Description: 

This is the second and final course in the AIT Cyber Academy certificate program.

Cybersecurity Defense builds on the defensive skills and experience students gained in Immediate Immersion. The eleven-week course is designed to impart a strong foundation of defensive information security skills, preparing students for entry-level careers as security operations center analysts and digital forensics analysts. Students work through eight online real-life tasks in a private cloud environment with help, advice and feedback from a knowledgeable mentor and extensive online learning resources. The tasks are embedded in the realistic, but fictional, context of work as an entry-level employee of a government cyber operations agency.

This course includes the following tasks:

1.    Analyze a remote intrusion attempt 
A security operations center analyst has seen evidence of a password cracking attempt within a key network. Students analyze a packet capture file and event logs within a security information and event management system (the Splunk SIEM) to determine if any passwords were compromised and if the network was breached as a result. 
 
2.    Investigate an incident using a SIEM

Students analyze a possible “watering hole” attack in which clicking on a malicious link embedded in an otherwise legitimate website launches an exploit kit that infects a user’s machine with a “banking trojan.” 
 
3.    Compile indicators of compromise to guide forensic analysis 

Students use a “hash” of a possible malware-containing file to conduct research using VirusTotal, online sandboxes, and open source intelligence sources to determine specific indicators of compromise to guide forensic analysis of memory and file system images of infected devices.
 
4.    Examine a compromised host’s memory 

Students perform a forensic examination of a memory image taken from a computer to identify sophisticated malware that infected the system.
 
5.    Conduct a forensic disk examination 
Students perform disk forensics on an infected system. By analyzing an image of the computer’s file system, the students are able to identify malware infections and to create a timeline for the attack.
 
6.    Close your investigation

Students are asked to conclude their investigation by compiling a timeline for the attack and writing a comprehensive report for technical and non-technical stakeholders. 

Who should enroll:

Students who aspire to professional careers in defensive cybersecurity.

Learning Outcomes: 

Students will learn to:

  • Analyze network traffic
  • Analyze network and system logs using a security information and event monitoring system
  • Cross-correlate log information and network packet traffic
  • Use online sandboxes for static and dynamic analysis of malicious executable files to identify indicators of compromise
  • Use threat intelligence
  • Identify malware
  • Perform memory forensics
  • Perform disk forensics
  • Compile a comprehensive timeline of a cyber attack
  • Report appropriately to technical and non-technical stakeholders

Prerequisites: 

Successful completion of Immediate Immersion.

In order to advance to subsequent courses, students must accomplish designated performance objectives, demonstrate thorough understanding of software used throughout the course, submit high-quality written work and actively contribute to weekly student meetings. 

In addition to the task-based curriculum, an implicit curriculum runs throughout the course via which students will learn and practice the cognitive skills essential for success in all areas of information security. These include:

  • Understanding complex, novel problems
  • Effectively researching solutions
  • Designing and testing solutions
  • Self-directed learning