FIND THE RIGHT FIT
WHO SHOULD ENROLL
Students who have successfully completed The Cyber Academy: Immediate Immersion course and who aspire to professional careers in defensive cyber security.
This course is designed to impart a strong foundation of defensive information security skills in 13 weeks of study at 25 hours per week, preparing students for entry-level careers as security operations center analysts and digital forensics analysts.
Students work through 6 online real-life tasks (spending 1-2 weeks per task) in a private cloud environment with help, advice, and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.
Beginner
13 Weeks at 25 Hours per Week
Included with Course Purchase
A Pre-Assessment is Required
No dates are scheduled at this time, please contact us to apply today!
Students who have successfully completed The Cyber Academy: Immediate Immersion course and who aspire to professional careers in defensive cyber security.
Students will learn to:
In addition to the task-based curriculum, an implicit curriculum runs throughout the course via which students will learn and practice the cognitive skills essential for success in all areas of information security. These include:
START DATE |
PACE |
CAMPUS |
STATUS |
AUGUST 7, 2023 |
Full-time |
Online |
Few spots left! |
AUGUST 7, 2023 |
Full-time |
Online |
Few spots left! |
AUGUST 7, 2023 |
Full-time |
Online |
Few spots left! |
AUGUST 7, 2023 |
Full-time |
Online |
Few spots left! |
You’re ready to commit to a full-time course load. You’ll graduate in 15 weeks working 8 hours a day, Monday to Friday.
If you don’t have eight free hours to dedicate a day, then our part-time course offering is for you.
We have teamed up with Meritize to offer our students a unique financing option. Meritize works with students, educators, and employers to help people succeed in skills-based careers. Want to learn more? Check out their FAQ page here, or give them a call at 833-MERIT-4-U. Ready to see if you qualify? Check your options.
The Cyber Academy: Defense builds on the defensive skills and experience students gained in Cyber Attack and Defense: Immediate Immersion 2020. The course is designed to impart a strong foundation of defensive information security skills in 13 weeks of study at 25 hours per week, preparing students for entry-level careers as security operations center analysts and digital forensics analysts.
Students work through 6 online real-life tasks (spending 1-2 weeks per task) in a private cloud environment with help, advice, and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.
If you cannot commit to enrolling into a program in its entirety, all of the courses from our programs, including The Cyber Academy: Defense, are available for purchase individually.
A security operations center analyst has seen evidence of a password cracking attempt within a key network. Students analyze a packet capture file (PCAP) and event logs within a security information and event management system (the Splunk SIEM) to determine if any passwords were compromised and if the network was breached as a result. The student must also identify which tools were used by the attacker and which steps should be taken to safeguard specific hosts in the network from similar cracking attempts in the future.
OBJECTIVE: Analyze suspicious network traffic in a PCAP using Wireshark.
OBJECTIVE: Analyze network and system logs using Splunk
OBJECTIVE: Cross-correlate events seen in a PCAP with events seen in logs
OBJECTIVE: Recognize a Hydra brute-forcing attack
OBJECTIVE: Determine if a brute-forcing attack has been successful
Tasks 2 through 6 are set in the context of a single complex cyber attack.
Students analyze a possible “watering hole” attack in which clicking on a malicious link embedded in an otherwise legitimate website launches an exploit kit that infects a user’s machine with a “banking trojan.” To accomplish this, they must analyze multiple logs within the Splunk SIEM.
OBECTIVE: Analyze network and system logs using Splunk
OBJECTIVE: Pivot among multiple logs using Splunk’s search facilities
OBJECTIVE: Identify possible indicators of compromise
OBJECTIVE: Determine if devices are likely to have been infected using indicators of compromise
OBJECTIVE: Tentatively identify the malware used and the intent of the attack
Students use a “hash” of a possible malware-containing file to conduct research using VirusTotal, online sandboxes, and open source intelligence sources to determine specific indicators of compromise to guide forensic analysis of memory and file system images of infected devices.
OBJECTIVE: Use VirusTotal to identify a malware sample
OBJECTIVE: Use advanced features of VirusTotal to learn detailed information about a malware sample
OBJECTIVE: Use the HybridAnalysis sandbox to perform static and dynamic analysis of a malware sample
OBJECTIVE: Use open source threat intelligence to learn more about specific malware
Students perform a forensic examination of a memory image taken from a computer to identify sophisticated malware that infected the system.
OBJECTIVE: Acquire a working knowledge of process structures in memory using Volatility
OBJECTIVE: “Know normal to find evil”
OBJECTIVE: Formulate plan for a memory forensics investigation
OBJECTIVE: Recognize malware “footprints” in a forensic memory image
OBJECTIVE: Locate a malicious binary in a forensic memory image
OBJECTIVE: Corroborate findings with other sources such as [Splunk] SIEM logs
OBJECTIVE: Identify malware actions such as privilege escalation and browser hooking
Students perform disk forensics on an infected system. By analyzing an image of the computer’s file system, the students are able to identify malware infections and to create a timeline for the attack.
OBJECTIVE: Analyze a forensic disk image and identify indicators of compromise using Autopsy.
OBJECTIVE: Generate a timeline of suspicious events in a forensic disk image.
OBJECTIVE: Determine how a device was infected and what malware variant was used
OBJECTIVE: Use VirusTotal to identify a malware sample
OBJECTIVE: Use advanced features of VirusTotal to learn detailed information about a malware sample
OBJECTIVE: Use the HybridAnalysis sandbox to perform static and dynamic analysis of a malware sample
OBJECTIVE: Use open source threat intelligence to learn more about specific malware
Students are asked to conclude their investigation by compiling a timeline for the attack and writing a comprehensive report for technical and non-technical stakeholders.
OBJECTIVE: Cross-correlate information from a range of sources
OBJECTIVE: Combine information from a range of sources into a comprehensive report
OBJECTIVE: Communicate a complex story effectively to technical and non-technical audiences.