Aspire Journeys

541 Vulnerability Assessment Analyst Advanced KSAT Journey

23 Courses | 24h 32m 46s

(1)

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-indepth architecture against known vulnerabilities.

541 Vulnerability Assessment Analyst

23 Courses | 24h 32m 46s

COURSES INCLUDED

CISSP 2024: Investigations & Policies

Cybercrime investigation is a critical practice in a modern security landscape. In this field, skilled security professionals from agencies like the FBI use digital forensics to track, analyze, and dismantle various types of cybercrime and cyber threats. This course covers several CISSP exam objectives. You will begin by exploring the requirements for administrative, criminal, civil, regulatory, and industry investigations. You will then learn to develop, document, and implement security policy, standards, procedures, and guidelines. Finally, you will discover considerations for the enforcement of personnel security policies and procedures. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

7 videos | 32m Assessment Badge

CISA 2022: IT Management Frameworks, Regulations, & Standards

IT management frameworks provide a structured approach to managing and auditing IT assets. Regulations and standards are put in place to ensure that organizations have guidelines to follow for how they deal with information systems. In this course, you will explore IT management frameworks, regulations, and standards, beginning with an overview of IT and data governance, and standards, policies, and procedures. Then you will learn about Control Objectives for Information and Related Technologies (COBIT), IT Infrastructure Library (ITIL), and International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards. Next, you will discover risk management and risk treatment. Finally, you will dig into IT maturity models, the Business Model for Information Security (BMIS), the Information Technology Assurance Framework (ITAF), and IT balanced scorecards. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

16 videos | 1h 28m Assessment Badge

CISSP 2024: Risk Management Concepts

Security risk management involves the continual process of identifying security risks and implementing strategy and tactics to mitigate them. It is a vital component of any organization's strategy to protect its assets, ensure regulatory compliance, maintain operational continuity, and safeguard its reputation. Begin this course by exploring threat and vulnerability identification, as well as risk analysis, assessment, and response. Next, you will discover control categories, types, and assessments. Then you will investigate continuous monitoring and measurement and risk management reporting. Finally, you will examine continuous improvement and risk frameworks as you gain the essential skills to protect and secure your organization's critical resources. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

11 videos | 45m Assessment Badge

CISA 2022: System Development & Vulnerability Testing

Systems development and vulnerability testing often go hand in hand to ensure the timely delivery of system changes or entire new solutions. In this course, you'll learn about system development and vulnerability testing, beginning with secure coding, security testing types, vulnerability scanning, and how to perform a vulnerability scan. Then you'll explore comparing network scans, penetration testing, packet forgery, and web application vulnerability scans. Finally, you'll dig into IPsec network traffic, jump boxes, and honeypots. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

13 videos | 1h 12m Assessment Badge

Advanced Pen Testing Techniques

Explore advanced penetration testing tools and techniques used to find vulnerabilities, sniff network traffic, deal with cryptography, and crack passwords in this 14-video course. Learners will discover common techniques used to find weaknesses in both Linux and Windows-based systems. Key concepts covered here include finding vulnerability by using scanners and other techniques; how to capture and analyze network traffic with Wireshark; and learning about wireless security technologies, such as WEP, WPA/2/3, and their vulnerabilities. Continue by learning about cryptography and its four goals; learning to differentiate between symmetric and asymmetric cryptography; and learning how to choose a password cracking technique. Next, learn to differentiate between malware types and recognize the consequences of using targeted malware; learn to differentiate between scanning and enumeration; and learn the benefits of using Python to build scripts and deliver exploits. Then perform Linux privilege escalation with a penetration tester; perform Windows privilege escalation to exploit a Windows system by using the AlwaysInstallElevated technique; and use PowerShell to perform pen testing tasks such as reporting on all USB devices installed.

14 videos | 1h 22m Assessment Badge

CISSP 2024: Security Audit & Controls Testing

A security audit is a comprehensive assessment of an organization's information systems. Typically, they measure the systems and applications against an audit checklist of industry best practices, externally established standards, and/or federal regulations. In this course, differentiate internal, external, and third-party auditing and learn about locations for auditing and controls testing, the purpose of a vulnerability assessment, and the basics of penetration testing. Next, explore log reviews and log data, code review and testing techniques, and compare synthetic transactions, benchmark, and misuse case testing. Finally, examine coverage analysis concepts, compare interface testing methods, and discover the purpose of compliance checks. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

12 videos | 34m Assessment Badge

CISSP 2024: Assessing Software Security & Coding Guidelines

It is one thing to implement application security controls, managed services, and cloud services; it is another thing to assess the ongoing success and failure of those initiatives. In the course, learn how to assess the auditing and logging of changes, risk analysis and mitigation, acquired software, managed services, and cloud services with the CCM. Next, explore source code security weaknesses and vulnerabilities at the source code level and how to secure application programming interfaces (API) with the 2023 OWASP Top 10. Finally, examine secure coding practices and software-defined security (SDS). This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

11 videos | 27m Assessment Badge

CISSP 2024: Secure Design Principles & Models

For the CISSP exam, one must be able to understand a variety of security design principles and practices. The topics in this course cover the following Domain 3 objectives: research, implement, and manage engineering processes using secure design principles and understand the fundamental concepts of security models. Begin by exploring the importance of least privilege and defense in depth to create multi-layered security defenses and restrict access to sensitive information. You will then look at concepts of segregation of duties (SOD), keeping it simple and small, and privacy by default and design. Next, you will consider how the shared responsibility model is crucial for participants to grasp the roles and accountability in cloud and collaborative environments. You will also explore threat modeling techniques to identify, evaluate, and mitigate potential security threats. Finally, you will compare zero trust vs. trust, explore the secure access service edge (SASE) framework, and consider the fundamental concepts of security models such as Bell-LaPadula, Biba, Star, and Clark-Wilson. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

12 videos | 40m Assessment Badge

CSSLP 2024: Privacy, PII, & Cross-border Data Transfers Security Requirements

Regulations and standards are an important source of secure software requirements and these lay special emphasis on safeguarding personally identifiable information (PII) and protecting user privacy. In this course, learn about the security requirements and privacy safeguards embedded in major regulations like PIPEDA, CCPA, GDPR, HIPAA, COPPA, and the OECD and how these frameworks enforce stringent controls over personal data. You will also study the complexities of cross-border data transfers by comparing frameworks like Privacy Shield, and the APEC Privacy Framework. Explore data access provisioning and how to categorize diverse types of data objects. Finally, discover the distinctions between misuse and abuse scenarios in security requirements and how these scenarios impact organizations. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

11 videos | 1h 22m Assessment Badge

CISSP 2024: Professional Ethics & Security Concepts

Regardless of the guidance that one is following as a security professional, one common theme is that architects must be held to a high ethical standard based on their responsibility to manage risk to all assets. In this course, you will explore the International Information System Security Certification Consortium (ISC2) Code of Professional Ethics. Then you will discover organizational codes of ethics, which establish an integral aspect of a mission and model adopted by an organization. Finally, you will focus on the Five Pillars of information security - confidentiality, integrity, availability, authenticity, and non-repudiation. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

9 videos | 18m Assessment Badge

CISSP 2024: Threat Modeling, SCRM, & Security Awareness

Threat modeling uses hypothetical scenarios, system and data flow diagrams, and testing to assist in securing systems, applications and data. In this course, the learner will explore threat modeling concepts and methodologies, supply chain risk management (SCRM) concepts, and ways to establish and maintain a security awareness, education, and training program. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

8 videos | 29m Assessment Badge

CISSP 2024: Vulnerabilities of Architectures, Designs, & Solution Elements

A security vulnerability is a weakness, flaw, or error found within a security element that has the potential to be leveraged by a threat agent in order to compromise a secure network, system, or application. The goal of this course is to prepare the CISSP candidate to assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. In this course, you will begin by considering the potential vulnerabilities of various systems including client-based, server-based, database, cryptographic, industrial control (ICS), embedded, virtualized, cloud-based, and distributed systems and how you might mitigate these issues. Next, you will walk through ways to lessen vulnerabilities in Internet of Things (IoT) devices and discover how to assess and mitigate vulnerabilities in containerized systems and microservices including application programming interface (API) calls. You will also look at the potential weaknesses in serverless technologies, high-performance computing, and edge computing and how to alleviate these issues. Finally, you will explore the security capabilities of Information Systems like memory protection, Trusted Platform Module (TPM), and encryption/decryption.

14 videos | 55m Assessment Badge

Linux Exploits & Mitigation: Memory and Pointer Vulnerabilities

Memory and pointer vulnerabilities come from a number of common programmer mistakes. Being able to recognize, debug, and fix unsafe memory allocation and access errors is essential to avoiding vulnerabilities. In this course, you'll explore how memory and pointer vulnerabilities arise and how they lead to program errors and exploits. You'll look at how memory is allocated and accessed in a typical C program. You'll investigate what causes heap and stack overflows, use-after-free (UAF) vulnerabilities, and out-of-bounds access errors. In addition, you'll recognize dangling pointers, NULL dereferences, and off-by-one loops. Finally, you'll delve into how coding errors lead to corrupted memory and arbitrary code execution.

14 videos | 1h 10m Assessment Badge

CISSP 2024: Securing the SDLC & Software Development Ecosystems

According to Amazon Web Services (AWS), the Software Development Life Cycle (SDLC) is a cost-effective and time-efficient development team process used to design and build high-quality software. The goal of the SDLC is minimizing project risks through forward planning so software during production and beyond meets customer expectations. In this course, explore various development methodologies and maturity models and DevOps operations, maintenance, and change management concepts. Next, explore integrated product teams (IPTs), apply security controls in various scenarios, and work with integrated development environments (IDEs) and toolsets. Finally, learn how to apply security controls in CI/CD and code repositories, software configuration management (SCM) benefits, and application security testing techniques. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

12 videos | 42m Assessment Badge

CISSP 2024: Securing Network Components & Communication Channels

Evaluate the best data communications solutions for your organizations based on factors such as reliability, cost, and security. In this course, you'll explore how to design and deploy infrastructure that meets the requirements of modern businesses. Learn how to evaluate infrastructure solutions based on factors such as reliability, scalability, and cost-effectiveness, explore the best practices for maintaining that infrastructure, and learn about the different types of transmission media, including physical security and signal propagation quality. Next, you'll discover different transmission media solutions, Network Access Control (NAC) systems, and gain an understanding of how to design and deploy NAC solutions that provide comprehensive security to network endpoints. Finally, explore the different types of data communications, including backhaul networks, satellite, and third-party connectivity such as telecom providers and hardware support. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

10 videos | 34m Assessment Badge

CSSLP 2024: Secure Software Architectures & Frameworks

The Secure Software Architecture and Design CSSLP domain focuses on the ability to apply security practices to each phase of the software development life cycle, spanning topics from high-level models like SABSA and the Zachman Framework to cloud computing, VMs, hypervisors, containers, and industrial IoT systems. In this course, you'll learn how to organize and categorize security architectures, including the Sherwood Applied Business Security Architecture (SABSA). Explore various types of distributed computing architectures, the client-server architecture, and peer-to-peer (P2P) networks along with their security challenges. From there, you'll dive into service-oriented architectures (SOAs), analyze the security benefits of microservices and containers, examine Rich Internet Applications (RIAs), and cover how to prevent Remote Code Execution (RCE) attacks. After that, you'll study the implications of different types of connectivity, location-based services, RFID, NFC, and sensor and mesh networks. You'll finish with a focus on Embedded Systems and learn the significance of Secure Boot and Secure Memory, Secure Update Mechanisms, and Field-programmable Gate Arrays (FPGAs). This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

16 videos | 2h 5m Assessment Badge

CISSP 2024: Secure Design Principles in Network Architectures (Part 1)

In the digital era, understanding network protocols and their impact on performance is crucial for IT professionals tasked with maintaining robust and efficient communication systems. This course is the first of two courses that cover a large part of CISSP Domain 4. In this course the learner will focus on several aspects of secure design principles in network architectures including OSI and TCP/IP protocols for IPv4 and IPv6, secure protocols, multilayer protocol implications, converged protocols, transport architectures, performance metrics, and traffic flows. This course helps prepare learners for the Certified Information Systems Security Professional (CISSP) exam.

10 videos | 47m Assessment Badge

CSSLP 2024: Security in Firmware & Industrial IoT

Vast sectors like manufacturing, energy, the automotive industry, and medical devices are now powered by the Industrial Internet of Things, or IIoT. This course gives you the tools to manage the unique security considerations of these technologies. First, learn about the security of firmware and hardware device drivers, exploring vulnerabilities and studying famous attacks such as Stuxnet. Then, examine cognitive computing, AR/VR, IIoT, and specific attacks by Triton malware targeting IIoT systems. Next, explore Facilities IIoT and Automotive IIoT, focusing on infrastructure and vehicular systems security. Study famous security breaches, like the 2015 Jeep Cherokee hack, and then move on to robotics and medical devices IIoT. Learn about software-defined production considerations, including digital twins, sensor/actuator networks, and dynamic configuration management. After that, focus on security management interfaces, learning about their key components, such as SIEM and EDR systems. Then, explore the role of Out-of-Band (OOB) Management and log interfaces. Finally, examine application dependencies, assess the impact of protocol design choices and evaluate factors in API protocol design, particularly the choice between stateless and stateful protocols. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

13 videos | 1h 45m Assessment Badge

CSSLP 2024: Security in Memory Management, the Build Process, and APIs

Secure implementation practices are the bridge between secure architecture and secure testing. This course covers everything from memory management, API security, and build process security, all the way to static and dynamic application security testing. First, you'll learn secure memory management practices in Python by focusing on preventing vulnerabilities like buffer overflows, memory leaks, and dangling pointers while comparing memory management techniques in C++, C#, and Java. Then, you'll explore static application security testing (SAST) techniques such as source code, binary, and control flow analysis, and contrast them with dynamic application security testing (DAST). Moving on, you'll study API security strategies such as Gateway API rate limiting, load balancing, and caching, and review the OWASP API Security Top 10 for 2023, learning how to protect APIs from common threats. Finally, you'll learn about build process security techniques like obfuscation and code signing and examine compiler and interpreter switches in Python, Java, C#, and C++. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

1h 11m Assessment Badge

CSSLP 2024: Databases & Programming Language Environments

Python, Java, and .NET all have elaborate security features built into their runtimes, and so do database and data warehouse technologies we use every day. In this course, you'll learn the fundamentals of database security, including the role of encryption and how triggers can automate threat responses. Explore the uses of views in controlling data access and examine secure programming language environments. Analyze security features in the .NET CLR and the JRE, focusing on ASLR, DEP, type checking, and memory security. Then, contrast these with Python and PowerShell and learn about critical security controls in OS kernels, modes of execution, and virtual memory management. Next, discover threat modeling, STRIDE, spoofing, tampering, and the PASTA approach. Learn about attack trees, secure architectural design patterns, security design verification methods, as well as simulations and boundary value analysis. Finally, you'll define non-functional security requirements and discuss CI/CD Pipelines in secure deployment. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

15 videos | 2h 8m Assessment Badge

CISA 2022: Securing Networks & IT Assets

In any enterprise information technology environment, network and IT assets must be secured in order to preserve the integrity and legal standing of the organization. In this course, you will discover key aspects of securing networks and IT assets, beginning with network attacks, network threat mitigation, firewalls, and security monitoring and testing. Then you will explore the identification of plaintext network traffic, implementation of a packet filtering firewall, and implementation of a content filtering firewall. Finally, you will learn about physical asset protection, focusing on heating, ventilation, and air conditioning (HVAC) systems, physical security, drones and proximity security, and fire suppression systems. This course helps prepare learners for the ISACA certification exam, Certified Information Systems Auditor (CISA).

13 videos | 1h 44m Assessment Badge

Anomaly Detection: Network Anomaly Detection

In this 14-video course, learners can explore best practices for anomaly detection for network forensics with topics such as network behavior anomaly detection (NBAD), frequency analysis, identifying beaconing activity, and recognizing signs of brute force attacks. Also discover protocol and population analysis, HTTPS and SSH (Secure Shell) attacks, as well as triage methods. Begin with a look at concepts and applications of NBAD, then discover how to implement frequency analysis. Learn how to identify beaconing activity, and how to recognize the signs of a brute force attack. Next, learners examine protocol analysis approaches and techniques, and learn about HTTPS attacks, deducing the activity of encrypted web traffic. Analyze SSH authentication behavior; take an overview of population analysis; explore techniques used to reveal hidden connections with behavioral analysis; and learn how to differentiate between different NBAD triage methods. In the final tutorials, discover methods and techniques for performing network anomaly analysis and the benefits of anomaly detection, and examine how network forensics can be used to protect mission critical areas of business.

14 videos | 1h 11m Assessment Badge

Linux Exploits & Mitigation: Penetration Tools

The baseline of security for any computer system is a defense against known exploits and attacks. In this course, you'll learn how to employ the core pentesting tools to help validate that your systems and software are secure against known attacks. You'll start by learning how to leverage the capabilities of Metasploit by using its basic commands, payloads, and options. You'll then explore Metasploitable, Commix, as well as Exploit Database, SearchSploit, and the Linux Exploit Suggester. Next, you'll learn how to use RouterSploit and ShellNoob to carry out tests. Finally, you'll examine how to use SQLMap to explore how SQL injection attacks are formed and how to protect against them.

14 videos | 59m Assessment Badge

FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

Journey 611 Authorizing Official Advanced KSAT Journey

(1)

Journey 652 Security Architect KSAT Advanced NCWF Journey

(1)

Journey 652 Security Architect Intermediate KSAT Journey

(1)

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills and Salary Report

ESG Impact Report

541 Vulnerability Assessment Analyst Advanced KSAT Journey

541 Vulnerability Assessment Analyst

COURSES INCLUDED

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

YOU MIGHT ALSO LIKE