This is the second of three courses in the Cybersecurity Certificate Program.
Cybersecurity Defense builds on the defensive skills and experience students gained in Immediate Immersion. The twelve-week course is designed to impart a strong foundation of defensive information security skills, preparing students for entry-level careers as security operations center analysts and digital forensics analysts. Students work through six online real-life tasks in a private cloud environment with help, advice and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.
This course includes the following tasks:
1. Analyze a remote intrusion attempt
A security operations center analyst has seen evidence of a password cracking attempt within a key network. Students analyze a packet capture file and event logs within a security information and event management system (the Splunk SIEM) to determine if any passwords were compromised and if the network was breached as a result.
2. Investigate an incident using a SIEM
Students analyze a possible “watering hole” attack in which clicking on a malicious link embedded in an otherwise legitimate website launches an exploit kit that infects a user’s machine with a “banking trojan.”
3. Compile indicators of compromise to guide forensic analysis
Students use a “hash” of a possible malware-containing file to conduct research using VirusTotal, online sandboxes, and open source intelligence sources to determine specific indicators of compromise to guide forensic analysis of memory and file system images of infected devices.
4. Examine a compromised host’s memory
Students perform a forensic examination of a memory image taken from a computer to identify sophisticated malware that infected the system.
5. Conduct a forensic disk examination
Students perform disk forensics on an infected system. By analyzing an image of the computer’s file system, the students are able to identify malware infections and to create a timeline for the attack.
6. Close your investigation
Students are asked to conclude their investigation by compiling a timeline for the attack and writing a comprehensive report for technical and non-technical stakeholders.
Students who aspire to professional careers in defensive cybersecurity.
Students will learn to:
- Analyze network traffic
- Analyze network and system logs using a security information and event monitoring system
- Cross-correlate log information and network packet traffic
- Use online sandboxes for static and dynamic analysis of malicious executable files to identify indicators of compromise
- Use threat intelligence
- Identify malware
- Perform memory forensics
- Perform disk forensics
- Compile a comprehensive timeline of a cyber attack
- Report appropriately to technical and non-technical stakeholders
by using the following tools:
Wireshark – network traffic analysis
Splunk – log analysis
VirusTotal – malware analysis
HybridAnalysis – malware analysis
Any.run – malware analysis
Volatility – memory forensics
Autopsy – disk forensics
Linux operating system
Successful completion of Immediate Immersion with a grade of 85% or better.
In order to advance to subsequent courses, students must accomplish designated performance objectives, demonstrate thorough understanding of software used throughout the course, submit high-quality written work and actively contribute to weekly student meetings.
Find additional information about available discounts.
In addition to the task-based curriculum, an implicit curriculum runs throughout the course via which students will learn and practice the cognitive skills essential for success in all areas of information security. These include:
- Understanding complex, novel problems
- Effectively researching solutions
- Designing and testing solutions
- Self-directed learning