Paths

CySA+ (CompTIA Cybersecurity Analyst) CS0-001

Author: Dale Meredith

This series provides an overview of the knowledge and skills required to prevent, detect, and mitigate information/cyber security threats and vulnerabilities. This series can be... Read more

CompTIA Cybersecurity Analyst (CySA+) CS0-001

In this series, you’ll learn how to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats and risks to an organization. These courses will also help you prepare for the CompTIA Cybersecurity Analyst (CySA+) CS0-001 certification exam.

Enterprise Security: Policies, Practices, and Procedures

by Dale Meredith

Apr 20, 2017 / 2h 38m

2h 38m

Start Course
Description

Most companies are "reactive" instead of "proactive" when it comes to securing their networks, resources, and data. In this course, Enterprise Security: Policies, Practices, and Procedures, you will learn how to get ahead of the bad guys by looking at your infrastructure in a different manner. First, you will get a better understanding of the landscape and how fast it is changing. Next, you will delve into industry standards, frameworks, policies, and how these can affect your environment. Finally, you will learn about what tools to use and the need for penetration testing. By the end of this course, you will know how to keep up with the changes and continue to maintain a high level of security in your environment.

Table of contents
  1. Course Overview2m
  2. Security Data Analytics: What's Going On?35m
  3. Defense in Depth: This Is Where It Begins20m
  4. Defense in Depth: What Tools Can You Use?33m
  5. Defense in Depth: Drill, Test, Rinse, Repeat28m
  6. The Fundamentals of Frameworks, Policies, Controls, & Procedures37m

The Issues of Identity and Access Management (IAM)

by Dale Meredith

Jun 22, 2017 / 2h 55m

2h 55m

Start Course
Description

IT networks face increasing threats from both inside and outside your organization. Traditional perimeter defenses can miss insider threats, such as password leaks and fraud due to staff complacency, as well as external online threats such as zero-day attacks. To limit the presence of these threats, many IT departments are using identity and access management (IAM) solutions. In this course, The Issues of Identity and Access Management (IAM), you'll learn to look at IAM from the perspective of the issues that it can create for your organization. First, you'll dive into Oauth/OpenID and where the weaknesses are. Next, you'll explore SSO and federations. Finally, you'll learn how to setup a hacking environment using the AutoLab. When you're finished with this course, you'll be able to look at your IAM solution and see if you're protecting yourself, as well as your users.

Table of contents
  1. Course Overview2m
  2. It's All About Control23m
  3. Managing Your Secret Identity15m
  4. Other Authentication Methods26m
  5. Identity Repositories24m
  6. Building the Lab42m
  7. Let's Look at the Exploits39m

Secure Software Development

by Dale Meredith

Sep 12, 2017 / 3h 15m

3h 15m

Start Course
Description

Most companies have a well-oiled machine with the sole purpose to create, release, and maintain functional software. Still, the growing concerns and risks related with insecure software have brought increased attention to the need to mix security into the development process. In this course, Secure Software Development, you will gain an understanding of the Software Development Life Cycle (SDLC) and the security implications that can arise to ensure that the software your organization uses is well written and secure through its lifespan. First, you will learn about the different options when it comes to following a SDLC. Next, you will delve into the 5 phases that software runs through as it is being developed. Last, you will dive into how vulnerabilities creep into your environment in ways you may have not considered. By the end of this course, you will be able to apply a proper SDLC and ensure that additional attack vectors aren't created by mistake (or on purpose) to expose your resources and networks.

Table of contents
  1. Course Overview2m
  2. What’s the Software Development Life Cycle (SDLC)?19m
  3. Software Development Phases19m
  4. Software Development Models19m
  5. Software Vulnerabilities13m
  6. Coding Best Practices49m
  7. Code Reviews19m
  8. Security Testing in Action51m

Performing and Analyzing Network Reconnaissance

by Dale Meredith

Feb 28, 2017 / 7h 24m

7h 24m

Start Course
Description

You've been tasked as an "Incident Handler" and you are wondering where you start. Attackers typically start with doing a little "reconnaissance" of their target, so it only makes sense that you start there as well. In this course, Performing and Analyzing Network Reconnaissance, you will learn how to think like an attacker in order to stay a step ahead of one. First, you will learn about the two different steps of reconnaissance and scanning. Next, you will learn what to look for, how it's done, and what you can do to protect your infrastructures. Finally, you will learn about tools you can use that the attacker will use against you. By the end of this course, you'll know how to look at your infrastructure the same way attackers do, and understand the process to minimize those threats.

Table of contents
  1. Course Overview2m
  2. The Two Steps35m
  3. Initially What Do You Look For?44m
  4. The More You Look, the More You Find40m
  5. Other Reconnaissance Techniques38m
  6. Reconnaissance via Google Hacking40m
  7. Let's Not Forget PowerShell55m
  8. Overview of Scanning22m
  9. Understanding the 3-way Handshake21m
  10. Checking for 'Live' Systems and Their Open Ports32m
  11. Types of Scanning44m
  12. Banner Grabbing and OS Fingerprinting30m
  13. More Tools for the Utility-belt18m
  14. Threats from Wireless18m

Implementing and Performing Vulnerability Management

by Dale Meredith

Nov 20, 2017 / 3h 19m

3h 19m

Start Course
Description

Networks aren't what they us to be, they're more complex than ever. Systems today are so interconnected and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Vulnerability Management systems are designed to recognize, rank, and remediate these vulnerabilities before an attacker gets a hold of them and exploits them to destabilize the privacy, integrity, or availability of your digital assets. In this course, Implementing and Performing Vulnerability Management, you'll learn about everything around vulnerability management. First, you'll learn about implementing a supportive vulnerability management VM program. Next, you'll explore through scanning. Finally, you'll dive into remediation steps that will help make sure attackers can't take advantage of you. By the end of this course, you’ll have enough knowledge to not only pick the VMP that’s right for you, but also how to use such applications to better the security of your network. Plus, you'll have all the information about VMP’s to help you with your CSA+ exam.

Table of contents
  1. Course Overview2m
  2. What Do You Need to Start?56m
  3. Shaping and Implementing Your Vulnerability Scans25m
  4. The Scanners41m
  5. Analyzing Vulnerability Scans21m
  6. Remediation and Change Control13m
  7. Remediating Host Vulnerabilities9m
  8. Remediating Network Vulnerabilities14m
  9. Remediating Virtual Environments Vulnerabilities13m

Performing Incident Response and Handling

by Dale Meredith

Jan 24, 2018 / 5h 19m

5h 19m

Start Course
Description

It’s not a matter of “if”, but rather “when” an attack is going to happen. No matter what you know or do, the hard truth is there's no guaranteed way to stop an attacker from penetrating your organization. Once you’ve accepted that an attack will be unavoidable, your job now becomes "How do I respond to these situations?". This is where the role of an "Incident Responder" comes into play. What do you do when a system or device has been targeted? Well, that depends on the incident itself. In this course, Performing Incident Response and Handling, you'll start by making sure that you and your organization are prepared by learning about each of the security policies that you should have in place to clarify and focus everyone on the importance of keeping your resources secure. First, you'll learn about the actual process of detecting incidents and how to respond to them. Next, you'll explore the actual workflow steps that every security professional should follow to make sure you are consistent with all incidents that are currently affecting you as well as future ones. Finally, you'll dive into some of the more common incidents that take place in your networks by looking at how to handle and respond to issues like a DoS, a Session Hijack, or even Malicious Code. By the end of this course, you'll understand what is needed to help keep your network more secure by being more proactive and aware of what's happening in your environment.

Table of contents
  1. Course Overview3m
  2. Preparing for Incident Response and Handling49m
  3. Incident Response Processes 43m
  4. The Workflow of Incident Response40m
  5. Networks and Host Attacks 59m
  6. Service and Application Attacks 1h 10m
  7. Malicious Code and Insider Threats 53m

Preparing for and Executing Incident Recovery

by Dale Meredith

Mar 19, 2018 / 3h 24m

3h 24m

Start Course
Description

Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.

Table of contents
  1. Course Overview2m
  2. Your Objectives Here 42m
  3. What Should Be in Your “Jump-bag”?28m
  4. What About the Digital “Jump-bag”45m
  5. Understanding the Incident Recovery Process33m
  6. The Techniques of Recovery: Containment11m
  7. The Techniques of Recovery: Eradication13m
  8. The Techniques of Recovery: Validation and Corrective Actions11m
  9. That’s a Wrap14m

What you will learn

  • How to apply environmental reconnaissance techniques using the appropriate tools and processes
  • How to analyze the results of network reconnaissance
  • Given a network-based threat, how to implement or recommend the appropriate response and countermeasure
  • How to explain the purpose of practices used to secure a corporate environment
  • How to implement an information security vulnerability management process
  • How analyze the output resulting from a vulnerability scan
  • How to compare and contrast common vulnerabilities found within an organization
  • How to analyze threat data or behavior to determine the impact of an incident
  • How to prepare a toolkit and use appropriate forensics tools during an investigation
  • How to explain the importance of communication during the incident response process
  • How to analyze common symptoms to select the best course of action to support incident response
  • How to summarize the incident recovery and post-incident response process
  • How to explain the relationship between frameworks, common policies, controls, and procedures
  • How to use data to recommend remediation of security issues related to identity and access management
  • How to review security architecture and make recommendations to implement compensating controls
  • How to use application security best practices while participating in the software development life cycle
  • How to compare and contrast the general purpose and reasons for using various security tools and technologies

Pre-requisites

CompTIA recommends CySA+ candidates have a minimum of 3-4 years of hands-on information/cyber security or related experience. This path does not require any prior knowledge or experience.

Knowledge is power

A Professional or Enterprise Pluralsight account is required to access Kaplan®* practice exams. Sign in below or sign up for a free team trial.