TRAINING PROGRAM STRUCTURE

COURSE NAME: INTRODUCTION TO CYBER SECURITY

NB: We also have specialized curricula by cybersecurity field for expert levels.

Format: In-person Duration: 14 weeks

Target job title: Security analyst Target certification: CompTIA’s Security+

Target Beginners in cyber security and candidates targeting CompTIA Security+

demographics: certification
This course does not have prerequisites, assumes only the most basic
Prerequisites: knowledge of computers, and makes no assumptions regarding prior security
knowledge.
● Security terminology
● Basics of computer operating systems
● Networking basics
● Intro to identity and access management
Key skills covered:
● Phishing and social engineering
● Att&ck framework
● Product security basic concepts
● Introduction to cryptographic principles

WHO IS THIS COURSE FOR

This course emphasizes hands-on training and is designed for those who have
minimal computer and technology knowledge with no prior cyber security
experience. The step-by-step teaching approach enables you to learn all the
information presented, even if some of the topics are new to you. You will learn
real-world cyber security fundamentals to serve as the foundation of your career
skills and knowledge and prepare you to get a job as a Security Analyst while
providing the basic knowledge you need to prepare for the CompTIA’s Security+
certification.

This course is for:

 ● People who are new to cyber security and in need of an introduction to the
fundamentals of security
● Those who feel bombarded with complex technical security terms they don't
understand but want to understand.
● Professionals who need to be conversant in basic security concepts, principles,
and terms, but who don't need "deep in the weeds" details.
● Those who have decided to make a career change to take advantage of the
job opportunities in cyber security and need formal training/certification.
● Business managers who worry that their company may be the next
mega-breach headline story on the 8 o'clock news.

TRAINING OUTLINE

Week 1: Introduction to Cyber Security

● Introduction
● Definitions
o Privacy, intellectual property, ethics, etc.
● What is cyber security?
o CIA triad, IAA triad
o The field is constantly evolving.
● Governance
o Policies, standard, and procedures
o Risk assessment, evaluation, and management
o Compliance
● Security control frameworks
o NIST CSF, ISO 27001
● Orchestrated control frameworks
o Policies, compliance, inventory, access controls, firewall managements,
IDS, IPS, auditing.
● Case study: Cyber security demo (password cracker, extract credit card data,
etc.).
Week 2: Operating Systems and Infrastructure

● Introduction to Linux Terminal

o Navigating files and directories
o Create files/directories.
o Text, file manipulation (grep, less, vim)
o Managing permissions, users
o Ssh, scp, history, find, wildcards.
o Introduction to kali Linux
o Case study 1:
● Learn how to install Kali.
● Solve the challenge - Linux games
● Introduction to Windows Terminal
o Navigating files and directories
o Create files/directories.
o Text, file manipulation (type, etc)
o Managing permissions, users
o Ssh, scp, history, find, wildcards.
o Case study 2: Solve the challenge - Windows games

Week 3: Identity and Access Management

● Basics of access and authentication.

● Definitions (identification, authentication, authorization)
● Authentication: Kerberos, Chap, Certificates, Username/password, Tokens,
Multi-factor authentication, Mutual authentication, Biometric, Local vs remote
authentication, Single Sign-on
● Authorization: Granting access, revoking access, reviewing access.
● Data access control basics: MAC, DAC, RBAC
● Access control administration: Radius, SSO, multifactor authentication
● Case study: Configure Active Directory and GPO (using VPS)
Week 4: Cryptography

● The mathematics of encryption

o Cryptography concepts
o Prime numbers, pseudo-randomness, hashing
o Authentication, authorization, accounting, certificates, PGP keys,
wildcard, public key infrastructure.
o Case study 1: How can my colleague verify that my data is correct
without seeing what my data is ?
● The computer science of encryption
o Symmetric and asymmetric cryptography
o SSL, TLS, HTTPS
o Public key infrastructure
o The importance of key management
o Case study 2: Encode and decode messages using cyberchef

Week 5: Networking Basics

● Navigating an Interconnected World

● Network Anatomy: Elements, Types, and Connections
● Wireless Connectivity and Mobility
● Creating Your Personal Home Network
● Essentials of Communication Systems
● Diverse Network Transmission Methods
● Exploring the Access Layer in Networks
● Decoding Internet Protocol (IP)
● IPv4: Segmentation and Networks
● Understanding IPv6 Addressing and Regulations
● Dynamic Address Allocation through DHCP
● Gateways Across Networks
● Address Resolution Protocol (ARP) Demystified
 ● Inter-Network Routing Fundamentals
● Diving into TCP and UDP Protocols
● Application Layer Services
● VLAN and Variable-Length Subnet Masking (VLSM)
● Introduction to Routing Protocols
● Network Testing Utilities and Tools
● Case study: Use of Wireshark for packet capture and traffic analysis.

Week 6: Network Defense

● Network topology
● General approach: start with a simple network diagram and add layers of
additional components, showing security challenges that arise along the way.
● Wireless routers, firewalls, switches
● Wi-fi network security (WPA, WPA2, etc)
● IPSs, IDSs
● Firewall management
● Proxies for traffic
● Network stack
● Case study: How to crack WPA using aircrack

Week 7: Attack Framework

● Network threat concepts

o Red team vs Blue team
o Ethical hacking, penetration testing methodology, attack types, OWASP
top 10
o System hardening, log hunting, Splunk, incident response.
o Case study 1: Do the web exploitation challenges chosen on a given
website
● ATT&CK Framework
 o ATT&CK navigator tool
o ATT&CK framework lifecycle
o Leveraging ATT&CK as the Blue Team
▪ Detecting the defined tactics
▪ Preventing controls against the tactics
o Case study 2: Install Nessus and scan a vulnerable IP to discover critical,
high and medium vulnerabilities.

Week 8: Product Security

● Basic concepts
o What is product security? What is application security?
o Threat modeling
o Secure coding
o Secure development training (high level)
● Testing/verification techniques (e.g: static analysis, code review)
● Defenses (RASP, WAF)
● Case study 1: Using Microsoft Threat Modeling 2016 to secure an application
● Case study 2: Use snyk for software code scanning

Week 9: Human as the Weakest Link

● Threats of deception
o Social engineering (waizer training)
o Phishing, pretesting, baiting, quid pro quo, tailgating
o Personnel security
o Ransomware
o Case study: Create a payload. Command and control demo

Week 10: Ironsecur CTF (Catch The Flag) Challenge

IronSecur Catch The Flag Challenge website:

● Forensics
● Web 2 & 3
● Cryptography
● Reverse and Pwn
● Network

These challenges cover many different scenarios and are designed to introduce
you to other areas of cyber security.

Week 11 & 14 : Business immersion

● Introduction to IT project management

● Fundamentals of corporate life (professional etiquettes and behaviors,
business communications, etc.)
● Co-Ops and internship. You'll discover the world of a company and its
challenges.