Professional Training

It is the industry standard for validating that cybersecurity professionals can perform data analysis and interpret the results to identify vulnerabilities, threats, and risks to an organization. It validates will validate an IT professional’s ability to proactively defend and continuously improve security.

Curriculum

Domain 1—THREAT AND VULNERABILITY MANAGEMENT (22%)

• Intelligence sources
• Confidence levels
• Indicator management
• Threat classification
• Threat actors
• Intelligence cycle
• Commodity malware
• Information sharing and analysis communities.
• Attacks frameworks
• Threat research
• Threat modeling methodologies
• Threat intelligence sharing with supported functions.
• Vulnerability identification
• Validation
• Remediation/Mitigation
• Scanning parameters and criteria
• Inhibitors to remediation
• Web application scanner
• Infrastructure vulnerability scanner
• Software assessment tools and techniques
• Enumeration
• Wireless assessment tools
• Cloud infrastructure assessment tools
• Explain the threats and vulnerabilities associated with specialized technology (Mobile, IoT, Embedded, RTOS, SoC, FPGA, Vehicles and drones, etc)
• Threats and vulnerabilities associated with operating in the cloud.
• Attack types
• Vulnerabilities

Domain 2—SOFTWARE AND SYSTEMS SECURITY (18%)

• Apply security solutions for infrastructure management.

• Cloud vs on-premises
• Asset management
• Segmentation
• Network Architecture
• Change management.
• Virtualization
• Containerization
• Identity and access management
• Cloud access security broker
• Honeypot
• Monitoring and logging
• Encryption
• Certificate management
• Active defense

• Software assurance best practices

• Platforms
• Software development life cycle (SDLC) integration
• DevSecOps
• Software assessment methods
• Secure coding best practices
• Static analysis tools
• Dynamic analysis tools
• Formal methods for verification of critical software
• Service-oriented architecture

• Hardware root of trust
• eFuse
• Unified Extensible Firmware
• Interface (UEFI)
• Trusted foundry
• Secure processing
• Anti-tamper
• Self-encrypting drive
• Measured boot and attestation
• Bus encryption

Domain 3—SECURITY OPERATIONS AND MONITORING (25%)

• Heuristics
• Trend analysis
• Endpoint
• Network
• Lo review
• Impact analysis
• Security information and event management (SIEM) review
• Query writing
• E-mail analysis
• Permissions
• Whitelisting
• Blacklisting
• Firewall
• Intrusion prevention system (IPS) rules
• Data loss prevention (DLP)
• Endpoint detection and response (EDR)
• Network access control (NAC)
• Sinkholing
• Malware signature
• Sandboxing
• Port security
• Establishing a hypothesis
• Profiling threat actors and activities
• Threat hunting tactics
• Reducing the attack surface area
• Bundling critical assets
• Attacks vectors
• Integrated intelligence
• Improving detection capabilities
• Workflow orchestration
• Scripting
• Application programming interface (API) integration
• Automated malware signature creation
• Data Enrichment
• Threat feed combination
• Machine learning
• Use of automation protocols and standards
• Continuous integration
• Continuous deployment/delivery.

Domain 4—INCIDENT RESPONSE (22%)

• Communication plan
• Response coordination with relevant entities
• Factors contributing to data criticality.
• Preparation
• Detection and analysis
• Containment
• Eradication and Recovery
• Post-incident activities
• Network-related
• Host-related
• Application-related
• Network
• Endpoint
• Mobile
• Cloud
• Virtualization
• Legal hold
• Procedures
• Hashing
• Carving
• Data acquisition

Domain 5—COMPLIANCE AND ASSESSMENT (13%)

• Privacy vs security
• Non-technical controls
• Technical controls
• Business impact analysis
• Risk identification process
• Risk calculation
• Communication of risk factors
• Risk prioritization
• System assessment
• Documented compensation controls
• Training and exercise
• Supply chain assessment
• Framework
• Policies and procedures
• Control types
• Audit and assessment

Who should learn CySA+?

• Security Analyst
• Incident response or handler
• Threat hunter
• Threat Intelligence Analyst
• Application security analyst
• Compliance Analyst

What will I be able to do at the end of the training?

• Analyze and interpret data.
• Identify and address vulnerabilities.
• Suggest preventive measures.
• Effectively respond to and recover from incidents.