This short CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the Elastic dashboard.

Learning Objectives:

• Become familiar with the Kibana User Interface of the CDM Agency Dashboard
• Better understand the CDM Agency Dashboard architecture and data flow
• Understand the general architecture, data flow, and data structure and schema
• Become familiar with JSON Documents

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Micro Learn: The Federal Dashboard and Cross Cluster Search

Description:

Learn about the concepts and features of the CDM Federal Dashboard. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide its many benefits to federal agencies.

Learning Objectives:

• Learning the new features of the Federal Dashboard and the primary use cases of the dashboard.
• Understanding the data trends within the Federal Dashboard
• What are the primary user roles of the Federal Dashboard?
• Learn about Cross Cluster Searching and how the federal dashboard increases the security of the .GOV domain

Date: April  2023

Length: 13 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Course Title: API Key Self-Creation

Length (mins): 5 minutes

Description: Learn how to create an API key yourself using Kibana.

Learning Objectives:

• Perform the steps to create an API key using Kibana.

Training Purpose: Skill Development

Training Level: Advanced

Alignment to NICE Framework

Course Title: Change Number Format with Kibana

Length (mins): 5 minutes

Description: Kibana allows for custom number formatting. Learn how to display values as whole numbers and not as rounded ones. This MicroLearn demonstrates how to do this by changing general and custom settings.

Learning Objectives:

• Change the number format in Kibana.

Training Purpose: Skill Development

Training Level: Intermediate

Alignment to NICE Framework

Course Title: Create a Dashboard with Existing Visualizations

Length (mins): 4 minutes

Description: This MicroLearn demonstrates how to create a dashboard and quickly add existing visualizations to the dashboard. Before beginning, please read the following restrictions.

Learning Objectives:

• Create a new dashboard with existing visualizations.

Training Purpose: Skill Development

Training Level: Intermediate

Alignment to NICE Framework

Course Title: Create a Visualization with Lens

Length (mins): 4 minutes

Description: Kibana's Lens feature makes it easy to create visualizations. This MicroLearn demonstrates how to create a simple graph using the Lens feature.

Learning Objectives:

• Create a line graph using Lens.

Training Purpose: Skill Development

Training Level: Intermediate

Alignment to NICE Framework

Course Title: Dashboard Navigation – An Introduction

Length (mins): 2 minutes

Description: Finding data that’s meaningful to you shouldn’t be challenging. Following these four easy steps will allow you to navigate seamlessly through the CDM Dashboard to find exactly what you are looking for.

Learning Objectives:

• Identify ways to navigate the CDM Dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Federal Benchmark Subscores

Length (mins): 3 minutes

Description: This MicroLearn is a demonstration of how to view Federal Benchmark metrics. These metrics consist of Averages, Maximum Values, and Minimum Values. Metrics are derived from Agency Dashboard data reported to the Federal Dashboard.

Learning Objectives:

• View the Federal Benchmarks used in the CDM Dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: FireEye Reporting – Search for the Latest CVE Data from FireEye

Length (mins): 4 minutes

Description: This MicroLearn teaches you how to search and view the latest FireEye enriched NIST CVE reference data shared by the Federal Dashboard.

Learning Objectives:

• Retrieve the NIST CVE data that is enriched by FireEye.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Interface Overview – Discover, Dashboard, and Visualize

Length (mins): 2 minutes

Description: This MicroLearning introduces three important Kibana interface tools: Discover, Dashboard, and Visualize.

Learning Objectives:

• Identify the Discover, Dashboard, and Visualize areas of the CDM Dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Manual Filtering (Add Filter) – Filter by Critical Severity

Length (mins): 2 minutes

Description: Add filters to display only those documents that contain a particular value in a field. You can also create negative filters that exclude documents that contain the specified field value.

• Perform the steps to create a negative filter, also known as filter out.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Manual Filtering – Adding Multiple Filters on One Dashboard

Length (mins): 2:30 minutes

Description: Add filters to display only those documents that contain a particular value in a field. In this MicroLearn, you will learn how to add multiple filters to the same dashboard.

• Add multiple filters to a dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Search Function – Search for Mac Machines

Length (mins): 2 minutes

Description: In this MicroLearn, you will perform a Free Text Search – a search performed on all fields. The KQL Search bar allows you to search the indices that match the current index pattern. You will learn how to enter search criteria in the query bar and why to avoid Elastic's Global Search Bar.

• Create a filter using the KQL Search bar to locate Mac end points.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: STIG Dictionary Filter Sort and View Details

Length (mins): 3:30 minutes

Description: This MicroLearn demonstrates how to use Kibana's Discover feature to Filter, Sort, and View STIG information. This tutorial begins with the Discover feature within the CDM Agency Dashboard space. The steps used in this tutorial are the same for the CDM Federal Dashboard.

• Locate STIG information in the CDM Agency or Federal Dashboard using Kibana's Discover feature.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: The Data Dictionary

Length (mins): 5 minutes

Description: This MicroLearn demonstrates how to view the CDM Dashboard's Data Dictionary to lookup field descriptions and view the fields that compose a data view using the Discover tool.

• Use the Discover tool to view field definitions.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: The KQL Search Bar – An Introduction to Field Level Searches

Length (mins): 5 minutes

Description: The Kibana Query Language (KQL) makes it easy to find the fields and syntax for your Elasticsearch query. Learn more about data fields and field level searches in this MicroLearn.

• Write a query using KQL.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Time Filter – Show ‘Absolute’ Dates

Length (mins): 1:30 minutes

Description: Learn how to filter for time in the CDM Dashboard using the Absolute feature. Use the Absolute tab in the Show Dates dropdown menu to choose a specific date range. By default, the time filter on the CDM Dashboard is set to the last 30 Days.

• Locate and select absolute date ranges.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Time Filter – ‘Commonly Used’ Feature

Length (mins): 1:30 minutes

Description: By default, the time filter on the CDM Dashboard is set to the last 30 Days. Learn how to use the time filter to change the date range to meet your data analysis needs. The time filter is a powerful tool with a multitude of features. This MicroLearn focuses on how to filter for time within the Commonly Used date feature.

• Locate and select the Commonly Used date ranges.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Trend Chart Filtering - Filtering for Time

Length (mins): 1 minute

Description: It is possible to change the Time Range from within a Trending Chart without using the Time Filter. Learn how in this MicroLearn.

• Change the data range in a Trend graph without using the Time Filter.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Using Multiple Filter Types

Length (mins): 2:30 minutes

Description: There are a multitude of ways to filter data in Kibana. This MicroLearn walks you through four variations in one dashboard experience.

• Apply four different methods of applying filters in Kibana.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

This course orients analysts to analyzing common protocols, identifying suspicious or malicious traffic and provides an introduction to the Wireshark packet filter syntax.

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.

Learning Objectives:

• Present an overview of ransomware attacks
• Identify preventative measures to block ransomware attacks
• Discuss incident response best practices for ransomware attacks
• Detail ways to implement recovery measure after a ransomware attack
• Learn to strategically plan the development and implementation of your CSIRT.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

Major cyber-attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security, or execute malicious activity without tripping network defenses.

Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity.

This webinar includes the following information and more:

• Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity.
• Understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
• Learn about the MITRE ATT&CK® framework and how it supports the analysis of IOCs, potential threat actors related to the activity and their associated strategies and tactics.
• Introduce free CISA cybersecurity tools, services, and resources to help organizations further advance their cybersecurity capabilities.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 – Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.

This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Backup Active Directory on a Domain Controller
• Restore Active Directory on a Domain Controller

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Identify the purpose of firewalls
• Present the importance of implementing firewall rules
• Identify specific firewall rules to apply

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.

This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Define Server Message Block
• Identify the three versions of SMB
• Present the importance of disabling SMBv1

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.

This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Reset the KRBTGT Account password

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Present the definition of a DNS Sinkhole
• Identify key terms related to the Sinkholing process
• Explain the importance of implementing a DNS Sinkhole

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

By the end of this course, you should be able to use network flow data to do the following:

• Evaluate the correct implementation of application traffic on the network.
• Find anomalous traffic on a large network.
• Find malicious activity given additional network and intelligence data sources.
• Identify potential malicious activity on a network.
• Provide input for appropriate techniques in an operational environment.

This 2.5-hour virtual course demonstrates the configuration settings management (CSM) capability within version ES-6 of the CDM Agency Dashboard. In this course students are shown the basic concepts associated with CSM, the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), how CSM scoring is incorporated into the current AWARE calculations, and students will gain an understanding of how the CSM capability of the CDM Agency Dashboard can be used to reduce the misconfiguration of assets in their agency IT inventory.

Learning Objectives:

• Overview of the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and how CSM scoring is incorporated into the AWARE calculations.
• Walkthrough of how CSM scoring affect the AWARE algorithm and can reduce asset misconfiguration.

Date: June 2024

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course orients analysts to the various types of information that can be found in packets, uses Wireshark as the packet capture and analysis tool, and explains why data available in packets can be affected by the location of the packet capture in the network environment.

This 2.5 hour course demonstrates the continuous monitoring and analysis capability with version ES-6 of the CDM Agency Dashboard. This is a role-based course for those in the cybersecurity workforce that use the dashboard routinely. In this course students are shown concepts associated with continuous monitoring and analysis of the top issues that affect networks. Topics include an overview of the responsibilities of the Security analyst, continuous monitoring, how the CDM Agency Dashboard can be used to identify vulnerabilities, AWARE scoring, the reporting function, and possible courses of action.

Learning Objectives:

• Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
• Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.

Date: June 2024

Training Proficiency Area: Level 2 - Intermediate

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

At the end of this course, participants will be able to

• list the characteristics that distinguish Mothra from SiLK,
• identify the major architectural features of Mothra,
• describe how analysis can be performed in Mothra, and
• discuss the advantages of using a Jupyter Notebook for collaborative analysis.

This course focuses on advanced concepts for writing scripts for the Microsoft Windows operating system. The course covers how to string multiple commands together in traditional BATCH scripts, as well as leverage Visual Basic Scripting (VBS) to perform more complex tasks and includes reinforcing video demonstrations and final assessment.

Learning Objectives:

• Understand the fundamentals of Visual Basic Scripting.
• Recognize the concepts of redirection, piping, and how to conduct complex tasks with multiple commands.
• Apply integration of Windows BATCH with Visual Basic Scripting.
• Demonstrate how to access the Windows API from Visual Basic Scripting.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This 2 hour course provides managers with an overview of the CDM Agency Dashboard. In the course, students are shown concepts associated with the CDM Agency Dashboard and how to create appropriate reports. Additionally, the course includes a presentation by CDM Program Manager Matt House, as he discusses version ES-6 of the CDM Dashboard and the CDM vision for 2024.

Target Audience: This course is applicable to workforce Executives and Senior-level Managers who need to understand how Information Assurance and cybersecurity principles affect their agencies, how the CDM program helps support those principles, and how their CDM Agency Dashboard can help establish a cybersecurity baseline and identify and reduce their attack surface.

The National Initiative for Cybersecurity Education (NICE) roles of: Authorizing Official/Designated Representative, Executive Cyber Leadership, Program Managers, and other senior management roles responsible for cybersecurity within their agency will benefit from this course.

Learning Objectives:

• Discuss the principles of information assurance
• Discuss Federal laws and required executive and Senior-level management responsibilities
• Discuss the purpose and function of the CDM Program
• Discuss the purpose and benefit of the CDM Agency and Federal Dashboards
• Reviewing the CDM Agency Dashboard information to make risk-based decisions Includes lab exercises

Date: January 2024

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

At the end of this course, participants will be able to:

• List several types of sensors in use on modern computer networks
• Identify what fields and information are available in the data from each type of sensor
• Characterize some of the analysis of data from each type of sensor
• Discuss potential issues with the use of data from each type of sensor, and how to deal with the issues in analysis

SQL for Traffic Analysis covers basic SQL topics such as selecting data from a table, ordering results, using multiple tables, grouping results, calculating aggregate values, and creating new tables.

This series of videos presents topics of interest to analysts with a working knowledge of SilK who wish to learn more. Each video covers one area of NetFlow analysis. The topics are:

• Displaying NetFlow Records in SiLK (tips for using rwcut)
• Host Profiling (what can you learn about a host and its activity from NetFlow?)
• Protocol Profiling: ICMP (here is how analysis of ICMP can be different from TCP and UDP)
• Rwmatch (for those who need to work with both sides of a network connection)
• The SiLK Application Label (The App Label uses Deep Packet Inspection to make an educated guess as to what service the flow supports)

In this course you will learn about:

• Describe how the history of TCP/IP has led to security issues
• Describe the layered architecture of TCP/IP
• Describe characteristics of
  • Address Resolution Protocol (ARP)
  • Internet Protocol (IP)
  • User Datagram Protocol (UDP)
  • Service Ports
  • Transmission Control Protocol (TCP)
  • Internet Control Messages Protocol (ICMP)
  • Fragmentation
• Explain how common services operate with network protocols
• Forecast how IPv6 affects network traffic analysis

The Cloud Computing Concepts course highlights concepts and best practices for cloud architecture, design, security, and operations. Topics include leveraging cloud environments for critical assets or operations, and the impacts on data and application security, as well as legal, risk, and compliance considerations.

Learning Objectives:

• Compare cloud service and deployment models and each’s impact on customer control and responsibilities
• Identify data security strategies within cloud environments
• Explain secure data center design concepts including example risks and security controls
• Describe the Secure Software Development Life Cycle (SDLC) and its relation to applications within cloud environments
• Summarize concepts for building, operating, and managing physical and logical infrastructure for cloud environments
• Outline privacy, legal, and audit requirements with cloud environments, and how it relates to evaluating providers

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.

Learning Objectives:

• Define cloud models and components.
• Apply CSA security guidance and other best practices to cloud deployments.
• Understand cybersecurity requirements within the Shared Responsibilities model.
• Prepare for cloud computing governance and compliance challenges.
• Relate traditional cybersecurity controls to popular cloud solutions.
• Recognize and prepare for cloud computing threats.
• Review additional cloud security tools and use cases.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on the basics of computer programming and how to give a machine a set of instructions to produce a desired behavior. This course also provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write a fully functional code.

Learning Objectives:

• Define programming.
• Describe the structure and purpose of major programming paradigms.
• Explain the difference between high-level and low-level languages.
• Describe the uses of scripting and compiled languages.
• State the elements of programming.
• Explain when to use a variable in programming.
• List basic data types.
• State how operators are used in programming.
• Explain why logic and flow are important in programming.
• State the purpose of programming frameworks.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.

Learning Objectives:

• Define and give examples of critical infrastructure.
• Identify possible cyber threats to critical infrastructure.
• Describe U.S. cybersecurity policies and programs.
• Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will explain how to securely provision, analyze, oversee and govern, protect and defend a supply chain.

Learning Objectives:

• Describe product supply chains and life cycles.
• Identify the role of adversaries in supply chain risk management.
• Define the risks associated with supply chains.
• State the principles of supply chain management.
• Identify security measures taken to protect a supply chain.
• Apply suggested tools to address supply chain vulnerabilities.
• Explain how knowledge of the 'internet of things' (IoT) is used to evaluate products as IoT devices.
• Recognize potential dangers posed by various devices brought to work.
• Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR).
• Define how to personally safeguard your organization's cybersecurity.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on basic database security concepts and methodology. This course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage, or unauthorized modification of data.

Learning Objectives:

• Understand importance of database security.
• Understand how tools such as AppDetectivePRO and db-Protect can be used to evaluate a database's security posture.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:

• Vulnerability report receipt and intake
• Developing and publishing a vulnerability disclosure policy
• Developing vulnerability disclosure handling procedures
• Developing a vulnerability disclosure capability development
• Reporting metrics

After completing this course, participants should be able to

• Describe agency requirements for developing and publishing a vulnerability disclosure policy (VDP).
• Describe the minimum capacity needed to support your vulnerability disclosure handling process.
• Explain how vulnerability disclosure and handling is dependent on successful human interaction.
• Explain the importance of establishing trust and good relationships with reporters and stakeholders.
• List the key resources that can help your agency build your VDP and supporting processes.
• Meet the requirements to develop and publish a VDP and supporting handling process.
• Understand how and when to work with CISA for assistance and escalation.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course covers the basics of Domain Name System Security Extensions (DNSSEC), how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.

Learning Objectives:

• Discuss DNSSEC and supporting mechanisms.
• Sign a DNS zone.
• Configure Delegation Signer (DS) resource records.
• Set up a Secure Resolver.
• Discuss server operational considerations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware attacks hit a new target every 14 seconds: shutting down digital operations, stealing information and exploiting businesses, essential services and individuals alike. "Don't Wake Up to a Ransomware Attack" provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to prevent, mitigate, and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

• Definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time
• Common signs of a ransomware attack and how to respond if an attack is suspected
• Guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack
• Case studies demonstrating the impacts of ransomware attacks
• A concluding Knowledge Check to reinforce understanding and key takeaways

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from ransomware cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

• Define ransomware
• Be able to identify signs of a ransomware attack
• Learn mitigation steps of ransomware attacks
• Understand how to recover from a ransomware attack
• Understand impacts of ransomware attacks though case studies

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course introduces learners to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect to perform and manage dynamic security vulnerability testing and address results from a developer’s perspective/cybersecurity professional's perspective.

Learning Objectives:

• Understand how dynamic testing tools work on web-based applications.
• Utilize dynamic testing tools to find common Weakness Enumeration.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course is a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS) and provides an opportunity to learn why election officials must view themselves as IT managers. The course serves as an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of interconnected electronic election systems, including public-facing websites. The content introduces the key concepts of identifying vulnerabilities and how to protect election systems from internal and external threats and provides information on cybersecurity resources available from the EAC and DHS.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.

Learning Objectives:

• Describe risk management's role in the enterprise and mitigation strategies for specific threats.
• Detail implementing network security strategies and controls for connected devices.
• Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
• List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery.

Learning Objectives:

• Describe key concepts related to cyber risk management.
• Detail risk assessment and analysis methodologies and frameworks.
• Identify security controls and countermeasures to mitigate risks and support response and recovery.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns, and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.

Learning Objectives:

• Primer of IPv6 addressing
• Describe current deployment state
• Explain ICMPv6, DHCPv6, and DNSv6
• Explore IPv6 Transition mechanisms
• Identify security concerns
• Incorporate management strategies

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course prepares learners for the CISSP certification exam. This course focuses on the information security field, exam objectives, and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.

Learning Objectives:

• Explain and apply concepts to design, implement, and manage secure cyber operations.
• Develop, document, and implement security policy, standards, procedures, and guidelines.
• Apply risk management concepts.

Date: 2019

Training Purpose: Management Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course serves as a preparation for the Systems Security Certified Practitioner (SSCP) certification exam, by demonstrating advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.

Learning Objectives:

• Demonstrate knowledge of security operations and administration.
• Implement risk monitoring, analysis, and mitigation strategies.
• Develop and implement incident response and recovery plans.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This workshop focuses on how to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD), and the latest attack. The Measuring What Matters: Security Metrics Workshop, the learner will learn how to refine a strategic or business objective that meets that S.M.A.R.T.E.R. criteria: Specific, Measurable, Achievable, Relevant, Time-bound, Evaluated, Reviewed, and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.

Learning Objectives:

• Identify a core set of business goals, based on the business objective, to which the cybersecurity risk measurement program will be applied.
• Formulate one or more key questions for each business goal, and use them to help determine the extent to which the goal is being achieved.
• Identify one or more indicators for each business goal key question.
• Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework