School of Cybersecurity – Wedigraf, Port Harcourt, Obio/Akpor, Rivers State

Cybersecurity Training and Certification

*Course Modules *

Course Outline

.

*Module A: Cybersecurity Fundamentals (Aligned with CompTIA Security+)*

.

• *Introduction to Cybersecurity*:
  • – Core concepts, principles, and the cybersecurity landscape
  • – History of cybersecurity
  • – Types of cyber threats and attacks
  • – Cybercrime and its impact
• *Risk Management and Assessment*:
  • – Identifying, evaluating, and prioritizing security risks
  • – Risk assessment methodologies
  • – Threat modeling and vulnerability analysis

*Security Governance, Risk, and Compliance (GRC)*:

• – Security and Privacy Governance, Risk Management and Compliance Program
• – Scope of the System
• – Selection and Approval of Framework, Security and Privacy Controls
• – Implementation of Security and Privacy Controls
• – Assessment/Audit of Security and Privacy Controls
• – System Compliance
• – Compliance Maintenance

– Frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework)

• • – Compliance requirements (e.g., GDPR, CCPA, HIPAA)
  • – Security policies and procedures

*Simulation Labs: Hands-on Experience*

• – Cyber Threat Landscape Simulation (Netsparker)
• – Risk Assessment and Management Simulation (RiskSense)

.

*Module B: Defensive Security (Aligned with CompTIA CySA+)*

.

• *Application Security*:
  • – Secure coding practices
  • – Vulnerability assessment and penetration testing
  • – Application hardening techniques
• *Network Security*:
  • – Network architecture and protocols
  • – Firewalls, intrusion prevention systems (IPS), and intrusion detection systems (IDS)
  • – Virtual private networks (VPNs) and network segmentation
• *Cloud Security*:
  • – Cloud security models (IaaS, PaaS, SaaS)
  • – Infrastructure as code (IaC) security
  • – Cloud data protection and encryption
• *DevSecOps*:
  • – Integrating security into the software development lifecycle
  • – Security testing and automation
• *Blockchain Security*:
  • – Understanding blockchain vulnerabilities
  • – Securing blockchain-based systems
• *Physical Security*:
  • – Protecting physical assets, data centers, and personnel
  • – Access control and surveillance systems

.

*Simulation Labs: Hands-on Experience*

• – Web Application Vulnerability Scanning (OWASP ZAP)
• – Network Penetration Testing (Kali Linux, Metasploit)
• – Cloud Security Architecture Design (AWS/Azure/GCP)
• – DevSecOps Pipeline Implementation (Jenkins, Docker)

.

*Module C: Offensive Security (Aligned with Offensive Security Certified Professional (OSCP))*

.

• *Malware Analysis*:
  • – Malware types and behavior
  • – Static and dynamic malware analysis
  • – Reverse engineering techniques
• *Penetration Testing*:
  • – Penetration testing methodologies
  • – Report Writing for Penetration Testers
  • – Information Gathering
  • – Vulnerability Scanning
  • – Client-Side Attacks
  • – Locating Public Exploits
  • – Fixing Exploits
  • – Network, application, and wireless penetration testing
  • – Web application exploitation
  • – Advanced Evasion Techniques and Breaching Defenses
• *Ethical Hacking*:
  • – Hacking tools and techniques
  • – Footprinting, scanning, enumeration, and vulnerability assessment
  • – Exploitation, post-exploitation, and reporting

*Simulation Labs:  Hands-on Experience:*

• – Malware Analysis Challenge (VirusTotal, IDA Pro)
• – Penetration Testing Exercises (Vulnerable Machines, TryHackMe, Nmap, Shodan, Nessus, OpenVAS)
• – Web Application Exploitation (Burp Suite)

.

*Module D: Incident Response and Digital Forensics (Aligned with GIAC Incident Handler (GCIH) and Certified Digital Forensics Examiner (CDFE))*

.

• *Incident Response*:
  • – Incident response planning and procedures
  • – Incident detection, containment, eradication, recovery, reporting and lessons learned
  • – Digital forensics and incident investigation
    • – Computer Forensic Incidents
    • – Investigative Theory and Process
    • – Digital Acquisition and Analysis Tools
    • – Live Acquisitions
    • – Windows, Linux, and Max Forensics
    • – Examination, Digital Evidence and Laboratory Protocols

 

• *Security Information and Event Management (SIEM)*:
  • – SIEM technologies and deployment
  • – Log management and analysis
  • – Threat detection and correlation

*Simulation Labs:  Hands-on Experience:*

• – Incident Response Simulation (CyberRange)
• – Digital Forensics Investigation (FTK Imager)
• – SIEM Configuration and Alerting (Splunk, Elastic Stack)

.

*Module E: Data Protection and Recovery (Aligned with Certified Information Systems Security Professional (CISSP))*

.

• *Cryptography*:
  • – Encryption algorithms and key management
  • – Public-key infrastructure (PKI)
  • – Cryptographic protocols
• *Identity and Access Management (IAM)*:
  • – Authentication, authorization, and access control
  • – Identity management systems
  • – Single sign-on (SSO) and multi-factor authentication (MFA)
• *Business Continuity and Disaster Recovery (BCDR)*:
  • – Business impact analysis (BIA)
  • – Disaster recovery planning and testing
  • – Data backup and recovery strategies

.

*Simulation Labs:  Hands-on Experience:*

• – Encryption and Key Management (OpenSSL)
• – Identity and Access Management Design (Okta, Azure AD)
• – Disaster Recovery Planning and Testing (DRaaS)

.

*Module F: Emerging Technologies and Advanced Topics (Aligned with Certified Information Systems Security Auditor (CISA))*

.

• *Operational Technology (OT) Security*:
  • – Securing industrial control systems and critical infrastructure
  • – SCADA and ICS security
• *Internet of Things (IoT) Security*:
  • – IoT device security and vulnerabilities
  • – IoT network security
• *Cloud Native Security*:
  • – Securing cloud-native applications and infrastructure
  • – Container security
• *Artificial Intelligence (AI) and Machine Learning (ML) in Cybersecurity*:
  • – Leveraging AI/ML for threat detection and response
  • – Ethical considerations of AI in cybersecurity

*Simulation Labs:  Hands-on Experience:*

• – IoT Device Security Assessment (IoT Pentesting Framework)
• – Cloud Native Application Security (Kubernetes Security)
• – AI-Powered Threat Hunting (Threat Intelligence Platforms 1

.

*Essential Cybersecurity Tools and Technologies*

The curriculum will incorporate hands-on training with the following essential cybersecurity tools and technologies:

• – *Network Security*: Wireshark, Nmap, Nessus, Metasploit, Kali Linux, Snort, IDS/IPS systems
• – *Application Security*: Burp Suite, OWASP ZAP, SQLMap, WebInspect, Fortify, Static and Dynamic Application Security Testing (SAST/DAST) tools
• – *Cloud Security*: AWS/Azure/GCP security tools, Cloud Security Posture Management (CSPM) tools, Cloud Workload Protection Platforms (CWPP)
• – *Incident Response and Digital Forensics*: EnCase, FTK Imager, Volatility, SIEM tools (Splunk, Elastic Stack, QRadar)
• – *Cryptography*: OpenSSL, GnuPG, cryptographic libraries
• – *Identity and Access Management*: Identity management platforms (Okta, Azure AD), SSO solutions
• – *Security Information and Event Management (SIEM)*: Splunk, Elastic Stack, QRadar
• – *Threat Intelligence*: Threat intelligence platforms (ThreatConnect, MISP)
• – *Vulnerability Management*: Nessus, OpenVAS, Qualys

 

.

*Certification Paths*

1. *CompTIA*

.

– CompTIA *Security+*

– CompTIA *Cybersecurity Analyst* (CySA+)

– CompTIA *PenTest+*

.

2.. *(ISC)²*

.

– *CC*: Certified in Cybersecurity

– *CISSP*: Certified Information Systems Security Professional

– *CSSLP*: Certified Secure Software Lifecycle Professional

– *SSCP*: Systems Security Certified Practitioner1   

– *HCISPP*: HealthCare Information Security and Privacy Practitioner

– *CCSP*: Certified Cloud Security Professional

– *CGRC* Certified in Governance, Risk and Compliance

– *CSSLP*: Certified Secure Software Lifecycle Professional

.

3. *EC-Council*

.

– *C|EH*: Certified Ethical Hacker 

– *C|CISO*: Certified Chief Information Security Officer

– *C|HFI*: Computer Hacking Forensic Investigator

– *C|ND*: Certified Network Defender

– *C|CIH*: Certified Incident Handler

– *C|PENT*: Certified Penetration Testing Professional 

– *C|CSE*: Certified Cloud Security Engineer

– *C|CT*: Certified Cybersecurity Technician

– *E|CES*: Certified Encryption Specialist

.

4. *GIAC*

.

– *GCIH*: GIAC Certified Incident Handler

– *GPEN*: GIAC Penetration Tester

– *GWAPT*: GIAC Web Application Penetration Tester

– *GCWN*: GIAC Certified Wireless Network Professional

– *GSEC*: GIAC Security Essentials

– *GCED*: GIAC Certified Enterprise Defender

– *GREM*: GIAC Reverse Engineering Malware

.

5. *ISACA*

.

– *CISA*: Certified Information Systems Auditor

– *CISM*: Certified Information Security Manager

– *CRISC*: Certified in Risk and Information Systems Control

– *CASE*: Certified Application Security Engineer

.

6. *Offensive Security*

.

– *OSCP*: Offensive Security Certified Professional

– *OSWE*: Offensive Security Wireless Professional

– *OSWP*: Offensive Security Web Penetration Tester

– *OSED*: Offensive Security Exploit Development

.

.

*Focus Areas and Industry Verticals*

– *Healthcare Cybersecurity*: HIPAA compliance, patient data protection, medical device security

.

– *Financial Services Cybersecurity*: PCI DSS compliance, fraud prevention, risk management

.

– *Government and Critical Infrastructure Cybersecurity*: Cybersecurity frameworks (NIST, NERC CIP), data classification, threat intelligence

.

– *Energy and Utilities Cybersecurity*: SCADA and ICS security, industrial control systems protection, critical infrastructure resilience

.

– *Retail Cybersecurity*: Payment card data protection, supply chain security, e-commerce security

.

– Manufacturing Cybersecurity: Industrial control system security, intellectual property protection, supply chain risk management

 

.

*Cybersecurity Frameworks and Standards*

The curriculum will incorporate training on key cybersecurity frameworks and standards, including:

• – NIST Cybersecurity Framework: Core, Identify, Protect, Detect, Respond, Recover
• – ISO/IEC 27001: Information Security Management System (ISMS)
• – PCI DSS: Payment Card Industry Data Security Standard
• – GDPR: General Data Protection Regulation
• – HIPAA: Health Insurance Portability and Accountability Act
• – COBIT: IT Governance and Management Framework
• – ITIL: IT Service Management Framework

.

*Job Placement*

This cybersecurity (Beginner to Advanced) training program is tailored to meet the unique needs of different organizations and prepare students for specialized cybersecurity roles. At The end of the training, students will be linked to different Cybersecurity Job roles depending on their proficiency.

.

*Cybersecurity Roles and Career Paths*

The program prepares students for a variety of cybersecurity roles, including:

.

*Entry-level:*

• – Security Analyst
• – IT Auditor
• – Digital Forensics Analyst
• – Security Operations Center (SOC) Analyst

.

*Intermediate:*

• – Cybersecurity Engineer
• – Penetration Tester
• – Vulnerability Researcher
• – Incident Responder
• – Cloud Security Engineer
• – Application Security Engineer

.

*Advanced*:

• – Chief Information Security Officer (CISO)
• – Security Architect
• – Cyber Threat Intelligence Analyst
• – Compliance Officer
• – Risk Manager
• – Cybersecurity Consultant