Monday – Friday
From 8 am – 5 pm
Course Description
This course prepares the learner to enter the exciting field of cybersecurity as a cybersecurity defense analyst. If you intend to take the CompTIA CySA+ (Exam CS0-003) certification examination, this course can be a significant part of your preparation. However, certification is not the only key to professional success in cybersecurity. Today’s job market demands individuals with demonstrable skills, and the information and activities in this course can help you build your cybersecurity analyst skill set so that you can confidently perform your duties in any cybersecurity analyst role.
We will meet daily, Monday through Friday, from 8 am to 5 pm, where we will have a series of lectures and hands-on labs to acquire the Knowledge, Skills, and Abilities that will prepare you for a career in cybersecurity.
What is included with your registration:
- Access to an online learning environment
- Embedded eBook
- Hands-on practical labs
- Chapter review questions
- Practice Exams
- CompTIA CySA+ Exam Voucher
Prerequisite
You must have completed our Network Fundamentals course or already be certified in networking before taking this course
Bundle Option
The Cyber Defense Analyst course is offered in a bundle with the Network Fundamentals course at a reduced price. If you want to register for the bundle, click the registration button on the right and select the bundle option. We will offer the “back-to-back” courses over two weeks.
Course Objectives
OUR COURSE GUARANTEE
Guaranteed To Pass
If you don’t pass your certification exam on the first attempt, we will provide you with a subsequent attempt at no additional cost.
Satisfaction Guarantee
If you are not satisfied with your course training, you may withdraw from the course and receive a pro-rated credit that can be used to enroll in a different online or in-person course that we offer.
Bundle Transfer Guarantee
If you enroll in a bundled course package and do not pass the first course or you decide the pathway is not “for you” after taking the first course, you can transfer to another bundled course package and only pay the discounted rate for the first course in the bundle.
Course Content
Lesson 1: Understanding Vulnerability Response, Handling, and Management
Lesson Introduction
The role of leadership in cybersecurity operations cannot be understated. This lesson will review typical leadership responsibilities such as developing policies and procedures, managing risk, developing controls, managing attack surfaces, routine patching, and effective configuration management practices.
Lesson Objectives
In this lesson, you will do the following:
- Review policies and governance.
- Explore risk management principles.
- Understand different types of controls.
- Review attack surface management.
- Explore patch and configuration management.
- Review the importance of maintenance windows.
Topics
- Understanding Cybersecurity Leadership Concepts
- Exploring Control Types and Methods
- Explaining Patch Management Concepts
Lesson 2: Exploring Threat Intelligence and Threat Hunting Concepts
Lesson Introduction
Threat intelligence and threat hunting encompass the strategies used to detect and protect against active threats. Threat intelligence describes gathering and analyzing data to help identify potential threats and determine the most effective way to mitigate them. Threat intelligence enables the proactive identification of malicious activity and the capabilities and objectives of different threat actor groups. In addition, threat hunting describes actively searching for signs of malicious activity on an organization’s network. It involves using various tools and techniques to search for potential threats, such as analyzing log files, monitoring suspicious traffic, and performing manual searches. Combining these two approaches allows an organization to stay one step ahead of threat actors and better protect its systems.
Lesson Objectives
In this lesson, you will do the following:
- Understand threat actor concepts.
- Explore advanced persistent threats.
- Review tactics, techniques, and procedure (TTP) concepts.
- Understand the importance of identifying active threats.
- Review open-source intelligence and information-sharing concepts.
- Review different types of threat-hunting activities.
- Understand the importance of Indicators of Compromise (IoC).
- Review decoy methods.
Topics
- Exploring Threat Actor Concepts
- Identifying Active Threats
- Exploring Threat-Hunting Concepts
Lesson 3: Explaining Important System and Network Architecture Concepts
Lesson Introduction
System and network architecture are crucial elements to consider for security operations. Effective system and network architectures provide a secure environment for all software and devices and can resist attacks while maintaining authorized user access. Additionally, it should enable security analysts to detect and respond to malicious activity promptly. Lastly, it should be easy to maintain, allowing updates and patches to be applied quickly and seamlessly to all components. When appropriately designed, system and network architecture provide a secure and reliable environment for businesses and organizations, protecting them from threat actors and other threats.
Lesson Objectives
In this lesson, you will do the following:
- Review system and network architecture concepts.
- Explore important operating system concepts.
- Review Cloud deployment models.
- Review identity and access management concepts.
- Review data protection tools and techniques.
Topics
- Reviewing System and Network Architecture Concepts
- Exploring Identity and Access Management (IAM)
- Maintaining Operational Visibility
Lesson 4: Understanding Process Improvement in Security Operations
Lesson Introduction
The importance of leadership in security operations cannot be overstated. Leaders are responsible for setting the strategy, providing guidance and direction, and ensuring the safety of personnel and assets. They must be able to take decisive action and lead from the front in times of crisis. Good leaders will also be able to motivate and inspire their team, helping to ensure that everyone is working toward the same goal. Furthermore, leaders must understand the latest technology and trends to ensure that their team is equipped with the right skills and equipment. Finally, leaders must manage resources effectively, so operations are efficient, cost-effective, and secure. To accomplish this, security operations team leaders must depend on well-established processes. Processes define a standardized, preestablished method of completing various tasks. Processes ensure work is completed consistently, reliably, and error-free. Leadership is a critical factor in the success of any security operation, and good leaders are essential for the safety and protection of all personnel and assets.
Lesson Objectives
In this lesson, you will do the following:
- Explore security operations automation concepts.
- Understand automation technologies.
- Explore the relationship between security information and event management
(SIEM) and security orchestration, automation, and response (SOAR) products.
- Learn about the importance of processes and consistency in security operations.
Topics
- Exploring Leadership in Security Operations
- Understanding Technology for Security Operations
Lesson 5: Implementing Vulnerability Scanning Methods
Lesson Introduction
Vulnerability scanning is an essential component of network security. It identifies and assesses vulnerabilities that malicious attackers can exploit in a system or network. It is important to understand the different vulnerability scanning methods and the various concepts involved. There are two main types of vulnerability scanning methods: active and passive. Active scans require sending data to systems to check for vulnerabilities, while passive scans use existing monitoring tools such as IPS, IDS, and firewall logs to identify potential vulnerabilities. Understanding vulnerability scanning concepts is essential for effective vulnerability assessment and network security.
Lesson Objectives
In this lesson, you will do the following:
- Understand industry regulations.
- Explore vulnerability scanning concepts.
- Review security baselines.
- Understand special scanning considerations.
- Review operational technology.
Topics
- Explaining Compliance Requirements
- Understanding Vulnerability Scanning Methods
- Exploring Special Considerations in Vulnerability Scanning
Lesson 6: Performing Vulnerability Analysis
Lesson Introduction
Vulnerability analysis involves the evaluation of potential weaknesses in a system to identify and address any risks it exposes. Vulnerability analysis is a vital part of any cybersecurity program and is performed regularly to maintain a system’s security.
The process of performing a vulnerability analysis typically involves the identification of any potential weaknesses in a system, such as outdated software, unpatched applications, or misconfigurations. After identifying vulnerabilities, they are then evaluated to assess the level of risk they pose.
Lesson Objectives
In this lesson, you will do the following:
- Review Security Content Automation Protocol (SCAP).
- Explore the Common Vulnerability Scoring System (CVSS).
- Understand vulnerability validation concepts.
- Understand important contextual considerations.
Topics
- Understanding Vulnerability Scoring Concepts
- Exploring Vulnerability Context Considerations
Lesson 7: Communicating Vulnerability Information
Lesson Introduction
Communicating vulnerability information is a crucial element of cybersecurity. It
is vital to ensure that the right people are aware of the information, the proper communication channels are used, and that the information is conveyed effectively. Reports, alerts, advisories, and bulletins are often used to provide vulnerability information.
To effectively communicate vulnerability information, it is essential first to identify who needs to be informed and the best way to inform them. IT staff, executives, managers, and other stakeholders, such as vendors and partners, must be aware of vulnerabilities and any related issues.
Vulnerability information must be presented clearly and concisely, including technical details such as identifying affected applications and systems and providing instructions on how to remediate the issue. It is also important to provide links to additional resources, such as patch advisories.
Lesson Objectives
In this lesson, you will do the following:
- Understand vulnerability reporting concepts.
- Explore reporting best practices.
- Review Key Performance Indicators (KPI).
- Explore the role of action plans.
- Understand inhibitors to remediation.
Topics
- Explaining Effective Communication Concepts
Understanding Vulnerability Reporting Outcomes and Action Plans.
Lesson 8: Explaining Incident Response Activities
Lesson Introduction
Incident response activities are the steps taken by organizations to assess, contain, and recover from cybersecurity incidents. These activities involve identifying and assessing the incident, implementing containment measures to stop the incident from spreading, and developing a recovery plan. Organizations reduce the risks associated with cybersecurity incidents by effectively identifying, assessing, containing, and recovering from incidents.
Lesson Objectives
In this lesson, you will do the following:
- Explore incident response planning concepts.
- Understand incident response activities.
- Explore post-incident activities.
- Review incident response procedures.
- Review legal concerns in incident response.
Topics
- Exploring Incident Response Planning
- Performing Incident Response Activities
Lesson 9: Demonstrating Incident Response Communication
Lesson Introduction
The goal of continuous improvement in incident response is to improve the overall quality and speed of response to incidents by gathering and analyzing data about past incidents, identifying areas for improvement, and implementing strategies to improve incident response capabilities. Continuous improvement involves deploying technologies and tools to automate processes and improve efficiency. In addition to deploying technologies, continuous improvement also requires establishing processes and procedures to ensure prompt and efficient incident response practices. It is essential to regularly evaluate incident response activities and implement feedback loops between the incident response team and stakeholders and use this feedback to refine processes and procedures. Finally, analytics measure the response teams’ performance and identify improvement areas.
Lesson Objectives
In this lesson, you will do the following:
- Explore stakeholder communication.
- Understand the role of leadership in incident response.
- Learn about incident response reports.
- Review metrics and measures used in incident response.
Topics
- Understanding Incident Response Communication
- Analyzing Incident Response Activities
Lesson 10: Applying Tools to Identify Malicious Activity
Lesson Introduction
Identifying malicious computer activity is crucial to protecting a network from cyberattacks, unauthorized access, and breaches. Malicious activity takes many forms, from viruses and worms that can spread through a network to unauthorized access to a system and data. Rapid detection of malicious activity is essential to prevent widespread damage or a catastrophic data breach. Managing and inspecting log data plays a significant role in identifying malicious activity, and log data are also pivotal for forensic analysis. Network traffic and operating system monitoring are also key for detecting malicious activity as they provide real-time insight into the environment. By carefully analyzing networks, applications, and operating systems, it is possible to identify and respond to any signs of malicious activity quickly.
Lesson Objectives
In this lesson, you will do the following:
- Explore techniques used to identify malicious activity.
- Learn about command line tools used for domain analysis.
- Explore attack frameworks.
- Explore methods used in email analysis.
- Learn about frequently abused command line tools.
Topics
- Identifying Malicious Activity
- Explaining Attack Methodology Frameworks
Explaining Techniques for Identifying Malicious Activity
Lesson 11: Analyzing Potentially Malicious Activity
Lesson Introduction
Analyzing potentially malicious activity is an integral part of keeping systems secure. When suspicious activity is detected, it is important to investigate it promptly to determine the appropriate incident response steps warranted to mitigate the threat.
Many methods can detect suspicious activity, but monitoring network traffic and examining operating system, user account, and file access activity is very common. Windows and Linux systems include many built-in tools designed to identify processes running on the operating system and the network connections associated with them. For closer analysis, several third-party software utilities exist to provide detailed insights into system and user activity, vulnerabilities,
and potential configuration errors.
Lesson Objectives
In this lesson, you will do the following:
- Explore network attack indicators.
- Explore rogue device concepts.
- Understand operating system analysis concepts.
- Review data exfiltration methods.
- Review vulnerability assessment techniques.
Topics
- Exploring Network Attack Indicators
- Exploring Host Attack Indicators
- Exploring Vulnerability Assessment Tools
Lesson 12: Understanding Application Vulnerability Assessment
Lesson Introduction
Application vulnerability assessment identifies, classifies, and remediates security vulnerabilities in applications. Identifying application vulnerabilities requires specialized tools for web applications, cloud platforms, or binary reverse engineering. Analysts can use these specialized tools to inspect applications and identify weaknesses that generalized scanning tools may miss. Most specialized assessment tools require a deep familiarity with the underlying application architecture and its programmatic operation to understand the identified issues; however, detailed report output provides the information teams need to work together and remediate vulnerabilities.
Lesson Objectives
In this lesson, you will do the following:
- Explore different web application scanners.
- Learn about web application scanner capabilities.
- Review popular software debuggers.
- Explore different cloud assessment tools.
- Learn about cloud assessment tool capabilities.
Topics
- Analyzing Web Vulnerabilities
- Analyzing Cloud Vulnerabilities
Lesson 13: Exploring Scripting Tools and Analysis Concepts
Lesson Introduction
Malicious activity is any suspicious incident, including a precursor to an attack, unauthorized access, abnormal use, unusual utilization, a data breach, or denial of service, among others. It is important to be able to identify and analyze suspicious activity to protect systems and data from unauthorized access or unscheduled downtime. There are several ways to identify and analyze malicious activity, including monitoring system and network logs, analyzing use, endpoint protection software, and intrusion detection and prevention systems.
Lesson Objectives
In this lesson, you will do the following:
- Understand shell scripting concepts.
- Explore bash scripting.
- Review PowerShell concepts.
- Explore regular expressions.
- Explore analysis methods.
Topics
- Understanding Scripting Languages
- Identifying Malicious Activity Through Analysis
Lesson 14: Understanding Application Security and Attack Mitigation Best Practices
Lesson Introduction
Application attack mitigation best practices involve protecting web applications and their underlying infrastructure from cyberattacks. Some examples of defensive measures include input validation, strong authentication, encryption, patching, security testing, and others. More than one protection method is required. Many approaches, spanning design through operation and maintenance, must be employed to help keep applications safe and secure.
Lesson Objectives
In this lesson, you will do the following:
- Explore Secure Software Development Life Cycle concepts.
- Learn about authentication attacks and protections.
- Review overflow attack types.
- Explore injection attacks.
- Learn about mitigations for many different classes of attacks.
Topics
- Exploring Secure Software Development Practices
- Recommending Controls to Mitigate Successful Application Attacks
- Implementing Controls to Prevent Attacks