12-Week Introduction to Cybersecurity
Our 12-week introduction to cybersecurity is designed to prepare attendees with the knowledge, skills and abilities to achieve CompTIA Security+ certification, and entry level employment in cybersecurity and computer systems administration.
Cybersecurity has developed into a broad category of science & engineering with specific technology & practices to protect computers, communication networks, and data from harm, theft, or exploitation. It is an applied science, where the practice is ahead of the theory.
Course Aims and Objectives
The course introduces students to the core tenets of cybersecurity, including:
- Confidentiality, integrity, and availability of systems, networks, and data
- Cryptography and its tactics
- Offensive capabilities across the cyber-kill-chain
- Psychology of malicious attackers and their methods
- Risk assessment and mitigation
- Systems dynamics and thinking
- Typical capabilities of computer systems and networking
- Defense-in-depth strategies.
By the end of the course, the student will have learned the following:
- The daily, operational meaning of “cybersecurity” for organizations
- Assessment of security situations, common vulnerabilities, and
consequences of cybersecurity failures
- A high-level overview of crucial cybersecurity models like the CIA triad,
NIST RMF, and ISO frameworks, all of which guide information assurance
- Essential computer-based tools and tactics used to identify, assess, and
mitigate cybersecurity threats, using examples on Linux-based or Windows- based hosts
Minimum Computer Requirements
Course Outline - Two-Day Cybersecurity Bootcamp
- What is cybersecurity?
- Who practices it?
- Why study cybersecurity
as a field?
- What is meant by the “security environment?”
- Common vernacular: risks, threats, vulnerabilities, and consequences?
- Learning the basics of computer hacking
- Being a Script Kiddy, Part 1
Suggested reading: Computer Security: Third Edition Chapter 1 and 2
- Introduction to the basics of (general) models
- CIA Triad
- Pakerian Hexad
- Introduce the basics of (general) frameworks
- NIST ISO COBIT
- Focusing on NIST and its basics Authentication, Authorization, Audit Role-based security
- What is the cybersecurity technical landscape?
- How are all communications and computer components interrelated?
- What is a risk, its threat vector(s), consequence?
- Let us see what these are using a computer.
Suggested reading: Computer Security: Third Edition Chapter 4 & 5
OS threats and tools
Networking threats and tools
Suggested reading: Computer Security: Third Edition Chapter 6 & 7
Network-based asset threats and tools
Suggested reading: Computer Security: Third Edition Chapter 8 & 9
Using NIST RMF basics for Windows and Linux, using CLI
Suggested reading: Computer Security: Third Edition Chapter 10 &11
Using NIST Framework basics for Windows and Linux, using CLI
- Review Identify, Protect, Detect, Respond, Recover
- Introduce tactics (tips & tricks)
- How to manage incidents (specifically on Windows, Linux, networking)
- Sys Internal Tools
- Authentication, Authorization, Audit
- Role-based security
- Public Key Encryption
- Database & Storage Security
- Impact of moving to the Cloud
- Start with value/asset inventory and classification
- Risk Assessment
- Policy development
- Risk Mediation
Suggested reading: Computer Security: Third Edition Chapter 14 & 15
Suggested reading; Computer Security: Third Edition Chapter 16 & 17
- CompTIA Security+ focus
- Learning outcomes