Professional Certificate in Cybersecurity

Get introduced to foundational concepts of cybersecurity by understanding the core principles and security frameworks. Learn fundamentals of Cryptographic methods and authentication mechanisms.

Topics Covered:

• CIA Triad
  
• Risk Management
  
• NIST Cybersecurity Framework 2.0
  
• IAAA
  
• Emerging Trends in Cybersecurity
• Careers in cybersecurity
  

This week, participants will learn cryptographic techniques, encryption/decryption, and hashing. They will examine the evolution of cryptographic algorithms. Also, participants will be introduced to digital signatures and certificates.

Topics Covered: 

• History and Evolution of Cryptography

• Encryption & Decryption

• Types of Cryptographic Algorithms

• Hashing

• Digital Signatures & Certificates

Sample Case Study: HSM in the payments industry

Sample Project: Create keys and certificates using OpenSSL

Sample Lab Activity: Cryptography using CyberChef

This week, various cyberattacks and threat actors will be introduced to the participants. By the end of the week, participants will be able to identify various types of malware, ransomware, cybercrime actors, and learn about physical attacks.

Topics Covered:

• Types of cyberattacks
• Organized Cyber Crime
  
• Ransomware - A global threat
• Nation-State sponsored adversaries
  
• Physical Attacks

Sample Case Study:  Colonial Pipeline Attack (2021)

Sample Project:  Ransomware threat research

This week delves deeper into specific attack vectors on various IT functions of an enterprise. Participants will explore attack methodologies using the MITRE ATT&CK framework, social engineering, cryptographic, and endpoint attacks. Participants will also be able to comprehend cyber attackers' usage of Gen-AI.

Topics Covered:

• MITRE ATT&CK framework

• Social Engineering Attacks

• Cryptographic Attacks

• Attacks on Endpoint

• Attacks on Data

• AI-powered Threats

Sample Case Study: Salt Typhoon attack on the US Telecom sector 2024

This week starts with the journey into the basics of computer networks and explores network security fundamentals and resilience strategies. By the end of this week, participants will be able to comprehend zero-trust network architecture and be able to implement secure network policies.

Topics Covered:

• Foundations of Computer Networks
• Network Redundancy and Resilience
• Secure Network Design
• Zero Trust Network Architecture
• Network Segmentation & Demilitarized Zones
• Network Security Policies and Compliance
• Network-based Attacks
  

Sample Case Study: The Largest DDoS Attack

Sample Project: Analyzing network diagrams

This week delves into the nuances of perimeter security, covering Firewalls, Intrusion Detection & Prevention Systems, and Virtual Private Networks. This week will allow the participants to explore advanced security configurations and network hardening techniques.

Topics Covered:

• Next Generation Firewalls

• IDS and IPS

• Virtual Private Network

• Sample Lab Activity: Configuring a firewall with iptables

This week focuses on infrastructure and network security monitoring techniques, where the participants will learn about continuous security monitoring with advanced threat detection. Participants will be able to delve deeper into monitoring systems such as SIEM and will be able to monitor the signs of ongoing cyber attacks within a network.

Topics Covered:

• Network Traffic Monitoring

• Network Configuration and Change Monitoring

• Vulnerability Management

• SIEM & EDR
  
  

Sample Case Study: Log4j zero-day vulnerability

This week will allow the participants to understand authentication mechanisms, identity lifecycle, and access control models. Upon completion of the week, participants will be able to plan authentication methodologies for various systems.

Topics Covered:

• Authentication Systems and Protocols

• Active Directory

• Identity Lifecycle Management 

• Sample Case Study: 23andMe Credential Stuffing

The final week of the module covers important security protocols such as WLAN, SSH, and IPSec. This week will expose the learners to such security protocols, which will enable them to cater to advanced network configuration and hardening techniques.

Topics Covered:

• WLAN Security

• IPSec & SSH

• DNS Security
  
  

Sample Case Study: GitHub SSH Key Leak Incident (2023)

Sample Project: Compare and contrast network security protocols

This week, the participants will be exposed to the foundational concepts of cloud computing. This week will allow learners to learn about cloud deployment strategies and comprehend security risks associated with cloud computing.

Topics Covered:

• Cloud Computing Definitions

• Cloud Deployment Models

• Cloud Migration Strategies

• Threats to Cloud Security

• Basics of Cloud Security Mechanisms

This week, the participants will discover secure cloud architecture principles and cloud-native security services. This week will allow learners to be able to apply methodologies to ensure a secure cloud architecture is implemented, along with strong identity and access management systems.

This week will focus on cloud security posture management and resilience strategies. Participants will explore government cloud security frameworks.

Topics Covered:

• Cloud Security Posture Monitoring

• Resilience in Cloud

• AWS GovCloud (US) and Azure Government Cloud
  
  

Sample Case Study: Microsoft Exchange Online Breach (2023)

Sample Lab Activity: Monitor virtual machine activity with AWS CloudTrail

The final week of the module will delve into data security concepts, covering data classification, encryption, and data protection in the cloud. Upon completion of this week, the participants will be able to develop the ability to select appropriate protection mechanisms for cloud data security.

Topics Covered:

• Data classification and securing specific storage types

• Data protection mechanisms on Cloud (Encryption, Masking, and Anonymization)

• Secret Management

• Confidential Computing (Protection for data in use)
  
  

Sample Case Study: Cognizant S3 Bucket Exposure (2023)

Sample Project: Using S3 buckets for secure storage of sensitive data

This week, the learners will be able to understand the penetration testing lifecycle, scope management, and reporting. Upon completion of this week, the participants will be able to comprehend the ethical hacking methodologies and understand the various processes involved.

Topics Covered:

• Need and Life Cycle of Penetration Testing

• Ethical Hacking Methodology

• NIST SP 800-115 and Penetration Testing

• Scope Management & Authorization Management

• Report generation and mapping

Sample Project: MITRE ATT&CK Matrix for Enterprise & DoD ZT capabilities

This week will help the participants learn about network scanning, host discovery, and vulnerability scanning techniques. These techniques will help to build strong core concepts of the initial steps of an ethical hacking lifecycle.

Topics Covered:

• Network Scanning and Host Discovery

• Vulnerability Scanning and Reporting

• Application Mapping

Sample Lab Activity: The Packet Sniffing and Spoofing Attack Lab

This week covers hands-on aspects of types of penetration techniques. Participants will learn about infrastructure penetration testing and web application penetration testing. This week also delves into wireless penetration testing practices.

Topics Covered:

• Infrastructure Penetration Techniques

• Web Application Penetration Testing

• Wi-Fi Penetration Testing

• Sample Lab Activity: SQL Injection (SQL) lab

The final week of this module will cover the final aspects of the ethical hacking lifecycle, which are exploiting vulnerabilities, maintaining persistence, and exfiltrating data. The participants will learn about lateral movement techniques and methods to cover tracks during penetration testing activities.

Topics Covered:

• Exploiting Vulnerabilities

• Post exploitation

• Persistent access

• Exfiltration & Impact

• Covering your tracks

Sample Lab Activity: Exploiting Eternal Blue Vulnerability

This week introduces the participants to the basic constructs of Machine learning and the foundational concepts of Artificial Intelligence. The participants will understand the application of these concepts in cybersecurity. Participants will also explore AI-based fraud detection and phishing prevention.

Topics Covered:

• Machine Learning Models and Artificial Intelligence

• Utilizing AI for Security

• Generative Adversarial Networks (GANs)

• Enhancing Vulnerability Management with AI

• Using AI for fraud prevention

• Detection of phishing emails with AI

Sample Case Study: DeepSeek AI Platform Attack

This week will focus on the AI frameworks relevant to the context of cybersecurity. Upon completion of this week, the participants will be able to identify AI-based risks in an enterprise and effectively apply necessary frameworks for risk treatment.

Topics Covered:

• MITRE ATLAS

• Global Regulatory Landscape for AI

• AWS AI features

• NIST AI Risk Management Framework (AI RMF)

This week covers ethical, privacy, and security concerns in AI-driven cybersecurity. This will allow the participants to measure the challenges associated with implementing AI-based security solutions and integrating AI with existing security solutions in an organization.

Topics Covered:

• Integrating AI with security controls

• Monitoring AI implementation

• Ethical concerns in using AI for cybersecurity

• Privacy concerns in using AI for cybersecurity

• Security concerns in LLMs

Sample Case Study: Purchasing a Chevrolet Tahoe for $1

This week, participants will be exposed to the concepts of software development and DevOps. By the end of the week, participants will be able to understand the basic source code controls and comprehend the most important security risks to web applications.

Topics Covered:

• Agile Software Development

• Introduction to DevOps

• Source Code Control

• OWASP Top 10

This week will introduce the participants to security-by-design principles and threat modeling. This week will help the participants to be able to understand the needs and security requirements in the software development process.

This week will cover the basic secure coding principles and will help the participants to gain practical knowledge in secure coding practices, namely Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).

Topics Covered:

• Static Application Security Testing (SAST)

• Dynamic Application Security Testing (DAST)

Sample Project: Dynamic Application Security Testing with NMap

The final week of the module combines concepts related to the operations and maintenance of applications. Participants will learn software patching, vulnerability management, and configuration security.