You will learn the skills required to be a successful Security Analyst. Learn how to detect, correct, and respond to security flaws and incidents. In addition, you will gain hands-on experience monitoring network traffic, analysing alert and log data, and adhering to incident handling procedures.
Course 1: Fundamentals of Defending Systems
Core Frameworks and Principles
- Explore the underlying goals of information security.
- Discover the Defense-in-Depth approach to security.
- Identify common network attack vectors.
- Examine numerous physical, logical and administrative controls.
- Evaluate controls necessary to secure a network, computer system or application.
- Interpret the security controls from an industry-recognized control framework.
Defensible Network Architecture
- Evaluate methods of deploying security controls using a layered security approach.
- Incorporate security techniques to enhance existing controls.
- Articulate security concepts to appropriate audiences and stakeholders.
Project: Planning for Security Controls
In this project, you will play the role of a security analyst on a sample company's infrastructure team.You will be given detailed sample technical schematics for how they manage their internal information systems and will be tasked with evaluating the company's business structure and needs, as well as assessing their security controls and making recommendations to improve their security programme.You will be asked to design a deployment plan for incorporating new controls and new technologies as the company evolves to meet security challenges. This will ensure the company's viability and long-term success.
Course 2: Analyzing Security Threats
Identifying Security Threats
- Explore cybersecurity landscape.
- Identify internal & external threats.
- Analyze the OWASP Top 10.
- Identify threat actors and TTPs.
- Explore mitigation strategies for internal threats.
- Dive into mitigation strategies for external threats.
- Develop mitigation plans for OWASP Top 10.
- Define threat modeling.
- Explore different threat models.
- Build a threat model.
Project: Insecure Juice Shop
Udajuicer is the world's largest juice shop, and you'll be assisting them in analysing their new online application. In this project, you will work to identify the threat actor and attack that is causing their website to go down. Following that, you will conduct a threat assessment, analysing their architecture and developing a threat model.You will then conduct a vulnerability analysis to identify OWASP vulnerabilities and exploit them yourself. Following that, you will conduct a risk analysis and develop a mitigation plan for all of the discovered threats and vulnerabilities.
Course 3: Assessing Vulnerabilities and Reducing Risk
- Identify common vulnerabilities.
- Examine the vulnerability lifecycle.
- Explore vulnerability databases and documentation methods.
- Appropriately scope and administer a vulnerability assessment engagement.
- Review and select the appropriate assessment tools and strategies
- Execute assessment activities.
- Analyze and interpret assessment results.
Determining Risk and Business Impact
- Analyze the probability of compromise given vulnerability data.
- Analyze the potential for impact of identified vulnerabilities.
- Evaluate the risk of vulnerabilities using industry frameworks.
Managing and Mitigating Risk
- Prioritize remediation/mitigation efforts.
- Communicate risk to stakeholders.
- Provide strategic guidance for leadership to effectively reduce risk.
Project: Juice Shop Vulnerabilities Report
In this project, you will conduct a vulnerability assessment, prioritise risks, and report findings to stakeholders and leadership. You will be given a web application that is purposefully flawed and vulnerable. As a security analyst, you will run any number of vulnerability detection utilities and scans of your choice against this web application to identify flaws.Following that, you will conduct a vulnerability assessment and a risk analysis. Finally, you will communicate your system vulnerability analysis to executive leadership by writing an executive report.
Course 4: Monitoring, Logging and Responding to Incidents
- Identify threats and alerts.
- Understand Intrusion Detection Systems (IDS).
- Create a custom Snort IDS rule.
- Analyze IDS alert data.
- Evaluate and categorize IDS alerts.
Monitoring and Logging
- Understand the key features of centralized logging.
- Describe the advantages of a SIEM platforms.
- Correlate network alerts and host log data.
- Capture live network traffic.
- Create Splunk dashboards and reports.
- Develop SIEM functionality using Splunk.
- Describe the phases of the incident handling process.
- Evaluate incident handling playbooks.
- Identify factors that contribute to incident severity.
- Recommend an effective incident remediation plan.
Project: Intrusion Detection and Response
You will be acting as a security analyst in this project, filling in for an analyst who is on vacation. You will be given a network diagram, incident handling playbooks, and network and host log data to examine. A security incident will be discovered during your network log analysis.You'll use Wireshark to delve deep into the data to determine the scope of the problem, then follow the appropriate incident handling playbook to resolve it. You'll create a Splunk dashboard and reports to help identify events of interest, as well as an Intrusion Detection System (IDS) rule to help alert on similar malicious network traffic.