Cisco Secure ACS
Configuring Server-Based AAA Authentication
Server-Based Authorization and Accounting
Implementation Firewall Technologies
Access List Controls (ACLs)
Extended ACLs and ACL Caveats
ACL Placement
Complex ACLs
Troubleshooting ACLs
Securing Networks with Firewalls
Zone-Based Policy Firewalls
CCP Firewall Wizard and Manual ZPF using CCP
DEMO: Enabling IOS Firewall
Implementing Intrusion Prevention Intro
IPS Signatures
Signature Trigger and Action for IPS
Managing and Monitoring IPS
Configuring and Verifying IOS IPS
Securing the Local Area Network Intro
Layer 2 Security Part 1 of 2
Layer 2 Security Part 2 of 2
Mitigating MAC Spoofing and MAC Table Overflow Attacks
Mitigating STP Manipulation
Configuring Storm Control
Mitigating VLAN Attacks
Configuring Cisco Switch Port Analyzer
Private VLAN Edge
Advanced Technology Security Considerations
Wireless Networks
VoIP and SAN Networks
DEMO: Enabling STP with Voiceover
Cryptographic Systems and Hashes
Encryption and Confidentiality
Public Key Cryptography and PKI
VPN Terminology and Topologies
IPSec Frameworks and Key Exchange
IPSec Tasks
Configuring IPsec VPN using CCP
Remote-Access VPNs
Managing a Secure Network and Addressing Risks
Operations Security
Network Security Testing
Continuity Planning
SDLC
Security Policy
ASA Models and Features
Basic ASA Configuration and Settings
Introduction to ASDM
ASA Objects and Object Groups
ACLs for ASA
ASA and NAT
ASA and PAT
ASA AAA
Modular Policy Framework
ASDM Service Policies Demo
ASA VPN Features
ASDM AnyConnect VPN Wizard
DEMO: ASA Console Config
DEMO: ASA GUI Config
DEMO: ASA Traffic Management
CCNA Security Prep Practice Exam
4.5 Hours
 
Cloud Computing Concepts
Skill Level: Intermediate 
+ Description
 

The Cloud Computing Concepts course highlights concepts and best practices for cloud architecture, design, security, and operations. Topics include leveraging cloud environments for critical assets or operations, and the impacts on data and application security, as well as legal, risk, and compliance considerations.

Learning Objectives:

  • Compare cloud service and deployment models and each’s impact on customer control and responsibilities
  • Identify data security strategies within cloud environments
  • Explain secure data center design concepts including example risks and security controls
  • Describe the Secure Software Development Life Cycle (SDLC) and its relation to applications within cloud environments
  • Summarize concepts for building, operating, and managing physical and logical infrastructure for cloud environments
  • Outline privacy, legal, and audit requirements with cloud environments, and how it relates to evaluating providers

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Systems Architecture Enterprise Architect
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
+ Course Modules/Units
 
Cloud Computing Concepts Course Intro
Introduction to Cloud Computing
Cloud Architecture and Deployment Models
Security in the Cloud (Cloud Security)
Securing Your Cloud
Cloud Threats and Attacks
Data Security Technologies and Classification
Auditing in a Cloud Environment
Building a Cloud
Phys. & Logical Infrastructure for Cloud Environs
Secure Coding for Cloud Deployments
Review of Multifactor Authentication
Anatomy of a Supply Chain Attack
Options for Securing Within the Cloud
VPC Network Access Controls and CloudWatch Monitrg
Compute Instance in Google’s Cloud Platform
Monitrg and Alerting Options in Google Cloud
Web Apps in Google Cloud and Adding Security
Use of Microsoft’s Platform as a Service
Azure Compute Instance Setup
Secure Data Center Design
Review of Monitoring and Security Configurations
Overview of Two NIST Publications on Cloud Comp
Security Guidance for Critical Areas in Cloud Comp
Cloud Security Basics
Implications of Cloud to Enterprise Risk Mgmt
DR/BC and Risks with Cloud Strategy
Evaluating and Legal Requirements for Cloud Services
Cloud Computing Risk Assessment by ENISA
2.5 Hours
 
Cloud Computing Security
Skill Level: Intermediate 
+ Description
 

This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.

Learning Objectives:

  • Define cloud models and components.
  • Apply CSA security guidance and other best practices to cloud deployments.
  • Understand cybersecurity requirements within the Shared Responsibilities model.
  • Prepare for cloud computing governance and compliance challenges.
  • Relate traditional cybersecurity controls to popular cloud solutions.
  • Recognize and prepare for cloud computing threats.
  • Review additional cloud security tools and use cases.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Systems Architecture Security Architect
Securely Provision Systems Development Secure Software Assessor
+ Course Modules/Units
 
Cloud Computing Security Course Overview
Cloud Computing Overview
Cloud Computing Overview Knowledge Check
Building a Cloud
Building a Cloud Knowledge Check
Securing Your Cloud
Cloud Security Basics
Review of Multifactor Authentication
Review of Monitoring and Security Configurations
Options for Securing Within the Cloud
VPC Network ACs and CloudWatch Monitoring
Compute Instance in Google's Cloud Platform
Monitoring and Alerting Options in Google Cloud
Web App and Security Configs in Google Cloud
Use of Microsoft's Platform as a Service
Azure Compute Instance Setup
Securing Your Cloud Knowledge Check
Review of Two NIST Publications on Cloud Computing
Guidance for Critical Areas in Cloud Computing
Cloud Computing Risk Assessment by ENISA
Resources Knowledge Check
6 Hours
 
Cloud Monitoring
Skill Level: Beginner   
+ Description
 

This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Risk Management Authorizing Official/Designating Representative
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Introduction - Lecture 1 of 5
Shared Responsibility Model - Lecture 2 of 5
Use Cases - Lecture 3 of 5
Case Study - Lecture 4 of 5
Cloud Architectures & Summary - Lecture 5 of 5
IaaS Overview - Lecture 1 of 5
IaaS: Monitoring Services and Capabilities - Lecture 2 of 5
IaaS: Best Practices - Lecture 3 of 5
IaaS: Gaps and Considerations - Lecture 4 of 5
IaaS: Use Cases, Reflection and Summary - Lecture 5 of 5
PaaS Overview - Lecture 1 of 6
PaaS: Monitoring Services and Capabilities - Lecture 2 of 6
PaaS: Monitoring Examples - Lecture 3 of 6
PaaS: Best Practices - Lecture 4 of 6
PaaS: Gaps and Considerations - Lecture 5 of 6
PaaS: Reflection and Summary - Lecture 6 of 6
SaaS Overview - Lecture 1 of 5
SaaS: Monitoring Services and Capabilities - Lecture 2 of 5
SaaS: Best Practices - Lecture 3 of 5
SaaS: Gaps and Considerations - Lecture 4 of 5
SaaS: Reflection and Summary - Lecture 5 of 5
What is Multiple Cloud - Lecture 1 of 5
Security Issues - Lecture 2 of 5
Monitoring Capabilities - Lecture 3 of 5
Gaps- Lecture 4 of 5
Multiple Clouds - Lecture 5 of 5
Hybrid Cloud: Security Issues - Lecture 1 of 4
Monitoring Capabilities - Lecture 2 of 4
Gaps - Lecture 3 of 4
Hybrid Clouds in Operation - Lecture 4 of 4
Conclusion - Lecture 1 of 1
1 Hour
 
Cover Your Assets: Securing Critical and High-Value Assets
Skill Level: Beginner 
+ Description
 

Think about your organization’s most critical functions: what do others depend on you to provide? Your high-value assets (HVAs), also known as critical assets across many industries, are the information or information systems that have serious impact to your organization’s ability to conduct its mission or business operations if lost, corrupted, or inaccessible. Across sectors and industries, data and information systems that underpin core business and operational functions- or those systems that connect to core functionalities- make highly tempting targets for sophisticated criminal, politically motivated, or state-sponsored actors to exploit directly or compromise to undermine public trust.

The HVA program was established by CISA to help organizations gain a comprehensive understanding of the risks that dynamic threat actors pose and identify the high-value information and systems that are likely targets.

This webinar provides an overview of the following key information:

  • HVA and critical asset overview: Define high-value assets, and how to assess and prioritize risks.
  • Common threats: Understand the most likely threats to HVAs and how to mitigate associated vulnerabilities.
  • CISA guidance: Learn the steps and parameters to identify, categorize, prioritize, and secure your HVAs or critical assets.
  • Case studies: Explore the impacts of documented critical or high-value asset cyberattacks, and the success of resulting response and recovery efforts.

This course is accessible to a non-technical audience including managers and business leaders and provides an organizational perspective useful to technical specialists.

Date: July 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
+ Course Modules/Units
 
Cover Your Assets: Securing Critical and High-Value Assets
2 Hours
 
Critical Infrastructure Protection
Skill Level: Beginner   
+ Description
 

This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.

Learning Objectives:

  • Define and give examples of critical infrastructure.
  • Identify possible cyber threats to critical infrastructure.
  • Describe U.S. cybersecurity policies and programs.
  • Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Analyst
Operate and Maintain Systems Development Information Systems Security Developer
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Securely Provision Systems Architecture Systems Architect
Securely Provision Technology R&D Research & Development Specialist
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Systems Development Systems Developer
+ Course Modules/Units
 
Critical Infrastructure Protection
1 Hour
 
Cyber Awareness Challenge 2019
Skill Level: Beginner
+ Description
 

This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of and stay current on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure and stay abreast of changes in general cybersecurity policies.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

+ Course Modules/Units
 
Cyber Awareness Challenge
3 Hours
 
Cyber Dark Arts
Skill Level: Intermediate  
+ Description
 

This course highlights 'dark' or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks. The course includes reinforcing video demonstrations.

Learning Objectives:

  • Explain several techniques for obfuscating online activities.
  • List examples of technologies leveraged for deceptive purposes.
  • Detail best practices for prevention and protection from malicious cyber activities.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operations Cyber Operator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Cyber Dark Arts
Weaponized Psychology
DEMO: Password Cracking Using Hydra
Scanning for Vulnerable Devices and Networks
Anonymous Web Hosting, Searching, and Browsing
Alternative Operating Systems
Tails, Whonix, and Qubes
Secure Messaging Services
Blockchain and Cryptocurrency
DEMO: Blockchain and Cryptocurrency
DEMO: Iodine IP over DNS
DEMO: TOR versus Traditional Tunneling
Advanced Persistent Threats
Cyber Dark Arts Exam
17.5 Hours
 
Cybersecurity for Technical Staff
Skill Level: Beginner 
+ Description
 

This course highlights best practices applicable to a wide variety cybersecurity job roles. Topics include risk management, architecture and design, and tools and technologies. This course also covers key concepts for detecting, protecting, and defending from security threats.

Learning Objectives:

  • List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities.
  • Explain how various tools and technologies are configured or deployed to support an organization's security posture.
  • Detail risk management best practices and mitigation strategies.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Malware: Viruses
Malware: Rootkits, Trojans, Botnets
MITM, DoS, Packet Flooding and Other Attacks
Backdoor, Spoofing, Replay and Other Attacks
Password, Birthday, Crypto and Application Attacks
Social Engineering Techniques
Wireless Attacks
Application Attacks
Threat Actors
Assessment Tools and Techniques
Active and Passive Reconnaissance
Security Testing and Assessment
Firewall Implementations
Proxy Server Implementations
Hubs and Switches
Routers and Routing Protocols
Remote Access and VPNs Part 1 of 2
Remote Access and VPNs Part 2 of 2
Network Intrusion Detection Systems
Host-Based Intrusion Detection Systems
Password Cracking Categories and Tools
Password Cracking Techniques
DEMO: Local Information Gathering Tools
DEMO: Network Connectivity Testing Tools
DEMO: Remote Information Gathering Tools
Mobile Device Security
Mobile Device Deployment
Network Security Protocols
Network Services and Protocols
Frameworks and Reference Architectures
Network Zones
Demilitarized Zones (DMZ) Implementations
Security Device and Technology Placement
Host Security: OS Hardening and Firewalls
Host Security: Anti Virus, Malware and Spam
Host Security: Pop Ups and Patch Management
Secure Static Environment
Secure Staging Deployment Concepts
Cloud and Virtualization Concepts
Cloud Architectures
Host Security: Virtualization
Resiliency and Automation to Reduce Risk
Physical Security and Environmental Controls
Access Control Categories
Authentication Services
Access Control Models
Authentication and Authorization Concepts
Biometric Authentication
Account Management
Identity Management
Security Awareness and Training
Risk and Related Concepts
Risk and Asset Identification
Threat and Risk Calculation
Risk Control Types
Security Control Types and Categories
Basic Forensics Procedures
Incident Handling and Forensics
Incident Response Preparation
Risk Management: Business Continuity
Risk Management: Redundancy and Fault Tolerance
Risk Management: Disaster Recovery
Risk Mitigation Strategies
Data Security
Data Destruction and Disposal Methods
Data Sensitivity and Handling
Mitigation and Deterrence: Logging
Mitigation and Deterrence: Hardening
Mitigation and Deterrence: Network Security
Mitigation and Deterrence: Attack Countermeasures
Cryptography Part 1 of 2
Cryptography Part 2 of 2
Wireless Security Evolution
Wireless Security Best Practices
Cryptographic Keys and PKI
Course Test
1 Hour
 
CyberStat Workshops
Skill Level: Beginner
+ Description
 

On Wednesday, April 20, 2022, the CyberStat Program, along with Subject Matter Experts from the OMB Office of the Federal Chief Information Officer, General Services Administration(GSA), and CISA’s Office of the Technical Director, hosted the CyberStat Workshop “Zero Trust Pillar 1: Identity (Part 1).” Attending agency representatives had the opportunity to learn more about Zero Trust Implementation Tasks, Multi Factor Authentication, including phishing resistant MFA for Public Facing Systems, the new password policy, and how the new policy can be implemented.

Date: April 20, 2022

Length: 57 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Improving the management of policy changes required by EO14028.

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units
 
Zero Trust Pillar 1: Identity (Part 1)
1 Hour
 
CyberStat Workshops
Skill Level: Beginner
+ Description
 

On Wednesday, May 4, 2022, the CyberStat Program, along with Subject Matter Experts from CISA and OMB, hosted the CyberStat Workshop “Zero Trust Pillar 1: Identity (Part 2).” Attending agency representatives had the opportunity to learn more about the role of centralized identity management within their agencies’ structures and gain assistance in how to incorporate device-level signals alongside identity information in authentication.

Date: May 4, 2022

Length: 42:53

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Improving the management of policy changes required by EO 14028.

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units
 
Zero Trust Pillar 1: Identity (Part 2)
1 Hour
 
CyberStat Workshops
Skill Level: Beginner
+ Description
 

On Tuesday, June 28, 2022, the CyberStat Program, along with subject matter experts from CISA and OMB, hosted the CyberStat Workshop Zero Trust Pillar 3: Networks. Agency participants learned about the four tasks in Pillar 3 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks.

Date: June 28, 2022

Length: 1:05:26

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Improving the management of policy changes required by EO 14028.

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units
 
Zero Trust Pillar 3: Networks
1 Hour
 
CyberStat Workshops
Skill Level: Beginner
+ Description
 

On Thursday, August 25, 2022, the CyberStat Program, along with subject matter experts from CISA and USDS, hosted the CyberStat Workshop Zero Trust Pillar 4: Applications and Workloads. Agency participants learned about the five tasks in Pillar 4 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks.

Date: August 25, 2022

Length: 59:59

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Improving the management of policy changes required by EO 14028.

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units
 
Zero Trust Pillar 4: Applications and Workloads
1 Hour
 
CyberStat Workshops
Skill Level: Beginner
+ Description
 

On Thursday, October 13, 2022, the CyberStat Program, along with subject matter experts from CISA, NIST, the Department of Transportation, the Department of State, the Department of Education, and the General services Administration, hosted the CyberStat Workshop Zero Trust Pillar 4: Applications and Workloads. Agency participants learned about the four tasks in Pillar 4 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks.

Date: October 13, 2022

Length: 51:14

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Improving the management of policy changes required by EO 14028.

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units
 
Zero Trust Pillar 5: Data
6 Hours
 
Deep DNS
Skill Level: Beginner   
+ Description
 This course is an introduction to the Domain Name System, or DNS. DNS is a core infrastructure protocol of the internet, and one of the oldest internet application protocols still in use. In this course, you will learn why DNS was created; the main purposes it currently serves; and how it works. This course is intended for security operations professionals.
+ Course Modules/Units
 
Deep DNS: Purpose, History, and Structure of DNS - Module 1.1
Deep DNS: DNS Applications - Module 1.2
Deep DNS: DNS Analysis Tools - Module 1.3
Deep DNS: DNS Transport Mechanisms - Module 2.1
Deep DNS: DNS as a Transport Mechanism - Module 2.2
Deep DNS: Subverting DNS Integrity - Module 2.3
9 Hours
 
Demilitarized Zone (DMZ) with IDS/IPS
Skill Level: Intermediate 
+ Description
 

This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. This course focuses on best practices for designing and implementing a DMZ and includes a section on Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) that provides an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.

Learning Objectives:

  • Present an overview of the DMZ security model and key components.
  • Discuss DMZ structure, purpose, and operation.
  • Present different models for implementation to meet network requirements.
  • Discuss the network threats that a DMZ can detect and mitigate.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration Systems Administrator
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
+ Course Modules/Units
 
Demilitarized Zone (DMZ) Introduction
DMZ Architecture
DMZ Components: Firewalls Part 1 of 2
DMZ Components: Firewalls Part 2 of 2
Setting up a DMZ using IPTables Demo
DMZ Components: IDS
DMZ Components: IDS/IPS Placement
DMZ Components: Proxy Servers
DMZ Components: Network Servers
DMZ Architectures
Attacking the DMZ Part 1 of 2
Attacking the DMZ Part 2 of 2
DMZ Attack Types Part 1 of 2
DMZ Attack Types Part 2 of 2
DMZ: Open Source vs Commercial Implementations
DMZ: Software Subscription Services
Open Source DMZ Tools Part 1 of 2
Open Source DMZ Tools Part 2 of 2
Proxy Concepts
DNS Concepts
Web Server Concepts
E-mail Relay and VPN Concepts
DMZ and Commercial Software - Part 1
DMZ and Commercial Software - Part 2
Security Capabilities in a DMZ
Security Capabilities in Procmail Demo
Network Security Appliances IDS
Snort Intro and Overview
Using BASE w Snort DB
Snort Demo
Log Mgmt and Analysis Concepts
SYSLOG Basics
Using Swatch Overview
Log Management Best Practices
Proxy and DNS Log File Concepts
Analyzing Proxy and DNS Log Files
DMZ with IDS/IPS Course Quiz
4 Hours
 
Develop and Publish a Vulnerability Disclosure Policy for Federal Agencies (CISA BOD 20-01)
Skill Level: Beginner      
+ Description
 

This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:

  • Vulnerability report receipt and intake
  • Developing and publishing a vulnerability disclosure policy
  • Developing vulnerability disclosure handling procedures
  • Developing a vulnerability disclosure capability development
  • Reporting metrics

After completing this course, participants should be able to

  • Describe agency requirements for developing and publishing a vulnerability disclosure policy (VDP).
  • Describe the minimum capacity needed to support your vulnerability disclosure handling process.
  • Explain how vulnerability disclosure and handling is dependent on successful human interaction.
  • Explain the importance of establishing trust and good relationships with reporters and stakeholders.
  • List the key resources that can help your agency build your VDP and supporting processes.
  • Meet the requirements to develop and publish a VDP and supporting handling process.
  • Understand how and when to work with CISA for assistance and escalation.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Protect and Defend Vulnerability Management Vulnerability Manager
+ Course Modules/Units
 
Develop and Publish a Vulnerability Disclosure Policy
Module 2: Overview of CISA BOD 20-01
Module 3: Essentials of VDP
Module 4: Developing A Vulnerability Disclosure Handling Capability
Module 5: Reporting and Metrics
Module 6: Challenges and Additional Considerations
Module 7: Summary and Wrap-up
2 Hours
 
DNSSEC Training Workshop
Skill Level: Advanced 
+ Description
 

This course covers the basics of Domain Name System Security Extensions (DNSSEC), how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.

Learning Objectives:

  • Discuss DNSSEC and supporting mechanisms.
  • Sign a DNS zone.
  • Configure Delegation Signer (DS) resource records.
  • Set up a Secure Resolver.
  • Discuss server operational considerations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Securely Provision Systems Architecture Security Architect
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
+ Course Modules/Units
 
DNSSEC Introduction
DNS Resolution Steps
DNS Vulnerabilities and Security Controls
DNSSEC Mechanisms
DNS Resource Records (RR)
Special DNS Resource Records
DNS Zone Signing
Secure DNS Zone Configuration-DNSSEC Key Generation
Prepare the DNS Zone File for Signing
Signing the DNS Zone file
Publishing a signed zone
Testing a signed zone
Testing a signed zone through a validator
DNSSEC Chain of Trust
Setting Up A Secure Resolver
Adding a trusted key
Securing the last hop
ZSK Rollover
Using pre-published keys
KSK Rollover
Conclusions
12 Hours
 
Emerging Cyber Security Threats
Skill Level: Intermediate   
+ Description
 

This course covers a broad range of cybersecurity elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. It will cover what the policies are, the roles it plays in cybersecurity, how they are implemented. The course will also look at cybersecurity laws, standards, and initiatives. Topics include policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analysis
Operate and Maintain Systems Administration Systems Administrator
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Introduction to Cybersecurity Policy
Types of Security Policy
Policy Education and Implementation
Cybersecurity Laws
Proposed Legislation
NIST Cybersecurity Standards
Other Cybersecurity Standards
Comprehensive National Cybersecurity Initiatives (CNCI)
Other Federal Cybersecurity Initiatives
Implementing Cybersecurity Initiatives
SPAM
Malware Trends
Botnets
Monetization
Cyber Attack Profiles
Cyber Crime
Cyberwarfare
Cyber Attack Attribution
Cyber Threat Mitigation
Mobile Device Trends
Mobile Device Threats
Mobile Device Countermeasures
Exploited Threats
What is Cloud Computing?
Technical Risks
Operational Risks
Risk Mitigation Strategies
DISA Cloud Solutions
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
IPv6 Concepts
IPv6 Threats
IPv6 Network Reconnaissance
DEMO: IPv6 Network Reconnaissance
IPv6 Network Recon Mitigation Strategies
IPv6 Network Mapping
DEMO: IPv6 Network Mapping
IPv6 Network Mapping Mitigation Strategies
IPv6 Neighbor Discovery
DEMO: IPv6 Address Assignment
IPv6 Attacks
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Attack Mitigation Strategies
IPv6 Tunneling
IPv6 Windows Teredo Tunneling
IPv6 Tunneling Mitigation Strategies
IPv6 Best Practices
24 Hours
 
Enterprise Cybersecurity Operations
Skill Level: Intermediate   
+ Description
 

This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.

Learning Objectives:

  • Describe risk management's role in the enterprise and mitigation strategies for specific threats.
  • Detail implementing network security strategies and controls for connected devices.
  • Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
  • List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Collect and Operate Cyber Operations Planning Cyber Ops Planner
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Risk Management Security Control Assessor
Securely Provision Systems Architecture Enterprise Architect
+ Course Modules/Units
 
Configuration Strategies w/ Spec Compon
Cryptographic Terms and Implementations
Cryptographic Tools and Techniques Part 1 of 2
Cryptographic Tools and Techniques Part 2 of 2
Hybrid Encryption in SSL Demo
Encryption Limitations and Key Length Part 1 of 2
Encryption Limitations and Key Length Part 2 of 2
DEMO: Volume and File Encryption
Hash Functions and Algorithms
Digital Signatures
Digital Certificate Elements
CAs and Public Key Infrastructure
Origins For Cryptographic Standards
Virtual Networking
Intro to Virtualized Computing Part 1 of 2
Intro to Virtualized Computing Part 2 of 2
VLANs and Switching
Storage Types and Considerations
Enterprise Storage
Enterprise Storage Connection Terms
Enterprise Storage and RAID
Securing iSCSI and FCoE and Managing Storage
Network Security Concepts
Network Zones and Remote Access
NW Components Routers and Firewalls Part 1 of 2
NW Components Routers and Firewalls Part 2 of 2
NW Components Intrusion Detection Systems
Networked-based IDS and IPS Deployment
Securing Wireless Part 1 of 2
Securing Wireless Part 2 of 2
DMZ Components
Web Services Concepts
Web Servers and DNS
Securing DNS Best Practices
Proxy Servers and SMTP Relay
NAT and PAT
Infra Design : Firewalls and Proxies
Infra Design : IDS and IPS
Infra Design : Syslog and SIEMs
Infra Design : Switch and Router Security
Infra Design : VPNs and SNMP
SCADA Environments
Application Security : VTC and VoIP
Application Security : Databases and Web Services
Application Security : IPv6
Physical Security Concerns and Controls
Host Security Controls Part 1 of 2
Host Security Controls Part 2 of 2
Web Application Security Design
DEMO: Whitelisting and Blacklisting
Specific Application Issues
Client side vs Server side Processing
Analyzing Business Risk
Risk Management in New Business Models
Risk Mitigation Strategies and Controls
Security Impact of Inter Organizational Change
Calculating Risk Exposure
Incident Response Concepts
Incident Response and Recovery Process
Privacy Policy and Procedures Part 1 of 2
Privacy Policy and Procedures Part 2 of 2
Assessment Tools
Assessment Methods
Assessment Methodologies
Cybersecurity Benchmarks
Security Metrics
Situational Awareness
Analyzing Industry Trends Part 1 of 3
Analyzing Industry Trends Part 2 of 3
Analyzing Industry Trends Part 3 of 3
Applying Analysis to Improve Enterprise Security Part 1 of 4
Applying Analysis to Improve Enterprise Security Part 2 of 4
Applying Analysis to Improve Enterprise Security Part 3 of 4
Applying Analysis to Improve Enterprise Security Part 4 of 4
Integrating Enterprise Disciplines Part 1 of 2
Integrating Enterprise Disciplines Part 2 of 2
Security Controls for Communication and Collaboration
Adv Authentication Tools and Techniques
Software Development Models
System Dev Life Cycle and CS
IT Governance
Cloud based Deploy Models
Cloud Security
Identity Management
Securing Virtual Environments Part 1 of 3
Securing Virtual Environments Part 2 of 3
Securing Virtual Environments Part 3 of 3
Enterprise Storage Advantages and Security Measures
Enterprise Network Authentication Part 1 of 2
Enterprise Network Authentication Part 2 of 2
Practice Exam
7 Hours
 
Insider Threat Program Manager: Implementation and Operations
Skill Level: Intermediate 
+ Description
 

This course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components. The content covered supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.

Learning Objectives:

  • Identify critical assets and protection schemes.
  • Coordinate a cross-organizational team to help develop and implement the Insider Threat Program.
  • Develop a framework for the Insider Threat Program.
  • Identify methods to gain management support and sponsorship.
  • Plan the implementation for their Insider Threat Program.
  • Identify organizational policies and processes that require enhancement to accommodate insider threat components.
  • Identify data sources and priorities for data collection.
  • Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program.
  • Outline operational considerations and requirements needed to implement the program.
  • Build policies and processes to help hire the right staff and develop an organizational culture of security.
  • Improve organizational security awareness training.
  • Identify training competencies for insider threat team staff.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Operate and Maintain Knowledge Management Knowledge Manager
+ Course Modules/Units
 
Insider Threat Program Manager Intro
Principles of Insider Risk Management
Activities of an Enterprise Risk Mgmt Process
Controls and Safeguards of Insider Risk Management
Mitigation Strategies for Insider Risk Management
Concepts of Initial Planning for an InTP
Stakeholder Planning and Engagement
Identify Your Starting Point
Insider Threat Program Governance
Roles and Responsibilities in InTP Governance
Insider Threat Program Governance Challenges
Building the Insider Threat Program Plan
Developing a Phased Implementation
Implementation Options for Insider Threat Program
Building Your Program with Compliance in Mind
InTP Placement in Organization
Naming the InTP
Developing an InTP in a Classified Environment
Building the InTP Team
InTP Team Size
Key Roles Within the InTP Team
Insider Threat Hub Operations
Insider Threat Hub Staffing
Data Sources Part 1 of 2
Data Sources Part 2 of 2
Selecting Data Sources
Using Data Sources
Protecting Data Sources
Tools for InTP Teams
Hub Building Considerations
Managing Insider Investigations and Incidents
Considerations: Investigations and Incidents
Insider Threat Incidents
Insider Threat Training and Awareness
General Employee Training and Awareness
InTP Team and Working Group Training
Customized Role-Based Training
Classified Systems and Data Training
Management and Supervisor Training
Problems and Considerations
Measuring Insider Threat Program Effectiveness
Different Metrics for Different Audiences
Return on Investment (ROI)
Making Measurements: Assessments and Evaluations
Unintended Consequences of InTPs
Potential Negative Impacts from InTP Activities
Achieving Balance Using Positive Incentives
Creating the Proper Culture: Policy and Practice
InTP Maintenance Part 1 of 3
InTP Maintenance Part 2 of 3
InTP Maintenance Part 3 of 3
Insider Threat Program Manager Wrap-Up
4 Hours
 
Introduction to Windows Scripting
Skill Level: Beginner
+ Description
 

This course focuses on writing scripts for the Microsoft Windows operating system. It covers fundamentals and syntax for automating administrative and security monitoring tasks. The course presents the basics of Windows BATCH scripting syntax and structure, along with several Windows command line utilities to harness the powerful capabilities built into Windows.

Learning Objectives:

  • Understand fundamentals of Windows BATCH scripting, including syntax and structure.
  • Perform redirection, piping, standard input / output, error handling, conditional statements, jumps, and command line parameters.
  • Apply built-in commands like net, netsh, xcopy, and findstr to perform more complex functions.
  • Understand best practices for writing and debugging Windows scripts.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
+ Course Modules/Units
 
Scripting Basics Overview
Windows BATCH Scripting Basics
Windows BATCH Scripting_Variables
Windows BATCH Scripting_Loops
Windows BATCH Scripting_Functions
Windows Script Error Handling and Troubleshooting
Windows Script Best Practices and Examples
Windows Scripting Demo
Scripting for Penetration Testing
Windows Scripting Utilities_xcopy
Windows Scripting Utilities_findstr
Windows Scripting Utilities_net Commands
xcopy Examples Demo
WMI and WMIC
PowerShell Commands
PSExec
Windows Management Instrumentation Demo
Intro to Windows BATCH Quiz
5 Hours
 
IPv6 Security Essentials Course
Skill Level: Advanced  
+ Description
 

This course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns, and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.

Learning Objectives:

  • Primer of IPv6 addressing
  • Describe current deployment state
  • Explain ICMPv6, DHCPv6, and DNSv6
  • Explore IPv6 Transition mechanisms
  • Identify security concerns
  • Incorporate management strategies

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administration
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Securely Provision Systems Architecture Systems Architect
+ Course Modules/Units
 
IPv6 Introduction
IPv6 Adoption
DEMO: IPv6 Network Reconnaissance
IPv6 Addressing Part 1 of 2
IPv6 Addressing Part 2 of 2
IPv6 Packet Header
DEMO: IPv6 Header Analysis
ICMPv6
IPv6 Address Assignment
DEMO: IPv6 Address Assignment
IPv6 Web Browsing
IPv6 Transition Mechanisms Part 1 of 2
IPv6 Transition Mechanisms Part 2 of 2
DEMO: IPv6 Tunneling
IPv6 Security Concerns
DEMO: IPv6 Network Mapping
IPv6 Security Mitigation Strategies
DEMO: IPv6 Network Monitoring Tools
IPv6 Ready
IPv6 Security Essentials Key Takeaways
DEMO: IPv4 and IPv6 Subnetting
DEMO: IPv6 Addressing on Router Interfaces
DEMO: Setting up RIP for IPv6
DEMO: Configuring OSPFv3
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Security Essentials Quiz
11 Hours
 
ISACA Certified Information Security Manager (CISM) Prep
Skill Level: Intermediate  
+ Description
 

The self-study resource prepares learners for the CISM exam. This course focuses on information security management expertise through in-depth lecture topics, reinforcing demonstrations, and a practice exam. This course includes concepts from the four job practice areas: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.

Learning Objectives:

  • Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
  • Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
  • Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
  • Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response, and recovery capabilities.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Program/Project Management and Acquisition Program Manager
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
CISM Course Introduction
IS Governance Domain Overview
Information Security (IS) Management
Importance of IS Governance Part 1 of 2
Importance of IS Governance Part 2 of 2
IS Management Metrics
ISM Strategy Part 1 of 2
ISM Strategy Part 2 of 2
Elements of IS Strategy
IS Action Plan for Strategy
DEMO: Key Goal, Risk, Performance Indicator
Risk Management Overview and Concepts
Risk Management Implementation
Risk Assessment: Models and Analysis
DEMO: Calculating Total Cost of Ownership
DEMO: Recovery Time Objective (RTO)
Compliance Enforcement
Risk Analysis: Threat Analysis
IS Controls and Countermeasures
Other Risk Management Considerations Part 1 of 2
Other Risk Management Considerations Part 2 of 2
DEMO: Cost Benefit Analysis
Information Security Program Development
Information Security Program Management
Outcomes of Effective Management
IS Security Program Development Concepts
Scope and Charter of IS Program Development
IS Management Framework
IS Framework Components
IS Program Roadmap
Organizational Roles and Responsibilities
Information Security Manager Responsibilities
Other Roles and Responsibilities in IS
Information Security Program Resources
IS Personnel Roles and Responsibilities
IS Program Implementation Part 1 of 2
IS Program Implementation Part 2 of 2
Implementing IS Security Management Part 1 of 2
Implementing IS Security Management Part 2 of 2
Measuring IS Management Performance
Common Challenges to IS Management
Determining the State of IS Management
Incident Management and Response
Incident Management Part 1 of 2
Incident Management Part 2 of 2
IMT IRT Members
Incident Response Planning Part 1 of 2
Incident Response Planning Part 2 of 2
DEMO: Phishing Emails
DEMO: Incident Management Workflow
Recovery Planning Part 1 of 2
Recovery Planning Part 2 of 2
DEMO: RTIR Incident Response Tool Part 1 of 2
DEMO: RTIR Incident Response Tool Part 2 of 2
CISM Practice Exam
22.5 Hours
 
(ISC)2 (TM) CISSP (R) Certification Prep 2018
Skill Level: Advanced  
+ Description
 

This course prepares learners for the CISSP certification exam. This course focuses on the information security field, exam objectives, and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.

Learning Objectives:

  • Explain and apply concepts to design, implement, and manage secure cyber operations.
  • Develop, document, and implement security policy, standards, procedures, and guidelines.
  • Apply risk management concepts.

Date: 2019

Training Purpose: Management Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner
Securely Provision Systems Architecture Enterprise Architecture
+ Course Modules/Units
 
CISSP Course Introduction
Security and Risk Management Concepts
Regulatory Compliance and Frameworks
Organizational Privacy Responsibilities
Acquisition Strategies
Computer Crime and Incident Response
International Laws Pertaining to Security
Legal Regulations and Privacy
(ISC)2 Code of Ethics and Ethic Bases
Legal Regulations and Ethics
Policy and Components Overview
BC and DR Initiation and Management
BCP Business Impact Analysis
Vendor Management
System Threats and Countermeasures
Risk Assessment and Countermeasures
Access Control Types
RMF Security Control Assessment Process
Conducting Security Control Assessments
Security Assessment Report
Asset Valuation
Threat Modeling and Reduction Analysis
Security Awareness and Training
DEMO: Security Policy Review
Data Classification
Data Ownership and Retention
Privacy Protection and Data Governance
Security Control Application and Tailoring
Security Control Selection
Data Protection Method (DLP)
Secure Design Principles
Secure Design Standards and Models
Database System
Key Crypto Concepts and Definitions
Securing ICS and SCADA Systems
Industrial Control System Security
DEMO: SCADA Honeynet
Cloud Computing
Cloud Computing Security Issues
Distributed Systems
Parallel and Distributed Systems Security Issues
Internet of Things
Assess and Mitigate Vulnerabilities in Mobile Systems
Cryptographic Lifecycle
Cryptographic Methods
Symmetric Ciphers
Asymmetric Ciphers
Public Key Infrastructure (PKI)
Key Management Practices
Digital Signatures
Hashes and Other Integrity Controls
Salting Hashes
Methods of Cryptanalytic Attacks
Digital Rights Management
Site and Facility Design Criteria
Physical Security Controls
Physical and Environmental Threats
OSI and TCP/IP Models
Telecom and NW Security Layer 1
Telecom and NW Security Layer 2
Telecom and NW Security Layer 3
Telecom and NW Security Layer 4 and 5
Telecom and NW Security Layer 6 and 7
Multilayer and Converged Protocols
Mobile and Wireless Security
Content Distribution Networks
Implementing and Using Remote Access
Virtualization
Access Control Technologies
Access Control Types
Access Control System Strategies
Building Access Control
Operations Area Access Control
Credential Management Systems
Third-Party Identification Service
Cloud Identity
Data Authorization Mechanisms
Rule-Based Access Control
Audit and Assurance Mechanisms
Synthetic Transactions
Code Review and Testing
Misuse Case Testing
Test Coverage Analysis
Interface Testing
Security Audits and Agreements
Digital Investigation and Evidence Analysis
Legal System Investigation Types
Electronic Discovery
Intrusion Detection and Prevention
Continuous Monitoring
Egress Monitoring
Security Operations Concepts
Security Operations Incident Management
Managing Security Services Effectively
DEMO: Whitelisting and Blacklisting
Security Operations Resource Protection
Disaster Recovery Strategy
Maintaining Operational Resilience
Managing Recovery Communications
Test Disaster Recovery Plans (DRP)
Security Education Training and Awareness
Perimeter Security
Perimeter Intrusion Detection
Biometrics and Authentication Accountability
Personnel Privacy and Safety
DEMO: Intro to Dshell Toolkit
SDLC Phases
Software Development Models
System Security Protections and Controls
Agile Development Models
Maturity Models
Integrated Product Teams
Security Environment and Controls
SW Development Security and Malware
Impact of Acquired Software
DEMO: Automated Code Review
CISSP Practice Exam
7 Hours
 
(ISC)2 (TM) CISSP Concentration: ISSEP Prep
Skill Level: Advanced  
+ Description
 

This course is focused on applying security and systems engineering principles into business functions. This self-study prep course is designed to help learners prepare for the specialized Information Systems Security Engineering Professional (ISSEP) certification exam. The topics in the course cover the five domain areas of the CISSP-ISSEP.

Learning Objectives:

  • Incorporate security into business processes and information systems.
  • Demonstrate subject matter expertise in security engineering.
  • Apply engineering principles into business functions.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operational Planning Cyber Ops Planner
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
+ Course Modules/Units
 
ISSEP Course Introduction
ISSE Responsibilities and Principles
ISSE and IATF
Security Design Principles
Elements of Defense in Depth
RMF Characteristics
Maintaining Operational Resilience
Risk Management Overview
Assessing Risk Part 1 of 2
Assessing Risk Part 2 of 2
Determining Risks
Categorizing Information Systems
Stakeholder Roles and Responsibilities
Requirements Analysis
Using Common and Tailored Controls
Assessing Security Controls
Implementing Security Controls
Authorizing Information Systems
Systems Verification and Validation
Monitor, Manage, and Decommissioning
Defense Acquisition System Overview
Acquisitions Process
System Development Process Models
Project Processes
Project Management
ISSEP Practice Exam
12 Hours
 
(ISC)2(TM) Systems Security Certified Practitioner
Skill Level: Beginner 
+ Description
 

This course serves as a preparation for the Systems Security Certified Practitioner (SSCP) certification exam, by demonstrating advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.

Learning Objectives:

  • Demonstrate knowledge of security operations and administration.
  • Implement risk monitoring, analysis, and mitigation strategies.
  • Develop and implement incident response and recovery plans.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration Systems Administrator
Securely Provision Systems Requirements Planning Systems Requirements Planner
+ Course Modules/Units
 
SSCP Introduction
Authentication Methods
Single Sign-On and Federated Access
Attribute Based Access Control
Device Authentication
Trust Architectures
Identity Management Lifecycle
Implementing Access Controls
(ISC)2 Code of Ethics
Security Concepts and Controls
Asset Management
Security Control Implementation
Assessing Physical Security
Physical Security Defenses
Administrative Controls
Auditing
System Development and Change Cycle
Change Control and Patch Management
Security Awareness and Training
Risk Management
Risk and Security Assessment
Security Testing and Assessment
Monitoring and Analysis
Monitoring Employees
Log Management
Integrity Checking
Testing and Analysis
Auditing Methodologies
Communicate Findings
Continuous Monitoring and CAESARS
Introduction to Continuous Monitoring
Incident Handling, Response and Recovery
Incident Handling Knowledge Areas Part 1 of 2
Incident Handling Knowledge Areas Part 2 of 2
Incident Handling Response
Incident Handling Countermeasures
DEMO: OpenVAS
Forensics
Business Continuity Planning
Business Impact Analysis
Backup and Recovery Strategies
Redundancy and Storage
Cryptography Terms
Requirements for Cryptography Part 1 of 2
Requirements for Cryptography Part 2 of 2
Steganography
Hashes, Parity and Checksum
Secure Protocols and Cryptographic Methods
Symmetric Cryptosystems
Symmetric and Asymmetric Cryptosystems
Public Key Infrastructure (PKI)
Key Management
Web of Trust
Secure Protocols
OSI and TCP/IP Models
Network Topology
Transmission Media
TCP, UDP and Common Protocols
ARP, DHCP and ICMP
Routers and Routing Protocols
Network Security Protocols
SSCP Exam
2 Hours
 
LAN Security Using Switch Features
Skill Level: Intermediate 
+ Description
 

This course focuses on different methods of how to secure Local Area Networks (LANs) at the connectivity level. Topics include monitoring media access control (MAC) addresses and port security, limiting MAC & IP spoofing, controlling traffic flows, implementing and enhancing security in virtual local area networks (VLANs), enabling authentication on connection points, and determining host security health. Examples are used throughout to reinforce concepts.

Learning Objectives:

  • Identify the vulnerabilities and best practices in securing LAN connections.
  • Understand the management and decision-making processes within the NAC Framework.
  • Discuss methods of defending against attacks to STP, VLAN, and VTP switch configurations.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
+ Course Modules/Units
 
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
9 Hours
 
Linux Operating System Security
Skill Level: Advanced 
+ Description
 

This course focuses on the security features and tools available in Linux as well as the considerations, advantages, and disadvantages of using those features. This course is based on Red Hat Linux and is designed for IT and security managers, and system administrators who want to increase their knowledge on configuring and hardening Linux from a security perspective.

Learning Objectives:

  • Describe the basic architecture of a Linux system (e.g. kernel, file system formats, permissions, etc.).
  • Characterize a Linux system (identify distribution, installed packages, active accounts, etc.).
  • List and explain how to use common command line utilities on a Linux system for analysis purposes.
  • Operate a Linux system, including patching, modifying services, and other administration tasks.
  • Use a Linux system to perform analysis work such as malware and incident response analysis.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration Systems Administrator
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Linux OS Security Introduction
Booting Linux
Linux Recovery
Linux Startup Scripts
Linux Startup Processes
Linux Runlevels Demo
Chkconfig_and_Upstart Demo
Linux Processes and Signals
Linux Process Monitoring
PS_and_Netstat Demo
Linux PS and TOP Demo
Working with Linux PIDs
Linux File System Overview
Linux File Security
Linux File Access Controls
File Integrity Demo
Linux Kernel Tuning
Linux Host Access Controls
Linux User and Group Definition
User Management
Linux Privilege Escalation
Sudoers Demo
Linux Authentication Methods
Linux Viruses and Worms
Linux Trojan Horses
Linux Rootkits
Linux Misconfigurations
Linux Software Vulnerabilities
Linux Social Engineering
Linux Automated Installation
Managing Linux Packages
Package Management Tools Demo
Repositories and System Management
Custom Repository Demo
Linux IPv4 and IPv6
Linux Network Configuration
Linux Tunneling
Kernel Tuning Demo
Linux X11 Forwarding
Linux File Sharing
Linux Grand Unified Bootloader (GRUB)
Configuring GRUB Demo
Security Enhanced Linux
Introduction to IPTables
IPTables Rules
IPFilter
Linux Packet Sniffers
Linux NIDS
Linux HIDS
Linux Antivirus
Linux Secure Shell
Linux Log Management
Linux Scripting Basics
BASH Scripting Demo
IF Statements
Pipes and Redirection
Variables and Regular Expressions
Custom Scripting
Linux Hardening
NSA Hardening Guides
National Vulnerability Database (NVD)
Common Vulnerabilities and Exposures (CVE)
Vulnerability Scanning
Linux Operating System Security Quiz
22 Hours
 
Mobile and Device Security (2015)
Skill Level: Beginner  
+ Description
 

This course focuses on mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.

Learning Objectives:

  • Discover mobile device technology components and architectures and how to properly secure them.
  • Examine historical and current threats to mobile devices and methods for remediating against them.
  • Establish best practices and procedures for performing mobile device forensic investigations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Legal Advice and Advocacy Privacy Officer/Privacy Compliance Manager
+ Course Modules/Units
 
Mobile Security Course Introduction
Cellular Network Generations
Network Standards Introduction
CDMA TDMA and GSM Introduction
GPRS Edge and UMTS Introduction
Additional Network Standards
Bluetooth and Wi-Fi
Cellular Network Components
Mobile Switching Center Database
Authentication and Government Standards
4G LTE
Mobile Device Components
Mobile Device Operating Systems
Android Customization
Wireless Technology Introduction
WiFi Standards
Wi-Fi Standards : 802.11ac
WiFi Types
Wireless Fidelity Part 2
WiFi Channels and SSIDs
WiFi Signals and Hardware
Bluetooth
WiMAX
Additional Standards
Near Field Communication
Introduction to Threats
Lost and Stolen Devices
Additional Device-Level Threats
Near Field Communications and Mobile Threats
Application-Level Threats
Rogue Applications
Network-Level Threats
Pineapple Router
Malicious Hotspot
Malicious Use Threats
Mobile Hacking Tools
Mobile Device Security Introduction
Mobile Device Security Introduction Cont.
Android Introduction
Android Security
Android Application Security
Google Android OS Features
Installing Antivirus
iOS Security Model and Platform
iOS Application Security
Jailbreaking iOS
iOS Application Security Cont.
Apple iOS Update Part 1 of 2
Apple iOS Update Part 2 of 2
Windows Phone Security Model and Platform
Windows Implementation and Application Security
Windows Phone Update
WiFi Security
WiMax and Bluetooth
Bluetooth Attack
Protecting Data
Encryption
Android Encryption
iOS Encryption
Email Security
Android and iOS Email Security
Windows Email Security
iOS Hardening
iOS Hardening Cont
Blackberry Hardening
Android Hardening
Android Hardening Cont.
Windows Phone Hardening
Windows Phone Password and Cookies
Windows Phone Wi-Fi
Windows Phone - Find, Wipe, and Backup
Device Security Policies
Exchange and BES
Mobile Device Management
Mobile Device Management Cont.
McAfee Mobility Management
Forensics Overview
Forensics Role and Framework
Device Identification
Device Identification Cont.
Network Data
Network Data Cont.
Preservation
Preservation Cont.
Acquisition
Acquisition Cont.
Device Specific Acquisition
Hashing
Hashing Cont.
Analysis
Archiving and Reporting
Cellebrite
Forensics Demonstration
XRY/XACT
Oxygen and CellXtract
Paraben and MOBILedit!
Additional Methods
Subscriber Data
Benefits of Social Media
Risks of Social Media
Liabilities Associated with Social Media
Social Media Controls
Emerging Trends
Emerging Trends Cont.
New Technologies in Mobile Devices
Mobile Devices and the Cloud
Mobile Security Course Quiz
3 Hours
 
Network Layer 1 & 2 Troubleshooting
Skill Level: Beginner 
+ Description
 

This course reviews troubleshooting methods used in Layer 1 and Layer 2 of the Open Systems Interconnection (OSI) Model. This course covers how to detect, trace, identify, and fix network connectivity issues at the Physical and Data Link layers of the OSI stack. The basics of the Physical and Data Link layers will be covered along with a review of the devices, signaling, and cabling which operate at these layers. Learners will be presented with methods for tracing connectivity issues back to the source and identifying mitigation solutions.

Learning Objectives:

  • Understand basic overview of components of the first two layers of the OSI model.
  • Recognize common issues associated with Layer 1 & 2 of the OSI model.
  • Apply troubleshooting methods associated with the Physical and Data Link Layer.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Securely Provision Systems Architecture Security Architect
+ Course Modules/Units
 
Network Layer 1 and 2 Troubleshooting Introduction
OSI Physical Layer 1 Overview
Data Transmission Medium Cables and Connectors
Patch Panels
Fiber Optic Cables
Encoding and Signaling Functions
Network Components
Physical Network Design/Topology
Network Troubleshooting Methodology
Common Layer 1 Issues Part 1 of 2
Common Layer 1 Issues Part 2 of 2
Layer 2 Data Link Layer Components Overview
MAC Addresses/Logical Link Control
Layer 2 Protocols
Physical Network Design/Topology
Network Troubleshooting Methodology Review
Common Layer 2 Issues
Layer 2 Troubleshooting Tools
NW Layer 1 and 2 Troubleshooting exam
18 Hours
 
Network Security
Skill Level: Beginner
+ Description
 

This self-study resource is designed to help learners prepare for the Networking certification exams. This course is focused on IT infrastructure and networking concepts for junior to mid-level IT professionals in the cyber workforce. Objectives include network operations, security, troubleshooting and tools, as well as infrastructure support.

Learning Objectives:

  • Design and implement a functional network.
  • Configure, manage, and maintain network security, standards, and protocols.
  • Troubleshoot network issues.
  • Create and support virtualized networks.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
+ Course Modules/Units
 
Ports and Protocols Part 1 of 2
Ports and Protocols Part 2 of 2
OSI Layers
Properties of Network Traffic
VLANs and VTP
Routers and Routing Protocols
Routing Tables and Types
IP Addressing – IPv6
Traffic Filtering and Port Mirroring
Network Performance Optimization
IP Addressing Components
Subnetting
Network Topologies
Technologies that Facilitate IOT
Wireless Standards Part 1 of 2
Wireless Standards Part 2 of 2
DEMO: Wireless Architecture
Introduction to Cloud Computing
Cloud Security
DNS Service
Dynamic Host Configuration Protocol (DHCP)
Ethernet Standards
Cables and Wires
Cable Termination and Fiber Optic
DEMO: Cables and Connectors
Firewall Implementations
Network Components – Hubs and Switches
DEMO: Contrasting Hubs, Switches,VLANS
Router Setup and MAC Filtering
Installing and Configuring Wireless Networks
SOHO Network
Telephony, VoIP
Network Security Appliances IDS
Advanced Security Devices
Virtual Environments
Network Storage Connection Types
Network Storage and Jumbo Frames
Wide Area Network Technologies
Configuration Management Documentation
Business Continuity and Disaster Recovery
Fault Tolerance and Availability Concepts
Maintainability: MTTR and MTBF
Security Device and Technology Placement
DEMO: Introduction to SNMP
Network Access Security
Remote Access Methods
Operations Policies and Best Practices
Mobile Device Deployment Models
Physical Security Devices
Authentication Services
PKI Public Key Infrastructure
Examples of PKI Use
Network Access Control
Wireless Encryption and Authentication
DoS and MITM Attacks
Wireless Threats and Mitigation
Understanding Insider Threat
DEMO: Malware and Social Engineering Threats
Hardening Network Devices
Switch Loop Protocol
Network Segmentation and Design
Honeypot
Corporate Penetration Testing
Network Troubleshooting Methodology
Hardware Tools for Connectivity Issues
Software Tools for Connectivity Issues
DEMO: NSlookup Dig Google Toolbox
Physical Connectivity Problems
Cable Troubleshooting
Wireless Troubleshooting
Troubleshooting Routers and Switches
Technologies that Facilitate IOT
Practice Exam
2.5 Hours
 
Pre-Post Assessment Training
Skill Level: Beginner  
+ Description
 

Pre-Assessment and Post-Assessment Training (P2T) Description

The P2T training supports CISA strategies that are designed to provide more consistent and effective outcome-based cyber risk management support for its customers. The course provides information that includes:

  • Overview of the CISA assessment process, the Pre-Assessment Questionnaire, and suggested post-assessment support enhancements
  • How to utilize the Pre-Assessment Questionnaire and the post assessment materials to facilitate an improved customer experience with DHS assessments
  • Tips and strategies for the effective delivery of an assessment engagement

Audience

  • DHS Cybersecurity Advisors (CSA), and regional/state cyber support teams
  • Users of DHS assessments such as the CRR, CRE, and EDM

Objectives

  • Provide training on the use of the Pre-Assessment Questionnaire and the PostAssessment Process
  • Facilitate making the assessment engagement more customer relevant
  • Provide an understanding of techniques that can help CSAs leverage assessments to assist customers with managing cyber risk
  • Improve cyber risk outcomes for organizations

Materials
This course is comprised of a three-hour virtual delivery of targeted content presented by an expert from Carnegie Mellon’s SEI|CERT Division, supplemented by materials developed by the SEI to support CISA. The course materials include a variety of references to resources related to the course topics, resilience management, risk, and the cyber assessment process Downloadable* materials include:

  • Course content slides
  • Pre-Assessment Questionnaire Guide
  • Post-Assessment-Enhancing Post-Assessment Activities
*Available for download on the FedVTE P2T course content Lesson selection page
+ Course Modules/Units
 
Course Objectives & Background: Lecture 1 of 4
Pre-Assessment Questionnaire: Lecture 2 of 4
Post-Assessment Questionnaire: Lecture 3 of 4
Course Summary: Lecture 4 of 4
Supplementary PDF Files
1 Hour
 
Preventing Web and Email Server Attacks
Skill Level: Beginner    
+ Description
 

Web and email servers are the workhorses of the Internet: we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers. Participants can request 1 CPE credit for completing this course.

This webinar includes the following information and more:

  • Attack methods: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed, or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
  • Key Guidance for Organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
  • Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
  • Incident Response overview: Key steps to identify a potential attack, mitigate damage through proper preparation and response, and recover after an attack occurs.

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from web and email server cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

  • Define web and email server infrastructure, and explain common attack methods
  • Identify signs of a potential attack
  • Learn mitigation steps for web and email server attacks
  • Understand the process to recover from a web or email server attack
  • Explore impacts of web and email server attacks through case studies

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-source analysis
Analyze Threat Analysis Threat/ warning analyst
Collect and Operate Collection Operations All Source Collection Manager; All Source Collection Requirements Manager
Collect and Operate Cyber Operational Planning Cyber Intel Planner; Cyber Ops Planner; Partner Integration Planner
Operate and Maintain Data Administration Data analyst, database administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Strategic Planning and Policy Cyber policy and strategy planner; cyber workforce developer and manager
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support specialist
Protect and Defend Incident Response Cyber defense incident responder
Protect and Defend Vulnerability Assessment and Management Vulnerability assessment analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect; Security Architect
Securely Provision System Requirements Planning System requirements planner
+ Course Modules/Units
 
Preventing Web and Email Server Attacks
0.75 Hours
 
Professors in Practice
Skill Level: Beginner
+ Description
 

Professor David Thaw will discuss key leadership decisions on Cyber Threat Intelligence and Zero Trust Architecture. He will discuss how the industry is modernizing federal government systems in relation to cloud, Zero Trust Architecture, multi-factor authentication and training. Kick off the Professors in Practice series with Professor Thaw by joining session 1.

Key topics to be covered:

  • Understanding the framework of authorities, resources and institutions relevant to cybersecurity
  • Understanding the frameworks for public-private partnerships and other efforts addressing private-sector cybersecurity
  • Improving federal government cybersecurity policies
  • Removing barriers to sharing cybersecurity event information
+ Course Modules/Units
 
Cyber Threat Intelligence: Practical Applications and Impact of Information Sharing
1 Hour
 
Professors in Practice
Skill Level: Beginner
+ Description
 

Professor Work will discuss cyber intelligence communities of practice, exploring their capabilities, production and the various dimensions to be considered when evaluating new reporting. He will look at how traditional tradecraft is sustained and adapted, and how new work practices change in contemporary distributed environments, as well as the risks that such changes can introduce across the intelligence enterprise. Explore the tensions between different incentives underpinning various business models for intelligence as an activity, and the challenges of cyber threat information sharing that can arise in session 2 off our four-part series on Cyber Threat Intelligence and Zero Trust Architecture.

Key topics to be covered:

  • Understanding sources of cyber intelligence visibility
  • Evaluating private sector cyber intelligence production based on differing business models and incentives
  • The complications of cyber intelligence providers operating in a global market
  • Changing tradecraft and emerging pathologies
  • Implications of intelligence made public during crisis
+ Course Modules/Units
 
Cyber Threat Intelligence: From Legislation to Regulation
1 Hour
 
Professors in Practice
Skill Level: Beginner
+ Description
 

Professor Trawick will discuss the establishment of standard operational procedures for conducting vulnerability and incident response activities. He will also focus on how the federal government can improve its’ ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improving information sharing within the Federal government. Professor Trawick will also discuss the relevancy of creating and maintaining a federal cybersecurity event log. Join Professor Trawick as he explores session 3 off our four-part series on the Executive Order. He will discuss key leadership decisions on E.O. 14028 Sections 6-7.

Key topics to be covered:

  • Developing a standard set of operational procedures (playbook) for planning and conducting cybersecurity vulnerability and incident response activities.
  • Enabling federal government-wide endpoint detection and response system.
  • Improving information sharing.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirement Planning Systems Requirements Planner
+ Course Modules/Units
 
Professors in Practice: Improved Detection and Response
0.75 Hours
 
Professors in Practice
Skill Level: Beginner
+ Description
 

Professor Everetts will discuss the importance of cybersecurity event log requirements for federal departments and agencies. Poor logging practices hampers an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact. Professor Everetts will also discuss the relevancy of creating and maintaining a federal cybersecurity event log. She will also briefly discuss the required memorandum to establish cybersecurity requirements for National Security Systems. Join Professor Everetts as she explores session 4 off our four-part series on the Executive Order. He will discuss key leadership decisions on E.O. 14028 Sections 8-9.

Key topics to be covered:

  • Improving federal government’s investigative and remediation capabilities through a robust and consistent logging practices
  • Maintaining a federal cybersecurity event log
  • Adopt National Security Systems Requirements

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirement Planning Systems Requirements Planner
+ Course Modules/Units
 
Professors in Practice: Improving Federal Investigative and Remediation Capabilities
1 Hour
 
Professors in Practice
Skill Level: Beginner
+ Description
 

In May, President Biden signed Executive Order Improving the Nation’s Cybersecurity as a first step toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. Join Professor Duke as he kicks off our four-part series on the Executive Order during four webinars in August. He will discuss key leadership decisions on E.O. 14028 Sections 1 -3, Implementing Policy, Removing Barriers, and Modernizing Systems.

Key topics to be covered:

  • Improving Federal Government cybersecurity policies.
  • Removing barriers to sharing cybersecurity event information.
  • Modernizing federal government systems - cloud, zero trust architecture, multi-factor authentication and training.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirement Planning Systems Requirements Planner
+ Course Modules/Units
 
Professors in Practice: Policy, Barriers, and Modernization
1 Hour
 
Professors in Practice
Skill Level: Beginner
+ Description
 

Professor Richardson will discuss the important security and oversight requirements discussed in Section 4 and 5 of the EO. Join Professor Richardson for a discussion on the role the federal government will play in creating a baseline of security standards for secure software including building in software assurances. He will also discuss the creation of a National Cyber Incident Review Board which will analyze incidents and make recommendations for the future. Join Professor Richardson as he explores session 2 off our four-part series on the Executive Order. He will discuss key leadership decisions on E.O. 14028 Sections 4-5.

Key topics to be covered:

  • Delivering Secure Software
  • Creating a Baseline of Security Standards for Secure Software
  • Creating a National Cyber Incident Review Board

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirement Planning Systems Requirements Planner
+ Course Modules/Units
 
Professors in Practice: Software Supply Chain Security
1 Hour
 
Professors in Practice
Skill Level: Beginner
+ Description
 

Professor Richardson is joined by special guest Bryan Hall, and together, they will discuss the United States Department of Agriculture (USDA) Information Security Center’s (ISC) efforts to consolidate security and standardize practices. They will provide an in-depth analysis of three case studies where Zero Trust was implemented, the reasons behind the decisions, and lessons learned. Join Professor Richardson as closes out the Professors in Practice series with the fourth and final session.

Key topics to be covered:

  • ISC mission and goals
  • Google Beyond Corp, an exploration with recommendations
  • Forrester Research Microcore and Perimeter, an exploration with recommendations
  • VMWare NSX, an exploration with recommendations
+ Course Modules/Units
 
Zero Trust Architecture: Choosing a Model Based on the Task
1 Hour
 
Professors in Practice
Skill Level: Beginner
+ Description
 

Professor Richardson discusses Mr. Twist’s paper on Zero Trust Implementation and review the range of options available for Departments and Agencies seeking to implement Zero Trust Architecture strategies. They will explore the modular Zero Trust implementation strategy and how leaders can implement a similar approach. Join Professor Richardson as he explores session 3 of our four-part series on Cyber Threat Intelligence and Zero Trust Architecture.

Key topics to be covered:

  • Central tenets of Zero Trust security
  • Analysis of various Zero Trust models proposed and utilized
  • Zero Trust model comparisons
  • Recommendations for Zero Trust planning and selection
+ Course Modules/Units
 
Zero Trust Architecture: How to Choose the Right Model(s) for Your Organization
1 Hour
 
Professors in Practice
Skill Level: Beginner  
+ Description
 

This course features National Defense University Professor Robert Richardson who discusses important security and oversight requirements for commercial cloud solutions.

Learning Objectives:

  • Overview of the cloud physically, logically, and architecturally.
  • Discuss cloud deployment models and characteristics.
  • Overview of cloud infrastructure characteristics.
  • Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
  • Cloud software components - microservices & APIs.
  • The driving forces and key technology enablers of commercial cloud services in the Federal Government.
  • Must-have security requirements and policies for cloud solutions.
  • The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
  • Where Federal Government adoption of commercial cloud is now and predictions for the future.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Special
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Requirement Planning Systems Requirements Planner
Securely Provision Systems Architecture Enterprise Architect, Security Architect
+ Course Modules/Units
 
Cloud Security: What Leaders Need to Know – with Professor Robert Richardson
1 Hour
 
Professors in Practice
Skill Level: Beginner  
+ Description
 

In this hour-long webinar National Defense University Professor Roxanne Everetts discusses some key leadership decisions around using Federal Risk and Authorization Management Program (FedRAMP) solutions. FedRAMP is a unique government cloud - it is a combination of cloud security, cybersecurity, and risk management.

Learning Objectives:

  • Explain FedRAMP and why Federal agencies use FedRAMP. (Hint: It's the law!)
  • Discuss knowledge key leaders need for cloud solutions, including: FedRAMP structure, how it helps, and how agencies can leverage it.
  • Describe the FedRAMP governing bodies.
  • Examine the roles of Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) as FedRAMP participants.
  • Identify agency responsibilities, which include ensuring they have an Authority to Operate (ATO) letter on file with the FedRAMP Program Management Office (PMO).
  • Explore the FedRAMP Security Framework (SAF), based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37.
  • Use the FedRAMP Marketplace to find services that meet agency needs. Any service listed in the Marketplace meets federal security requirements and has already been authorized.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Oversee and Govern Cybersecurity Management Information Systems Security Manager
Oversee and Govern Executive Cyber Leadership Executive Cyber Leadership
Oversee and Govern Program/Project Management and Acquisition IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer, Cyber Instructor
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Securely Provision Risk Management Authorizing Official/Designating Representative, Security Control Assessor
Securely Provision Systems Requirement Planning Systems Requirements Planner
+ Course Modules/Units
 
FedRAMP: A Leaders Dashboard for Compliance – with Professor Roxanne Everetts
1 Hour
 
Radio Frequency Identification (RFID) Security
Skill Level: Beginner 
+ Description
 

This course focuses on securing radio frequency identification (RFID), different components of RFID, how it works, applications in which it is being used, benefits and weaknesses, and the communication range over which it works will be reviewed. Topics include specific concerns with RFID, recommendations for RFID, and security issues that have come to light.

Learning Objectives:

  • Explain the components, operation, and application of RFID technology.
  • Understand the privacy implications with using RFID-embedded items.
  • Differentiate across threat categories.
  • Describe different security recommendations to secure RFID.
  • Familiarity with real-world examples of how RFID has been exploited.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
1 Hour
 
Securing Infrastructure Devices
Skill Level: Intermediate  
+ Description
 

This course focuses on physical security, operating system security, management traffic security, device service hardening, securing management services, and device access privileges.

Learning Objectives:

  • Understand considerations for securing physical assets, patch management and change management.
  • Apply methods for securing network management traffic.
  • Understanding of securing management services such as NTP, SNMP, Syslog.
  • Understand hardware device hardening.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Securely Provision Systems Architecture Security Architect
+ Course Modules/Units
 
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
1 Hour
 
Securing Internet-Accessible Systems
Skill Level: Beginner   
+ Description
 

This course focuses on Internet-accessible systems or "Internet of Things" (IoT). Each of these systems and devices can be targeted by threat actors and used to conduct malicious activity if they are unsecured, or worse, these systems can leave vulnerabilities and sensitive information open to exploitation if not properly configured and maintained. This course explains the vulnerabilities of internet-accessible systems and how to prepare for, mitigate, and respond to a potential attack. This course provides key knowledge to inform organizational awareness of internet-accessible system attacks as well as best practices that minimize the likelihood of a successful attack and enable effective response and recovery if an attack occurs.

This webinar is accessible to non-technical learners including managers and business leaders and offers an organizational perspective useful to technical specialists.

Learning Objectives
Enable learners to better defend their internet-accessible systems through awareness of common vulnerabilities, best practices, CISA guidance, and resources:

  • Define Internet-Accessible Systems and common vulnerabilities
  • Explain cyber hygiene best practices that prevent attacks.
  • Understand the impacts of real-life cyberattacks and what an effective organizational response looks like.
  • Learn steps to identify, mitigate, and recover from Internet-Accessible System attacks.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Data Administration Data Analyst, Database Administrator
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Cybersecurity Management Communications Security Manager; Information Systems Security Manager
Oversee and Govern Program Management and Acquisition IT Investment Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Oversee and Govern Strategic Planning and Policy Cyber Policy and Strategy Planner; Cyber Workforce Developer and Manager
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Securely Provision Risk Management Authorizing Official/Designating Representative; Security Control Assessor
Securely Provision System Requirements Planning System Requirements Planner
+ Course Modules/Units
 
Securing Internet- Accessible Systems
1 Hour
 
Securing the Network Perimeter
Skill Level: Intermediate  
+ Description
 

This course focuses on edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization, and securing against Single Point of Failure (SPOF).

Learning Objectives:

  • Identify perimeter and the approach to protecting that perimeter.
  • Understand methods to consider for blocking DoS and DDos traffic.
  • Apply specialized Access Control List considerations.
  • Implement firewalls and differentiate types to protect the perimeter.
  • Understand routing protocols and traffic prioritization for networks.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
1 Hour
 
Security and DNS
Skill Level: Advanced 
+ Description
 

This course discusses name resolution principles, name resolution and security, DNS security standards, securing zone transfers with Transaction Signature (TSIG), and DNS Security Extension (DNSSEC) principles, implementation, and resources.

Learning Objectives:

  • Understand DNS (Domain Name System) and its purpose.
  • Familiarity with DNS Standards documents, DNS deployment best practices and TSIG.
  • Explain DNSSEC and its origins, role and implementation.
  • Understand migrating to DNSSEC and its challenges.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration System Administrator
Operate and Maintain Systems Analyst Systems Security Analyst
Securely Provision Systems Architecture Security Architect
+ Course Modules/Units
 
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
1 Hour
 
Understanding DNS Attacks
Skill Level: Beginner     
+ Description
 

The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.

This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

  • Define DNS Tampering and explain common attack methods
  • Identify signs of a DNS attack
  • Learn mitigation steps for DNS attacks
  • Understand the process to recover from a DNS attack
  • Explore impacts of DNS attacks through case studies

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Data Administration Data analyst, database administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operation Specialist
Operate and Maintain Systems Administration System Administrator
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Strategic Planning and Policy Cyber policy and strategy planner; cyber workforce developer and manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist
+ Course Modules/Units
 
Understanding DNS Attacks
16 Hours
 
Windows Operating System Security
Skill Level: Intermediate 
+ Description
 

This course focuses on the security aspects of Microsoft Windows. The class begins with an overview of the Microsoft Windows security model and some of the key components such processes, drivers, the Windows registry, and Windows kernel. An overview of the users and group permission structure used in Windows is presented along with a survey of the attacks commonly seen in Windows environments. Patching, networking, and the built-in security features of Windows such as the firewall, anti-malware, and BitLocker are all covered in light detail.

Learning Objectives:

  • Understanding of the Windows security model and its key components.
  • Introduction and best practice recommendations for using and configuring users and groups.
  • Overview of the Data Access Control technology in Windows Server 2012.
  • Survey common attacks seen in a Windows environment.
  • Understanding of the Microsoft update and patching process

Date: 2012

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Systems Analysis Systems Security Analyst
Operate and Maintain Systems Administration System Administrator
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
+ Course Modules/Units
 
Windows OS Security Course Introduction
Windows Security Module Introduction
Windows Architecture Overview
Windows Subsystems Part 1 of 2
Windows Subsystems Part 2 of 2
Windows Security Development Lifecycle
Windows API
Windows Registry
Viewing Windows Registry Demo
Windows Services Part 1 of 2
Windows Services Demo
Windows Services Part 2 of 2
Multi-tasking
Sessions, Windows Stations and Desktops
Programs and Drivers Part 1 of 2
Reviewing Drivers in Windows
Programs and Drivers Part 2 of 2
Updating Windows Drivers Demo
Applications, Processes, and Threads
Buffer Overflow Protection
Authenticode Part 1 of 2
Digital Certificate Details Demo
Authenticode Part 2 of 2
Windows Action Center
Windows Users and Groups Introduction
User Account Control
Windows Users and Groups Part 1 of 2
Windows Users and Groups Part 2 of 2
Windows Interactive Logon Process
NTLM Authentication Overview
Kerberos Authentication Overview
Types of Authentication
File Permissions
Dynamic Access Controls
Threats and Vulnerabilities Introduction
OS Vulnerabilities
CVE Details Demo
CVE Samples
Misconfigurations
Password Configuration Options
Password DDOS Demo
Common Misconfigurations
CCE and the NVD Demo
Social Engineering
Viruses and Worms
Impersonation
Microsoft Updates and Patching Process Part 1 of 2
Double Decode
Microsoft Updates and Patching Process Part 2 of 2
Securing the Update Process
Update Process Circumvention
Windows Server Update Service
Internet Explorer Patching
Windows Network Connectivity
Windows Network Profiles
Windows Network Adapter Settings
Windows Wireless Settings
Windows Networking Protocols
Other Windows Protocols
Microsoft VPN Part 1 of 2
Microsoft VPN Part 2 of 2
Microsoft Network Access Protection Part 1 of 2
Microsoft Network Access Protection Part 2 of 2
How to Configure Windows Update Settings Demo
Windows Security Features Introduction
Windows Firewall
Windows Firewall Wizard Demo
Windows Firewall with Advanced Security
Windows Firewall with Advanced Security Demo
Configuring Windows Firewall Demo
Windows Defender
Windows AD and PKI Demo
Windows Active Directory Certificate Services
Windows Group Policy
Windows AppLocker
Configuring And Using App Locker Demo
Windows BitLocker
Configuring And Using Bitlocker Demo
Windows Secure Boot
Windows Security Auditing
Windows Audit Settings and Examples
SCW Introduction
Hardening Windows Introduction
Windows Templates
Microsoft Baseline Security Analyzer
Microsoft Security Configuration Wizard
Microsoft Security Compliance Manager
Hardening with Group Policy
NVD Search Demo
Other Guidelines and Recommendations
Using Windows Mgmt Intstrumentation Demo
Using The Security Config Wizard Demo
PowerShell Introduction
PowerShell Key Commands
PowerShell Demo
Administrative Functions with PowerShell
Computer and Network Management with PowerShell
Basic Scripts in PowerShell
PowerShell Security Settings and Configurations
Using Powershell Demo
Windows OS Security Quiz
9 Hours
 
Wireless Network Security (WNS)
Skill Level: Intermediate  
+ Description
 

This course focuses on the technologies of the 802.11 family of wireless networking, including the principles of network connectivity and network security.

Learning Objectives:

  • Understand the difference between Wi-Fi and other wireless technologies.
  • Identify the major protocols within the family of 802.11 protocols.
  • Understand how radio frequency properties affect Wi-Fi network design and operation.
  • Understand the operation of enterprise Wi-Fi networks and the evolution of CAPWAP.
  • Understand the major Wi-Fi security and methods and be able to create a Wi-Fi security monitoring plan.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Administration Systems Administrator
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Securely Provision Systems Architecture Systems Architect
+ Course Modules/Units
 
Wi-Fi Communication and Security Intro
How Wi-Fi Became Ubiquitous
Wi-Fi Standards - 802.11b
Wi-Fi Standards - 802.11a
Wi-Fi Standards - 802.11g n and ac
Bluetooth Standards
WiMAX Standards
LTE HSPA EvDO Network Types
Spread Spectrum Technology
802.11 Transmissions and Wireless Channels
802.11 Data Rates
Wireless Network Topologies
Wireless Network Hardware
RF Propagation Principles
Impacts on Signal Radiation
Signal Propagation and Objects
Additional Signal Effects
Measuring Signal Strength
Signal Strength and Antennas
Wireless Coverage and Frequency Reuse
Wireless Network Design Issues
Wireless Modes and Service Sets
Wireless Authentication and Association
Wireless and Roaming 1 of 2
Wireless and Roaming 2 of 2
Enterprise 802.11 Solutions
Key Points of CAPWAP
Advantages of CAPWAP
CAPWAP Demo
802.11 Security Flaws
Fixing 802.11 Security
802.1x Authentication Protocols
Additional Issues with 802.11 Encryption
Additional 802.11 Security Measures
Other Wireless Threats
Wireless Best Practices
Wireless Network Assessment Part 1 of 2
Wireless Network Assessment Part 2 of 2
Wireless Network Security Quiz