Overview

The Information and Cybersecurity course is a combination of industry knowledge, best practices, security controls, cyber threat management and technical hands-on training with a deep dive into day-to-day activities of a Cybersecurity professional. This training is delivered by a Senior Manager and Technical Cybersecurity Lead for a Big4 Technology consulting division. Given the feedback from most people, we have created a training that is best suited for people with interest in building a strong career as a Cybersecurity Analyst, Senior Cybersecurity professionals, Vulnerability Management Professional, Cybersecurity consulting associates, Application security professionals and Security compliance professionals.

The 12 weeks training includes 25 online classes, 100+ hours of curated learning, mentoring and various hand-ons sessions on teachnical implementation of security tools and technologies.

Prerequisite

Our Information and Cybersecurity training is open for anyone irrespective of your academic background or prior experience. All that is required is interest and efforts to commit the right energy and time to learning.

Instructor

The training is delivered by experts with knowledge and experience managing various teams and different proteges

Add-on

We run a certification cohort, where you can connect with other students that plans to write similar certifications as you. In this cohort, you get to gain and share knowledge, build confidence, and share exam tips with real people who have written the exam or willing to write the exam.

We recommend security certifications such as (Security+, CEH, CISM, CISSP, CCSK, ISO27001, CySA+, GIAC, CREST, OSCP, eJPT).

This course is delivered online in an interactive format with an online live facilitator and a coordinator. We have structured the class to accommodate for working class individuals and also students who also have other commitments.

The format for the class is listed below:

• Course are delivered online via our collaboration platform (Zoom, Goto Meeting, and Google Meet)
• two class per week with a time duration of 2 - 3 hours per day
• Recorded live sessions for individuals who are unable to attend the class.
• Weekly snippets to read ahead of next class to stimulate learning (I.e. available on your user dashboard on our SwiftProfile portal)
• Group learning and discussions topics through our learning channels

Week 1 - Introduction to Cyber Security & Risk Management

Day 1

Introduction to Cyber Security?

• What does cybersecurity mean and encompass?

• Security standards, regulations and frameworks

• Understand and Apply Concepts of Confidentiality, Integrity, and Availability (CIA)

• Accountability, Authentication

• Repudiation and Non-repudiation

• Privacy and Anonymity

• Defense in Depth

• Principle of Least privilege

• Overview of Asset/Asset Manager

• Zero Trust Model

• Separation of duties (SoD)

• Security Frameworks

  • OSINT

  • OWASP

  • Information Security Management

• Governance

  • Policies,

  • Procedures

  • Standards, 

  • Guidelines

  • Baselines

• Execution

  • Cyber Security Teams

    • Blue Team (Defense)

    • Red Team (Offensive)

    • GRC (Compliance / 3rd Wheel)

    • Consultant (Advisory)

  • Cyber security Controls Definition

Day 2

Demystifying Cyber Security Risk Management

• Over cybersecurity Risks

• Risk Assessment

  • Risk management concepts (e.g., impact assessments, threat modeling)

  • Risk management frameworks

  • Risk Identification

  • Computing Risk Assessment

  • Aligning Risk to Asset

• Risk Visibility & Reporting

• Risk Tolerance

• Cyber Risk Treatment Process

• Risk Management Best Practices

Understanding Cybersecurity Controls

• Technical controls (e.g., session timeout, password aging)

• Physical controls (e.g., mantraps, cameras, locks)

• Administrative controls (e.g., security policies, standards, procedures, baselines)

• Assessing compliance

• EU GDPR

• ISO 27001/2

• NIST-CSF

• SOC2

• PCI DSS

• CIS-CSC

• UK Cyber Essential Plus

• Periodic Security Audit review and Assessment

• Implementing security awareness and training

  • Social engineering / phishing

Overview of Functional Security Controls

• Deterrent controls

• Preventative controls

• Detective controls

• Corrective controls

• Compensating controls

Week 2 - Computer Networks & Network Security

Day 1

Overview of Computer Networks

• OSI Model

• Understanding TCP/IP Protocol

• IP Addressing

  • IPv4 & IPv6

• Subnetting IPv4

• Overview of Network Infrastructure Devices

  • Router

  • Switches

  • Access Points

  • Cables

  • Wifi Technology

  • Topologies

• Overview of Network Security

  • Network Address Translation

  • Demilitarized Zones

  • Virtual Local Area Network

  • Network Access Control

  • Bastion Host

Network Security Devices

• Firewall

• Load Balancer

• Router and Switch Security

• UTM Security Appliances

• Web Security Gateway & WAF

• Virtual Private Network (VPN)

• Proxies

• Intrusion Detection & Prevention Systems (IDS vs IPS)

• Spam Filters

Day 2

Monitoring and Diagnosing Networks

• Monitoring Networks 

  • Network Monitors

  • Network Packet Inspection

  • Network Analyzers 

• Understanding Hardening 

  • Endpoint Security, Detection and Response (EDR)

  • Extended Detection and Response (XDR)

  • Security Incident & Event Monitoring

  • Security Orchestration, Automation and Response (SOAR)

  • System Patching

  • Antivirus

• Securing the Network

• Security Posture 

  • Continuous Security Monitoring 

  • Setting a Remediation Policy 

• Reporting Security Issues 

  • Alarms 

  • Alerts 

  • Trends

• Differentiating between Detection Controls and Prevention Controls 

Tools to Assess Network Security Infrastructure

• Protocol Analyzer

• Network Scanner

• Vulnerability Scanner

• Password Scanner

A day in the life of a Security Operations Center (SOC) Engineer

• Feb’s Experience 

Week 3 Threats, Attacks & Vulnerability Management

Day 1

Cyber security Threats, Attacks and Malwares

• Signs of Compromise and Malware

  • Malwares, Virus, Worms

  • Understanding indicators of compromise

  • Malware types and attribute

• Cyber Security Attacks

  • Ransomware

  • Technical Attacks

  • Social Engineering

  • Wireless and Cryptographic Attacks

• Cyber Security Threats

  • Understanding Threats Attacks and Variant

  • Advanced Persistent Threats (APT)

• Understanding Vulnerability Scanning

  • Basic Concepts of Vulnerability Scanning

• Penetration Testing

  • Basic Concepts of Penetration Testing

  • Overview of Kali Linux

  • Overview of NMAP

  • Overview of Metasploit Framework

  • Penetration Testing Methodology

    • Internal Pentest

    • External Pentest

    • Pentest Steps

A day in the life of a Pentester

• Lulu's Experience 

Day 2

Vulnerability Management

• What is a Vulnerability

• Assessing your environment for vulnerability

• Scanning for Vulnerability

• Wireless Vulnerability to know

• Evaluating & Scoring Vulnerabilities

  • CVE - MITRE

  • CVSS

• Remediating Security Vulnerabilities

• Continuous monitoring of Asset for security vulnerabilities

• Zero-day vulnerability and Attacks

• Examples of past vulnerabilities and scenarios

  • Solorigate

  • Log4j

  • Ransomware HSE

Patch Management

• Overview of System Patching & Security Upgrades

• Testing Security Patches in UAT

• Microsoft Patch Tuesday

• Scanning to identify unpatched systems

Week 4 - Identity & Access Management, and Authentication

Day 1

Identity and Access Management

• What is Identity and Access Management

• Identification and Authorisation

• Understanding Authorisation

• Roles, Rules and Permissions

  • User Access Control

    • Mandatory AC

    • Discretionary AC

    • Role-Based AC

    • Rule-Based AC

• Access Control Best Practices

  • Principle of Least Privilege

  • Separation of Duties

  • Time of Day Restriction

  • User Access Reviews

  • Port Security

  • Joiners, Movers, Leavers

  • Privilege Access Review

  • Smart Cards and Biometric Access Control

  • Trusted Operating System

  • Access Control List

  • Flood Guard and Loop Protection

  • Physical Access control

  • Log Analysis

• IAM Tools

Day 2

Authentication

• Authentication

  • Single Factor

  • Multifactor

  • Authentication Service

    • LDAP

    • Kerberos

    • Single Sign-On Initiatives

  • Federated Access / Identity

Over of Change Management

• Change management (e.g., roles, responsibilities, processes)

• Security impact analysis

• Configuration management (CM)

Week 5 - Incident Response, Recovery, and Forensic Investigation

Day 1

Incident Management & Response

• Preparation

• Detection, analysis and escalation

• Containment

• Eradication

• Recovery

• Lessons learnt

Business Continuity and Disaster Recovery

• Business Continuity

• Disaster Recovery

• Emergency response plans and procedures (e.g., information system contingency, pandemic, natural disaster, crisis management)

• Interim or alternate processing strategies

• Restoration planning

• Backup and redundancy implementation

• Testing and drills

• Reinforcing Vendor Support

  • Service Level Agreement

  • Code Escrow Agreement

Day 2

Digital Forensics

• Digital Forensics Concept

  • Legal (e.g., civil, criminal, administrative) and ethical principles

  • Evidence handling (e.g., first responder, triage, chain of custody, preservation of scene)

• Conducting Digital Forensics

• Reporting of Analysis

• Digital Forensic Tools

Overview of Cyber Threat Intelligence Management

Week 6 - Basic Overview of Cloud Security

Basics of Cloud Security

• Deployment models (e.g., public, private, hybrid, community)

• Service models (e.g., Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS))

• Virtualization (e.g., hypervisor)

• Legal and regulatory concerns (e.g., privacy, surveillance, data ownership, jurisdiction, eDiscovery)

• Data storage, processing, and transmission (e.g., archiving, recovery, resilience)

• Third-party/outsourcing requirements (e.g., service-level agreement (SLA), data portability, data destruction, auditing)

• Shared responsibility model

• Cloud Security Issues

• Cloud Security Controls

Introduction to Cryptography

• Cryptography

• Symmetric Cryptography

• Asymmetric Cryptography

• Hash Functions

• Digital Signatures

• Public Key Infrastructure

• Cryptographic Attacks

Week 7 - Host, Data & Application Security

Day 1

Application security - Identify & Analyze Malicious Code

• OWASP Framework & Top 10

• Malware (e.g., rootkits, spyware, scareware, ransomware, trojans, virus, worms, trapdoors, backdoors, fileless)

• Malware countermeasures (e.g., scanners, anti-malware, code signing)

• Malicious activity (e.g., insider threat, data theft, distributed denial of service (DDoS), botnet, zero-day exploits, web-based attacks, advanced persistent threat (APT))

• Malicious activity countermeasures (e.g., user awareness, system hardening, patching, sandboxing, isolation, data loss prevention (DLP))

Understanding Data Privacy Security

• Data Security

• Data Privacy Practices

• Exploring EU GDPR 

Day 2

Endpoint Security

• Antivirus

• Operating System Hardening

• Host-based intrusion prevention system (HIPS)

• Host-based firewalls

• Application white listing

• Endpoint encryption (e.g., whole disk encryption)

• Trusted Platform Module (TPM)

• Secure browsing

• Endpoint Detection and Response (EDR)

Evaluating Security Frameworks & Compliance

• CIS - CSC

• NIST - CSF

Week 8 - Security Compliance, Governance & Risk

Day 1

Demystifying ISO 27001 / 2

• Building ISMS

• Preparing for ISO Audit

• ISO Readiness Assessment

• Building Controls for ISO 27001 Requirement

• Clauses 4 - 10

• Annex A Control Objectives

• Obtaining ISO Certification as an Organization

• Controls Maturity Assessment using CMMI 

Security Organization Control Reporting - (SOC 2 / 3)

• Five Trust Service Criteria

• SOC 2 Type 1 vs Type 2

• SOC 3 Report

• Readiness for SOC Reporting

Day 2

Overview of PCI - DSS

Performing a Cybersecurity Security Audit

A day in life of a Cyber Security and Compliance Professional 

• Sak’s Experience

Searching for Roles in Cyber Security

Next Steps in your Career

• Cloud Security

• BlockChain Security 

• DevSecOps

Our flexibility is not only reflected in our learning approach but also in our payments. To provide our clients with the best options, we have integrated convenience into our payments mode:

Option 1

• Full Payment

Option 2

• Half Payment (i.e. 50% at registration and 50% in the following month)

Option 3

• 3-time Part Payment (i.e. you will be able to split the payment into 3 halves being 50% at registration, 25% each in the subsequent after 4 and 2 weeks). Please note that the option 3 is only available for customers who have chosen packages worth more than £400 from our BRINT Services.

The key take away from this course is that “We will train you to understand your role as a Cybersecurity professional, what you would be doing on a daily basis if you are hired as a Cybersecurity professional, and how to perform security assessment of different entities. The candidate will be equipped with the right skill set to function properly within a Cybersecurity role as either a consultant, analyst, engineer, SOC analyst, or security compliance professional. At the end of the training you will be confident to discuss the activities of a cybersecurity during an interview, and also be able to put this activities in practice within your new role as a professional.

• Cybersecurity Consultant
• Cybersecurity Analyst
• SOC Analyst
• Cybersecurity controls implementer
• Vulnerability Management professional
• Cyber Threat Intelligence Analyst