Aspire Journeys
621 Software Developer Intermediate KSAT Journey
- 57 Courses | 61h 47m 15s
Develops, creates, maintains, and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs.
621 Software Developer Intermediate
Develops, creates, maintains, and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs.
- 57 Courses | 61h 47m 15s
COURSES INCLUDED
CompTIA Cloud+: Cloud Architecture & Models
The cloud has various deployment and service models that can help your organization design and create your very own cloud strategy based on needs. First, you'll learn about the available cloud deployment models such as public, private, hybrid, community, and virtual public clouds, as well as multi-cloud and multitenancy environments. Next, you'll examine cloud service models such as Infrastructure as a Service, Platform as a Service, and Software as a Service. Finally, you'll learn about advanced topics such as the Internet of Things, serverless computing, machine learning, artificial intelligence, and the shared responsibility model. This course is one of a collection of courses that prepares learners for the CompTIA Cloud+ (CV0-003) certification.
12 videos |
1h 10m
Assessment
Badge
Google Professional Cloud Architect: Designing for Google Cloud Compliance
Compliance is a significant concern for many organizations, and many have historically failed to protect data adequately. In this course you will explore how governance has come to protect data, such as health records, through legislation like HIPAA and COPPA. Then, discover how commercial interests have helped bolster financial stability by setting standards of protecting data via certifications like Personally Identifiable Information (PII) and Payment Card Industry Data Security Standard (PCI DSS) that allow customers and businesses to trust you. In addition, there are specific industry certifications that may need to be met depending on the function of the business you run, rather than the data you keep. You will also focus on the need to maintain careful auditing standards for the integrity of any legal disputes that might arise. Finally, you will focus on use cases that you can expect to encounter in an exam environment. This course is one of a collection that prepares learners for the Google Professional Cloud Architect exam.
12 videos |
59m
Assessment
Badge
CompTIA Data+: Understanding Data
Databases cannot perform at all without data - it is that simple. Data is the lifeblood of databases, and once a database is populated with data, the things a data analyst can do with it are truly remarkable. By harnessing the power of data, modern life has become more efficient in virtually every way. In this course, you will explore the basics of data, beginning with an introduction to data types, structured data, defined rows and columns, and key-value pairs. You will then proceed to explore unstructured data, undefined fields, machine data, and discrete and continuous data. Next, you will dig into categorical data, numerical data, text data, multimedia data. Finally, you will examine text files, HTML files, XML files, and JSON files. This course can be used to prepare for CompTIA Data+ (DA0-001) exam.
19 videos |
1h 59m
Assessment
Badge
CCSP 2022: Software Assurance & Validation
It's one thing to make an impressive presentation to upper management and acquire the necessary resources to lower risks to your cloud resources. However, the decision-makers will expect an ongoing assessment of the success of the various implemented countermeasures and controls. With this course, learn about cloud software development assurance and validation. Explore functional and non-functional testing approaches and security testing methods. Next, examine OWASP API security strategies and the basics of supply chain management. Finally, learn about third-party software management and open-source software validation and vulnerabilities. This is one of a collection of courses that fully prepares the learner for the ISC2 Certified Cloud Security Professional (CCSP) 2022 exam.
10 videos |
28m
Assessment
Badge
CCSP 2022: Legal Requirements, Privacy Issues, & Risk Management in the Cloud
Cloud computing presents a number of unique risks and issues since it routinely crosses many geographic and political boundaries, and international legislation, regulations, and privacy requirements can conflict with one another. In this course, examine the legal and privacy issues that a Certified Cloud Security Professional can expect to face. Begin by investigating conflicting international laws, eDiscovery, and Cloud Security Alliance (CSA) guidance. Then, focus on personal privacy issues related to protected health information (PHI), personally identifiable information (PII), and privacy impact assessments (PIAs), and compare privacy requirements including ISO/IEC 27018, Generally Accepted Privacy Principles (GAPP), and General Data Protection Regulation (GDPR). Finally, explore risk management by assessing risk management programs and studying regulatory transparency requirements, including breach notification, Sarbanes-Oxley (SOX), and GDPR. This is one of a collection of courses that fully prepares the learner for the ISC2 Certified Cloud Security Professional (CCSP) 2022 exam.
10 videos |
25m
Assessment
Badge
Pen Testing for Software Development: The Penetration Testing Process
Penetration testing can identify both known and unknown vulnerabilities and help avoid security breaches. In this course, you'll learn the importance of penetration testing, what system hardening is, and the requirements of penetration testing. You'll then examine the differences between penetration testing and vulnerability assessments, as well as the various types, stages, and methods of penetration testing. Next, you'll learn about white box, black box, and gray box penetration testing, and the differences in penetration testing methodologies. You'll see the available tools for performing penetration testing, as well as the types of outputs resulting from penetration testing. Lastly, you'll learn about penetration testing best practices and how to perform a penetration test.
16 videos |
1h 26m
Assessment
Badge
CRISC 2023: Data Privacy
Data privacy is a foremost concern for most organizations. Compliance with laws and regulations feeds into risk management. In this course, you will discover the characteristics of Personally Identifiable Information (PII) and techniques to prevent sensitive data leakage. Then you will explore data loss prevention (DLP) and learn how to implement DLP using Microsoft Purview. Next, you will examine various data privacy and security standards including International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards, General Data Protection Regulation (GDPR), the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). Finally, you will focus on the Payment Card Industry Data Security Standard (PCI DSS), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
12 videos |
1h 7m
Assessment
Badge
CRISC 2023: Cryptography
Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure Encrypting File System (EFS) file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Then learn how to hash files in Linux and Windows. Finally, find out about hardware security modules (HSMs) and the Trusted Platform Module (TPM), how Transport Layer Security (TLS) supersedes the Secure Sockets Layer (SSL), and how to enable HTTPS. This course can be used to prepare for the ISACA(r) Certified in Risk and Information Systems Control (CRISC(r)) certification.
14 videos |
1h 18m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Network Security Concepts
Cybersecurity policies often require detailed network configuration changes and additions. Technicians must be proficient with the configuration and management of various TCP/IP protocols. In this course, I will start by discussing the Open Systems Interconnection (OSI) model, network switching, and network access control. Next, I'll discuss the TCP/IP protocol suite as well as IPv4 and IPv6 addressing. I will then discuss network routing, dynamic host configuration protocol (DHCP), domain name system (DNS) and Wi-Fi authentication methods. Lastly, I will cover virtual private networks (VPNs), IP Security (IPsec) and network time synchronization. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
14 videos |
1h 29m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Managing Network Settings
Modern IT solutions communicate over various types of networks. Cybersecurity analysts must be able to configure and secure the ways that devices communicate over these networks. In this course, I will begin by creating on-premises and cloud-based virtual networks, followed by managing IP addressing on Linux, Windows, and in the cloud. Next, I will manage routing table entries in the cloud and implement domain name system (DNS) and Dynamic Host Configuration Protocol (DHCP) security. Lastly, I will harden a Wi-Fi router and configure IPsec in Windows. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
11 videos |
59m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Cloud Computing & Cybersecurity
Cloud computing is an integral part of IT solutions for individuals and organizations. A knowledge of how cloud computing services are deployed and managed is a requirement for securing cloud-based resources. In this course, I will start by discussing cloud computing deployment models, such as public and private clouds, followed by discussing various cloud computing service models. Next, I will cover a variety of cloud computing security solutions, and I will deploy Linux and Windows cloud-based virtual machines. I will then deploy a web application in the cloud, cover the Cloud Controls Matrix (CCM) security controls, and work with Microsoft Azure managed identities. Lastly, I will discuss and configure a content delivery network (CDN). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
12 videos |
1h 10m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Data Security Standards
To remain compliant with relevant data privacy laws and regulations, organizations must have a way of identifying sensitive data and implementing security controls to protect that data. In this course, explore how physical security is related to digital data security, examples of personally identifiable information (PII), and how data loss prevention (DLP) solutions can prevent data exfiltration. Next, learn about common data privacy regulations and standards, including GDPR, HIPAA, and PCI DSS. Finally, discover how to use Amazon Macie and File Server Resource Manager to discover and classify sensitive information and learn about the importance of service level objectives (SLOs) and service level agreements (SLAs). This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
11 videos |
1h 3m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Threat Intelligence Information
Cybersecurity analysts and security tools can reference a variety of threat intelligence sources to keep up to date with the latest threats and mitigations. These can be used to help keep organization security policies as effective as possible. In this course, examine different threat intelligence sources, the common vulnerabilities and exposures (CVEs) website, and the MITRE ATT&CK knowledge base. Next, discover how the OWASP Top 10 can help harden vulnerable web applications, how advanced persistent threats (APTs) are executed, and common ISO/IEC standards. Finally, learn how to analyze CIS benchmark documents, the Common Vulnerability Scoring System (CVSS), common organization security policy structures, and how organizational culture relates to IT security. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
12 videos |
1h 9m
Assessment
Badge
CompTIA Cybersecurity Analyst+: OS Process Management
Managing the running processes on Linux and Windows hosts not only improves performance but also impacts how secure those hosts are. Determining what an abnormal performance or activity is greatly facilitates comparisons to current activity to established baselines of normal performance and behavior. In this course, I will start by navigating through the Windows registry followed by exploring Linux hardware devices using the Linux command line. I will then use the Windows Device Manager tool to manage a hardware device. Next, I will create partitions and file systems on Linux and Windows hosts followed by covering how processes and daemons interact with the Linux OS. I will manage Linux and Windows processes and daemons, or services. Lastly, I will establish a normal performance baseline on a Windows Server using a data collector set. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ (CySA+) exam.
11 videos |
59m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Cryptography
Confidentiality, integrity, and availability are core pillars of IT security governance. Cybersecurity analysts can harden IT environments using various encryption and hashing techniques. In this course, examine how the CIA triad relates to IT security and how cryptography protects sensitive data. Next, discover how to configure EFS file encryption and Microsoft BitLocker encryption, and use a customer-managed key to enable encryption for an Azure storage account. Finally, learn how to hash files in Linux and Windows, about hardware security modules (HSMs), and how TLS supersedes SSL. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
12 videos |
1h 5m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Firewalls & Intrusion Detection
Firewall solutions control which types of network traffic are allowed into, through, or to leave a host or network. Cybersecurity analysts must know which type of firewall is needed for a given requirement as well as the placement of the firewall solution on the network. In this course, you will begin with a comparison of firewall types such as packet filtering, next-generation, and web application firewalls and learn how to determine their placement on the network. Then you will configure Windows Defender and Linux firewall settings. Next, you will configure Azure network security group firewall rules and explore the role played by forward and reverse proxy servers. Finally, you will install the Squid proxy server on Linux, find out how intrusion detection and prevention systems can address security concerns, and install and configure the Snort IDS. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
10 videos |
56m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Malicious Techniques & Procedures
Understanding the characteristics of various types of attacks goes a long way in helping cybersecurity analysts prevent and detect malicious activity. A knowledge of techniques and attacks such as buffer overflows and distributed denial-of-service (DDoS) attacks facilitates mitigation planning. In this course, I will begin by covering how SYN flood attacks from the 3-way Transmission Control Protocol (TCP) handshake. Next, I will detail various types of buffer overflow, cross-site scripting (XSS), and injection attacks. I will then execute a structured query language (SQL) injection attack followed by discussing potential extensible markup language (XML) vulnerabilities and DDoS attack mitigations. Moving on, I will run a denial-of-service (DoS), client web browser, and reverse shell attack. Lastly, I will spoof network traffic, crack Remote Desktop Protocol (RDP) passwords and discuss common Wi-Fi attacks. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
15 videos |
1h 27m
Assessment
Badge
CompTIA Cybersecurity Analyst+: Secure Coding & Digital Forensics
Security must be included in all phases of IT system and software development designs. Continuous integration and continuous delivery/deployment (CI/CD) integrates development and ongoing management of IT solutions. Cybersecurity analysts must understand IT governance and digital forensics concepts. Begin this course by examining the role of security in the software development life cycle (SDLC). Then you will explore CI/CD and learn how Git is used for file version control. Next, you will discover how the Control Objectives for Information and Related Technologies (COBIT) framework applies to IT governance and you will investigate digital forensics. Finally, you will configure legal hold settings for a cloud storage account and list common digital forensics hardware and software solutions. This course can be used to prepare for the CS0-003: CompTIA Cybersecurity Analyst+ exam.
10 videos |
55m
Assessment
Badge
CompTIA Network+: Ports & Protocols
Understanding common networking protocols, ports, services, and traffic types is crucial for managing and securing networks. In this course, learn about the most commonly known protocols that are used today on computer networks, such as FTP, SMTP, DNS, HTTP/HTTPS, and more. Next, examine how HTTP enables computers to send and receive web-based communication messages and investigate other common key protocols and their ports. Finally, explore the Structured Query Language (SQL) programming language, common IP protocol types, and various traffic types. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.
21 videos |
2h 28m
Assessment
Badge
CompTIA Network+: Network Topologies, Architectures, & Types
Network architectures refer to the overall design and layout of a network, including how devices and components are organized and interconnected. In this course, explore wireless and wired networking standards, the features of key satellite and cellular technologies, and the differences between various types of wired transmission media. Next, compare Ethernet and fibre channel (FC) transceiver protocols and the differences between common network connector types. Finally, learn about common network topologies, architectures, and types, as well as use cases for a collapsed core architecture and network traffic flow. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.
15 videos |
1h 14m
Assessment
Badge
CompTIA Network+: Network Security Concepts & Solutions
Network security concepts encompass a range of practices, technologies, and policies designed to protect the integrity, confidentiality, and availability of data and resources within a computer network. In this course, explore logical security concepts, including encryption and identity and access management (IAM), as well as physical security controls. Next, learn about security deception technologies and common network security terminology, including confidentiality, integrity, and availability (CIA). Finally, examine network access control solutions, key management concepts, network security rules, and network security zones. This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.
13 videos |
1h 8m
Assessment
Badge
CompTIA Server+: Deploying Cloud PaaS & SaaS
Platform as a Service (PaaS) and Software as a Service (SaaS) are two popular and valuable cloud service models. Both play a unique role in managing certain aspects of cloud computing. If you're an IT professional working in server environments, you need to know what these two cloud service models entail. Take this course to learn all about PaaS and SaaS solutions. Furthermore, practice deploying databases in the AWS and Microsoft Azure clouds. Configure a SaaS cloud solution. Use an automation template to deploy a PaaS solution. And use several strategies and tools to keep cloud computing costs to a minimum. Upon course completion, you'll be able to deploy PaaS and SaaS solutions and control cloud computing costs. This course also helps prepare you for the CompTIA Server+ SK0-005 certification exam.
9 videos |
46m
Assessment
Badge
CompTIA Server+: Working with TCP/IP
TCP/IP has become the standard software-based network protocol suite used globally. Those working in a server environment need to have a robust understanding of the protocols and services of TCP/IP and their configuration. Learn all about these configurations in this course. Explore IPv4 addressing and IP subnetting and practice configuring IPv4 manually. Next, learn about DHCP and deploying a Windows DHCP server. Then, examine how TCP and UDP transport protocols differ. Moving on, practice configuring IPv6 addresses manually and also configuring IP addresses in the cloud. Explore DNS and practice the deployment of a Windows DNS server and the configuration of DNS zones in the cloud. And finally, explore NTP and its configurations. When you're done, you'll be well versed in the configurations of the different TCP/IP services. You'll also be further prepared to sit the CompTIA Server+ SK0-005 certification exam.
16 videos |
1h 38m
Assessment
Badge
CompTIA Server+: Network Firewalls
In cybersecurity, firewalls control what type of traffic is allowed into or out of a server or network. There are a variety of firewall types designed for specific use-cases and these solutions can come in the form of a dedicated hardware or software appliance, or could be software running within a general purpose operating system. Discover common network and wireless security threats and mitigations, and how packet filtering firewalls work. Learn to configure a Windows and Linux firewall and work with cloud-based packet filtering in AWS and Microsoft Azure. Finally, discover how proxy servers and network address translation (NAT) work in securing the network. Upon completion, you'll be able to select and implement the appropriate firewall solution on-premises and in the cloud. This course is part of a collection that prepares you for the CompTIA Server+ SK0-005 certification exam.
14 videos |
1h 32m
Assessment
Badge
CompTIA Server+: Data Privacy & Protection
Data privacy has become engrained in laws and regulations all over the world. Server technicians must take the appropriate steps to secure sensitive data in alignment with applicable laws and regulations. Discover items that constitute personally identifiable information (PII) and protected health information (PHI) and identify common data security standards such as GDPR, HIPPAA, and PCI DSS. Differentiate between various types of malware and discover how the art of deception is practiced through social engineering. Next, examine data loss prevention (DLP) and implement data discovery and classification on-premises and in the cloud. Lastly, examine key storage media destruction techniques. Upon course completion, you'll be able secure data in alignment with applicable laws and regulations. You'll also be more prepared for the CompTIA Server+ SK0-005 certification exam.
11 videos |
1h 3m
Assessment
Badge
Forensic Analysis: Cybercrime Investigations
Cybercrime investigators are typically responsible for collecting, processing, analyzing, and interpreting digital evidence related to network vulnerabilities, criminal activity, and counterintelligence initiatives. In this course, you'll explore the basics of network packet capturing, a process used to intercept and log traffic occurring over a network. You'll also examine the purpose and features of some standard tools and techniques to preserve and analyze a computer system's most volatile data. You'll then learn to use some of these tools and techniques to achieve various digital forensic analysis goals. Next, you'll recognize computer forensic best practices, including locating evidence in the Windows Registry. Finally, you'll learn how to differentiate between the purpose and features of the various tools available for conducting hard disk forensic analysis.
17 videos |
1h 37m
Assessment
Badge
Threat Intelligence & Attribution Best Practices: Attribution Analysis
Cyber attribution analysis is used to track, identify, and incriminate perpetrators of cyber attacks or exploits and is a must-know offensive security operations technique. In this course, you'll learn about the fundamental concepts and critical concerns related to attribution. You'll start by examining the different attribution types and levels before exploring attribution indicators, techniques, best practices, tools, and challenges. Moving on, you'll gain insight into how to identify and interpret forensic artifacts gathered from various sources, manage evidence, and make attribution judgments and assessments. You'll then study geopolitics, the Intelligence Community, and legal considerations as they relate to cyber threats and attribution. Lastly, you'll look into how malware cyber threat reverse engineering, code sharing analysis, and network behavior analysis lead to attribution.
20 videos |
1h 22m
Assessment
Badge
DevSecOps Methodologies
DevSecOps allows developers and project managers the ability to automate, monitor, and apply security at all phases of the software life cycle. This includes the planning, developing, building, testing, releasing, delivering, deploying, operating, and monitoring phases. In this course, you will explore factors that define DevSecOps as a methodology or framework. Discover the benefits of using the CALMS and Three Ways frameworks, and the reasons to integrate security into the application development life cycle. Examine key considerations when migrating from the DevOps life cycle to the DevSecOps life cycle and investigate the roles of the code analysis and change management phases. Explore other DevSecOps phases including compliance, threat assessment, research, and vulnerability analysis. Finally, learn how DevSecOps has become inherently decentralized, and why decentralization is critical.
14 videos |
1h 28m
Assessment
Badge
Security Program Regulatory Integration
In this 12-video course, learners will discover the importance of integrating regulations with organizational security policies. Explore security standards such as General Data Protection Regulation (GDPR); Health Insurance Portability and Accountability (HIPAA); and Federal Information Security Management Act (FISMA), as well as the International Organization for Standardization (ISO), and National Institute of Standard and Technology (NIST). To begin, determine how to establish the importance of building regulatory compliance into a company's IT security program. You will then examine Personally Identifiable Information (PII), and Protected Health Information (PHI). This leads into the subject of Payment Card Industry Data Security Standard (PCI DSS), and what it entails. You will learn how HIPAA protects medical information; how GDPR protects European Union citizen data, and how the Gramm-Leach-Bliley Act (GLBA), applies to financial institutions. You will also identify how FISMA strives to protect sensitive US Government information, and recognize both NIST and ISO security standards. To conclude the course, you will discover how the Sarbanes-Oxley Act (SOX), requires organizational financial transparency.
12 videos |
38m
Assessment
Badge
Security Architect: Secure Coding Concepts
Explore secure coding from the standpoint of a security architect, including best practices for both security design and architecture implementation, and the level of influence needed by a security architect to influence secure coding practices, in this 14-video course. Key concepts covered in this course include principles that define a security architecture; examining the issues and steps involved in security design; and learning the process and potential security flaws in security architecture implementation. Next, you will learn about considerations for deploying and operating an application in secure environments; learn methods and tools that can be used to help secure software through automation and testing; and learn approaches to assessing the risk of an application. Continue by examining the lifecycle of vulnerabilities in software; common coding pitfalls that lead to security vulnerabilities; and industry standards and the application domains they apply to. Finally, you will learn security concerns when adopting new technologies, coding languages, and platforms; learn secure coding architecture when deploying cloud applications; and learn practical approaches to secure coding practices.
14 videos |
56m
Assessment
Badge
Mitigating Security Risks: Cyber Security Risks
Effective cybersecurity risk management requires intricate knowledge of day-to-day IT security risks, network vulnerabilities, and cyber attacks. In this course, you'll detail several cybersecurity breaches and how best to prevent each one. You'll start with a general overview of what comprises security risks before categorizing different types into information, cloud, and data-related risks. Next, you'll explore cybercrime methods, the motivations behind them, and the security gaps that invite them in. You'll then use real-life examples to detail some commonplace cyberattacks and crimes. Moving on, you'll investigate what's meant by malware and outline best practices to manage worms, viruses, logic bombs, trojans, and rootkits. You'll also learn how to safeguard against malware, spyware, ransomware, adware, phishing, zero-day vulnerabilities, DoS, and backdoor attacks. By the end of the course, you'll be able to outline guidelines and best practices for securing against the most prevalent types of cybercrimes.
13 videos |
1h 16m
Assessment
Badge
Cloud Security Administration: Infrastructure Planning
Cloud infrastructure consists of the physical location of the cloud data center. Depending on the data center location, there are different risks that are taken by the service provider and different methods used to tackle security issues. A secure cloud is created by using open source software and creating a technical support pool. Additionally, basic security concepts like protecting data in motion and in rest using encryption can be employed so that clients can only see their data. In this course, you'll learn about baselining cloud infrastructure, different components like hardware and software, and challenges faced in cloud environments.
13 videos |
55m
Assessment
Badge
Ethical Hacker: Security Standards
Ethical hacking is not just random hacking attempts; it is a systematic testing of the target's security. For that reason, an understanding of security standards and formal testing methodologies is critical. Key concepts covered in this 11-video course include security standards such as NIST 800-115, a security standard which is integrally interconnected with ethical hacking and testing; and NIST 800-53, a security standard that can help users to professionalize and improve an ethical hacking test. Next, learn how to properly apply filtering and data validation; how to apply the NSA-IAM to ethical hacking to plan, execute, and report on your ethical hacking project; and how to apply the PTES to ethical hacking to plan, execute, and report on your ethical hacking project. Then learn about PCI-DSS standards and how to integrate them into ethical hacking; learn how to implement ISO 27001; and learn to interpret and apply NIST 800-12. Finally, learners observe how to employ NIST 800-26 standards to manage IT security; and learn about NIST 800-14 security protocols.
11 videos |
39m
Assessment
Badge
PenTesting for Physical Security
This 14-video course explores physical penetration testing, and how to test a business's infrastructure, including IT assets, its data, people, and physical security to locate any exploitable vulnerabilities. In this course, you will learn why lockpicking is essential in cybersecurity, and you will examine different types of locks and lockpick tools. This course demonstrates several types of penetrations, including EM (electromagnetic security vulnerabilities), dumpster diving, and tailgating, and how to protect against these attacks. You will learn about penetration testing types, including network services, web and client applications, Cloud penetration, penetration testing of wireless networks, and social engineering. Learners will explore several penetration tools, including Kali Linux, which comes with tool such as Nmap, Wireshark, and John the Ripper; the Aircrack suite; OpenVas, and several others. You will learn about web app security testing methodologies. Learners will observe the elements of a successful report, and how to document penetration testing results. Finally, this course demonstrates practicing testing skills by using Grier Demo website.
14 videos |
1h 7m
Assessment
Badge
SecOps Engineer: Secure Coding
This 13-video course explores software protection by applying secure development and coding practices. Learners will examine secure coding key concepts, including early and frequent testing, and how to validate to ensure it is the proper kind of data, and the proper size, type, and format. First, the course demonstrates how to set up a simple filtering statement to improve software security. You will learn how to constrain user input, by implementing a drop-down box or radio buttons. You will also learn the top 10 rules established by CERT (Computer Emergency Response Team) for secure programming, and how to operationalize secure software deployments, as well as continuous secure delivery to quickly update changes and upgrades. Learners will explore verification, and secure validation software metrics to measure and improve software. You will learn to use C# code, evaluate both secure and unsecure parts, for the web and Windows code, and learn to secure code with Python. Finally, you will learn to secure code with Java.
13 videos |
51m
Assessment
Badge
SecOps Engineer: Security Engineering
Explore fundaments of cybersecurity and engineering in this 10-video course, which examines the fundamental concepts of the CIA (confidentiality, integrity, and availability) triangle, and views security operations, security planning, engineering, application security through these three concepts. First, learners will examine the more advanced version: the McCumber Cube. You will learn to integrate systems engineering into cybersecurity, and explore requirements engineering, and how to gather requirements. Next, learn how to analyze them, to apply security requirements engineering techniques, and to finalize project requirements. You will be introduced to SecML (Security Modeling Language) which takes SysML (System Modeling Language) used by systems engineers, and to modify portions of it to be specific to cybersecurity. You will examine how SecML can be used to create both offensive and defensive security mitigation controls. This course examines security metrics, and how to apply engineering failure analysis methods to cybersecurity. Finally, you will observe how to incorporate security requirements engineering into cybersecurity, and the relevance of regulatory requirements.
10 videos |
33m
Assessment
Badge
CCSP 2019: Cloud System Architecture Design
Cloud services vary in size and complexity, and deployed architecture carries a direct impact on service and data asset security. In this 15-video course, learners explore aspects of cloud computing architectural design, along with associated cloud systems and components. Begin by looking at cloud component definitions and various cloud system participants: consumers, providers, partners, auditors, and regulators. Next, view operational characteristics of cloud computing: on-demand, self-service, broad network access, multi-tenancy, rapid elasticity and scalability, resource pooling, and measured service. Look at supporting architectural components and infrastructure of cloud computing such as virtualization and storage. Examine details of Cloud Computing Activities with reference to ISO/IEC 17789, clause 9. Learn how cloud service categories are based on supported services and capabilities such as application, platform, and infrastructure capability types, and examine cloud deployment categories and models. Learn about the responsibility of cloud services between customers and providers. Explore the impact of technologies such as machine learning, and examine business requirements and contracts and aspects of vendor and contract management. A final exercise covers supply chain management. This course will help a learner prepare for the (ISC)2 Certified Cloud Security Professional (CCSP) exam.
14 videos |
53m
Assessment
Badge
CCSP 2019: Implementing Data Discovery & Classification
Proper data governance begins with labeling data and applying security controls based on those labels. Explore information rights management (IRM) and challenges associated with data discovery, as well as the roles played by PKI (public key infrastructure) security certificates and virtual private networks (VPNs) in the cloud. This 6-video course prepares learners for the (ISC)2 Certified Cloud Security Professional (CCSP) exam. Begin with IRM objectives such as data rights, provisioning, and access models. Examine data discovery approaches and techniques for structured and unstructured data, and challenges of data discovery in the cloud. Then examine data classification, enabled by using Microsoft Azure Information protection for sensitive data such as Protected Health Information (PHI) and Personally Identifiable Information (PII), and cardholder data. Recognize how PKI provides security for digital IT solutions; how to use PowerShell to create PKI certificates; and how to generate certificates in a Microsoft Azure Key Vault. Learn how VPNs are used for secure cloud resource access. Then configure a Microsoft Azure point-to-site VPN and a custom Microsoft Azure Key Vault key for storage account encryption.
12 videos |
42m
Assessment
Badge
CISM 2022: Information Security Governance
The best way to improve the enterprise security stance is to align IT security solutions with business objectives. In this course, you will consider how information security must align with business strategies. You will explore the business model for information security and review the importance of identifying and classifying assets critical to a business. Next, you will learn about supply chain security, personnel management, and the components of an information security program. You will discover the relationship between service-level agreements (SLAs) and organizational objectives and discuss the relevance of change and configuration management. Then, consider how to develop organizational security policies. Lastly, explore expense types, chain of custody, organizational culture, and how the Control Objectives for Information Technologies (COBIT) framework applies to IT governance. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
16 videos |
1h 40m
Assessment
Badge
CISM 2022: Security Standards
Global and local security standards, including laws and regulations, are an important input to determine how enterprises deploy and manage security controls. In this course, you will learn how the European Union's General Data Protection Regulation (GDPR) data privacy legislation applies to any organization world-wide handling private EU citizen data. Next, you will explore various International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standards for proper data governance, followed by American data privacy and cloud security standards such as Health Insurance Portability and Accountability Act (HIPAA) and Federal Risk and Authorization Management Program (FedRamp). Discover how to secure cardholder data as related to Payment Card Industry Data Security Standard (PCI DSS) international security standards and review other data privacy legislation including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and China's Personal Information Protection Law (PIPL). Lastly, explore the importance of securing cloud service usage in alignment with the Cloud Controls Matrix (CCM). This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
10 videos |
53m
Assessment
Badge
CISM 2022: Managing Risk
Residual risk remains after security controls are put in place to mitigate the impact of threats. The organizational appetite for risk determines what level of residual risk is acceptable. In this course, you will explore how risk management improves business operations by minimizing the impact of realized threats. You will learn how to calculate the cost of mitigating risk compared to the value of the protected asset and determine the cost-benefit analysis and return on investment when implementing security controls. Next, discover the importance of risk assessments, especially where there are changes to some aspect of the business or a specific business process. You will then explore how various risk approaches, such as risk acceptance, avoidance, transfer, and reduction, apply to an organization's tolerance of residual risk. Lastly, discover how risk heat maps are an effective method for communicating various degrees of risk. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
9 videos |
49m
Assessment
Badge
CISM 2022: Data Privacy
Enterprises must comply with relevant laws and regulations related to data privacy. This requires recognizing applicable laws and regulations and implementing the appropriate security controls. In this course, you will explore examples of personally identifiable information (PII) and protected health information (PHI) and learn about data residency implications related to the physical storage location of sensitive data. Next, learn how to reduce the possibility of data exfiltration through data loss protection policies and how to discover and classify data using Amazon Macie and Microsoft Purview governance. Then you will learn to configure data classification on the Microsoft Windows server platform and tag cloud resources for classification purposes. Lastly, explore how to configure Microsoft Azure storage account encryption using a customer-managed key. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
10 videos |
56m
Assessment
Badge
CISM 2022: Assessing Risk
Assessing risk is a crucial activity that enables organizations to evaluate risk exposure for business processes and assets. In this course, you will begin by exploring how to conduct vulnerability assessments and how the results can shed light on security control deficiencies. Next, you will learn how to perform a network vulnerability assessment and review the results, followed by scanning a web application for web app-specific vulnerabilities. You will discover how to conduct a gap analysis to determine the current security posture compared to a desired security posture. Then, you will explore the important aspects of when and how to run penetration tests. Lastly, you will see how to configure Microsoft Azure Policy assignments to determine cloud resource configuration compliance. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
8 videos |
45m
Assessment
Badge
CISM 2022: Common Network Security Threats
Some security controls are very specific to the threat that they address. Information security managers must be well versed in common network security threats in order to minimize the impact of realized threats on business processes. In this course, you will start by exploring various types of threat actors and their motivation for attacking networks. You will review industry standards related to categorizing threats, including common vulnerabilities and exposures (CVEs), the MITRE ATT&CK knowledge base, and the OWASP Top 10 web application security attacks. Next, you will learn how bug bounties are paid by companies to ensure the utmost in security for their products, which can influence customer choices. You will discover how various types of network attacks are executed including Wi-Fi attacks, SYN flood attacks, buffer overflow attacks, advanced persistent threats (APTs), and distributed denial-of-service (DDoS) attacks. Lastly, you will see how VPN anonymizer solutions and the Tor web browser can be used for anonymous network connectivity for legitimate as well as illegal purposes. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
13 videos |
1h 14m
Assessment
Badge
CISM 2022: Common Network Security Attacks
Security technicians can benefit significantly by executing network security attacks in a controlled environment. This allows for an in-depth periodic review of security control efficacy related to IT networks. In this course, you will discover how networks can be scanned by attackers seeking potentially vulnerable services using free tools such as Nmap. You will then explore how attackers can compromise a user web browser, how SQL injection attacks can reveal more information than intended by the app designer, and how to configure a reverse shell where the compromised station reaches out to the attacker station, often defeating standard firewall rule sets. Next, you will learn how to spoof network traffic and execute a distributed denial-of-service (DDoS) attack. Lastly, you will discover how to brute force a Windows remote desktop protocol (RDP) connection to gain access to a Windows host. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
9 videos |
49m
Assessment
Badge
CISM 2022: Cloud Computing & Coding
The use of cloud services is a form of outsourcing of IT service which also introduces an element of risk. Software developers can use on-premises as well as cloud-based services to create, test, and deploy software solutions. In this course, you will explore cloud deployment models including public, private, hybrid, and community clouds. You will then cover cloud computing service models, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), including where the security responsibility lies in each model. Next, you will explore various cloud-based security controls addressing a wide variety of cloud computing security needs. You will discover how to deploy a repeatable compliant cloud-based sandbox environment using Microsoft Azure Blueprints. Next, explore how security must be included in each software development life cycle (SDLC) phase as opposed to post-implementation. Finally, discover the importance of secure coding practices and how security must integrate with software development, testing, deployment, and patching. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
9 videos |
49m
Assessment
Badge
CISM 2022: Data Protection with Cryptography
Cryptography provides solutions for ensuring data privacy and integrity. Various firmware and software solutions protect data in transit and data at rest. In this course, you will explore the CIA security triad and how it relates to the organization's security program. You will then review various cryptography solutions and discuss data integrity to assure that tampering has not occurred. Next, you will learn how Hardware Security Module (HSM) appliances and Trusted Platform Module (TPM) firmware provide cryptographic services. You will see how Transport Layer Security (TLS) supersedes the deprecated Secure Sockets Layer (SSL) network security protocol suite followed by discussing virtual private network (VPN) encrypted network tunnels, and the IP Security (IPsec) network security protocol suite. Lastly, you will explore the PKI hierarchy and how public key infrastructure (PKI) certificates are used for digital security throughout the certificate life cycle. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
12 videos |
1h 5m
Assessment
Badge
CISM 2022: Applied Cryptography
The periodic evaluation of the efficacy of cryptographic solutions is possible only with an understanding of how cryptography secures digital environments. In this course, you will explore data integrity by hashing files on the Linux and Windows platforms in an effort to detect unauthorized changes. You will configure a web application HTTPS binding to secure network communications to and from the web application. Then you will deploy a private certificate authority (CA), manage certificate templates, and deploy public key infrastructure (PKI) certificates. Next, you will configure a web application to require trusted client certificates. Finally, you will encrypt data at rest on Linux, on Windows with Encrypting File System (EFS), and Microsoft Bitlocker, and you will configure a cloud VPN connection and implement IPsec on Windows. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
14 videos |
1h 16m
Assessment
Badge
CISM 2022: Secure Device & OS Management
IT departments must work in conjunction with higher-level management to determine when and how to securely use technological solutions that support the business strategy. In this course, begin by exploring how mobile device usage in a business environment can introduce risk and how that risk can be managed with centralized remote wipe capabilities. Then find out how Microsoft Intune can be used to centrally manage devices and how to securely wipe a disk partition. Learn how to harden Windows computers using Group Policy and disable the deprecated SSL network security protocol on Windows hosts. Next, investigate common digital forensics hardware and software solutions, as well as the storage area network (SAN) security and jump box solutions to manage hosts securely and remotely. Finally, discover how to manage Azure resources permissions using managed identities, examine device and OS hardening techniques, and investigate the importance of firmware and software patching. This course can be used to prepare for the Certified Information Security Manager (CISM) exam.
16 videos |
1h 38m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance
In this 13-video course, learners will explore best practices for testing for security and quality assurance. This includes testing artifacts, nonfunctional testing, functional testing, security testing, the testing environment, and bug tracking. Next, learn about the concepts of attack surface validation and test functionality. Other major topics covered include the ISO 9126 software quality model; the System Security Engineering Capability Maturity model and its five levels; the Open Source Security Testing Methodology Manual (OSSTMM); and the US Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) standards, under which any Department of Defense owned or controlled information system must be certified, irrespective of classification or sensitivity level. Learn about data lifecycle management, a practice that describes the definition and the structure of the necessary steps that should be taken in order to optimize the useful life of an organization's data. The course helps to prepare learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
13 videos |
50m
Assessment
Badge
Secure Programmer: Security Concepts
This 6-video course guides learners to discover the basics of secure programming, including common security concepts, authentication and authorization, and shows how to avoid common programming errors that can undermine security, as well as how to incorporate validation and verification into programming. These are the core security concepts that you need to master to ensure that your programs are produced in a secure fashion. To begin, you will examine secure programmer security concepts, including confidentiality, integrity, and availability, known as the CIA triangle, least privileges, and separation of duties. The next tutorial covers secure programmer authentication and authorization, looking at general authentication models such as discretionary access controls (DACs), mandatory access control (MAC), rule-based access control (RBAC), and attribute-based access control (ABAC). Next, you will explore and learn how to avoid common programming errors that can undermine security. The final tutorial in this course looks at the process and techniques of secure programming verification and validation.
6 videos |
24m
Assessment
Badge
Secure Programmer: Vulnerabilities
Explore various software vulnerability topics in this 19-video, which opens with a look at specific security vulnerabilities and how to program counter techniques. Then learners receive three tutorials on the OWASP (Open Web Application Security Project) Top 10 vulnerabilities: SQL injection, broken authentication, and cross-site scripting; broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection; and cross-site request forgery, using components with known vulnerabilities, and under protected application programming interfaces (APIs). Examine use of threat models including STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation), PASTA (the Process for Attack Simulation and Threat Analysis), DREAD (Damage, Reproductibility, Exploitability, Affected Users, Discoverability), and SQUARE (Security Quality Requirements Engineering). Use CVE (common vulnerabilities and exposures) vulnerability scoring, and examine Java, Python, C#, and Javascript SQL secure coding examples. Implement Python secure coding to combat SQL vulnerability; C# to combat common code vulnerabilities, and Javascript to combat Cross Site Scripting attacks. Use Common Vulnerability Scoring System (CVSS), and finally, use OWASP Zap and Vega vulnerability scanners to test websites for common vulnerabilities.
19 videos |
1h 11m
Assessment
Badge
Secure Programmer: Attacks
You will focus primarily on actual common software attacks in this 21-video course, which means you will be shown how the SQL format string attack affects your programs and coding mistakes that make software vulnerable to them. In some of these examples, learners will examine the vulnerable code and learn how to correct it. In other examples, learners will explore how someone carries out the attack, which will help lead one to learn how to defend against it. Begin by learning how to code against format string attacks in Java, in Python, and in C#. Then move on to coding against SQL injection attacks in Java, in Python, in C#, and in Javascript. Next, explore coding against buffer overflow attacks in Java, in Python, in C#, and in Javascript. Further tutorials examine how to code against cross-site scripting attacks in Java, in Python, in C#, and in Javascript. Also, learn how to code against password cracking attacks in Java, in Python, in C#, and in Javascript.
21 videos |
1h 8m
Assessment
Badge
SSCP 2021: Risk Management
If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
46m
Assessment
Badge
SSCP 2021: Fundamental Networking Concepts
Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.
9 videos |
50m
Assessment
Badge
System Security Certified Practitioner (SSCP 2018): Risk Management
This 12-video course explores risk management when engaging in business activities supported by IT solutions. Prepare for the Systems Security Certified Practitioner (SSCP) certification exam as you examine risk classification, and learn how to identify digital assets and threats, including natural disasters such as floods, fires, or storms; manmade disasters, arson, terrorism; and identity theft. This course demonstrates threat modeling, and the process to use to identify and prioritize threats. You will examine how to optimize resources, and to focus on reducing risks, and explore counter measures in relation to prioritized threats. Next, explore BIA (business impact analysis), and its importance to business continuity. You will learn how a BIA can be incorporated into a DRP (disaster recovery plan) to facilitate recovery of a failed system. Learners will examine the use of a risk registry with the likelihood of the risk occurrence, the business impact should it occur, and a severity rating. You will learn about risk avoidance and mitigation. Finally, you will explore cost efficiencies for risk mitigation.
12 videos |
40m
Assessment
Badge
OS Deployment Strategies: Deploying Modern Systems
Cloud services are rapidly changing the nature of how technology services are implemented, and migrating toward a cloud-based model can provide many benefits to an organization. In this course, you'll explore the various cloud computing deployment models to understand the flexibility, speed, and infrastructure benefits of moving to a cloud solution. You'll also discover the benefits of cloud services models such as Infrastructure as a Service, Platform as a Service, Software as a Service, as well as Identity as a Service and Network as a Service.
12 videos |
43m
Assessment
Badge
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.YOU MIGHT ALSO LIKE
Rating 5.0 of 1 users
(1)
