CySA+ Self-Paced Training

Course Outline 

Module 1: Security Operations

The importance of system and network architecture concepts in security operations

• Log ingestions
• Operating system (OS) concepts
• Infrastructure concepts
• Network architecture
• Identity and access management
• Encryption
• Sensitive data protection

Analyze indicators of potentially malicious activity

• Network activity
• Host-related
• Application-related
• Social engineering and obfuscated links

Module 2: Threat Hunting Concepts and Tools

Use appropriate tools or techniques to determine malicious activity

• Tools
• Common techniques
• Programming languages/scripting

Threat-intelligence and threat-hunting concepts

• Threat actors
• Tactics, techniques, and procedures (TTP)
• Confidence levels
• Collection methods and sources
• Threat hunting

Module 3: Process Improvement and Vulnerability Methods

The importance of efficiency and process improvement in security operations

• Standardize processes  
• Streamline operations
• Technology and tool integration  
• Single pane of glass

Implement vulnerability scanning methods and concepts  

• Asset discovery
• Special considerations
• Internal vs. external scanning
• Credentialed vs. non-credentialed  
• Passive vs. active
• Static vs. dynamic
• Critical infrastructure
• Security baseline scanning  
• Industry frameworks

Module 4: Data and Vulnerability Prioritization

Analyze output from vulnerability assessment tools

• Network scanning and mapping
• Web application scanners
• Vulnerability scanners
• Debuggers
• Multipurpose
• Cloud infrastructure assessment tools

Analyze data to prioritize vulnerabilities

• Common Vulnerability Scoring System (CVSS) interpretation
• Validation
• Context awareness
• Exploitability/weaponization
• Asset value
• Zero-day

Module 5: Mitigation Techniques

Recommend controls to mitigate attacks and software vulnerabilities

• Cross-site scripting
• Overflow vulnerabilities
• Data poisoning
• Broken access control
• Cryptographic failures
• Injection flaws
• Cross-site request forgery
• Directory traversal
• Insecure design
• Security misconfiguration
• End-of-life or outdated components
• Identification and authentication failures
• Server-side request forgery
• Remote code execution
• Privilege escalation
• Local file inclusion (LFI)/remote file inclusion (RFI)

Module 6: Patching and Securing Data

Concepts related to vulnerability response, handling, and management

• Compensating control
• Control types
• Patching and configuration management
• Patching and configuration managements
• Exceptions
• Risk management principles
• Policies, governance, and service level objectives (SLOs)
• Prioritization and escalation
• Attack surface management
• Secure coding best practices
• Secure software development life cycle (SDLC)
• Threat modeling

Module 7: Attacks Methods and Responses  

Attack methodology frameworks

• Cyber kill chains
• Diamond Model of Intrusion Analysis
• MITRE ATT&CK
• Open Source Security Testing Methodology Manual (OSS TMM)
• OWASP Testing Guide

Perform incident response activities

• Detection and analysis
• Containment, eradication, and recovery

Preparation and post-incident activity phases of the incident management life cycle

• Preparation
• Post-incident activity

Module 8 Reporting

The importance of vulnerability management reporting

• Vulnerability management reporting
• Compliance reports
• Action plans
• Metrics and key performance indicators (KPIs)
• Stakeholder identification and communication

Module 9 Communication

The importance of communication

• Stakeholder identification and communication
• Incident declaration and escalation
• Incident response reporting
• Communications
• Root cause analysis
• Lessons learned
• Metrics and KPIs

Course Summary

Videos: 23

Labs: 12

Text Lessons: 45

Quizzes: 9

Practice Exams: 2

Total Time: Approx. 31 hours