IT-Security Practitioner course
IT-Security Practitioner (ITSP) offers a unique combination of technical security skills, frameworks that govern IT security and key security management topics. You will immerse yourself in attack trends and mitigation techniques and practice technical skills in cybersecurity protection, detection, response and recovery. In addition, you will perform management and architecting activities, such as developing a cyber security framework, designing a security infrastructure, creating a role-based access model, and determining benchmarks for information classification.
ITSP benefits those that want to further specialize in the technical aspects of IT Security and lay the foundation to progress into a IT / Cyber Security Management role. If you are looking for an entry level cybersecurity training, you should take the IT Security Foundation course.
Arjen Verhiel
Trainer
Network & Infrastructure consultant
Jochen den Ouden
Trainer
Ethical Hacker
Cyber Security specialist
Dr. Rob van der Staaij
Trainer
IAM & IT-Infrastructure specialist
At a Glance
Advanced level
IT-Security Practitioner
Security administrators, analysts, architects, auditors or consultants, looking to transition to an IT security management role
Prepare for successful progression into an IT- security management role or lay the foundation for further specialization in the technical aspects of IT Security
Solid basis in System-, Application- and Network Security, Cryptography and Identity & Access Management
Hands-on practical labs
Demonstrate an in-depth understanding of switches, routers, gateways, firewalls and intrusion detection systems;
Identify security measures to counter the OWASP Top 10
Translate relevant legal, regulatory and standard requirements and industry-best practices to a company-wide cybersecurity framework
What’s included
- Official SECO-Institute course materials
- Training from passionate instructors with exceptional skills
- Access to the SECO lab environment
- Access to the SECO member portal
- Practice exam
- Exam voucher
- Membership to SECO’s Alumni Network after passing the exam
Syllabus
Day 1 – Introduction and Frameworks Governing IT Security
Topics:
• IT security concepts
• Security Requirements and Security design principles
• Threats, attacks and actors
• IT – security strategy principles
• Securing IT infrastructures
Exercises:
• Assets, Owners, Threats, Countermeasures
• Threats and the CIA triad
• Attack trees
• Protocols and devices
• Security zoning
• Threat Actors
• Nmap
Topics:
• Cybercrime & computer crime
• Responsible disclosure
• Working with law enforcement
• Intellectual property and IT Security
• Privacy and IT Security
• Sector-specific security requirements
• Standards and best practices (ISO, NIST, ENISA, CIS, OWASP)
Exercises:
• Develop a Secure Teleworking Policy
• Implement a Secure Teleworking Policy
• Describe technical requirements for allowing BYOD
Day 2 – Incident Management and Network Security
Topics:
• Incident handling
• Incident handling workflow
• Incident detection
• Incident registration
• Triage
• Incident resolution
Exercises:
• Incident Handling Workflow
• Metasploit
Topics:
• Network Architecture
• Network Segmentation
• Intrusion Detection Systems
• Firewalls and Intrusion Prevention Systems
• Hardening devices
• Unified Threat Management Systems
Exercises:
• Secure network architecture
• Intrusion detection using Snort
• Firewalls and Intrusion Prevention Systems
• Using Snort as an IPS
• Configuration and hardening
Day 3 – System, Mobile & IoT Security
Topics:
• System Security Planning
• Operating System Hardening
• Benchmark Security Testing
• Security Maintenance
• Linux and Windows system security
• Hardening Windows and Linux/Unix systems
Exercises:
• Benchmark Linux Debian
• Configurating & Hardening Devices
• Benchmark Windows
Mobile security
• Issues (OWASP)
• Attack vectors
• Targets
• Security controls
IoT security
• IoT Types
• Issues (OWASP)
• Attack vectors
• Targets
• Security controls
Day 4 – Application Security & Encryption
Topics:
• Software basics
• Making software more robust
• Software bugs
• Buffer overflows in depth
• Secure use of software
Exercises:
• Patch Management Policy
• Nessus
• John the Ripper
Topics:
• Confidentiality with Symmetric Encryption
• Message Authentication
• Public Key Encryption and Digital Signatures
• Applications Using Cryptography
• Hashing and how it is applied to safeguard integrity
• Encryption of data in store, or in transport
• Block ciphers and stream ciphers
• “state-of-the-art” algorithms and protocols
• Application of SSL/TLS
• Encryption best practices
Exercises:
• Public Key Encryption
• Public Key Encryption and Digital Signatures
• SSL/ TLS
Day 5 – Identity and Access Management & Ethical Hacking
Topics:
• Identity and access management
• User authentication methods and security issues
• Access control mechanisms
• User management
Exercises:
• Information classification model
• Attack tree for eavesdropping or replay attacks
• Design a Role-based Access Control model
• Open standards: OAuth and OpenID, SAML
Topics:
• Penetration testing practice
• Brute-force login
• Information disclosure vulnerabilities
• SQL injection
• Reading local system files
• Grabbing usernames and passwords from the database
• Gaining a php shell through SQL injections
• Creating a reverse shell to gain command-line access to the server
• Gaining root access to the server
Collect your badge of honor
Exam
- Language: English
- Delivered: Online via a certified proctor
- Questions: 10 multiple choice, 5 open questions and 1 case
- Time: 120 minutes