INTRODUCTION

Cyber security is the practice of protecting computer systems and networks from unauthorised access, use, disclosure, disruption, modification, or destruction. It is a broad field that includes a variety of security measures, such as:

1. Physical security - This involves protecting computer systems and networks from physical threats, such as unauthorised access to data centres or server rooms.

2. Information security - This involves protecting the confidentiality, integrity, and availability of data.

3. Network security - This involves protecting computer networks from unauthorised access and attacks.

4. Application security - This involves protecting software applications from vulnerabilities that could be exploited by attackers.

5. User security - This involves educating users about security best practices and how to protect themselves from phishing attacks and other social engineering attacks.

Cyber security is an essential part of protecting businesses and individuals from the ever-growing threat of cyber attacks. By implementing appropriate security measures, organisations can help to protect their data, systems, and networks from unauthorised access and attack.

EXAMPLES OF CYBER SECURITY

Some of the skills that you will gain from this course for a UX engineer role:

1. 1. Firewalls - Firewalls are software or hardware devices that filter network traffic and block unauthorised access to computer systems and networks.

   2. Antivirus software - Antivirus software is designed to detect and remove malware from computer systems.

   3. Intrusion detection systems (IDS) - IDSs are systems that monitor computer networks for suspicious activity. If an IDS detects suspicious activity, it can alert administrators so that they can take action to prevent an attack.

   4. Data encryption - Data encryption is the process of converting data into a format that cannot be read without a special key. This can help to protect sensitive data from unauthorised access.

WHAT YOU WILL LEARN

In this bootcamp, you will learn the following:

1. Introduction to Cyber Security - Understand the importance of cyber security in protecting computer systems and networks from unauthorised access, disclosure, and disruption.

2. Physical Security - Learn how to implement physical security measures to protect data centres, server rooms, and other critical infrastructure from unauthorised access.

3. Information Security - Explore the concepts of confidentiality, integrity, and availability of data, and learn techniques to protect sensitive information from unauthorised disclosure or modification.

4. Network Security - Gain knowledge of network security principles and techniques to protect computer networks from unauthorised access, attacks, and data breaches.

5. Application Security - Understand the importance of secure software development practices and learn about common vulnerabilities in applications. Explore techniques to mitigate these vulnerabilities and ensure secure coding practices.

6. User Security - Learn about social engineering attacks, such as phishing, and educate users on best practices to protect themselves and their information from such attacks.

WHO THIS BOOTCAMP IS FOR

This bootcamp focuses towards engineers from various fields and are:

1. Graduates and Students - Recent graduates or students in computer science, information technology, or related fields who want to gain practical skills and knowledge to enter the cybersecurity job market.

2. Career Changers - Individuals from non-technical backgrounds who are interested in shifting their career focus to cybersecurity and are willing to learn the necessary technical skills.

3. Entry-Level Professionals - Those who are new to the field of cybersecurity and want to develop a strong foundation of knowledge and skills to start their career.

4. IT Professionals - IT professionals who wish to transition into the field of cybersecurity and expand their skill set to address the growing demand for cybersecurity expertise.

5. System Administrators and Network Engineers - Professionals already working in IT roles who want to specialise in cybersecurity and strengthen their ability to protect systems and networks from cyber threats.

WHAT YOU WILL NEED

1. 1. Computer/Laptop - Participants should have access to a computer or laptop with internet connectivity. This will be necessary for accessing course materials, participating in online sessions, and completing hands-on exercises.

   2. Software and Tools - The bootcamp may require the use of specific software and tools for cybersecurity training. The exact requirements will depend on the curriculum and the specific topics covered. Participants will be provided with information on the required software/tools in advance, and they should have the ability to install and use them on their computer.

   3. Internet Connection - A stable internet connection is essential for participating in live online sessions, accessing online resources, and engaging in virtual labs or exercises. Participants should ensure they have a reliable internet connection throughout the duration of the bootcamp.

   4. Learning Materials - Participants will be provided with course materials such as lecture slides, reference materials, and additional resources. It is important to have the ability to access and view these materials digitally or in print, as per the instructions provided by the bootcamp organisers.

   5. Time Commitment - Attending the bootcamp requires a commitment of time and dedication. Participants should allocate sufficient time to engage in the live sessions, complete assignments or exercises, and review course materials. It is important to have a schedule that allows for focused learning during the bootcamp period.

HOW THIS COURSE WILL BENEFIT YOU

1. Career Advancement Opportunities - The demand for skilled cybersecurity professionals is on the rise. Completing a reputable bootcamp can enhance your job prospects and open doors to various career opportunities in cybersecurity. The comprehensive skill set acquired during the bootcamp makes participants highly desirable to employers seeking cybersecurity expertise.

2. Comprehensive Skill Development - The bootcamp provides a comprehensive curriculum that covers various aspects of cybersecurity. Participants will acquire a wide range of skills, including threat identification and analysis, secure network design, vulnerability assessment, incident response, and more. This broad skill set is highly valuable in the cybersecurity field and prepares participants for diverse roles within the industry.

3. Practical Hands-on Experience - The bootcamp emphasises practical learning through hands-on exercises, simulations, and real-world scenarios. Participants will have the opportunity to apply their knowledge in practical settings, such as virtual labs or simulations. This practical experience enhances their understanding of cybersecurity concepts and builds confidence in their ability to address real-world challenges.

4. Industry-Relevant Knowledge - The curriculum is designed to align with industry standards and best practices. Participants will gain insights into the latest cybersecurity technologies, methodologies, and trends. This up-to-date knowledge equips them with the skills and knowledge necessary to navigate the rapidly evolving cybersecurity landscape.

5. Networking and Collaboration - Bootcamps often foster a collaborative learning environment where participants can interact with instructors and fellow learners. This allows for networking opportunities, sharing experiences, and exchanging knowledge. Building professional connections within the cybersecurity community can be beneficial for career growth and future collaboration.

JOB OPPORTUNITIES 

1. Security Analyst - Security analysts are responsible for monitoring and analysing security threats, investigating incidents, and implementing security measures to protect systems and networks.

2. Network Security Engineer - Network security engineers focus on designing and implementing secure network infrastructures, configuring firewalls and intrusion detection systems, and ensuring the integrity and confidentiality of network communications.

3. Penetration Tester - Penetration testers, also known as ethical hackers, assess the security of systems and networks by attempting to exploit vulnerabilities. They conduct controlled attacks to identify weaknesses and provide recommendations for enhancing security.

4. Security Consultant - Security consultants offer expertise and advice to organisations on developing and implementing effective security strategies, conducting risk assessments, and ensuring compliance with industry standards and regulations.

5. Incident Responder - Incident responders are responsible for handling and responding to security incidents, such as data breaches or cyber-attacks. They investigate incidents, contain the damage, and implement remediation measures to restore systems and prevent future incidents.

6. Security Architect - Security architects design and implement secure systems and applications, considering security requirements, risk assessments, and industry best practices. They collaborate with development teams to ensure security is built into the design of software and systems.

7. Threat Intelligence Analyst - Threat intelligence analysts monitor and analyse emerging threats and trends in the cybersecurity landscape. They gather intelligence to understand potential threats and develop proactive strategies for mitigating risks.

8. Cryptographer - Cryptographers focus on designing and implementing cryptographic algorithms and protocols to secure data and communications. They work on encryption and decryption techniques and ensure the confidentiality and integrity of sensitive information.

9. Security Operations Center (SOC) Analyst - SOC analysts monitor security events, investigate alerts, and respond to security incidents in real-time. They analyse logs, perform threat hunting, and collaborate with incident response teams to mitigate risks.

10. Security Manager/Director - Security managers or directors oversee the overall security posture of an organisation. They develop and implement security policies, manage security teams, and ensure compliance with regulatory requirements.

GENERAL COURSE GUIDE

The bootcamp will be taught by experienced engineers who will help students learn the skills they need to be successful in the technology/engineering industry. It is divided into 5 sections which are outlined below. Breakdown schedule of each section:

COURSE OUTLINE

1. CYBER SECURITY: THE NEW FRONTIER

DURATION: 1 DAY | 7 HOURS

Course Objective:

The objective of this course is to provide participants with a comprehensive understanding of the evolving landscape of cyber-security and its relationship to cybercrime and cyber terrorism. Participants will gain knowledge about cyber-security management, the impact of cybercrime, the threat of cyber terrorism, and real-world case studies to develop a solid foundation in addressing cyber-security challenges.

Learning Outcomes:

By the end of this course, students will be able to:

1. Understand the concepts and fundamentals of cyber-security and its significance in the digital age.

2. Identify the various forms of cybercrime and their implications for individuals, organisations, and society.

3. Evaluate the key principles and strategies involved in cyber-security management.

4. Comprehend the nature and impact of cyber terrorism, including internet radicalisation and terrorist use of the internet.

5. Analyse the cyber-terrorism framework and its implications for national and international security.

6. Examine real-world case studies to understand the practical application of cyber-security principles.

Prerequisites:

This course does not have any specific prerequisites. However, a basic understanding of information technology and familiarity with general security concepts would be beneficial. Participants with a background in computer science, information security, law enforcement, or related fields may find the content more accessible. It is recommended that participants have a keen interest in cybersecurity and a willingness to explore the complexities of cybercrime and cyber terrorism.

Course Outline:

The course will be divided into the following modules:

1. Cyber-Security: The New Frontier - Cybersecurity has emerged as a critical aspect of modern society due to the increasing reliance on technology and the interconnectedness of systems. This topic explores the evolving nature of cybersecurity, the challenges posed by emerging technologies, and the need for robust security measures to protect against cyber threats.

2. Cyber-Security & Cybercrime - This topic delves into the relationship between cybersecurity and cybercrime. It examines the various types of cybercrimes, such as hacking, identity theft, phishing, ransomware attacks, and data breaches. Participants will gain an understanding of the motivations behind cybercrime and the impact it has on individuals, organisations, and society as a whole.

3. Cyber-Security Management - Effective cybersecurity management is crucial for organisations to safeguard their assets and mitigate cyber risks. This topic covers the principles and practices of cybersecurity management, including risk assessment, security policies and procedures, incident response planning, security awareness training, and compliance with legal and regulatory requirements. Participants will learn strategies to develop and implement robust cybersecurity programs within their organisations.

4. Introduction to Cyber Terrorism - Cyber terrorism refers to the use of cyberspace to carry out politically or ideologically motivated attacks, aiming to disrupt critical infrastructure, cause fear, or advance a specific agenda. This topic provides an overview of cyber terrorism, its characteristics, and the potential impact on national security and society. Participants will explore real-world examples and understand the challenges associated with countering cyber terrorist activities.

5. Internet Radicalisation - Internet radicalisation is the process by which individuals are exposed to extremist ideologies or propaganda through online platforms, leading to their adoption of radical beliefs and potentially engaging in terrorist activities. This topic examines the role of the internet in facilitating radicalisation, the techniques used by extremist groups to recruit and radicalise individuals online, and the efforts to counter online radicalisation.

6. Terrorist Use of the Internet - Terrorist organisations have increasingly utilised the internet for communication, recruitment, propaganda dissemination, fundraising, and planning. This topic explores the ways in which terrorist groups exploit online platforms, social media, encrypted messaging apps, and the dark web to further their objectives. Participants will gain insights into the challenges faced by security agencies in monitoring and combating online terrorist activities.

7. Cyber Terrorism Framework - A cyber terrorism framework provides a structured approach to understanding and addressing the complexities of cyber terrorism. This topic explores different frameworks and models that guide the assessment, analysis, and response to cyber terrorism incidents. It covers areas such as threat intelligence, incident management, information sharing, and collaboration between public and private sectors to mitigate the risks of cyber terrorism.

8. Case Studies - Case studies offer real-world examples of cyber attacks, cyber terrorism incidents, or the impact of cybercrime on individuals, organisations, or nations. Participants will analyse and evaluate these case studies to gain a deeper understanding of the tactics, techniques, and impact of cyber threats. Case studies also provide insights into the strategies employed to respond to and recover from cyber incidents.

2. CYBER SECURITY ESSENTIALS 

DURATION: 1 DAY | 7 HOURS

Course Objective:

The objective of this course is to provide participants with a solid understanding of essential concepts and practices in cybersecurity. Participants will explore key topics such as the CIS Top 20 Critical Controls, next-generation firewalls, malware, zero-day attacks, social engineering, and more. The course aims to equip participants with foundational knowledge to identify, prevent, and respond to common cybersecurity threats and vulnerabilities.

Learning Outcomes:

By the end of this course, students will be able to:

1. Understand the importance of cybersecurity and its role in protecting digital assets.

2. Familiarise themselves with the CIS Top 20 Critical Controls and their significance in risk management.

3. Recognise different types of cyber threats, including viruses, worms, malware, and zero-day attacks.

4. Comprehend the functioning and purpose of next-generation firewalls in network security.

5. Identify and analyse social engineering techniques used in phishing and other cyber attacks.

6. Gain awareness of cyber espionage and data theft practices and their impact on organisations.

7. Understand vulnerability exploits and their implications for system security.

8. Explore practical strategies and countermeasures to mitigate cyber risks and enhance security posture.

9. Develop a proactive mindset towards cybersecurity and apply best practices to protect digital assets.

Prerequisites:

Have completed the previous section

Course Outline:

The course will be divided into the following modules:

1. CIS Top 20 Critical Controls - The CIS (Center for Internet Security) Top 20 Critical Controls is a framework that provides a prioritised set of security measures to help organisations protect their systems and networks against cyber threats. The controls cover areas such as inventory and control of hardware and software assets, continuous vulnerability management, secure configuration of systems, user awareness and training, incident response, and more. Understanding and implementing these controls is essential for establishing a strong security foundation.

2. Next-Gen Firewalls - Next-generation firewalls (NGFWs) are advanced firewall solutions that incorporate additional security features beyond traditional firewalls. They provide enhanced visibility and control over network traffic by combining traditional packet filtering with application-level inspection, intrusion prevention, deep packet inspection, and other advanced security capabilities. NGFWs offer better protection against sophisticated attacks, enable granular policy enforcement, and facilitate the integration of security intelligence and threat prevention.

3. Cyber Range - A cyber range is a simulated environment designed to replicate real-world network and system configurations, allowing cybersecurity professionals to practice and improve their skills in a controlled and safe setting. It provides a platform for training, testing, and validating defensive and offensive cybersecurity techniques. Cyber ranges offer hands-on exercises and scenarios that simulate various cyber threats and attacks, enabling participants to enhance their incident response, vulnerability assessment, and penetration testing capabilities.

4. Viruses & Worms - Viruses and worms are malicious software programs that infect and replicate themselves on computer systems. Viruses attach themselves to host files or programs and spread when those files are executed. Worms, on the other hand, are standalone programs that can self-replicate and spread across networks without requiring a host file. Both viruses and worms can cause significant damage to systems, compromise data integrity, and disrupt network operations. Understanding their characteristics, propagation methods, and mitigation techniques is crucial for effective cybersecurity defence.

5. Malware - Malware refers to any malicious software designed to gain unauthorised access, disrupt operations, or compromise the integrity of computer systems or networks. It includes various types such as viruses, worms, Trojans, ransomware, spyware, and adware. Malware can be delivered through email attachments, infected websites, malicious downloads, or other means. Recognising and mitigating malware threats are essential for maintaining the security and integrity of systems and protecting sensitive data.

6. Zero-Day Attacks - Zero-day attacks target previously unknown vulnerabilities in software or systems for which no patch or fix is available. Cybercriminals exploit these vulnerabilities before they are discovered by software vendors or security researchers. Zero-day attacks can be highly damaging because organisations have no prior knowledge of the vulnerability and are therefore unprepared to defend against it. Detecting and mitigating zero-day attacks require proactive security measures, including threat intelligence, behavior-based detection, and rapid patching or mitigation strategies.

7. Vulnerability Exploits - Vulnerability exploits involve taking advantage of security weaknesses or vulnerabilities in software, networks, or systems to gain unauthorised access, execute arbitrary code, or perform malicious activities. Exploiting vulnerabilities can lead to unauthorised data access, system compromise, or control of affected systems by threat actors. Organisations need to identify and remediate vulnerabilities through regular vulnerability assessments, patch management, and security controls to mitigate the risk of exploitation.

8. Phishing / Social Engineering - Phishing and social engineering are techniques used by cybercriminals to deceive individuals into disclosing sensitive information, such as passwords, credit card details, or personal data. Phishing typically involves sending fraudulent emails or messages that appear to be from reputable sources, tricking recipients into clicking on malicious links or providing sensitive information. Social engineering leverages psychological manipulation to manipulate individuals into divulging information or performing actions that compromise security. Awareness of phishing techniques and social engineering tactics is essential for individuals and organisations to prevent falling victim to such attacks.

9. Cyber Espionage / Data Theft - Cyber espionage involves unauthorised access to computer networks or systems to steal sensitive information, intellectual property, or trade secrets. Threat actors, including state-sponsored groups or criminal organisations, conduct cyber espionage to gain a competitive advantage, gather intelligence, or compromise national security. Understanding the techniques and motivations behind cyber espionage helps organisations develop robust defences and implement effective measures to protect valuable data and intellectual property.

Assessment:

The course will be assessed through a combination of quizzes and exercises.

3. ETHICAL HACKING AND VULNERABILITY ASSESSMENT

DURATION: 1 DAY | 7 HOURS

Course Objective:

The objective of this course is to provide participants with practical knowledge and skills in ethical hacking and vulnerability assessment. Participants will learn about various techniques and tools used in assessing and securing computer systems and networks. The course aims to equip participants with the ability to identify vulnerabilities, perform scans and assessments, and implement appropriate defensive measures to protect against attacks.

Learning Outcomes:

By the end of this course, students will be able to:

1. Understand the fundamentals of ethical hacking and vulnerability assessment.

2. Conduct port scans to identify open ports and potential vulnerabilities.

3. Perform web-based reconnaissance and gather information for targeted assessments.

4. Utilise command-line queries to extract system and network information.

5. Conduct host scanning to identify potential security weaknesses.

6. Perform web application scanning to detect vulnerabilities in web-based systems.

7. Explore the Common Vulnerabilities and Exposures (CVE) framework and understand its significance in vulnerability management.

8. Develop skills in defending against CVE vulnerability attacks.

9. Apply best practices and defensive techniques to enhance system and network security.

10. Gain an ethical hacker mindset and understand the importance of responsible hacking practices.

Prerequisites:

Have completed the previous sections

Course Outline:

The course will be divided into the following modules:

1. Port Scan - A port scan is a technique used to identify open ports on a target system or network. It involves systematically scanning a range of network ports to determine which ports are listening and accessible. Port scanning is often performed as part of a security assessment to identify potential entry points for unauthorised access or vulnerabilities.

2. Web-Based Recon & Information Gathering - Web-based reconnaissance and information gathering involve gathering intelligence about a target organisation's online presence, infrastructure, and vulnerabilities. It includes techniques such as search engine queries, open-source intelligence (OSINT) gathering, analysing public-facing websites and social media profiles, identifying web applications and their technologies, and assessing potential security weaknesses.

3. Command Line Query - Command line queries refer to executing specific commands or queries through a command-line interface (CLI) or terminal. This technique allows system administrators and security professionals to retrieve information, analyse system configurations, perform network troubleshooting, and execute various commands for system management, security assessment, or incident response purposes.

4. Host Scanning - Host scanning involves actively probing and analysing individual hosts within a network to gather information about their services, vulnerabilities, and configuration. Host scanning techniques include sending specific network packets to hosts, performing ping sweeps, identifying open ports and services, and conducting operating system fingerprinting. Host scanning helps in identifying potential security weaknesses or misconfigurations.

5. Web Application Scanning - Web application scanning involves systematically testing web applications for vulnerabilities and security weaknesses. It includes techniques such as crawling the application to identify all accessible pages, analysing input fields for potential injection vulnerabilities (e.g., SQL injection or Cross-Site Scripting), testing for authentication and authorisation flaws, and checking for misconfigurations or sensitive information exposure.

6. Common Vulnerabilities and Exposures (CVE) - CVE is a dictionary of publicly known vulnerabilities and exposures. Each CVE entry includes a unique identifier and provides detailed information about a specific vulnerability, including its description, affected software or systems, and recommended mitigations or patches. Understanding CVEs helps security professionals stay informed about known vulnerabilities and apply necessary measures to protect systems and networks.

7. Defending Against CVE Vulnerability Attacks - Defending against CVE vulnerability attacks involves implementing security measures to protect systems and networks from known vulnerabilities. It includes patch management practices to ensure software and systems are up to date with the latest security patches. Additionally, organisations need to deploy intrusion detection and prevention systems, implement access controls, conduct vulnerability assessments and penetration testing, and establish incident response procedures to mitigate the risk of exploitation through CVE vulnerabilities.

Assessment:

The course will be assessed through a combination of quizzes and exercises.

4. ADVANCED CYBER DEFENCE STRATEGIES

DURATION: 1 DAY | 7 HOURS

Course Objective:

The objective of this course is to provide participants with advanced knowledge and skills in cyber defence strategies. Participants will gain a deep understanding of various cybersecurity threats and techniques for defending against them. The course focuses on topics such as Splunk as a SIEM monitoring tool, defending against different types of DDoS attacks, malware blocking, URL filtering, data leak prevention, and more. The goal is to equip participants with practical skills to enhance the security posture of their organisations and effectively mitigate cyber threats.

Learning Outcomes:

By the end of this course, students will be able to:

1. Understand the role of Splunk as a SIEM monitoring tool and utilise its capabilities for threat detection and response.

2. Identify and defend against IP layer DDoS attacks targeting network infrastructure.

3. Implement defensive measures against transport layer DDoS attacks, such as SYN floods and amplification attacks.

4. Employ techniques to defend against application layer DDoS attacks, including HTTP floods and bot-based attacks.

5. Analyse and mitigate threats associated with botnets and command-and-control (C&C) infrastructure.

6. Implement malware blocking mechanisms to prevent the execution and spread of malicious software.

7. Utilise URL filtering techniques to control and block access to malicious or unauthorised websites.

8. Implement data leak prevention measures to protect sensitive information from unauthorised disclosure.

9. Understand evasion tactics and employ data filtering techniques to prevent data exfiltration.

10. Implement file blocking mechanisms to prevent the transfer or execution of malicious files.

Prerequisites:

Have completed the previous sections

Course Outline:

The course will be divided into the following modules:

1. Splunk: A SIEM Monitoring Tool - Splunk is a widely used Security Information and Event Management (SIEM) tool that collects, analyses, and correlates data from various sources to provide real-time insights into security events and incidents. It enables organisations to monitor and respond to potential threats, identify security breaches, conduct forensic analysis, and generate reports for compliance purposes. Splunk offers powerful search capabilities, visualisation tools, and machine learning algorithms to enhance security monitoring and incident response capabilities.

2. Defending Against IP Layer DDoS Attacks - IP layer Distributed Denial of Service (DDoS) attacks target the network infrastructure by overwhelming the targeted system with a flood of traffic. Defending against such attacks involves implementing robust network security measures, such as rate limiting, traffic filtering, and traffic diversion techniques. Additionally, organisations can leverage intrusion prevention systems (IPS), load balancers, and dedicated DDoS mitigation services to detect and mitigate IP layer DDoS attacks.

3. Defending Against Transport Layer DDoS Attacks - Transport layer DDoS attacks exploit vulnerabilities in protocols such as TCP or UDP to disrupt network communication. Defending against these attacks involves implementing techniques such as SYN flood protection, TCP handshake validation, and rate limiting. Network-level mitigation solutions, such as traffic scrubbing and intelligent traffic analysis, can help identify and block transport layer DDoS attacks.

4. Defending Against Application Layer DDoS Attacks - Application layer DDoS attacks target the application or web server layer, aiming to exhaust server resources or exploit vulnerabilities in the application stack. Defending against these attacks requires implementing robust application security measures, such as web application firewalls (WAFs), load balancing, traffic rate limiting, and anomaly detection systems. Application-layer DDoS mitigation solutions can identify and filter malicious traffic while allowing legitimate users to access the application.

5. Defending Against Botnet & C&C - Botnets are networks of compromised computers or devices controlled by a command and control (C&C) server. Defending against botnets involves implementing network security measures, such as intrusion detection systems (IDS), firewalls, and network segmentation, to prevent botnet communications and block malicious traffic. Additionally, deploying botnet detection tools, leveraging threat intelligence feeds, and conducting regular security assessments can help identify and neutralise botnet activities.

6. Malware Blocking - Malware blocking focuses on preventing the execution and spread of malicious software, including viruses, worms, ransomware, and trojans. Organisations can deploy endpoint protection solutions, such as antivirus software, intrusion prevention systems, and behavior-based malware detection tools. Additionally, implementing secure email gateways, web filtering, and user awareness training can help block malware-infected files and links.

7. URL Filtering - URL filtering involves controlling access to websites based on predefined policies or categories. It helps organisations enforce acceptable use policies, protect against malicious websites, and prevent users from accessing inappropriate or harmful content. URL filtering solutions analyse website URLs and web content to categorise and allow or block access based on the organisation's policies and security requirements.

8. Data Leak Prevention - Data leak prevention (DLP) aims to prevent unauthorised disclosure or exfiltration of sensitive data. DLP solutions monitor and control data in motion, at rest, and in use to identify and prevent data leakage. Techniques used in DLP include content analysis, encryption, data classification, access controls, and user behavior monitoring. By detecting and preventing data leaks, organisations can protect valuable information and comply with data protection regulations.

9. Evasion Tactics (DLP) / Data Filtering - Evasion tactics refer to techniques employed by threat actors to bypass data loss prevention (DLP) measures or evade detection. Defending against evasion tactics requires continuously updating and refining DLP policies and rules, staying informed about emerging evasion techniques, and leveraging advanced detection and analysis tools. Regular security assessments and testing can help identify potential weaknesses in data filtering and protection mechanisms.

10. File Blocking - File blocking involves preventing the execution or transfer of specific file types that may pose security risks. Organisations can deploy file blocking solutions to block or quarantine files that are known to contain malicious code, exploits, or sensitive information. File blocking policies can be configured based on file extensions, file signatures, or content analysis to reduce the risk of malware infections, data breaches, or unauthorised file sharing.

Assessment:

The course will be assessed through a combination of quizzes and exercises.

5. SECURITY INCIDENT HANDLING AND LOG ANALYSIS

DURATION: 1 DAY | 7 HOURS

Course Objective:

The objective of this course is to provide participants with knowledge and skills in security incident handling and log analysis. Participants will learn about incident response processes, incident prioritisation, handling various types of security incidents including intrusion, malware, phishing, and spam incidents. The course also covers log analysis techniques, log management, and log visualisation. The goal is to equip participants with the necessary tools and techniques to effectively respond to security incidents and analyse logs for proactive threat detection and response.

Learning Outcomes:

By the end of this course, students will be able to:

1. Understand the importance of security incident handling and incident response processes.

2. Prioritise security incidents based on severity, impact, and risk factors.

3. Effectively handle intrusion incidents, including identifying and containing the intrusion.

4. Handle malware incidents, including detection, analysis, and containment.

5. Respond to phishing incidents, including investigating and mitigating phishing attacks.

6. Manage and respond to spam incidents, including spam detection and mitigation strategies.

7. Develop skills in log analysis techniques, including identifying patterns and anomalies.

8. Implement effective log management practices, including log collection, storage, and retention.

9. Utilise log visualisation tools to gain insights and detect security events.

10. Apply hands-on exercises to reinforce learning and gain practical experience in incident handling and log analysis.

Prerequisites:

Have completed the previous sections

Course Outline:

The course will be divided into the following modules:

1. Security Incident, Processes & Framework - This topic covers the fundamentals of security incident management, including the processes, procedures, and frameworks used to handle security incidents. It explores the importance of having well-defined incident response plans, incident classification, escalation procedures, and the role of incident management teams. Participants will gain an understanding of the incident lifecycle and the key components of an effective incident management framework.

2. Incident Handling - Incident handling refers to the process of detecting, analysing, and responding to security incidents. This topic delves into the key principles and best practices of incident handling, including incident identification, containment, eradication, and recovery. Participants will learn about incident response roles and responsibilities, incident documentation, evidence preservation, and the importance of effective communication during incident response.

3. Security Incident Priority - Security incident priority focuses on the classification and prioritisation of security incidents based on their potential impact and urgency. This topic explores the criteria used to assess incident severity, including factors such as data sensitivity, system criticality, regulatory requirements, and business impact. Participants will understand the importance of prioritising incident response efforts based on the level of risk and the need for timely remediation.

4. Handling Intrusion Incident - Intrusion incidents involve unauthorised access or compromise of computer systems or networks. This topic covers the process of detecting and responding to intrusion incidents, including techniques for intrusion detection, incident containment, system recovery, and forensic analysis. Participants will learn about common types of intrusions, such as network breaches, unauthorised access attempts, and the steps involved in investigating and mitigating these incidents.

5. Handling Malware Incident - Malware incidents involve the presence or execution of malicious software on systems or networks. This topic focuses on the handling and response to malware incidents, including malware detection, containment, removal, and system recovery. Participants will learn about malware analysis techniques, antivirus solutions, sandboxing, and the importance of regular updates and patching to prevent and mitigate malware incidents.

6. Handling Phishing Incident - Phishing incidents involve the deceptive attempt to obtain sensitive information, such as passwords or financial details, by impersonating trusted entities. This topic explores the handling and response to phishing incidents, including user awareness training, incident reporting, phishing email analysis, and incident response coordination. Participants will gain insights into phishing techniques, incident investigation methods, and strategies to prevent and mitigate phishing attacks.

7. Handling Spam Incident - Spam incidents involve the unsolicited and unwanted distribution of bulk emails, often containing malicious content or fraudulent messages. This topic focuses on the handling and response to spam incidents, including spam filtering techniques, email header analysis, and incident reporting. Participants will understand the impact of spam on network resources and user productivity and learn strategies to detect, block, and mitigate spam incidents.

8. Fundamentals of Log Analysis - Log analysis involves the examination and interpretation of system logs, network logs, and security event logs to identify potential security incidents or abnormal activities. This topic provides an introduction to log analysis, covering log sources, log formats, log collection methods, and log analysis tools. Participants will learn how to extract valuable information from logs and identify patterns or indicators of compromise.

9. Log Analysis - Log analysis goes deeper into the techniques and methodologies used to analyse logs effectively for security purposes. It covers log correlation, anomaly detection, signature-based analysis, and event correlation. Participants will gain practical skills in log analysis, including log parsing, event correlation, and identifying security incidents through log data.

10. Log Management - Log management focuses on the collection, storage, and retention of logs for security and compliance purposes. This topic explores log management best practices, including log storage architectures, log retention policies, log rotation, and backup strategies. Participants will understand the importance of centralised log management, log integrity, and secure log storage to support incident response and forensic investigations.

11. Log Visualisation - Log visualisation involves presenting log data in a graphical or visual format to facilitate analysis and identify meaningful patterns or trends. This topic introduces log visualisation techniques and tools that help security professionals gain insights from large volumes of log data. Participants will learn how to use visualisation techniques to identify anomalies, detect security incidents, and communicate findings effectively.

12. Practical Exercise - The hands-on component of the course provides participants with practical exercises and scenarios to apply the knowledge gained throughout the training. Participants will have the opportunity to practice incident handling techniques, analyse real-world log data, and simulate incident response activities in a controlled environment. The hands-on exercises aim to reinforce learning outcomes and enhance practical skills in security incident handling and log analysis.

Assessment:

The course will be assessed through a combination of quizzes and exercises.

NOTE FOR PROFESSIONAL CERTIFICATION IN CONTINUING EDUCATION

Upon completion of this MASTERCLASS, students may embark further on cyber security professional certification such as ISC2 or EC | Council certification

YOUR TRAINERS

Dr Harjinthar Singh -  is a Principal Trainer at Marc & Zed. He has over 25 years of experience in the IT industry, and has worked as a trainer, lecturer, and consultant for software development, product design, user interface, user experience, data analysis, RDBMS, video and image editing, and mobile development.

Dr. Singh has taught in Singapore, the United Kingdom, Malaysia, and Australia. He started his teaching career in 2001 as a lecturer for software engineering at London South Bank University. In 2012, he joined a Malaysian government agency, MIMOS Berhad. From 2016 to 2017, he taught Software & Mobile Development for undergraduates, staff re-training programmes, and post-graduates intending to pursue a career as programmers and developers.

Since 2017, Dr. Singh has conducted training and workshops in UI/UX, Interaction Design, Design Thinking, DevOps, MERN FullStack, Agile, JIRA, Git/GitLab, MySQL, MS SQL Server 2016, Infographics, Graphics/Video, and mobile/web development. He is also a certified Scrum Master and Product Owner.

Dr. Singh is a highly experienced and qualified trainer, and has a wealth of knowledge and experience in the IT industry. He is passionate about teaching and helping others to learn, and is committed to providing high-quality training that meets the needs of his clients.

Dr Khairul Anuar Abd Wahid -  is a Senior Trainer at Marc & Zed. He has over 15 years of experience in the IT industry, and has worked as a trainer, lecturer, and consultant for software development, data science, machine learning, artificial intelligence, and cloud computing.

He has taught in Singapore, Malaysia, and the United States. He started his teaching career in 2007 as a lecturer for software engineering at the National University of Malaysia. In 2012, he joined a Silicon Valley startup, where he worked on developing machine learning algorithms for fraud detection.

Since 2017, Dr. Khairul has conducted training and workshops in Python, R, Machine Learning, Artificial Intelligence, Cloud Computing, and Data Science. He is also a certified Data Scientist and Machine Learning Engineer. He is a highly experienced and qualified trainer, and has a wealth of knowledge and experience in the IT industry. He is passionate about teaching and helping others to learn, and is committed to providing high-quality training that meets the needs of his clients.

Dr. Khairul is a valuable asset to the Marc & Zed Training team, and his expertise in data science and machine learning is highly sought after by businesses in Singapore and Malaysia. He is a passionate educator who is committed to helping others learn and grow.

Djoshkun Diko - has been working as a developer, trainer, coach, and consultant in software engineering since 2008. His expertise includes FullStack, DevOps, Cloud Computing (Amazon Web Services & Google Cloud Platform), PHP, JavaScript, C++, Laravel, Docker, Kubernetes, Golang, VueJS, Python, Shell scripting, HTML5/CSS, MySQL, MariaDB, PostgreSQL, MSSQL Server, Cassandra, and MongoDB.

Throughout his career as a Software Architect/developer/trainer, he has been involved in designing and executing distributed system architecture principles and patterns for applied machine learning products. He has contributed to various projects involving technologies such as Laravel, Symfony, Prestashop, NodeJS, ExpressJS, VueJS, MySQL, MongoDB, PostgreSQL, Camunda Microservices architecture with gRP, GoLang/Python & Echo (Go framework), Flask & Panda libraries (Python Framework), Angular, Docker & Kubernetes, and JIRA & Confluence (Atlassian products).

During his freelance career, he has collaborated with several companies, developing web pages, web shops, and forums using platforms such as Joomla, Wordpress, vBulletin, MyBB, and HTML.

In 2017, he joined Marc & Zed SPACES in Kuala Lumpur as an Assistant Trainer. Although he left Marc & Zed in 2019, his interest in the training field brought him back in February 2020 as a Principal Trainer and Coach. In this role, he conducts hybrid trainings in Singapore, Germany, and Malaysia. He has also taken on web development projects for Marc & Zed, including developing their own website and creating a CMS website for propertysifu.com.my, and providing training for their staff. Currently, he is working on developing a website and providing training for another client of Marc & Zed, Cameron Adams UK Ltd., a real-estate agency.