Security Analyst Track 1: Security Analyst

In this Skillsoft Aspire track of the Security Architect journey, the focus will be on cybersecurity fundamentals, system security, and information security.
Content:
E-learning courses

An Executive's Guide to Security: Understanding Security Threats

Course: 45 Minutes

• Course Overview
• Understanding the Attack Surface
• Network Hardening Explained
• What is a Demilitarized Zone?
• Threats vs. Vulnerabilities vs. Risks
• Top Security Threats
• Types of Attacks
• Physical Security
• Social Engineering
• The Importance of the Corporate Security Policy
• Password Protection Policies
• Why Never to Ask an Admin for Favors
• Exercise: Describe Security Threats

An Executive's Guide to Security: Protecting Your Information

Course: 46 Minutes

• Course Overview
• Security on the Road
• E-mail Security
• How to Handle Sensitive Data
• When and What to Share
• BYOD and IoT
• Wireless Networking Challenges
• Posting on Social Media
• The Importance of Security Programs
• Employee Training, Awareness, and Advocacy
• Balancing Up-Front Costs vs. Downtime in the Future
• Convenience vs. Security
• Exercise: Explain How to Protect Your Information

Cybersecurity 101: Session & Risk Management

Course: 1 Hour, 10 Minutes

• Course Overview
• Asset, Threats, and Vulnerabilities
• Risk Management
• Map Risks to Risk Treatments
• User Account Management
• Deploy User Account Security Settings
• HTTP Session Management
• Configure SSL and TLS Settings
• Mobile Device Access Control
• Data Confidentiality
• Implement Encryption for Data in Motion
• Implement Encryption for Data at Rest
• Exercise: Session Management and Encryption

Cybersecurity 101: Auditing & Incident Response

Course: 1 Hour, 9 Minutes

• Course Overview
• Security Auditing and Accountability
• Enable Windows File System Auditing
• Conduct a Vulnerability Assessment Using Windows
• Conduct a Vulnerability Assessment Using Linux
• Mobile Device Access Control
• Configure Mobile Device Hardening Policies
• Enable a Smartphone as a Virtual MFA Device
• Securing Applications
• Implement File Hashing
• Incident Response Planning
• Examine Network Traffic for Security Incidents
• Exercise: Auditing and Incident Response

Information Security: APT Defenses

Course: 1 Hour, 26 Minutes

• Course Overview
• Advanced Persistent Threat Introduction
• APT Lifecycle
• Motives and Targets of an APT
• APT Defense Best Practices
• Methods to Strengthen APT Defenses
• Dealing with Advanced Persistent Threats
• The Equation Group
• Key Tools Used in APT
• Dealing with Risks
• Risk Assessment to Protect Assets
• APT Checklists
• Course Summary

Information Security: NACs & Gateways

Course: 38 Minutes

• Course Overview
• BYOD and IoT Security Risks
• Challenges with BYOD
• NAC and Its Importance
• NAC Architecture
• Features of NAC
• Impact of Improperly Configured NAC
• NAC Elements
• Best Practices of Implementing NAC
• NAC Security Checklist
• NAC Authentication Methods
• Course Summary

Information Security: Subnetting & DNS for Security Architects

Course: 1 Hour, 6 Minutes

• Course Overview
• Subnetting and its Advantages
• The CIDR Notation
• Tips and Tricks in Subnetting
• VMs and Containers
• Deployment Considerations for VMs and Containers
• Best Practices for Deploying VMs
• Best Practices for VM and Container Security
• Types of DNS Attacks and their Mitigations
• Types of Subnetting Attacks and Mitigations
• Course Summary

Information Security: Securing Networking Protocols

Course: 57 Minutes

• Course Overview
• Common Protocols
• Security Issues of TCP/IP Model
• Threats, Vulnerabilities, and Mitigation
• Weak Protocols and Their Replacements
• Types of Security Protocols
• Uses of Security Protocols
• Importance of Security Protocols
• The Security-First Mindset
• Course Summary

Information Security: Hardened Security Topologies

Course: 43 Minutes

• Course Overview
• Security Topologies Introduction
• Designing Goals for Security Topology
• Advantages and Disadvantages of Security Topologies
• Impact of Integrating Cloud Topologies
• Layers of Security in Cloud Computing
• Methods to Harden Security Topologies
• Course Summary

Information Security: Continual Infrastructure Testing

Course: 44 Minutes

• Course Overview
• Continuous Security Practices Introduction
• Continuous Security in DevOps Environment
• Importance of Continuous Security
• Benefits of Using DevOps
• Continuous Security Monitoring
• DevOps Security Best Practices
• Secure DevOps Lifecycle
• DevOps Security Risks
• Tools for DevOps Testing
• Course Summary

Information Security: Security Governance

Course: 1 Hour, 15 Minutes

• Course Overview
• Governance and Management Comparison
• Types of IT Governance Frameworks
• Senior Management Roles and Responsibilities
• Ensuring Good IT Security Governance
• Risks and Opportunities
• Security Governance Program
• Governance Framework Structure
• Course Summary

Information Security: Honeypots

Course: 36 Minutes

• Course Overview
• Honeypot Introduction
• Types of Honeypots
• Role of Honeypots in Security
• Disadvantages of a Honeypot
• Honeypot Uses
• Honeypot Deployment Strategies
• Available Honeypot Products
• Placement of Honeypot in a Network
• Install and Configure a Honeypot
• Honeypot Data Analysis
• Course Summary

Information Security: Pen Testing

Course: 1 Hour, 35 Minutes

• Course Overview
• Pen Testing Process Introduction
• Need for Pen Testing
• Pen Testing and Vulnerability Assessment
• Types of Pen Testing
• Pen Testing Weaknesses
• Types of Pen Testing Tools
• Target Selection for Pen Testing
• Threat Actors
• Types of Assets
• Types of Risk Responses
• Metasploit Framework
• MSFvenom
• Course Summary

Online Mentor
• You can reach your Mentor by entering chats or submitting an email.
Final Exam assessment
• Estimated duration: 90 minutes
Practice Labs: Security Analyst (estimated duration: 8 hours)
• Practice Security Analysts tasks such as using file hashing, file encryption, Wireshark and performing code reviews. Then, test your skills by answering assessment questions after installing and configuring LXD, using group policy, configuring a honeypot and exploring the Metasploit framework. This lab provides access to tools typically used by Security Analysts, including:
o Kali Linux, Windows 10 and Windows Server 2019, PowerShell 5.1, Wireshark, Visual Studio Code

Security Architect Track 2: Forensics Analyst

In this Skillsoft Aspire track of the Security Architect journey, the focus will be on end-user awareness, anomaly detection, digital forensics, digital ethics & privacy, risk analysis, software assessment & audits, and cryptography.
Content:
E-learning courses

End-User Security: The End-User Perspective

Course: 54 Minutes

• Course Overview
• Concepts of Shared Responsibility
• Acceptable Use Policies
• Physical Security Controls
• Authentication Technologies
• Software and Hardware Updates
• Personal Security Suites and Endpoint Protection
• Web Browser Best Practices
• E-mail Security Fundamentals
• Cloud Security Issues
• Protecting Data at Rest
• Exercise: End-User Security

End-User Security: The Security Administrator Perspective

Course: 40 Minutes

• Course Overview
• The Present Threatscape
• Written Security Policies
• Security Training and Awareness
• Access Switch and WAP Security
• 802.1X and MACsec
• Endpoint Detection and Response
• Next-Generation Endpoint Protection
• Exercise: End-User Security

End-User Security: Securing End Users against Attackers

Course: 33 Minutes

• Course Overview
• Motives for Attacking Endpoints
• Malware-as-a-Service (MaaS)
• Phishing Techniques
• Ransomware
• Data Breach
• Cryptojacking
• Denial-of-Service
• Survey of Common Exploit Kits
• Exercise: End-User Security

Anomaly Detection: Aspects of Anomaly Detection

Course: 55 Minutes

• Course Overview
• Types of Anomalies
• Benefits of Anomaly Detection
• Traditional Approaches
• Manual vs. Automated Detection
• Baselining
• Multimodal Attributes
• Least Frequency of Occurrence
• Machine Learning
• Auto-periodicity Detection
• Course Summary

Anomaly Detection: Network Anomaly Detection

Course: 1 Hour, 12 Minutes

• Course Overview
• Network Behavior Anomaly Detection
• Frequency Analysis
• Beaconing
• Brute Force
• Protocol Analysis
• HTTPS Attacks
• SSH Protocol Attacks
• Population Analysis
• Hidden Connection Using Behavior Analytics
• Anomaly Detection Triage Methods
• Network Anomaly Analysis Techniques
• Mission Critical Areas
• Course Summary

Digital Forensic Techniques & Investigative Approaches

Course: 58 Minutes

• Course Overview
• Digital Forensics Concepts
• Types of Digital Forensics
• Investigations
• Digital Forensic Methodology
• Chain of Custody
• Evidence Handling
• Forensic Laboratories and Tools
• Legal
• Cloud Forensics
• Malware Forensics
• Digital Forensics and Ethics
• Live Forensics
• Exercise: Applying Digital Forensic Best Practices

Digital Forensic Techniques & Investigative Approaches

Course: 58 Minutes

• Course Overview
• Digital Forensics Concepts
• Types of Digital Forensics
• Investigations
• Digital Forensic Methodology
• Chain of Custody
• Evidence Handling
• Forensic Laboratories and Tools
• Legal
• Cloud Forensics
• Malware Forensics
• Digital Forensics and Ethics
• Live Forensics
• Exercise: Applying Digital Forensic Best Practices

Ethics & Privacy: Digital Forensics

Course: 35 Minutes

• Course Overview
• Expectation of Privacy
• Legal Authorization
• Attorney-Client Privilege
• Investigative Techniques
• Ethics in Digital Forensics
• Ethical Decision Making
• Regulating Ethical Behavior
• Conflict of Interest
• Qualifications and Training
• Analysis Standards
• Course Summary

Risk Analysis: Security Risk Management

Course: 39 Minutes

• Course Overview
• Understanding Risk
• Risk Management Concepts
• Categorizing Risk
• Selecting Security Controls
• Implementing Security Controls
• Assessing Security Controls
• Examining Risk
• Monitoring Controls
• Control Focused Risk Management
• Event Focused Risk Management
• Risk Communication
• Risk Response and Remediation
• Course Summary
• Privacy and Cookie PolicyTerms of Use

Cryptography: Introduction to Cryptography Services

Course: 57 Minutes

• Course Overview
• Goals of Information Security
• Introducing Cryptography Services
• Encryption Overview
• Demo: Caesar Cipher
• Introducing Symmetric Encryption
• Symmetric Encryption Algorithms
• Demo: Symmetric Encryption
• Introducing Asymmetric Encryption
• Asymmetric Encryption Algorithms
• Introduction to Hashing
• Common Hashing Algorithms
• Demo: Hashing
• Exercise: Encryption and Hashing

Cryptography: Introduction to PKI

Course: 1 Hour, 7 Minutes

• Course Overview
• Public Key Infrastructure Overview
• Certificates
• Demo: Certificate Properties
• Certificate Authorities
• Demo: Installing a CA
• Digital Signatures
• Secure Web Traffic with SSL
• Demo: SSL Enable a Website
• Certificate Revocation List
• Demo: CRLs In Use
• Exercise: Installing a CA & SSL Enabling a Website

Online Mentor
• You can reach your Mentor by entering chats or submitting an email.
Final Exam assessment
• Estimated duration: 90 minutes
Practice Labs: Forensics Analyst (estimated duration: 8 hours)
• Practice Forensics Analyst tasks such as implementing web browser best practices, preventing brute force attacks, installing SIFT and detecting and removing keylogger software. Then, test your skills by answering assessment questions after auditing network security, applying Caesar cipher encryption techniques, implementing secure coding techniques and symmetric encryption.

Security Architect Track 3: Vulnerability Analyst

In this Skillsoft Aspire track of the Security Architect journey, the focus will be on vulnerability management, IDS/IPS, authentication, secure coding, tracking incidents, developing security topologies, and security architectures.
Content:
E-learning courses

Security Vulnerabilities: Managing Threats & Vulnerabilities

Course: 54 Minutes

• Course Overview
• STRIDE Model of Threats
• User Identity Spoofing
• Integrity and Tampering Threats
• Authentication and Non-repudiation
• Information Privacy and Confidentiality
• Denial of Service
• Escalation of Privilege
• Security Misconfiguration
• Brute Force Attacks
• Basic Local Scans
• Remotely Scanning a Target
• Vulnerability Diagnostics
• Course Summary

Intrusion Detection: Best Practices

Course: 47 Minutes

• Course Overview
• Traffic Analysis for Network Security
• Intrusion Detection Techniques
• Network Forensic Analysis
• Application Control Types
• Sniffing and Sensors
• Signal and Noise
• IDS with Snort
• IDS with Bro
• Wireshark Network Monitoring
• Evading IDS with nmap
• Brute Force Analysis
• DOS Attack with nmap
• Course Summary

Intrusion Prevention: Best Practices

Course: 51 Minutes

• Course Overview
• Intrusion Prevention Techniques
• IPS Deployment Strategy
• IPS Systems
• Preventing Kernel Attacks
• Vulnerability Discovery
• Remediation Strategies
• Brute-Force Prevention
• Evasion Techniques
• Local System Awareness
• Detecting Malware Infections
• Packet Diversion
• Course Summary

Authentication & Encryption: Best Practices

Course: 57 Minutes

• Course Overview
• Authentication, Authorization, and Encryption
• Authentication Best Practices
• Authorization Best Practices
• Encryption Best Practices
• Key Symmetry
• Credential Security
• User Administration
• Security Policy Trade-offs
• SSH Configuration
• Certificate Creation
• Software Package Authenticity
• File Encryption and Decryption
• Course Summary

Security Topologies: Developing Secure Networks

Course: 1 Hour, 2 Minutes

• Course Overview
• Secure Network Challenges
• Secure Solutions
• DevOps Security Challenges
• Hybrid Cloud Security
• Preventing Insecure HTTP
• Web Application Security
• File Upload Execution
• SSH Client Proxy
• SSH Config
• Local Hosts Blocking
• User Account Discovery
• Linux Password Security
• Course Summary
• Privacy and Cookie PolicyTerms of Use

Security Architect: Secure Coding Concepts

Course: 58 Minutes

• Course Overview
• Security Architecture Principles
• Security Design
• Security Architecture Implementation
• Operational Security
• Automation and Testing
• Risk Assessment
• Finding Vulnerabilities
• Common Coding Pitfalls
• Security Standards
• Adapting to New Technology
• Cloud Application Security
• Secure Coding Practices
• Course Summary

Security Architectures: Defensible Security

Course: 47 Minutes

• Course Overview
• Modernizing Security Architectures
• Security Architecture Standards
• Defensible Architecture
• Zero-trust Model
• Layered Security
• Principle of Least Privilege
• Reproducible Builds
• Uncomplicated Firewall
• Targeted Firewall Configuration
• WireGuard VPN Config
• VPN Security
• Egress Filtering
• Course Summary

Online Mentor
• You can reach your Mentor by entering chats or submitting an email.
Final Exam assessment
• Estimated duration: 90 minutes
Practice Labs: Vulnerability Analyst (estimated duration: 8 hours)
• Practice Vulnerability Analyst tasks such as performing local network scans, configuring Snort IDS, configuring and implementing intrusion detection, as well as configuring remote access with Secure Shell. Then, test your skills by answering assessment questions after cleaning input data, managing incidents, and configuring secure HTTPS and VPN services.

Security Architect Track 4: Security Architect

In this Skillsoft Aspire track of the Security Architect journey, the focus will be on rules of engagement, ethical hacking, intelligent security orchestration, regulatory mandates, breach notification process, triage automation, and unified security playbook.
Content:
E-learning courses

Security Rules: Rules of Engagement

Course: 48 Minutes

• Course Overview
• Rules of Engagement
• Reference Checklist
• Scope of Engagement
• Client Considerations
• Risks and Limitations
• Logistics
• Incident Handling
• Testing
• Information Handling
• Reporting
• Liabilities
• Granting Authorization for Testing
• Course Summary

Security Architect: Ethical Hacking Best Practices

Course: 47 Minutes

• Course Overview
• Ethical Hacking Today
• Types of Ethical Hacking
• Types of Hackers
• Benefits of Ethical Hacking
• Rules of Engagement
• Vulnerability and Penetration Testing
• Ethical Hacking Tools
• Ethical Hacking Strategies and Techniques
• Incident Handling
• Ethical Hacking Checklist
• Exploits and Vulnerabilities
• Legal Considerations
• Course Summary

Intelligent Orchestration: Automating Security Incident Processing

Course: 56 Minutes

• Course Overview
• Security and Business Objectives
• Security and DevOps
• Security Compliance
• Attack Mitigation Tools and Techniques
• Incident Response
• Identifying Security Automation Candidates
• Automation and Orchestration
• Security Information and Event Management
• Security Orchestration Automation and Response
• Security Triage Automation
• Automation Playbooks
• Security and Machine Learning
• Course Summary

Regulatory Mandates: Security Program Regulatory Integration

Course: 40 Minutes

• Course Overview
• Security and Regulations
• Personally Identifiable Information
• Payment Card Industry Data Security Standard
• Health Insurance Portability and Accountability Act
• General Data Protection Regulation
• Gramm-Leach-Bliley Act
• Federal Information Security Management Act
• National Institute of Standard and Technology
• International Organization for Standardization
• Sarbanes-Oxley Act
• Course Summary

Data Security Breach Notification Process

Course: 52 Minutes

• Course Overview
• Security Breach Notification Plan
• Security Breach Notification Plan Best Practices
• Security Breach Notification Stakeholders
• Security Breach Categories
• Digital Privacy Act Breach Notification
• General Data Protection Regulation Breach Notification
• HIPAA Breach Notification Requirements
• Gramm Leach Bliley Act Breach Notification
• HIPAA Breach Notification to Individuals
• Breach Notification Noncompliance
• Breach Notification Requirements
• Security Breach Notification Risks
• Course Summary

Security Incident Triage

Course: 52 Minutes

• Course Overview
• Security Triage Strategy
• Security Triage Tools
• Security Triage Automation
• Security Triage Tips
• Security Triage Stakeholders
• Detecting Anomalies
• Protocol Anomalies
• Monitoring for Incidents
• Analyzing for SSH Activity
• Analyzing for DNS Activity
• Analyzing for HTTPS Activity
• Analyzing for Log Activity
• Course Summary

Unified Security: Playbook Approach to Security

Course: 46 Minutes

• Course Overview
• Security Automation
• Unified Playbook Approaches
• Crafting a Unified Playbook
• Security Transitions
• Security Playbook Goals
• Security Playbook Challenges
• Security Playbook Tools
• Ansible Playbooks
• Executing a Playbook
• Firewall Playbook
• Server Protection Playbook
• Automated Upgrades Playbook
• Course Summary

Online Mentor
• You can reach your Mentor by entering chats or submitting an email.
Final Exam assessment
• Estimated duration: 90 minutes
Practice Labs: Security Architect (estimated duration: 8 hours)
• Practice Security Architect tasks such as implementing testing best practices, executing Ansible playbooks, automating upgrades with playbooks, and analyzing SSH activity. Then, test your skills by answering