Course Title :

Cyber Analyst Skill Builder

giphy-14

Course Details:

A student with prior networking knowledge learns the basics of a Cyber Security Analyst, providing a  foundation for employment in a Security Operations Center. Skills are in accordance with the NICE  Cybersecurity Workforce Framework (NICE 800-181 Rv 1). 

Course: 

Duration: 24 hrs; 4hrs per week for 6 weeks 

DoD Cyber Workforce Framework Codes: 

Work Role ID: 121 (NIST: AN-XA-001) 

Work Role ID: 121 (NIST: AN-TD-001) 

Work Role ID: 121 (NIST: AN-TD-002) 

Work Role ID: 121 (NIST: OM-FO-001) 

Work Role ID: 121 (NIST: OM-FO-002) 

Work Role ID: 221 (NIST: IN-CI-001) 

Computer Specifications 

• Processor Speed: 1.90 GHz up to 3.80 GHz 

• 8GB Ram 

• 250GB Space 

Tools 

• Splunk 

• Security Onion 

• ELK (Elastic Logstash Kibana) 

• Sysmon 

• Yara 

• Wireshark 

• Misp 

• Cape 

• Reg Ripper 

• Suricata 

• Snort 

• Putty 

• Browser History Viewer 

• Microsoft Office (Word, Outlook, Powerpoint, Excel) 

• Notepad++ 

• Mcafee Epo 

• Symantec Endpoint Protection 

• Palo Alto 

Intro Topics 

Knowledge of most common ports/protocols 

Knowledge of OSI & TCP/IP Models 

Basic Topic 

Recognizes the Incident Response Process 

Recognizes the Cyber Kill Chain, MITRE ATT&CK Matrix, and Diamond Models ? Analyzes network information through various operating systems 

Navigates through directories through various operating systems;  

Investigates malicious activity utilizing Windows SysInternals 

Identifies abnormal/malicious activities via Security Incident and Event Management systems (SIEMS) ? Recognizes the alert of an intrusion detection system 

Identifies the most common cyber security attacks 

Investigate Tactics, Techniques, and Procedures (TTPs) by various Advanced Persistent Threats (APTs) ? Identifies the top 10 malware of 2019/2020 

Accesses systems via putty and remote desktop protocol 

Intermediate Topics 

• Identifies various Live-Off-The-Land Binaries 

• Responds to various alerts via Security Incident and Event Management systems • Detects and responds to antivirus alerts triggered via McAfee ePO 

• Identifies and detects malicious activities found in various log sources 

• Builds various rules and queries to detect malicious activities 

• Navigates and parses pertinent information from various log sources 

• Utilizes various tools to obtain pertinent information 

• Discovers network assets via NMAP 

• Analyzes indicators of compromise using Open Source Intelligence Tools 

• Identifies if network assets have vulnerabilities  

• Defends network assets from malware attacks 

Hands-on Exercises 

• Access the labs via the go-by handouts 

• Utilize university e-mail to ask content specific questions 

• Remind to take survey 

Instructors: 

• Joy Huggins, Defender Academy & Hack Joyously 

• Marcus Bowie, Defender Academy & MaxProd Technologies