ＨｉｄｅＺｅｒｏＯｎｅ

Vulnerability, patch, and configuration management are not new enterprise security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage security vulnerability capabilities effectively. The quantity of outstanding vulnerabilities for most enterprise organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new security vulnerabilities in their infrastructure and applications. When you add in the cloud, and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, enterprise security may seem unachievable. This vulnerability management training course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 21 Cyber42 tabletop lab exercises and 15 lab demos or exercises.

MGT516.1: Vulnerability Management Design and Planning
MGT516.2: Vulnerability Identification
MGT516.3: Vulnerability Analysis, Metrics, and Communication
MGT516.4: Driving Remediation and Automation
MGT516.5: Collaboration and Continuous Improvement

MGT516: Building and Leading Vulnerability Management Programs

Security leaders realize that cybersecurity is no longer just a technical issue but also a human one. Their greatest challenge now has become how to most effectively manage their human risk, as people are involved in over 80% of all breaches. Many organizations attempt to address this by running security awareness programs, but far too often most programs are compliance focused, nothing more than mandatory annual training. As a result, not only is their workforce highly insecure, but most of their workforce has a very negative perception of cybersecurity. This course enables organizations to effectively manage and measure their human risk by changing people’s behavior and building a strong security culture.

MGT433.1: Fundamentals and Identifying / Prioritizing Human Risk
MGT433.2: Identifying and Changing Behavior
MGT433.3: Security Culture and Measuring Change

MGT433: Managing Human Risk

ICS515: ICS Visibility, Detection, and Response will help you gain visibility and asset identification in your Industrial Control System (ICS)/Operational Technology (OT) networks, monitor for and detect cyber threats, deconstruct ICS cyber attacks to extract lessons learned, perform incident response, and take an intelligence-driven approach to executing a world-leading ICS cybersecurity program to ensure safe and reliable operations. Note: This class was previously named ICS515: ICS Active Defense and Incident Response. The course has gone through a significant update changing much of the content, most of the labs, and adding a day in course length.

ICS515.1: ICS Cyber Threat Intelligence
ICS515.2: Visibility and Asset Identification
ICS515.3: ICS Threat Detection
ICS515.4: Incident Response
ICS515.5: Threat and Environment Manipulation
ICS515.6: Capstone Day, Under Attack!

ICS515: ICS Visibility, Detection, and Response

ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

SEC503: Network Monitoring and Threat Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to confidently defend your network, whether traditional or cloud-based. You will learn about the underlying theory of TCP/IP and the most used application protocols so that you can intelligently examine network traffic to identify emerging threats, perform large-scale correlation for threat hunting, and reconstruct network attacks. 37 Hands-on Labs + Capstone Challenge

SEC503.1: Network Monitoring and Analysis: Part I
SEC503.2: Network Monitoring and Analysis: Part II
SEC503.3: Signature-Based Threat Detection and Response
SEC503.4: Building Zero-Day Threat Detection Systems
SEC503.5: Large-Scale Threat Detection, Forensics, and Analytics
SEC503.6: Advanced Network Monitoring and Threat Detection Capstone

SEC503: Network Monitoring and Threat Detection In-Depth