Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CourseHorse

CyberSec First Responder (Live Online)

via CourseHorse

Overview

This comprehensive course addresses network defense and incident response methods, tactics, and procedures aligned with industry-standard frameworks, including NIST 800-61 r.2 (Computer Security Incident Handling), US-CERT's NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive 41 on Cyber Incident Coordination. It is ideal for cybersecurity professionals responsible for monitoring and detecting security incidents, and for executing standardized responses to threats. The course introduces tools, tactics, and procedures for managing cybersecurity risks, identifying common threat types, evaluating organizational security posture, collecting and analyzing cybersecurity intelligence, and remediating and reporting incidents. This course provides a comprehensive methodology for protecting organizational cybersecurity infrastructure.

This program prepares students for the CertNexus CyberSec First Responder (CFR-310) certification examination. The knowledge and practical experience gained throughout this course will significantly contribute to your certification preparation and professional advancement.

Additionally, this course and subsequent CFR-310 certification fulfill all requirements for personnel requiring Department of Defense Directive 8570.01-M position certification baselines, including positions such as CSSP Analyst, CSSP Infrastructure Support, CSSP Incident Responder, and CSSP Auditor.

Course Objectives:

Through this course, you will develop the ability to understand, assess, and respond to security threats while operating network and system security analysis platforms effectively.

Upon Completion, You Will Be Able To:

  • Compare and classify various threats and threat profiles
  • Explain the purpose and application of attack tools and techniques
  • Explain the purpose and application of post-exploitation tools and tactics
  • Explain the purpose and application of social engineering tactics
  • Conduct ongoing threat landscape research and apply findings to prepare for incidents
  • Explain the purpose and characteristics of various data sources
  • Use appropriate tools to analyze log files and identify patterns
  • Apply regular expressions to parse log files and extract meaningful data
  • Use Windows-based tools to analyze and investigate security incidents
  • Use Linux-based tools to analyze and investigate security incidents
  • Summarize methods and tools used for malware analysis
  • Analyze common indicators of potential compromise in systems
  • Explain the best practices essential for incident response preparation
  • Execute incident response processes according to established protocols
  • Explain the importance of forensic analysis concepts and principles
  • Explain general mitigation methods and security devices

Target Student Profile:

This course is designed for cybersecurity practitioners preparing for or currently performing roles related to protecting information systems. It benefits professionals in federal contracting companies and private sector firms whose mission requires executing Defensive Cyber Operations (DCO) or Department of Defense Information Network (DODIN) operations and incident handling. The course develops the knowledge, abilities, and skills necessary for the defense of information systems, including protection, detection, analysis, investigation, and response processes. Additionally, this course ensures all IT team members, regardless of rank, size, or budget, understand their role in cyber defense, incident response, and incident handling.

Prerequisites:

To ensure your success in this course, you should have the following background:

  • At least two years of experience or education in computer network security technology or a related field (recommended)
  • The ability and curiosity to recognize information security vulnerabilities and threats within a risk management context
  • Foundational knowledge of common assurance safeguards in network environments, including firewalls, intrusion prevention systems, and VPNs
  • General knowledge of common assurance safeguards in computing environments, including basic authentication, authorization, resource permissions, and anti-malware mechanisms
  • Foundation-level skills with common operating systems and an entry-level understanding of network environment concepts, such as routing and switching
  • General or practical knowledge of major TCP/IP protocols, including TCP, IP, UDP, DNS, HTTP, ARP, ICMP, and DHCP

Comprehensive Course Outline

Lesson 1: Assessment of Information Security Risks

  • Understanding the importance of risk management principles
  • Assessing risks within your organization
  • Mitigating identified risks effectively
  • Integrating documentation into comprehensive risk management

Lesson 2: Analyzing the Threat Landscape

  • Classifying threats and understanding threat profiles
  • Conducting ongoing threat research and landscape analysis

Lesson 3: Computing and Network Environments: Analyzing Reconnaissance Threats

  • Implementing threat modeling approaches
  • Assessing the impact of reconnaissance activities
  • Assessing the impact of social engineering threats

Lesson 4: Analyzing Attacks on Computing and Network Environments

  • Assessing the impact of system hacking attacks
  • Assessing the impact of web-based attacks
  • Assessing the impact of malware
  • Assessing the impact of hijacking and impersonation attacks
  • Assessing the impact of denial of service incidents
  • Assessing mobile security threats
  • Assessing cloud security threats

Lesson 5: Examining Post-Attack Techniques

  • Examining command and control techniques
  • Examining persistence techniques
  • Examining lateral movement and pivoting techniques
  • Examining data exfiltration techniques
  • Examining anti-forensics techniques

Lesson 6: Manage Vulnerabilities in the Organization

  • Implementing a vulnerability management plan
  • Examining common vulnerabilities
  • Conducting vulnerability scans and assessments

Lesson 7: Evaluate Security by Implementing Penetration Testing

  • Conducting penetration tests on network assets
  • Following up on penetration testing results and remediation

Lesson 8: Collecting Cybersecurity Intelligence

  • Deploying security intelligence collection and analysis platforms
  • Collecting data from network-based intelligence sources
  • Collecting data from host-based intelligence sources

Lesson 9: Analyze Log Data

  • Using common tools to analyze logs effectively
  • Using SIEM tools for comprehensive analysis

Lesson 10: Performing Active Asset and Network Analysis

  • Analyzing incidents using Windows-based tools
  • Analyzing incidents using Linux-based tools
  • Analyzing malware and understanding its behavior
  • Analyzing indicators of compromise

Lesson 11: Response to Cybersecurity Incidents

  • Deploying incident handling and response architecture
  • Implementing containment and mitigation strategies
  • Preparing for a forensic investigation as a cybersecurity incident response team

Lesson 12: Investigating Cybersecurity Incidents

  • Using a forensic investigation plan
  • Securely collecting and analyzing electronic evidence
  • Following up on investigation results and documentation

Appendices

  • Mapping course content to CyberSec First Responder exam objectives
  • Regular expressions reference guide
  • Security resources and further learning materials
  • U.S. Department of Defense operational security practices

Taught by

ONLC Training Centers

Reviews

4.3 rating at CourseHorse based on 8 ratings

Start your review of CyberSec First Responder (Live Online)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.