Cybersecurity Operations Fundamentals

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you explore data type categories in context to network security analytics. By the end of the course, you will be able to: • Explain the data that is available to the network security analysis •Describe the various types of data used in monitoring network security • Describe the deployment and use of SIEMs to collect, sort, process, prioritize, store, and report alarms • Describe the functions of SOAR platforms and features of Cisco SecureX •Describe the Security Onion Open Source security monitoring tool • Explain how packet capture data is stored in the PCAP format and the storage requirements for full packet capture. • Describe packet capture usage and benefits for investigating security incidents • Describe packet captures using tools such as Tcpdump • Describe session data content and provide an example of session data •Describe transaction data content and provide an example of transaction data z • Describe alert data content and provide an example of alert data •Describe other types of NSM data (extracted content, statistical data, and metadata) •Explain the need to correlate NSM data and provide an example •Describe the Information Security CIA triad • Understand PII as it relates to information security • Describe compliance regulations and their effects on an organization • Describe intellectual property and the importance of protecting it • Use various tool capabilities of the Security Onion Linux distribution To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

Designed for aspiring associate-level cybersecurity analysts, this course provides a comprehensive introduction to network security from both a defensive and offensive perspective. First, you will build a strong foundation by learning the essential components of a secure network infrastructure. You will explore core technologies like NAT, ACLs, and AAA, and understand the role of critical security devices such as Web Application Firewalls and network-based malware protection. Then, you will learn to think like an attacker. We will dive deep into the TCP/IP protocol suite to uncover its inherent vulnerabilities and demonstrate how they are exploited in common attacks like Man-in-the-Middle, spoofing, and Denial-of-Service. By the end of this course, you will be equipped with a holistic understanding of network architecture and the threats it faces, preparing you to effectively monitor, analyze, and defend networks in a Security Operations Center (SOC). Requirements (This section remains the same and applies to the overall course)- To be successful in this course, you should have: - Skills and knowledge equivalent to the CCNA v1.0 course. - Familiarity with Ethernet and TCP/IP networking. - Working knowledge of Windows and Linux operating systems. - Familiarity with basic networking security concepts.

The three most used endpoint operating systems are Windows, Linux, and Mac. When investigating security incidents, security analysts often encounter these operating systems running on servers or user end hosts. If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand basic Windows operations principles. By the end of the course, you will be able to: •By the end of the course, you will be able to: • Describe the history of the Windows operating system and vulnerabilities. • Describe the Windows OS architecture and components. • Describe Windows processes, threads, and handles. • Describe virtual memory allocation in the Windows OS.• Describe Windows services and how they are used. • Describe the functionality of Windows NTFS. • Describe the Windows NTFS structure. • Describe Windows domains and local user accounts. • Describe the Windows graphical user interface and its use. • Describe how to perform tasks in Windows which may require administrator privileges.• Describe the Windows command line interface use and features. • Describe the features of the Windows PowerShell. • Describe how the net command is used for Windows administration and maintenance. •Describe how to control Windows startup services and execute a system shutdown. • Describe how to control Windows services and processes that are operating on a host. • Describe how to monitor Windows system resources with the use of Windows Task Manager. • Describe the Windows boot process, starting services, and registry entries. • Describe how to configure Windows networking properties. •Use the netstat command to view running networking functions. •Access Windows network resources and perform remote functions. •Describe the use of the Windows registry. •Describe how the Windows Event Viewer is used to browse and manage event logs. • Use the Windows Management Instrumentation to manage data and operations on Windows-based operating systems.• Understand common Windows server functions and features. • Describe commonly used third-party tools to manage to manage Windows operating systems. • Explore the Windows operating system and services. The knowledge and skills that students are expected to have before attending this course are: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.