Course structure
Governance, risk, and compliance (20%)
- Security program documentation: policies, procedures, standards, and guidelines.
- Program management: training (phishing, security, privacy), communication, reporting, and RACI matrix.
- Frameworks: COBIT, ITIL, etc.
- Configuration management: asset life cycle, CMDB, and inventory.
- GRC tools: mapping, automation, and compliance tracking.
- Data governance: production, development, testing, and QA.
- Risk management: impact analysis, risk assessment (quantitative vs. qualitative), third-party risk, confidentiality, integrity, and availability.
- Threat modeling: actor characteristics, attack patterns, and frameworks (ATT&CK, CAPEC, STRIDE).
- Attack surface: architecture reviews, data flows, and trust boundaries.
- Compliance strategies: industry-specific standards (PCI DSS, ISO/IEC 27000).
- Security frameworks: NIST, CSF, CSA, and others.
Security architecture (27%)
- Cloud capabilities: CASB (API-based, proxy-based), shadow IT detection, shared responsibility model, CI/CD pipeline, Terraform, Ansible, container security, orchestration, and serverless workloads.
- Cloud data security: data exposure, leakage, remanence, insecure storage, and encryption keys.
- Cloud control strategies: proactive, detective, and preventative controls; customer-to-cloud connectivity, service integration, and continuous authorization.
- Network architecture: segmentation, microsegmentation, VPN, always-on VPN, and API integration.
- Security boundaries: asset identification, management, attestation, data perimeters, and secure zones.
- Deperimeterization: SASE, SD-WAN, and software-defined networking.
- Zero trust concepts: defining subject-object relationships.
Security engineering (31%)
- Automation: scripting (PowerShell, Bash, Python), event triggers, IaC, cloud APIs, generative AI, containerization, patching, SOAR, and workflow automation.
- Vulnerability management: scanning, reporting, and SCAP (OVAL, XCCDF, CPE, CVE, CVSS).
- Advanced cryptography: PQC, key stretching, homomorphic encryption, forward secrecy, and hardware acceleration.
- Cryptographic use cases: data at rest, in transit, and in use; secure email, blockchain, privacy, compliance, and certificate-based authentication.
- Cryptographic techniques: tokenization, code signing, cryptographic erase, digital signatures, hashing, and symmetric/asymmetric cryptography.
Security operations (22%)
- Monitoring and data analysis: SIEM (event parsing, retention, false positives/negatives), aggregate analysis (correlation, prioritization, trends), and behavior baselines (network, systems, users).
- Vulnerabilities and attack surface: injection, XSS, insecure configurations, outdated software, and weak ciphers; mitigations include input validation, patching, encryption, and defense-in-depth.
- Threat hunting: internal intelligence (honeypots, UBA), external intelligence (OSINT, dark web, ISACs), TIPs, IoC sharing (STIX, TAXII), and rule-based languages (Sigma, YARA, Snort).
- Incident response: malware analysis (sandboxing, IoC extraction, code stylometry), reverse engineering, metadata analysis, data recovery, and root cause analysis.
