Overview

This online instructor led training course provides the knowledge to defend through incident detection and response at the intermediate-skills level of the cybersecurity career pathway.

In this course students will learn best practices in threat management, security architecture, vulnerability management, and cyber-incident response.

CompTIA CySA+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is compliant with government regulations under the Federal Information Security Management Act (FISMA). Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program.

Course Instructor: Shane Sexton

Course Outline

01. Introduction

  • Introduction to CySA+

02. Threat and Vulnerability Management

  • Threat Intelligence
  • Classifying Threat Actors
  • Threat Modelling and Research
  • Attack Frameworks
  • Vulnerability Management
  • Specialized Technology
  • Cloud Threats and Vulnerabilities
  • Memory Handling Bugs and Attacks
  • Improper Input Handling and Injection Attacks
  • Password Spraying and Credential Stuffing

03. Software and Systems Security

  • Infrastructure Management
  • Identity and Access Management
  • Software Development Concepts
  • Secure Coding Best Practices
  • Service Oriented Architecture
  • Hardware Security

04. Security Operations and Monitoring

  • Endpoint Security Monitoring
  • Network Security Monitoring
  • Log Review
  • Email Analysis
  • Further Security Monitoring Concepts
  • Security Configurations

05. Incident Response

  • Incident Response Considerations
  • Incident Response Procedures
  • Incident Response – Network IOCs
  • Incident Response – Host IOCs
  • Incident Response – Application IOCs
  • Basic Forensic Techniques

06. Compliance and Assessment

  • Data Privacy and Protection
  • Organizational Risk Mitigation
  • Frameworks, Policies, and Procedures

07. Demos

  • Security Lab Setup
  • Expanding the Security Lab with pfSense
  • Injection in DVWA
  • Stored XSS in DVWA
  • Reflected XSS in DVWA
  • nmap
  • hping
  • Wireshark
  • Cat, Head, and Tail
  • grep
  • SSH honeypot
  • Scoutsuite, Prowler, and Pacu
  • Making and Verifying Forensic Copies with dd and sha256sum
  • Common Linux Log Files
  • Windows Event Viewer

Skills Learned

After completing this online training course, students will be able to:

  • Assess information security risk in computing and network environments.
  • Analyze reconnaissance threats to computing and network environments.
  • Analyze attacks on computing and network environments.
  • Analyze post-attack techniques on computing and network environments.
  • Implement a vulnerability management program.
  • Collect cybersecurity intelligence.
  • Analyze data collected from security and event logs.
  • Perform active analysis on assets and networks.
  • Respond to cybersecurity incidents.
  • Investigate cybersecurity incidents.
  • Address security issues with the organization’s technology architecture.