Cybersecurity and Risk Management Specialist

This module provides a practical foundation in server and operating system environments used in enterprise infrastructure. You will learn how Windows Server and UNIX-based systems are structured, configured, managed, and maintained, with a focus on administration tasks, security considerations, and real-world operational use.

Module Lessons:

1. ➠ Operating Systems Fundamentals and Server Roles
2. ➠ Windows Server 2012/2016 Architecture and Core Services
3. ➠ UNIX/Linux Operating Systems: Structure, Permissions, and Processes
4. ➠ Windows vs. UNIX: Administrative Models and Use Cases
5. ➠ Managing Users, Services, Storage, and System Resources
6. ➠ Operational Scenarios and Real-World System Management Tasks

Tools and Technologies Covered:

This module builds a practical foundation in enterprise networking with a focus on Active Directory (AD) and the Domain Name System (DNS)—two of the most critical and most targeted components in modern environments. You will learn how these systems are designed, integrated, and secured to support authentication, authorization, and reliable network operations.

Module Lessons:

1. ➠ Networking Fundamentals and Enterprise Network Architecture
2. ➠ Active Directory Essentials: Domains, Trusts, and Authentication
3. ➠ Domain Name System (DNS): Name Resolution and Network Dependency
4. ➠ Integrating Active Directory and DNS in Enterprise Environments
5. ➠ Enterprise Networking Models, Segmentation, and Trust Boundaries
6. ➠ Securing Network Services: AD & DNS Attack Vectors and Defenses

Tools and Technologies Covered:

This module builds practical scripting skills using PowerShell and batch scripting to automate system administration, enforce configuration, and respond to operational and security tasks at scale. You will learn how to write, modify, and combine scripts to manage systems efficiently, reduce human error, and support real-world IT and security operations.

Module Lessons:

1. ➠ Scripting Fundamentals and Automation Use Cases
2. ➠ PowerShell Basics: Cmdlets, Pipelines, and Objects
3. ➠ Advanced PowerShell: Functions, Modules, Error Handling, and Remoting
4. ➠ Batch Scripting Fundamentals in Legacy and Hybrid Environments
5. ➠ Integrating PowerShell and Batch Scripts for Automation Workflows
6. ➠ Operational and Security Automation in Real IT Environments

Tools and Technologies Covered:

This module focuses on how IT services are operated, stabilized, and improved in real-world environments. You will learn how incident, problem, and change management processes work together to restore services quickly, reduce recurring failures, and implement changes without causing outages or business disruption.

Module Lessons:

1. ➠ IT Service Management (ITSM): Purpose, Scope, and Operational Impact
2. ➠ Incident Management: Detection, Prioritization, Escalation, and Resolution
3. ➠ Problem Management: Root Cause Analysis and Preventing Recurring Incidents
4. ➠ Change Management: Risk Assessment, Approval, and Controlled Deployment
5. ➠ Coordinating Incident, Problem, and Change Processes in Live Environments
6. ➠ Operational Scenarios, Failures, and Real-World Case Analysis

Tools and Technologies Covered:

This module provides hands-on experience in building and managing secure infrastructure environments. You will learn how to deploy and configure virtual machines on physical and cloud platforms, design secure remote connectivity using VPNs, and manage access between Windows and UNIX servers—focusing on stability, isolation, and secure communication.

Module Lessons:

1. ➠ Infrastructure Fundamentals: Physical, Virtual, and Cloud Environments
2. ➠ Deploying and Configuring Virtual Machines and Hypervisors
3. ➠ Integrating Cloud Platforms with On-Premise Infrastructure
4. ➠ Designing and Implementing Secure VPN Connectivity
5. ➠ Remote Server Access and Management: Windows & UNIX Systems
6. ➠ Infrastructure Hardening and Operational Best Practices

Tools and Technologies Covered:

This module establishes the core security mindset required to protect modern systems and data. You will learn how security controls are applied to reduce risk, how authentication and authorization failures lead to breaches, and how basic cryptographic mechanisms are used to protect information—building a foundation for secure system design and operation.

Module Lessons:

1. ➠ Information Security Fundamentals and Threat-Based Thinking
2. ➠ Security Controls: Preventive, Detective, and Corrective Measures
3. ➠ Authentication and Authorization: Identity, Access, and Failure Scenarios
4. ➠ Cryptography Basics: Protecting Data at Rest and in Transit
5. ➠ Applying Security Principles, Tools, and Defensive Practices

Tools and Technologies Covered:

This module trains you to evaluate organizational risk from a business and security perspective. You will learn how to identify threats, assess their likelihood and impact, prioritize risks based on business consequences, and define mitigation strategies that balance security, cost, and operational reality.

Module Lessons:

1. ➠ Risk Analysis Fundamentals and Business Context
2. ➠ Identifying Threats, Vulnerabilities, and Risk Scenarios
3. ➠ Risk Assessment: Likelihood, Impact, and Prioritization
4. ➠ Risk Treatment Options: Mitigation, Transfer, Acceptance, and Avoidance
5. ➠ Monitoring, Reviewing, and Communicating Risk Decisions

Tools and Technologies Covered:

This module develops a threat-focused security mindset by examining how modern attacks are executed across people, systems, networks, and physical environments. You will learn how to identify common and advanced threat types, understand how attackers combine techniques, and recognize early indicators of compromise to reduce risk and improve defensive response.

Module Lessons:

1. ➠ Security Threat Analysis and Adversary Mindset
2. ➠ Social Engineering Attacks and Human Exploitation Techniques
3. ➠ Malware and Software-Based Threats: Infection, Persistence, and Impact
4. ➠ Network-Based Threats: Reconnaissance, Exploitation, and Lateral Movement
5. ➠ Wireless Threats: Rogue Access, Interception, and Unauthorized Access
6. ➠ Physical Security Threats and Their Impact on Cybersecurity
7. ➠ Identifying Emerging and Advanced Threat Patterns

Tools and Technologies Covered:

This module focuses on identifying, assessing, and managing system vulnerabilities in real operating environments. You will learn how to conduct security assessments, distinguish vulnerabilities from actual risk, prioritize remediation based on business impact, and validate fixes through testing and continuous monitoring.

Module Lessons:

1. ➠ Security Assessments: Purpose, Scope, and Limitations
2. ➠ Identifying System Vulnerabilities Across Infrastructure and Applications
3. ➠ Risk Assessment: Exploitability, Impact, and Prioritization
4. ➠ Planning Security Assessments and Remediation Activities
5. ➠ Vulnerability Remediation: Patching, Configuration, and Compensating Controls
6. ➠ Penetration Testing Basics: Validation and Assumption Testing
7. ➠ Continuous Monitoring and Reassessment of Security Posture
8. ➠ Reporting Findings and Communicating Risk to Stakeholders

Tools and Technologies Covered:

This module focuses on implementing security controls across modern computing environments, including host systems, endpoints, cloud platforms, and application development workflows. You will learn how to apply defensive measures, integrate security into the software development lifecycle, monitor system behavior, and assess security posture to reduce risk across the full technology stack.

Module Lessons:

1. ➠ Host, Endpoint, and Software Security: Scope and Threat Landscape
2. ➠ Securing Host Systems: Hardening, Configuration, and Patch Management
3. ➠ Endpoint Security Controls and Device Protection
4. ➠ Cloud Security: Shared Responsibility and Control Implementation
5. ➠ Securing the Software Development Lifecycle (SDLC)
6. ➠ Application Security: Common Flaws and Defensive Techniques
7. ➠ Monitoring, Detection, and Incident Response Integration
8. ➠ Security Assessments and Continuous Improvement

Tools and Technologies Covered:

Covers the configuration of network security technologies, securing key network design components, implementing secure networking protocols, and safeguarding wireless traffic—enabling students to build and maintain secure network infrastructures.

Module Lessons:

1. ➠ Network Security Presentation
2. ➠ Network Security Technologies
3. ➠ Secure Network Design
4. ➠ Secure Networking Protocols
5. ➠ Wireless Network Security
6. ➠ Monitoring and Managing Network Security
7. ➠ Hands-on Implementation

Tools and Technologies Covered:

This module focuses on securing identities—the primary attack surface in modern environments. You will learn how to design, configure, and manage Identity and Access Management (IAM) systems, enforce authentication and authorization controls, and prevent unauthorized access to critical systems and data across enterprise and cloud environments.

Module Lessons:

1. ➠ Identity and Access Management (IAM): Threats, Purpose, and Business Impact
2. ➠ Directory Services and Centralized Identity Management
3. ➠ Authentication Mechanisms: MFA, Passwordless, and Risk-Based Access
4. ➠ Identity Federation, SSO, and Trust Relationships
5. ➠ User and Privileged Account Lifecycle Management
6. ➠ Authorization Models, Least Privilege, and Access Enforcement
7. ➠ Hands-On IAM Configuration and Access Control Implementation

Tools and Technologies Covered:

This module dives into the practical application of cryptography in modern security environments. You will learn how to select cryptographic algorithms based on threat models, design and configure Public Key Infrastructure (PKI), and manage the full certificate lifecycle—including enrollment, backup, recovery, and revocation—to protect data and secure communications at scale.

Module Lessons:

1. ➠ Cryptography Fundamentals and Real-World Use Cases
2. ➠ Selecting Cryptographic Algorithms: Strength, Performance, and Risk
3. ➠ Public Key Infrastructure (PKI): Architecture and Trust Models
4. ➠ Certificate Lifecycle Management: Issuance, Rotation, Revocation, and Recovery
5. ➠ Cryptographic Protocols and Secure Communication Design
6. ➠ Hands-On Implementation of Encryption, PKI, and Certificates
7. ➠ Common Cryptographic Failures and Secure Design Best Practices

Tools and Technologies Covered:

This module focuses on how security is enforced, maintained, and monitored in real operating environments. You will learn to evaluate security frameworks, translate policies into actionable controls, and implement operational, data, and physical security measures that reduce risk, support business objectives, and withstand real-world threats.

Module Lessons:

1. ➠ Operational Security (OpSec): Purpose, Scope, and Business Impact
2. ➠ Applying Security Frameworks and Industry Guidelines in Operations
3. ➠ Security Documentation, Policies, and Enforcement Mechanisms
4. ➠ Implementing Operational Security Strategies and Controls
5. ➠ Data Security Processes: Access Control, Classification, and Protection
6. ➠ Physical Security Controls and Environmental Safeguards
7. ➠ Continuous Monitoring, Incident Detection, and Operational Response

Tools and Technologies Covered:

This module trains you to detect, analyze, and respond to real-world security incidents under pressure. You will learn how to identify active threats, troubleshoot security failures, contain incidents quickly, and conduct investigations that prevent repeat attacks—turning incidents into actionable security improvements.

Module Lessons:

1. ➠ Understanding Security Incidents and Attack Scenarios
2. ➠ Identifying, Triage, and Troubleshooting Common Security Issues
3. ➠ Incident Response Lifecycle: Detection, Containment, Eradication, Recovery
4. ➠ Investigating Security Incidents and Root Cause Analysis
5. ➠ Incident Documentation, Reporting, and Stakeholder Communication
6. ➠ Post-Incident Review and Strengthening Defensive Controls

Tools and Technologies Covered:

Select Business Continuity and Disaster Recovery processes to ensure rapid recovery of critical systems. Develop a Business Continuity Plan to maintain operations and minimize downtime during disruptions.

Module Lessons:

1. ➠ Business Continuity and Disaster Recovery (BC/DR)
2. ➠ Business Impact Analysis (BIA)
3. ➠ Developing a Business Continuity Plan (BCP)
4. ➠ Disaster Recovery Planning (DRP)
5. ➠ Strategies for Minimizing Downtime
6. ➠ Conducting BC/DR Drills and Audits

Tools and Technologies Covered:

Plan network penetration testing by conducting both external and internal assessments, along with testing wireless networks. Identify vulnerabilities and security gaps across all network layers. Finally, generate a comprehensive report detailing the findings and recommended improvements.

Module Lessons:

1. ➠ Introduction to Network Penetration Testing
2. ➠ Planning and Preparation for Penetration Testing
3. ➠ External Network Testing
4. ➠ Internal Network Testing
5. ➠ Wireless Network Penetration Testing
6. ➠ Post-Exploitation and Reporting

Tools and Technologies Covered:

Plan for application penetration testing, covering both external and internal assessments to identify vulnerabilities. Focus on backend testing, including SQL, PL/SQL, and TOAD, to evaluate stored procedures, DBMS principles, and database objects. Generate a comprehensive report to outline findings and remediation strategies.

Module Lessons:

1. ➠ Planning for Application Penetration Testing
2. ➠ Backend Testing Fundamentals
3. ➠ SQL Injection and Database Exploits
4. ➠ Application Vulnerabilities Assessment
5. ➠ Reporting and Remediation

Tools and Technologies Covered:

Overview of DDoS attacks, including how to onboard an application for protection. Focus on monitoring the application during a DDoS attack to ensure security and minimize disruption. Implement strategies for early detection and effective response.

Module Lessons:

1. ➠ Understanding DDoS Attacks
2. ➠ Onboarding Applications for DDoS Protection
3. ➠ Monitoring During a DDoS Attack
4. ➠ DDoS Detection and Response Strategies
5. ➠ Post-Attack Analysis and Remediation

Tools and Technologies Covered:

Provides an overview of Web Application Firewalls (WAF), covering the process of onboarding and monitoring applications under WAF, as well as the differences between blocking and alert modes for effective security management.

Module Lessons:

1. ➠ Importance of Web Application Firewalls (WAF)
2. ➠ Onboarding Applications to a WAF
3. ➠ Monitoring Applications under WAF
4. ➠ Blocking vs. Alert Modes
5. ➠ Best Practices for WAF Configuration

Tools and Technologies Covered:

An overview of policies, standards, and guidelines, including their importance in establishing security frameworks. This covers ISO formats for standardized documentation, application security policies and standards, and network security policies and standards to ensure robust protection across all layers.

Module Lessons:

1. ➠ Definitions and distinctions between Policies, Standards, and Guidelines
2. ➠ ISO Standards and Documentation
3. ➠ Application Security Policies and Standards
4. ➠ Network Security Policies and Standards
5. ➠ Implementing and Maintaining Security Frameworks

Tools and Technologies Covered: