Module 1: Cybersecurity Foundations

Security is embedded in all we do online and is a critical job skill and career field. This foundations course explains security fundamentals including core principles, critical security controls, and cybersecurity best practices. Students will also evaluate specific security techniques used to administer a system that meets industry standards and core controls, assess high-level risks, vulnerabilities, and attack vectors of a sample system, and explain ways to establish and maintain the security of different types of computer systems.

Lesson 1: Cybersecurity Fundamentals

  • Understand the relevant role of cybersecurity and why it is important.
  • Describe how business stakeholders play a role in cybersecurity.
  • Become familiar with cybersecurity tools, environments, and dependencies.

Lesson 2: What is Cybersecurity

  • Identify trends in cybersecurity events and protection techniques.
  • Describe the careers and skill qualifications of cybersecurity professionals.
  • Explain security fundamentals including core security principles, critical security controls, and best practices.

Lesson 3: Maintain Secure Infrastructure

  • Apply methods to enforce cybersecurity governance.
  • Identify common security regulations and frameworks.
  • Explain how current security laws, regulations, and standards are applied to cybersecurity and data privacy.
  • Recognize components of the NIST Cybersecurity Framework (CSF).
  • Recognize components of the Center for Internet Security Critical SecurityControls (CSC).

Lesson 4: Think Like a Hacker

  • Categorize assets, risks, threats, vulnerabilities, and exploits.
  • Identify different types of vulnerabilities in a system.
  • Identify the categories of a cyber threat.
  • Determine the phase of a cyber attack.
  • Recognize common exploits.


Lesson 5: Security Defenses

  • Explain how security defenses are layered throughout different systemarchitectures.
  • Explain components of identity and access control.
  • Identify common identity and access control protection techniques.
  • Determine patch levels for common systems/applications.
  • Describe the process and technique for applying patches and updates oncomputing devices.
  • Understand protection for email and other communication methods.


Lesson 6: Applying Cybersecurity

  • Identify organizational asset(s).
  • Analyze vulnerabilities and risks to those organizational assets.
  • Recommend and apply basic security controls.

Module 2: Defending and Securing Systems

In this module, students will be exposed to a diverse group of technologies that will provide or enhance the skills needed to enter the cybersecurity field. Students will apply best practices of Defense in Depth to secure computer systems, use outputs from security incidents to analyze and improve future network security, and search internal systems to determine network vulnerabilities. Trainees will also learn how to recommend mitigations to address common application vulnerabilities and ensure fundamental encryption techniques for securing data at rest and in transit.


Lesson 7: Defending Computer Systems & Security Principles

  • Explain the Defense in Depth approach to a layered security strategy.
  • Explain the NIST 800 framework for defending computer systems.
  • Determine if a system has implemented least privileged properly.
  • Suggest approaches to correct systems that have inappropriately implemented least privileged principles.


Lesson 8:System Security: Securing Networks

  • Differentiate between different types of firewalls.
  • Analyze the effectiveness of firewall rules and craft a basic rule.
  • Evaluate best practices for securing wireless networks.
  • Explain different types of IDS/IPS and craft a basic IDS signature.
  • Evaluate documentation to determine proper security settings in Windows.
  • Identify the impact of services, permissions, and updates on Windows Security.
  • Identify the impact of daemons, permissions, and patches on Linux Security.


Lesson 9: Monitoring & Logging for Detection of Malicious Activity

  • Interpret between different types of logs.
  • Define the basic parts of network traffic.
  • Interpret the output of a firewall and IDS report.
  • Explain the importance of a SIEM.
  • Explain the pros and cons of open source vs. commercial SIEM.


Lesson 410 Cryptography Basics (Applied Cryptography)

  • Define encryption.
  • Differentiate different types of encryption techniques.
  • Determine the appropriate encryption type for a given scenario.
  • Differentiate between data at rest and data in transit.
  • Differentiate different types of encryption techniques for data in transit.
  • Define and analyze file hashes.


Module 3: Threats, Vulnerabilities & Incident Response

Cybersecurity breaches happen when a threat is able to successfully exploit a vulnerability within a business. To avoid these attacks, security professionals must understand the threats the company is facing, including the various threat actors and their motivations. Security professionals must also be able to find vulnerabilities that can enable threats to attack through common practices such as vulnerability scanning and penetration testing. Finally, security professionals should be able to activate and follow incident response procedures to address cybersecurity incidents and breaches. Ultimately, during this course, trainees will learn how to identify security threats and gaps, fix issues, and respond to inevitable attacks.


Lesson 11: Assessing Threats

  • Explain the relationship between threats, threat actors, vulnerabilities, and exploits.
  • Utilize event context to identify potential threat actor motivations.
  • Identify security threats applicable to important organizational assets.
  • Use standard frameworks to assess threats, identify risks, and prioritize.


Lesson 12: Finding Security Vulnerabilities

  • Leverage the MITRE ATT&CK framework to understand attack methods.
  • Configure and launch scans to find vulnerabilities.
  • Explain the steps required to conduct a penetration test.


Lesson 13: Fixing Security Vulnerabilities

  • Conduct vulnerability research using industry resources like MITRE CVE framework.
  • Validate scan results through manual testing and application of business context.
  • Prioritize security gaps and recommend remediation strategies.


Lesson 14: Preparing for Inevitable Attacks

  • Explain the relationship between incident response, disaster recovery, and business continuity.
  • Distinguish events from incidents and recognize indicators of compromise.
  • Explain the incident response lifecycle.
  • Recognize the key incident response team roles and core components of an incident response plan.


Module 4: Governance, Risk & Compliance

Cybersecurity governance, risk, and compliance (GRC) have rapidly become a critical part of an effective cybersecurity strategy.

While it’s important to understand why, how, and where to apply cybersecurity controls, GRC connects cybersecurity controls to business objectives and serves as a safety net to ensure controls are applied efficiently and effectively. In this course, students will learn about the functions of governance, risk, and compliance and how each function operates alongside operational controls to strengthen an organization’s security. Trainees will also learn how to assess control effectiveness, measure security risk, and ensure that organizations are meeting security compliance objectives.


Lesson 15: Introduction to Governance, Risk & Compliance

  • Understand the historical underpinnings of cybersecurity GRC.
  • Explain the key functions of each of the Governance, Risk, and Compliance (GRC) roles.
  • Articulate the connection between GRC roles.
  • Demonstrate the importance of cybersecurity GRC in accomplishing cybersecurity objectives and business goals.


Lesson 16: Governance

  • Understand reliance on governance professionals to align business and security strategies.
  • Describe how governance professionals are expected to communicate with the organization.
  • Develop organizational security policies and procedures.
  • Understand common methods for providing employee security training.
  • Explain keys to assessing security controls against expected results.


Lesson 17: Risk

  • Explain how organizations measure cybersecurity risk.
  • Develop risk measurement documentation.
  • Remediate risk and report risk measurement and remediation activities to senior leadership.
  • Develop and interpret risk statements.
  • Understand the differences between value-based risk assessment and traditional risk assessment.


Lesson 18: Compliance

  • Describe sources of compliance.
  • Locate and assess relevant sources of compliance for your organization.
  • Interpret compliance obligations and develop control objectives.
  • Measure existing security controls against control objectives.


Lesson 19:  Audit Management

  • Understand audit and assessment goals.
  • Explain the role governance, risk, and compliance professionals have in ensuring audits achieve expected goals.
  • Learn how to facilitate and control audits.
  • Develop management responses and remediation plans for audits.



Module 5: Fundamentals of Defending Systems

In this module, learners will begin their exploration into the role of a security analyst. They will learn about the core principles and philosophies that drive work in the security field. Then, they will discover physical, logical, and administrative controls, their industry-recognized frameworks, and how to apply them to secure a network, system, or application. Lastly, trainees will apply security concepts to create defensible, resilient network architecture.

Lesson 20: Core Frameworks & Principles

  • Explore the underlying goals of information security.
  • Discover the defense-in-depth approach to security.
  • Identify common network attack vectors.


Lesson 21: Controls

  • Examine numerous physical, logical, and administrative controls.
  • Evaluate controls necessary to secure a network, computer system, or application.
  • Interpret the security controls from an industry-recognized control framework.


Lesson 22: Defensible Network Architecture

  • Evaluate methods of deploying security controls using a layered security approach.
  • Incorporate security techniques to enhance existing controls.
  • Articulate security concepts to appropriate audiences and stakeholders.


Module 6: Analyzing Security Threats

In this module, learners will start by exploring the current threat landscape and identifying both threats and threat actors that organizations face. They will learn about the OWASP Top 10 and that they pose a critical threat to organizations. Then, they’ll learn all of the ways to mitigate threats, including the OWASP Top 10. Lastly, they’ll learn what threat modeling is and build their own threat models.


Lesson 23: Identifying Security Threats

  • Explore the cybersecurity landscape.
  • Identify internal and external threats.
  • Analyze the OWASP Top 10.
  • Identify threat actors and TTPs.


Lesson 24 Mitigating Threats

  • Explore mitigation strategies for internal threats.
  • Dive into mitigation strategies for external threats.
  • Develop mitigation plans for OWASP Top 10.


Lesson 25: Threat Modeling

  • Define threat modeling.
  • Explore different threat models.
  • Build a threat model.


Module 7: Assessing Vulnerabilities & Reducing Risk

Learn how security analysts address system vulnerabilities in order to reduce organizational risk. First learn about vulnerabilities, their characteristics, and their dynamic lifecycle. Then explore the ways analysts assess vulnerabilities, including reviewing and administering scanning tools and utilities. Learn how to measure the risks associated with discovered. Lastly, review ways to communicate risk in order to plan remediation and mitigation activities.


Lesson 26: Understanding Vulnerabilities

  • Identify common vulnerabilities.
  • Examine the vulnerability lifecycle.
  • Explore vulnerability databases and documentation methods.


Lesson 27: Assessing Vulnerabilities

  • Appropriately scope and administer a vulnerability assessment engagement.
  • Review and select the appropriate assessment tools and strategies.
  • Execute assessment activities.
  • Analyze and interpret assessment results.


Lesson 28: Determining Risk & Business Impact

  • Analyze the probability of compromise given vulnerability data.
  • Analyze the potential for impact of identified vulnerabilities.
  • Evaluate the risk of vulnerabilities using industry frameworks.


Lesson 29: Managing & Mitigating Risk

  • Prioritize remediation/mitigation efforts.
  • Communicate risk to stakeholders.
  • Provide strategic guidance for leadership to effectively reduce risk.


Module 8: Monitoring, Logging & Responding to Incidents

In this course, trainees will discover the importance of incident detection and use the Snort Intrusion Detection System to automatically generate alerts based on suspicious network traffic. They will learn to analyze automated alerts for false positives and determine if they represent a real security threat. They will analyze network traffic using Wireshark and capture live traffic using tcpdump. They will also use Splunk to search and correlate security log data across multiple sources. Finally, they will follow incident handling procedures to respond and recover from security incident scenarios.


Lesson 30: Incident Detection

  • Identify threats and alerts.
  • Understand Intrusion Detection Systems (IDS).
  • Create a custom Snort IDS rule.
  • Analyze IDS alert data.
  • Evaluate and categorize IDS alerts.


Lesson 31: Monitoring & Logging

  • Understand the key features of centralized logging.
  • Describe the advantages of SIEM platforms.
  • Correlate network alerts and host log data.
  • Capture live network traffic.
  • Create Splunk dashboards and reports.
  • Develop SIEM functionality using Splunk.


Lesson 32: Monitoring & Logging

  • Understand the key features of centralized logging.
  • Describe the advantages of SIEM platforms.
  • Correlate network alerts and host log data.
  • Capture live network traffic.
  • Create Splunk dashboards and reports.
  • Develop SIEM functionality using Splunk.



Module 9: Security Engineering Fundamentals

This module introduces the fundamental concepts and practices of security engineering. These are the basic principles and properties a security engineer will apply when evaluating, prioritizing, and communicating security topics. Additionally, learn about the practical applications of cryptography. Lastly, learn about strategies for risk evaluation, security review, and audit.


Lesson 33: What is Security Engineering?

  • Understand common strategies used by offensive and defensive security teams.
  • Identify and explain the discrete functions of security roles.
  • Use resources in order to be up-to-date on security issues.
  • Explain the difference between governance, compliance, and privacy fields and how they relate to information security.


Lesson 34: Security Principles

  • Define each element in the CIA triad and understand why they’re important to information security.
  • Define each element in authentication, authorization, and non-repudiation and understand why they’re important to information security.
  • Explain OWASP and the application of security principles.
  • Explain the role of a security engineer when it comes to defining security requirements.
  • Explain the different pieces of security strategy, specifically policies and enforcement.


Lesson 35: Practical Cryptography

  • Understand how encryption in transit works and when to apply it.
  • Understand the conceptual and practical application of several common cryptographic techniques:
  • Encryption
  • Hashing
  • Signing
  • Authentication
  • Certificates and public key infrastructure


Lesson 36: Risk Evaluation

  • Explain vulnerabilities, asset valuation, and mitigation and how they relate to one another.
  • Define and understand the process for threat modeling.
  • Understand strategies for evaluating risk and assigning priority.


Lesson 37: Security Review & Audit

  • Explain the role of audit and how it relates to information security.
  • Understand infrastructure and control audits.
  • Understand design, code, and architecture security reviews and when to utilize them.
  • Know how to find and implement best practices and industry requirements.
  • Create reports based on findings from security reviews.


Module 10: System Security

In this module, learners will start by exploring the basics of system security and its implementation at the operating system level. Learn about implementing authentication and authorization as a means to protect access to data and services.

Additionally, learn about detecting unauthorized changes to a system and how to effectively counter them. By the end, learners will understand how to build logging, monitoring, and auditing tools that can alert them to system security breaches and how to effectively counter them in a real-world case.


Lesson 38: Identifying Vulnerabilities

  • Explore the operating system’s security model.
  • Understand CVEs and third-party advisory reports.
  • Detect vulnerabilities in software and third-party libraries.
  • Patch identified vulnerabilities.


Lesson 39: Authentication

  • Explore Unix password storage management and its security features.
  • Defend remote service authentication mechanisms and server hardening principles.
  • Implement encryption for data at rest and in motion.


Lesson 40: Authorization

  • Understand access controls and their implementation as a means for securing data.
  • Explore ways to detect unauthorized services and processes and how to remediate them.
  • Use networking features to prevent unauthorized access to the system or server.


Lesson 41: Isolation

  • Learn how to implement a chroot jail to enhance system security.
  • Understand mandatory access control and how it differs from discretionary access control.
  • Understand advanced attacks like buffer overflows.


Lesson 42: Auditing

  • Implement auditing controls on critical files and services.
  • Implement host-based intrusion detection.
  • Implement file integrity monitoring through osquery.
  • Detect the presence of malware through system scans.
  • Write YARA rules for advanced threat hunting.


Module 11: Infrastructure Security

In this module, learners will be introduced to the industry’s best practices for security configurations and controls. They will perform an assessment that includes security benchmarks, configurations, and controls. Learners will also scan the main infrastructure operating systems for vulnerabilities and produce a report based on an industry scenario. At the end of this module, they will be familiar with industry terminology and security best practices. They will also learn to perform vulnerability scans and produce industry-standard reports.


Lesson 43: Infrastructure Security Assessment

  • Identify the importance of asset management.
  • Recognize shadow IT and BYOD risks.
  • Identify the importance of system & third-party updates.
  • Perform software inventory.
  • Define a golden image.
  • Identify industry security frameworks.
  • Apply security framework to hardware and software assets.


Lesson 44: Access Management

  • Identify the importance of firewalls and access control lists.
  • Apply firewall, and ACL-applicable best practices.
  • Implement VLANs and network segmentation.
  • Identify web application vulnerabilities.
  • Use WAF to protect web applications.
  • Apply Microsoft networks domain isolation and IPSec policies.
  • Implement remote access management.
  • Identify IPv6 risks and vulnerabilities.
  • Protect access to the perimeter.


Lesson 45: Monitoring & Detection

  • Identify the importance of network monitoring.
  • Use Wireshark and tcpdump for packet analysis.
  • Implement best practices for Windows event logs.
  • Monitor activity with Windows Sysmon, Syslog, and Linux auditing.
  • Understand the importance of endpoint security and monitoring.
  • Identify and implement centralized logging best practices.
  • Assess the need for a SIEM.
  • Apply adversarial simulation.


Lesson 46: Identity Access Management

  • Apply the principle of least privilege.
  • Apply segregation of duties.
  • Identify suitable Access Control Models (RBAC, MAC).
  • Audit access and permissions.
  • Identify and apply best practices to service-to-service communication and encryption.
  • Implement enterprise key and certificate management.
  • Implement best practices in credential managers.
  • Audit password policy.
  • Implement multi-factor authentication.
  • Mitigate third-party risk.


Lesson 47: Top Security Failures

  • Utilize Nmap for the discovery of network hosts.
  • Implement Nmap best practices for vulnerability discovery.
  • Implement vulnerability management.
  • Utilize backup best practices.
  • Recommend and implement a disaster recovery plan.
  • Identify and recommend mitigations for:
  • Exposed services, unnecessary accounts, excessive permissions
  • Denial-of-services protocols
  • Unpatched services
  • Weaknesses in ciphers


Module 12: Application Security

In this module, learn the basics of secure web application. Learners will start with OWASP and the Top 10 list of vulnerabilities within web applications. Additionally, learners will dive into Static code scans using special software and manually testing web applications. By the end of this course learners will be able to work as a security expert that can help shape the security posture of the development team to help build more security web applications.


Lesson 48: Common Web Application Vulnerabilities

  • Learn about OWASP organization.
  • Learn the history behind OWASP Top 10 list.
  • Get an overview of each of the OWASP Top 10 items.
  • Learn best practices to mitigate each item in the OWASP Top 10.


Lesson 49: Web Penetration Testing

  • Learn how to do basic reconnaissance.
  • Simulate different attack vectors.
  • Learn how to brute force login a web application.
  • Go over hashes and how to use them.
  • Look at how to perform hash lookup.


Lesson 50: Discovery Methodologies

  • Learn about Static Application Security Test (SAST).
  • Perform SAST on test code.
  • Learn to read a SAST report.
  • Prioritize vulnerabilities using risk factor calculation.
  • Learn best practices for vulnerabilities.


Lesson 51: Vulnerability Response

  • Learn how to write a vulnerability report.
  • Go through how to write a walk through for vulnerabilities.
  • Set severity for vulnerabilities using Common Vulnerability Scoring System(CVSS) v3.1.


Lesson 52: Mitigation & Verification

  • Learn about Software Development Life Cycle (SDLC).
  • Learn how to modify the SDLC to incorporate security testing.
  • Work with both development and QA to improve security posture.



Module 12: Enterprise Perimeter and Network Security

This module is designed to take learners through the perspective of an enterprise and how they design a secure network architecture. The topics in this module will cover current enterprise perimeter and network security, network security architecture, building an enterprise network, continuous monitoring with a SIEM, and Zero Trust.

Lesson 53: Network Security Architecture

  • Identify weaknesses in network topologies.
  • Design the placement of security devices in an enterprise network.
  • Use the SABSA framework to align enterprise business and security needs.


Lesson 54: Building an Enterprise Network

  • Connect from public to a private network over a NAT gateway.
  • Partition of a virtual network into multiple segments.
  • Build a VPN solution to connect to an enterprise network.


Lesson 55: Continuous Monitoring with a SIEM

  • Deploy a SIEM.
  • Set up alerts and monitor traffic.
  • Build an incident response playbook.


Lesson 56: Zero Trust

  • Define the principles of Zero Trust.
  • Identify key components in Zero Trust architecture.
  • Design a Zero Trust model.


Module 13: Enterprise Endpoint Security

With data being a core driver of today’s growth and the number of devices increasing, businesses have seen a rise in the number of types of endpoints. These factors make enterprise endpoint security more difficult since there are more potential vulnerable channels of cyberattack, and they have been compounded by remote work and the growing number of connected devices (i.e. mobile phones, tablets, etc). Moreover, 89% of security leaders believe that mobile devices will serve as a digital ID to access enterprise services and data. This module covers best practices for safeguarding the data and workflows associated with the individual devices that connect to an enterprise network.


Lesson 56: System Hardening

  • Identify assets in an organization.
  • Recommend mitigation of discovered vulnerabilities.
  • Recommend a hardening strategy for commonly used operating systems.
  • Recommend a security configuration for IoT and control systems.


Lesson 57: Policies & Compliance

  • Define BYOD Strategy.
  • Create an NDA Policy.
  • Conduct a compliance self-assessment.
  • Create a remote work policy.


Lesson 58: Cloud Management

  • Recommend a public access configuration strategy.
  • Recommend a configuration for cloud broker.
  • Recommend a management solution for cloud deployments.


Module 14: Enterprise-Wide Application Security

Application security is a critical part of any enterprise security plan. Similar to the application security course in the security engineer Nanodegree program, we will be covering how to perform a threat assessment but will get more granular by doing threat modeling and looking at how to harden applications. This module will teach students mitigation and defensive strategies in an application software development lifecycle. The focus will be on covering how enterprises bake security into their lifecycle by shifting security left and the different ways they enhance their security posture across on prem, cloud, containers, and APIs.


Lesson 59: Designing Security Architecture

  • Identify all steps of enterprise DevSecOps.
  • Plan all stages of the SDLC lifecycle.
  • Design security architecture with specific constraints.


Lesson 60:Threat Hunting

  • Conduct threat modeling to identify architecture vulnerabilities.
  • Identify vulnerabilities and their risk levels.
  • Run industry-standard application vulnerability scanners with Nessus.
  • Create pen-testing roadmap to secure solutions.


Lesson 61: Container Vulnerabilities

  • Scan containers to identify vulnerabilities.
  • Research container vulnerabilities.
  • Create plans to mitigate container vulnerabilities.


Lesson 62: API Vulnerabilities

  • Identify coding vulnerabilities in APIs.
  • Mitigate coding vulnerabilities in APIs.
  • Apply metrics monitoring.


Module 15: Enterprise Data Security

Cyber threats continue to evolve and grow, and each day we are reminded that all it takes is one lucky strike for a malicious hacker to breach a company. On the other hand, cybersecurity professionals have to try and get it right every time to protect a company from breaches. This means that tackling cyber risk requires a very strategic approach and it starts with securing one of the greatest assets within the enterprise—data. 

To begin mastering data security, during this course we’ll start by exploring the concept of data governance so that learners can build the foundation for understanding, classifying, and protecting data. Trainees learn to navigate the variety of compliance regulations that apply to data security and create policies that prevent unauthorized disclosure of information.

In the bulk of the module, learners focus on protecting the confidentiality, integrity, and availability of data through concepts like encryption, auditing, file integrity monitoring, and backup strategy.


Lesson 63: Data Governance

  • Justify which compliance regulations apply to the data of your business or industry.
  • Build a data security policy to address compliance requirements.
  • Determine typical compliance requirements with standard regulations.
  • Distinguish appropriate regulations for each data type.
  • Analyze enterprise data in order to classify data types based on risk.
  • Design information rights management policies to prevent intellectual property theft and stop unauthorized file sharing and editing.
  • Analyze enterprise data in order to classify data types based on risk.


Lesson 64: Data Confidentiality

  • Apply the appropriate encryption system for enterprise data at rest and data in transit.
  • Demonstrate encryption of data.
  • Identify and distinguish methods for determining the right encryption solution for data at rest and data in transit.
  • Analyze and distinguish encryption types, applications, and fundamentals (cert authority, PKI, key management.


Lesson 65: Data Integrity

  • Implement data protection and auditing controls that ensure data integrity across the organization.
  • Map out a data storage architecture that supports data integrity and security.
  • Conduct an audit to confirm compliance with key security controls.
  • Distinguish major types of audit.
  • Execute hashing in order to confirm data integrity.
  • Apply the principles of identity and access management.


Lesson 66: Data Availability

  • Establish a backup and recovery solution for critical systems across the organization.
  • Create a disaster recovery plan.
  • Run a backup and restore test in the cloud.
  • Build a backup and recovery strategy.
  • Justify what data to back up.
  • Distinguish backup and recovery best practice methods.




Module 16: Security Architecture Planning & Design

This module introduces the fundamental security planning, design, and systems thinking concepts that are used throughout security architecture. As networks and applications grow more complex, the need to identify potential sources of weakness that are a product of that complexity becomes crucial. Trainees who complete this module will be equipped with the skills to identify and evaluate risks in systems, assess whether or not risks are acceptable, and work alongside stakeholders to prioritize remediation efforts.


Lesson 67: Introduction to Security Planning & Design

  • Categorize risks by severity based on impact and likelihood.
  • Identify risks in application architectures by considering the details of the system.
  • Create architecture diagrams using diagramming software.
  • Identify threats to a system by examining its exposure and value to attackers.


Lesson 68: Security & Regulatory Frameworks

  • Determine the applicability of security frameworks to their organization by considering the types of data managed by the organization.
  • Distinguish between different security frameworks and identify their commonalities and differences.
  • Distinguish between different regulatory frameworks and identify their commonalities and differences.


Lesson 69: Designing Secure Systems

  • Prioritize risk reduction by evaluating the severity of a risk and the cost to remediate it.
  • Design architectures that are highly usable by identifying key stakeholders and prioritizing their needs.
  • Assess security problems within trust models by applying risk minimization principles.
  • Balance business needs with security needs by conducting an analysis of security controls.


Module 17: Enterprise Identity & Access Control

Identity and access control management is essential to the security of any organization. This module introduces the fundamentals needed to create and implement access control within an organization. Specifically, this module teaches the best practices of managing access control within cloud environments such as AWS. Trainees who complete this course will be equipped with the skills to design, implement, and enforce access control using different access control models. In doing so, they will be prepared to implement access control that is maintainable and aligns with the principle of least privilege.


Lesson 70: IAM Access Control Models & AWS

  • Identify and justify the correct access control model given a scenario.
  • Define and employ RBAC and determine the use cases in which it should be employed.
  • Define and employ ABAC and evaluate the benefits of its use in given Scenarios.


Lesson 71: Building Access Control Matrix & Mapping Permissions

  • Identify access control components.
  • Translate access control components from requirements.
  • Create access control matrix from predefined requirements.


Lesson 72:Building Organizational Role Structure

  • Create IAM roles from subjects in access control matrix.
  • Create scoped IAM policies from permissions in access control matrix.
  • Create IAM restrictions from restrictions defined in access control matrix.


Lesson 73: Building Organizational Role & Access Visualization

  • Identify elements and resources to be visualized from the access control matrix.
  • Create visualization for IAM roles.
  • Create visualization for IAM policies.
  • Create visualization for each resource and permissions.


Lesson 74: Enforcing IAM Policy Configurations

  • Identify and employ use cases for AWS Config.
  • Evaluate IAM requirements from the access control matrix that must be


  • Create AWS Config rules for alerting on non-compliant IAM policies.


Module 18: Infrastructure & Network Security Architecture Planning & Design

This module covers infrastructure and network security concepts essential for designing and implementing secure infrastructure. Complex infrastructures can have multiple moving components connected over a network. A multi-layered security architecture is required to provide complete visibility of system and service behavior. This module covers aspects of architecting and building security alerting and monitoring services that are scalable throughout the enterprise.


Lesson 75: Infrastructure & Network Security Architecture Planning & Design

  • Understand framework types and implement them to security problems.
  • Build network boundaries and define access types for the infrastructure.
  • Map security services with network and infrastructure.
  • Identify, quantify and rectify cybersecurity risks associated with the business or infrastructure.


Lesson 76: Building Intelligence Driven, Defense-in-Depth Architecture

  • Implement Defense-in-Depth (DiD) on your infrastructure and network.
  • Secure an organization with a threat-driven approach.
  • Map the various stages of a cyber attack with the cyber kill chain model.


Lesson 77: Threat Surface Analysis & Building Scalable Detection Service

  • Use the STRIDE methodology to complete threat modeling.
  • Integrate security best practices into existing business and application processflow.
  • Plan and build scalable services that can detect certain types of threats for the business or application.
  • Integrate an alert pipeline for security teams to monitor for security incidents.


Lesson 78: Threat Triage & Detection Enrichment

  • Describe detection and response processes and frameworks.
  • Implement the MITRE ATT&CK framework to map our threat landscape against different attack scenarios.
  • Design playbooks to triage and remediate security incidents quickly and Efficiently.


Module 19: Incident Response & Business Continuity Architecture Planning, Design & Implementation

This module introduces the fundamental incident response planning, design, and architecture concepts that are used in the cloud. As cloud solutions grow more complex so must the related incident response capabilities. Trainees who complete this course will be equipped with the skills to plan, design, and execute a strong set of foundational cloud incident response capabilities.


Lesson 79: Incident Response & Business Continuity Architecture Planning Design & Implementation

  • Plan incident response roles, conduct asset inventories, and configure logging and monitoring.
  • Plan and implement artifact collection, containment and isolation, and automated response procedures in runbooks.
  • Plan, implement, and validate business continuity actions in runbooks.


Lesson 80: Incident Response Runbooks for Cloud Infrastructure

  • Identify and document incident response roles and responsibilities.
  • Document an asset inventory for incident response.
  • Configure logging and monitoring for cloud incident response.


Lesson 81: Incident Response Playbooks & Automation

  • Collect artifacts for incident response in a cloud environment.
  • Contain and isolate infected resources for incident response in a cloudenvironment.
  • Automate incident response scripts in a cloud environment.


Lesson 82: Business Continuity

  • Perform business continuity analysis
  • Automate business continuity actions.
  • Validate and document business continuity.