1. Security Data Analytics: What’s Going On?

2. Defense in Depth: This Is Where It Begins

3. Defense in Depth: What Tools Can You Use?

4. Defense in Depth: Drill, Test, Rinse, Repeat5. The Fundamentals of Frameworks, Policies, Controls, & Procedures

1. What Is Networking?
2. Networking Hardware, Services, and Configuration Concepts
3. Wireless and Internet Connection Types and Their Features
4. IoT Devices and the Smart Home
5. Install and Configure a Basic Home and Small Business Network

1. It’s All About Control
2. Managing Your Secret Identity
3. Other Authentication Methods
4. Identity Repositories
5. Building the Lab
6. Looking at the Exploits

1. What’s the Software Development Life Cycle (SDLC)?
2. Software Development Phases
3. Software Development Models
4. Software Vulnerabilities
5. Coding Best Practices
6. Code Reviews
7. Security Testing in Action

1. The Two Steps
2. Initially, What Do You Look For?
3. The More You Look, the More You Find
4. Other Reconnaissance Techniques
5. Reconnaissance via Google Hacking
6. Let’s Not Forget PowerShell
7. Overview of Scanning
8. Understanding the 3-way Handshake
9. Checking for ‘Live’ Systems and Their Open Ports
10.  Types of Scanning
11.  Banner Grabbing and OS Fingerprinting
12.  More Tools for the Utility-belt
13.  Threats from Wireless

1. What Do You Need to Start?
2. Shaping and Implementing Your Vulnerability Scans
3. The Scanners
4. Analyzing Vulnerability Scans
5. Remediation and Change Control
6. Remediating Host Vulnerabilities
7. Remediating Network Vulnerabilities
8. Remediating Virtual Environments Vulnerabilities

1.   Global Industrial Cybersecurity Professional (GICSP) Overview
2.   Overview of ICS
3.   Purdue Levels 0 and 1C
4.   Purdue Levels 2 and 35.   DCS and SCADA

1.   ICS Life Cycle Challenges
2.   Physical and Cyber Security
3.   Secure ICS Network Architectures

1.   ICS Attack Surface
2.   Purdue Level 0 and 1
3.   Ethernet and TCP/IP

1.   Enforcement Zone Devices
2.   Understanding Basic Cryptography
3.   Wireless Technologies
4.   Wireless Attacks and Defenses
5.   Purdue Level 2 and 3 Attacks

1.   Patching ICS Systems
2.   Defending Unix and Linux
3.   Endpoint Security Software
4.   Event Logging and Analysis
5.   Remote Access Attacks

1.   Defending Unix and Linux
2.   Endpoint Protection and SIEMS
3.   Building an ICS Cyber Security Program
4.   Creating ICS Cyber Security Policy
5.   Measuring Cyber Security Risk
6.   Incident Response

1.   Introduction
2.   Defensible Network Architecture
3.   Protocols and Packet Analysis
4.   Network Device Security
5.   Virtualization and Cloud
6.   Securing Wireless Networks

1.    Defense-in-Depth Overview   
2.    Identity and Access Management
3.    Authentication and Password Security
4.    CIS Controls
5. Data Loss Prevention      
6.    Security Plans and Risk Management

1.     Vulnerability Assessment  
2.     Penetration Testing
3.     Attacks and Malicious Software
4.    Web Application Security
5.    Security Operations and Log Management
6.    Digital Forensics and Incident Response

1.    Cryptography
2.    Cryptography Algorithms and Deployment
3.    Applying Cryptography
4.    Network Security Device
5.    Endpoint Security

1.    Windows Security Infrastructure
2.    Windows as a Service
3.    Windows Access Controls
4.    Enforcing Security Policy
5.    Network Services and Cloud Computing
6.    Automation, Auditing, and Forensics

1.    Linux Fundamentals: Structure, Permissions, and Access Control
2.    Linux Security Enhancements and Infrastructure
3.    Containerized Security
4.    macOS Security
5.    Mobile Device Security

1.    Threats, vulnerabilities, and consequences
2.    Advanced persistent threats
3.    The state of security today
4.    Why security matters to DoD

1.    The interrelated components of the computing environment
2.    Cybersecurity models (the CIA triad, the star model, the Parkerianhexad)
3.    Variations on a theme: computer security, information security, and information assurance

1.    Security governance
2.    Management models, roles, and functions

1.    Information security roles and positions
2.    Alternative enterprise structures and interfaces

1.    Strategy
2.    Strategic planning and security strategy
3.    The information security lifecycle
4.    Architecting the enterprise

1.    Levels of planning
2.    Planning misalignment
3.    The System Security Plan (SSP)
4.    Policy development and implementation

1.    Timeline of U.S. laws related to information security
2.    The Federal Information Security Management Act (FISMA)

1.    Security standards and controls
2.    Certification and accreditation (C&A)

1.    Principles of risk
2.    Types of risk
3.    Risk strategies
4.    The Risk Management Framework (RMF)

1.    The challenge of security metrics
2.    What makes a good metric
3.    Approaches to security metrics
4.    Metrics and FISMA

1.    Physical and environmental threats
2.    Physical and environmental controls

1.    Developing a contingency plan
2.    Understanding the different types of contingency plan
3.    Responding to events

1.    Human factors in security
2.    Developing and implementing a security training plan
3.    Cross-domain training (IT and other security domains)

1.    The purpose of certification and accreditation
2.    Trends in certification and accreditation

1.    The strategic direction of DoD IT and information security
2.    Responsibilities within the DoD enterprise

1.    Key future uncertainties
2.    Possible future scenarios
3.    How to apply what you’ve learned

1.1 Implement and maintain authentication methods

1. Single/multifactor authentication
2. Single sign-on
3. Device authentication Federated access

1.2 Support internetwork trust architectures

1. Trust relationships (e.g., 1-way, 2-way, transitive)
2. Extranet
3. Third-party connections

1.3 Participate in the identity management lifecycle

1. Authorization
2. Proofing
3. Provisioning/de-provisioning
4. Maintenance
5. Entitlement
6. Identity and Access Management (IAM) systems

1.4 Implement access controls

1. Mandatory
2. Non-discretionary
3. Discretionary
4. Role-based
5. Attribute-based
6. Subject-based
7. Object-based

2.1 Comply with codes of ethics

1. Code of Ethics
2. Organizational code of ethics
3. Understand security concepts

2.2 Understand security concepts

2.3 Document, implement and maintain functional security controls

1. Deterrent controls
2. Preventative controls
3. Detective controls
4. Corrective controls
5. Compensating controls

2.4 Participate in asset management

1. Lifecycle (hardware, software, and data)
2. Hardware inventory
3. Software inventory and licensing
4. Data storage

2.5 Implement security controls and assess compliance

1. Technical controls (e.g., session timeout, password aging)
2. Physical controls (e.g., mantrap, cameras, locks)
3. Administrative controls (e.g., security policies and standards, procedures, baselines)
4. Periodic audit and review

2.6 Participate in change management

1. Execute change management process
2. Identify the security impact
3. Testing /implementing patches, fixes, and updates (e.g., operating system, applications, SDLC)

2.7 Participate in security awareness and training

2.8 Participate in physical security operations (e.g., data center assessment, badging)

3.1 Understand the risk management process

1. Risk visibility and reporting (e.g., risk register, sharing threat intelligence, Common Vulnerability Scoring System (CVSS))
2. Risk management concepts (e.g., impact assessments, threat modeling, Business Impact Analysis (BIA))
3. Risk management frameworks (e.g., ISO, NIST)
4. Risk treatment (e.g., accept, transfer, mitigate, avoid, recast)

3.2 Perform security assessment activities

1. Participate in security testing
2. Interpretation and reporting of scanning and testing results
3. Remediation validation
4. Audit finding remediation

3.3 Operate and maintain monitoring systems (e.g., continuous monitoring)

1. Events of interest (e.g., anomalies, intrusions, unauthorized changes, compliance monitoring)
2. Logging
3. Source systems
4. Legal and regulatory concerns (e.g., jurisdiction, limitations, privacy)

3.4 Analyze monitoring results

1. Security baselines and anomalies
2. Visualizations, metrics, and trends (e.g., dashboards, timelines)
3. Event data analysis
4. Document and communicate findings (e.g., escalation)

4.1 Support incident lifecycle

1. Preparation
2. Detection, analysis, and escalation
3. Containment
4. Eradication
5. Recovery
6. Lessons learned/implementation of new countermeasure

4.2 Understand and support forensic investigations

1. Legal and ethical principles
2. Evidence handling (e.g., first responder, triage, chain of custody, preservation of scene)

4.3 Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities

1. Emergency response plans and procedures (e.g., information system contingency plan)
2. Interim or alternate processing strategies
3. Restoration planning
4. Backup and redundancy implementation
5. Testing and drills

5.1 Understand the fundamental concepts of cryptography

1. Fundamental key management concepts (e.g., key rotation, key composition, key creation, exchange, revocation, escrow)
2. Web of Trust (WOT) (e.g., PGP, GPG)
3. Hashing
4. Salting
5. Symmetric/asymmetric encryption/Elliptic Curve Cryptography (ECC)
6. Non-repudiation (e.g., digital signatures/certificates, HMAC, audit trail)
7. Encryption algorithms (e.g., AES, RSA) » Key strength (e.g., 256, 512, 1024, 2048 bitkeys)
8. Cryptographic attacks, cryptanalysis, and counter measures

5.2 Understand the reasons and requirements for cryptography

1. Confidentiality
2. Integrity and authenticity
3. Data sensitivity (e.g., PII, intellectual property, PHI)
4. Regulatory

5.3 Understand and support secure protocols

1. Services and protocols (e.g., IPSec, TLS, S/MIME, DKIM)
2. Common use cases
3. Limitations and vulnerabilities

5.4 Understand Public Key Infrastructure (PKI) systems

1. Fundamental key management concepts (e.g., key rotation, key composition, key creation, exchange, revocation, escrow)
2. Web of Trust (WOT) (e.g., PGP, GPG)

6.1 Understand and apply fundamental concepts of networking

1. OSI and TCP/IP models
2. Network topographies (e.g., ring, star, bus, mesh, tree)
3. Network k relationships (e.g., peer to peer, client server)
4. Transmission media types (e.g., fiber, wired, wireless)
5. Commonly used ports and protocols

6.2 Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning)

6.3 Manage network access controls

1. Network access control and monitoring (e.g., remediation, quarantine, admission)
2. Network access control standards and protocols (e.g., IEEE 802.1X, Radius, TACACS)
3. Remote access operation and configuration (e.g., thin client, SSL VPN, IPSec VPN, telework)

6.4 Manage network security

1. Logical and physical placement of network devices (e.g., inline, passive)
2. Segmentation (e.g., physical/logical, data/control plane, VLAN, ACLs)
3. Secure device management

6.5 Operate and configure network-based security devices

1. Firewalls and proxies (e.g., filtering methods)
2. Network intrusion detection/prevention systems
3. Routers and switches
4. Traffic-shaping devices (e.g., WAN optimization, load balancing)

6.6 Operate and configure wireless technologies (e.g., Bluetooth, NFC, WiFi)

1. Transmission security
2. Wireless security devices (e.g. WIPS, WIDS)

7.1 Identify and analyze malicious code and activity

1. Malware (e.g., rootkits, spyware, scareware, ransomware, trojans, virus, worms, trapdoors, backdoors, and remote access trojans)
2. Malicious code countermeasures (e.g., scanners, anti-malware, code signing, sandboxing)
3. Malicious activity (e.g., insider threat, data theft, DDoS, botnet)
4. Malicious activity countermeasures (e.g., user awareness, system hardening, patching, sandboxing, isolation)

7.2 Implement and operate endpoint device security

1. HIDS
2. Host-based firewalls
3. Application whitelisting
4. Endpoint encryption
5. Trusted Platform Module (TPM)
6. Mobile Device Management (MDM) (e.g., COPE, BYOD)
7. Secure browsing (e.g., sandbox)

7.3 Operate and configure cloud security

1. Deployment models (e.g., public, private, hybrid, community)
2. Service models (e.g., IaaS, PaaS, and SaaS)
3. Virtualization (e.g., hypervisor)
4. Legal and regulatory concerns (e.g., privacy, surveillance, data ownership, jurisdiction, eDiscovery)
5. Data storage and transmission (e.g., archiving, recovery, resilience)
6. Third-party/outsourcing requirements (e.g., SLA, data portability, data destruction, auditing)
7. Shared responsibility model

7.4 Operate and secure virtual environments

1. Software-defined networking
2. Hypervisor
3. Virtual appliances
4. Continuity and resilience
5. Attacks and countermeasures
6. Shared storage

1.    OSI and TCP/IP network Models
2.    Types of networks
3.    Network topologies
4.    Network components
5.    Protocols in TCP/IP protocol stack
6.    IP addressing concept
7.    Computer Network Defense
8.    Fundamental CND attributes
9.    CND elements
10.  CND process and Approaches

1.   Threat, attack, and vulnerability
2.   Network security concerns
3.   Effect of a network security breach on business continuity
4.   Types of network threats
5.   Types of network security vulnerabilities
6.   Types of network attacks

1.    Fundamental elements of network security
2.    Network access control mechanism
3.    Types of access controls
4.    Network Authentication, Authorization and Auditing (AAA) mechanism
5.    Network data encryption mechanism
6.    Public Key Infrastructure (PKI)
7.    Network security protocols8.    Network security devices

1.    Security policy
2.    Hierarchy of security policy
3.    Characteristics of a good security policy
4.    Typical content of security policy
5.    Understanding the policy statement
6.    Steps for creating and implementing security policy
7.    Designing of security policy
8.    Implementation of security policy
9.    Types of security policy
10.  Various information security-related standards, laws, and acts

1.    Understanding physical security
2.    Importance of physical security
3.    Factors affecting physical security
4.    Various physical security controls
5.    Understanding the selection of Fire Fighting Systems
6.    Various access control authentication techniques
7.    Workplace security
8.    Personnel security
9.    Environmental Controls
10.  Importance of physical security awareness and training

1.    Understanding host security
2.    Importance of securing individual hosts
3.    Threats specific to hosts
4.    Paths to host threats
5.    Purpose of the host before an assessment
6.    Host security baselining
7.    OS security baselining
8.    Security requirements for different types of servers
9.    Security requirements for hardening of routers
10.  Security requirements for hardening of switches
11.  Data security concerns when data is at rest, in use, and in motion
12.  Understanding virtualization security

1.    Understanding firewalls
2.    Firewall security concerns
3.    Firewall technologies
4.    Firewall topologies
5.    Selection of firewall topologies
6.    Designing and configuring firewall ruleset
7.    Implementation of firewall policies
8.    Deployment and implementation of firewall
9.    Factors to considers before purchasing any firewall solution
10.  Configuring, testing, and deploying of firewalls
11.  Management, maintenance, and administration of firewall implementation
12.  Firewall logging
13.  Measures for avoiding firewall evasion14.  Firewall security best practices

1.    Different types of intrusions and their indications
2.    Understanding IDPS
3.    Role of IDPS in network defense
4.    Functions, components, and working of IDPS
5.    Types of IDS implementation
6.    Staged deployment of NIDS and HIDS
7.    Fine-tuning of IDS by minimizing false positive and false negative rate
8.    Characteristics of good IDS implementation
9.    Common IDS implementation mistakes and their remedies
10.  Types of IPS implementation
11.  Requirements for selecting appropriate IDSP product
12.  Technologies complementing IDS functionality

1.    Virtual Private Network (VPN) and it’s working
2.    Importance of establishing VPN
3.    VPN components
4.    Implementation of VPN concentrators and its functions
5.    Types of VPN technologies
6.    Components for selecting appropriate VPN technology
7.    Core functions of VPN
8.    Topologies for implementation of VPN
9.    VPN security concerns
10.  Security implications to ensure VPN security and performance

1.    Understanding wireless network
2.    Wireless standards and network topologies
3.    Use of wireless networks
4.    Wireless network components
5.    Wireless encryption (WEP, WPA,WPA2) technologies
6.    Authentication methods for wireless networks
7.    Types of threats on wireless networks
8.    Inventory for wireless network components
9.    Appropriate placement of Wireless Access Point (AP)
10.  Monitoring of wireless network traffic
11.  Detection and locating of rogue access points
12.  Prevention of wireless network from RF interference
13.  Security implications for wireless network

1.    Understanding network traffic monitoring
2.    Importance of network traffic monitoring
3.    Techniques used for network monitoring and analysis
4.    Appropriate position for network monitoring
5.    Connection of network monitoring system with a managed switch
6.    Network traffic signatures
7.    Baselining for normal traffic
8.    Categories of suspicious traffic signatures
9.    Techniques for attack signature analysis
10.  Wireshark components, working, and features
11.  Use of various Wireshark filters
12.  Monitoring LAN traffic against policy violation
13.  Security monitoring of network traffic
14.  Detection of various attacks using Wireshark15.  Network bandwidth monitoring and performance improvement

1.   Understanding risk and risk management
2.   Key roles and responsibilities in risk management
3.   Key Risk Indicators (KRI) in risk management
4.   Phase involves in risk management
5.   Enterprise network risk management
6.   Risk management frameworks
7.   Best practices for effective implementation of risk management
8.   Vulnerability management
9.   Phases involve in vulnerability management
10. Vulnerability assessment and its importance
11. Requirements for effective network vulnerability assessment
12. Internal and external vulnerability assessment
13. Steps for effective external vulnerability assessment
14. Phases involve in vulnerability assessment
15. Selection of appropriate vulnerability assessment tool
16. Best practices and precautions for deploying vulnerability assessment tool
17. Vulnerability reporting, mitigation, remediation, and verification

1.    Understanding data backup
2.    Identification of data to backup
3.    Appropriate backup medium for data backup
4.    RAID backup technology and its advantages
5.    RAID architecture
6.    RAID levels and their use
7.    Selection of appropriate RAID level
8.    Storage Area Network (SAN) backup technology and its advantages
9.    Best practices of using SAN
10.  Network Attached Storage (NAS) backup technology and its advantages
11.  Types of NAS implementation
12 . Understanding Incident Handling and Response (IH&R)
13.   Roles and responsibilities of Incident Response Team (IRT)
14.   Role of the first responder
15.   First response activities for network administrators
16.   Incident Handling and Response (IH&R) process
17.   Understanding forensic investigation
18.   People involved in forensics investigation
19.   Forensics investigation methodology