A student with prior networking knowledge learns the basics of a Cyber Security Analyst, providing a foundation for employment in a Security Operations Center. Skills are in accordance with the NICE Cybersecurity Workforce Framework (NICE 800-181 Rv 1).
Course:
Duration: 24 hrs; 4hrs per week for 6 weeks
DoD Cyber Workforce Framework Codes:
Work Role ID: 121 (NIST: AN-XA-001)
Work Role ID: 121 (NIST: AN-TD-001)
Work Role ID: 121 (NIST: AN-TD-002)
Work Role ID: 121 (NIST: OM-FO-001)
Work Role ID: 121 (NIST: OM-FO-002)
Work Role ID: 221 (NIST: IN-CI-001)
Computer Specifications
• Processor Speed: 1.90 GHz up to 3.80 GHz
• 8GB Ram
• 250GB Space
Tools
• Splunk
• Security Onion
• ELK (Elastic Logstash Kibana)
• Sysmon
• Yara
• Wireshark
• Misp
• Cape
• Reg Ripper
• Suricata
• Snort
• Putty
• Browser History Viewer
• Microsoft Office (Word, Outlook, Powerpoint, Excel)
• Notepad++
• Mcafee Epo
• Symantec Endpoint Protection
• Palo Alto
Intro Topics
Knowledge of most common ports/protocols
Knowledge of OSI & TCP/IP Models
Basic Topic
Recognizes the Incident Response Process
Recognizes the Cyber Kill Chain, MITRE ATT&CK Matrix, and Diamond Models ? Analyzes network information through various operating systems
Navigates through directories through various operating systems;
Investigates malicious activity utilizing Windows SysInternals
Identifies abnormal/malicious activities via Security Incident and Event Management systems (SIEMS) ? Recognizes the alert of an intrusion detection system
Identifies the most common cyber security attacks
Investigate Tactics, Techniques, and Procedures (TTPs) by various Advanced Persistent Threats (APTs) ? Identifies the top 10 malware of 2019/2020
Accesses systems via putty and remote desktop protocol
Intermediate Topics
• Identifies various Live-Off-The-Land Binaries
• Responds to various alerts via Security Incident and Event Management systems • Detects and responds to antivirus alerts triggered via McAfee ePO
• Identifies and detects malicious activities found in various log sources
• Builds various rules and queries to detect malicious activities
• Navigates and parses pertinent information from various log sources
• Utilizes various tools to obtain pertinent information
• Discovers network assets via NMAP
• Analyzes indicators of compromise using Open Source Intelligence Tools
• Identifies if network assets have vulnerabilities
• Defends network assets from malware attacks
Hands-on Exercises
• Access the labs via the go-by handouts
• Utilize university e-mail to ask content specific questions
• Remind to take survey
Instructors:
• Joy Huggins, Defender Academy & Hack Joyously
• Marcus Bowie, Defender Academy & MaxProd Technologies